diff --git a/x-pack/plugins/security_solution/common/constants.ts b/x-pack/plugins/security_solution/common/constants.ts index 848fe1bd8a91e..6658f9bfab89b 100644 --- a/x-pack/plugins/security_solution/common/constants.ts +++ b/x-pack/plugins/security_solution/common/constants.ts @@ -45,7 +45,6 @@ export const DEFAULT_MAX_SIGNALS = 100 as const; export const DEFAULT_SEARCH_AFTER_PAGE_SIZE = 100 as const; export const DEFAULT_ANOMALY_SCORE = 'securitySolution:defaultAnomalyScore' as const; export const DEFAULT_MAX_TABLE_QUERY_SIZE = 10000 as const; -export const DEFAULT_SCALE_DATE_FORMAT = 'dateFormat:scaled' as const; export const DEFAULT_FROM = 'now/d' as const; export const DEFAULT_TO = 'now/d' as const; export const DEFAULT_INTERVAL_PAUSE = true as const; @@ -53,8 +52,6 @@ export const DEFAULT_INTERVAL_TYPE = 'manual' as const; export const DEFAULT_INTERVAL_VALUE = 300000 as const; // ms export const DEFAULT_TIMEPICKER_QUICK_RANGES = 'timepicker:quickRanges' as const; export const SCROLLING_DISABLED_CLASS_NAME = 'scrolling-disabled' as const; -export const GLOBAL_HEADER_HEIGHT = 96 as const; // px -export const FILTERS_GLOBAL_HEIGHT = 109 as const; // px export const FULL_SCREEN_TOGGLED_CLASS_NAME = 'fullScreenToggled' as const; export const NO_ALERT_INDEX = 'no-alert-index-049FC71A-4C2C-446F-9901-37XMC5024C51' as const; export const ENDPOINT_METADATA_INDEX = 'metrics-endpoint.metadata-*' as const; @@ -164,8 +161,6 @@ export const APP_OVERVIEW_PATH = `${APP_PATH}${OVERVIEW_PATH}` as const; export const APP_LANDING_PATH = `${APP_PATH}${LANDING_PATH}` as const; export const APP_DETECTION_RESPONSE_PATH = `${APP_PATH}${DETECTION_RESPONSE_PATH}` as const; export const APP_MANAGEMENT_PATH = `${APP_PATH}${MANAGEMENT_PATH}` as const; -export const APP_EXPLORE_PATH = `${APP_PATH}${EXPLORE_PATH}` as const; -export const APP_DASHBOARDS_PATH = `${APP_PATH}${DASHBOARDS_PATH}` as const; export const APP_ALERTS_PATH = `${APP_PATH}${ALERTS_PATH}` as const; export const APP_RULES_PATH = `${APP_PATH}${RULES_PATH}` as const; @@ -298,7 +293,6 @@ export const TIMELINE_PREPACKAGED_URL = `${TIMELINE_URL}/_prepackaged` as const; export const NOTE_URL = '/api/note' as const; export const PINNED_EVENT_URL = '/api/pinned_event' as const; export const SOURCERER_API_URL = '/internal/security_solution/sourcerer' as const; -export const DETECTION_RESPONSE_METRICS_API_URL = '/api/detection_response_metrics' as const; /** * Default signals index key for kibana.dev.yml diff --git a/x-pack/plugins/security_solution/common/cti/constants.ts b/x-pack/plugins/security_solution/common/cti/constants.ts index 3ea8a900b27dc..b16b7d8d05515 100644 --- a/x-pack/plugins/security_solution/common/cti/constants.ts +++ b/x-pack/plugins/security_solution/common/cti/constants.ts @@ -13,7 +13,6 @@ export const MATCHED_ID = 'matched.id'; export const MATCHED_TYPE = 'matched.type'; export const INDICATOR_MATCH_SUBFIELDS = [MATCHED_ATOMIC, MATCHED_FIELD, MATCHED_TYPE]; -export const INDICATOR_MATCHED_ATOMIC = `${ENRICHMENT_DESTINATION_PATH}.${MATCHED_ATOMIC}`; export const INDICATOR_MATCHED_FIELD = `${ENRICHMENT_DESTINATION_PATH}.${MATCHED_FIELD}`; export const INDICATOR_MATCHED_TYPE = `${ENRICHMENT_DESTINATION_PATH}.${MATCHED_TYPE}`; @@ -21,25 +20,13 @@ export const EVENT_DATASET = 'event.dataset'; export const FIRST_SEEN = 'indicator.first_seen'; export const LAST_SEEN = 'indicator.last_seen'; -export const PROVIDER = 'indicator.provider'; export const REFERENCE = 'indicator.reference'; export const FEED_NAME = 'feed.name'; export const FEED_NAME_PATH = `threat.${FEED_NAME}`; -export const INDICATOR_FIRSTSEEN = `${ENRICHMENT_DESTINATION_PATH}.${FIRST_SEEN}`; -export const INDICATOR_LASTSEEN = `${ENRICHMENT_DESTINATION_PATH}.${LAST_SEEN}`; -export const INDICATOR_PROVIDER = `${ENRICHMENT_DESTINATION_PATH}.${PROVIDER}`; export const INDICATOR_REFERENCE = `${ENRICHMENT_DESTINATION_PATH}.${REFERENCE}`; -export const CTI_ROW_RENDERER_FIELDS = [ - INDICATOR_MATCHED_ATOMIC, - INDICATOR_MATCHED_FIELD, - INDICATOR_MATCHED_TYPE, - INDICATOR_REFERENCE, - INDICATOR_PROVIDER, -]; - export enum ENRICHMENT_TYPES { InvestigationTime = 'investigation_time', IndicatorMatchRule = 'indicator_match_rule', @@ -61,7 +48,6 @@ export const EVENT_ENRICHMENT_INDICATOR_FIELD_MAP = { export const DEFAULT_EVENT_ENRICHMENT_FROM = 'now-30d'; export const DEFAULT_EVENT_ENRICHMENT_TO = 'now'; -export const TI_INTEGRATION_PREFIX = 'ti'; export const OTHER_TI_DATASET_KEY = '_others_ti_'; export const THREAT_PIT_KEEP_ALIVE = '5m'; diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/alerts/8.0.0/index.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/alerts/8.0.0/index.ts index e9528b77e213d..b347ffbd67ea5 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/alerts/8.0.0/index.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/alerts/8.0.0/index.ts @@ -149,13 +149,6 @@ export interface BaseFields800 { [key: string]: SearchTypes; } -// This type is used after the alert UUID is generated and stored in the _id and ALERT_UUID fields -export interface WrappedFields800 { - _id: string; - _index: string; - _source: T & { [ALERT_UUID]: string }; -} - export interface EqlBuildingBlockFields800 extends BaseFields800 { [ALERT_GROUP_ID]: string; [ALERT_GROUP_INDEX]: number; diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/common/rule_params.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/common/rule_params.ts index b9588a26bb35b..d65bce6e587ef 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/common/rule_params.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/common/rule_params.ts @@ -99,7 +99,6 @@ export const RelatedIntegrationArray = t.array(RelatedIntegration); * ecs: false, * }; */ -export type RequiredField = t.TypeOf; export const RequiredField = t.exact( t.type({ name: NonEmptyString, diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/common/schemas.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/common/schemas.ts index 392c2acb5879b..7c113bc2496dc 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/common/schemas.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/common/schemas.ts @@ -20,21 +20,14 @@ import * as t from 'io-ts'; export const author = t.array(t.string); export type Author = t.TypeOf; -export const authorOrUndefined = t.union([author, t.undefined]); -export type AuthorOrUndefined = t.TypeOf; - export const building_block_type = t.string; export type BuildingBlockType = t.TypeOf; export const buildingBlockTypeOrUndefined = t.union([building_block_type, t.undefined]); -export type BuildingBlockTypeOrUndefined = t.TypeOf; export const description = NonEmptyString; export type Description = t.TypeOf; -export const descriptionOrUndefined = t.union([description, t.undefined]); -export type DescriptionOrUndefined = t.TypeOf; - // outcome is a property of the saved object resolve api // will tell us info about the rule after 8.0 migrations export const outcome = t.union([ @@ -45,43 +38,24 @@ export const outcome = t.union([ export type Outcome = t.TypeOf; export const alias_target_id = t.string; -export type AliasTargetId = t.TypeOf; - export const alias_purpose = t.union([ t.literal('savedObjectConversion'), t.literal('savedObjectImport'), ]); -export type AliasPurpose = t.TypeOf; - export const enabled = t.boolean; export type Enabled = t.TypeOf; - -export const enabledOrUndefined = t.union([enabled, t.undefined]); -export type EnabledOrUndefined = t.TypeOf; - export const event_category_override = t.string; -export type EventCategoryOverride = t.TypeOf; - export const eventCategoryOverrideOrUndefined = t.union([event_category_override, t.undefined]); -export type EventCategoryOverrideOrUndefined = t.TypeOf; export const tiebreaker_field = t.string; -export type TiebreakerField = t.TypeOf; export const tiebreakerFieldOrUndefined = t.union([tiebreaker_field, t.undefined]); -export type TiebreakerFieldOrUndefined = t.TypeOf; export const timestamp_field = t.string; -export type TimestampField = t.TypeOf; export const timestampFieldOrUndefined = t.union([timestamp_field, t.undefined]); -export type TimestampFieldOrUndefined = t.TypeOf; export const false_positives = t.array(t.string); -export type FalsePositives = t.TypeOf; - -export const falsePositivesOrUndefined = t.union([false_positives, t.undefined]); -export type FalsePositivesOrUndefined = t.TypeOf; export const file_name = t.string; export type FileName = t.TypeOf; @@ -124,10 +98,8 @@ export const index = t.array(t.string); export type Index = t.TypeOf; export const data_view_id = t.string; -export type DataViewId = t.TypeOf; export const dataViewIdOrUndefined = t.union([data_view_id, t.undefined]); -export type DataViewIdOrUndefined = t.TypeOf; export const indexOrUndefined = t.union([index, t.undefined]); export type IndexOrUndefined = t.TypeOf; @@ -135,9 +107,6 @@ export type IndexOrUndefined = t.TypeOf; export const interval = t.string; export type Interval = t.TypeOf; -export const intervalOrUndefined = t.union([interval, t.undefined]); -export type IntervalOrUndefined = t.TypeOf; - export const query = t.string; export type Query = t.TypeOf; @@ -148,18 +117,12 @@ export const license = t.string; export type License = t.TypeOf; export const licenseOrUndefined = t.union([license, t.undefined]); -export type LicenseOrUndefined = t.TypeOf; export const objects = t.array(t.type({ rule_id })); export const output_index = t.string; -export type OutputIndex = t.TypeOf; - -export const outputIndexOrUndefined = t.union([output_index, t.undefined]); -export type OutputIndexOrUndefined = t.TypeOf; export const saved_id = t.string; -export type SavedId = t.TypeOf; export const savedIdOrUndefined = t.union([saved_id, t.undefined]); export type SavedIdOrUndefined = t.TypeOf; @@ -168,13 +131,10 @@ export const timeline_id = t.string; export type TimelineId = t.TypeOf; export const timelineIdOrUndefined = t.union([timeline_id, t.undefined]); -export type TimelineIdOrUndefined = t.TypeOf; export const timeline_title = t.string; -export type TimelineTitle = t.TypeOf; export const timelineTitleOrUndefined = t.union([timeline_title, t.undefined]); -export type TimelineTitleOrUndefined = t.TypeOf; export const timestamp_override = t.string; export type TimestampOverride = t.TypeOf; @@ -183,23 +143,13 @@ export const timestampOverrideOrUndefined = t.union([timestamp_override, t.undef export type TimestampOverrideOrUndefined = t.TypeOf; export const anomaly_threshold = PositiveInteger; -export type AnomalyThreshold = t.TypeOf; - -export const anomalyThresholdOrUndefined = t.union([anomaly_threshold, t.undefined]); -export type AnomalyThresholdOrUndefined = t.TypeOf; export const timestamp_override_fallback_disabled = t.boolean; -export type TimestampOverrideFallbackDisabled = t.TypeOf< - typeof timestamp_override_fallback_disabled ->; export const timestampOverrideFallbackDisabledOrUndefined = t.union([ timestamp_override_fallback_disabled, t.undefined, ]); -export type TimestampOverrideFallbackDisabledOrUndefined = t.TypeOf< - typeof timestampOverrideFallbackDisabledOrUndefined ->; /** * Note that this is a non-exact io-ts type as we allow extra meta information @@ -213,9 +163,6 @@ export type MetaOrUndefined = t.TypeOf; export const name = NonEmptyString; export type Name = t.TypeOf; -export const nameOrUndefined = t.union([name, t.undefined]); -export type NameOrUndefined = t.TypeOf; - export const rule_name_override = t.string; export type RuleNameOverride = t.TypeOf; @@ -231,15 +178,11 @@ export const status = t.keyof({ export type Status = t.TypeOf; export const conflicts = t.keyof({ abort: null, proceed: null }); -export type Conflicts = t.TypeOf; // TODO: Create a regular expression type or custom date math part type here export const to = t.string; export type To = t.TypeOf; -export const toOrUndefined = t.union([to, t.undefined]); -export type ToOrUndefined = t.TypeOf; - export const queryFilter = t.string; export type QueryFilter = t.TypeOf; @@ -249,9 +192,6 @@ export type QueryFilterOrUndefined = t.TypeOf; export const references = t.array(t.string); export type References = t.TypeOf; -export const referencesOrUndefined = t.union([references, t.undefined]); -export type ReferencesOrUndefined = t.TypeOf; - export const per_page = PositiveInteger; export type PerPage = t.TypeOf; @@ -285,9 +225,6 @@ export type SortOrderOrUndefined = t.TypeOf; export const tags = t.array(t.string); export type Tags = t.TypeOf; -export const tagsOrUndefined = t.union([tags, t.undefined]); -export type TagsOrUndefined = t.TypeOf; - export const fields = t.array(t.string); export type Fields = t.TypeOf; export const fieldsOrUndefined = t.union([fields, t.undefined]); @@ -299,7 +236,6 @@ export const thresholdField = t.exact( value: PositiveIntegerGreaterThanZero, }) ); -export type ThresholdField = t.TypeOf; export const thresholdFieldNormalized = t.exact( t.type({ @@ -307,7 +243,6 @@ export const thresholdFieldNormalized = t.exact( value: PositiveIntegerGreaterThanZero, }) ); -export type ThresholdFieldNormalized = t.TypeOf; export const thresholdCardinalityField = t.exact( t.type({ @@ -315,7 +250,6 @@ export const thresholdCardinalityField = t.exact( value: PositiveInteger, }) ); -export type ThresholdCardinalityField = t.TypeOf; export const threshold = t.intersection([ thresholdField, @@ -327,9 +261,6 @@ export const threshold = t.intersection([ ]); export type Threshold = t.TypeOf; -export const thresholdOrUndefined = t.union([threshold, t.undefined]); -export type ThresholdOrUndefined = t.TypeOf; - export const thresholdNormalized = t.intersection([ thresholdFieldNormalized, t.exact( @@ -340,9 +271,6 @@ export const thresholdNormalized = t.intersection([ ]); export type ThresholdNormalized = t.TypeOf; -export const thresholdNormalizedOrUndefined = t.union([thresholdNormalized, t.undefined]); -export type ThresholdNormalizedOrUndefined = t.TypeOf; - export const thresholdWithCardinality = t.intersection([ thresholdFieldNormalized, t.exact( @@ -361,11 +289,6 @@ export const updated_by = t.string; export const created_by = t.string; -export const updatedByOrNull = t.union([updated_by, t.null]); -export type UpdatedByOrNull = t.TypeOf; -export const createdByOrNull = t.union([created_by, t.null]); -export type CreatedByOrNull = t.TypeOf; - export const rules_installed = PositiveInteger; export const rules_updated = PositiveInteger; export const status_code = PositiveInteger; @@ -387,10 +310,8 @@ export const note = t.string; export type Note = t.TypeOf; export const namespaceOrUndefined = t.union([namespace, t.undefined]); -export type NamespaceOrUndefined = t.TypeOf; export const noteOrUndefined = t.union([note, t.undefined]); -export type NoteOrUndefined = t.TypeOf; export const indexRecord = t.record( t.string, @@ -414,12 +335,10 @@ export const indexRecord = t.record( write: t.boolean, }) ); -export type IndexRecord = t.TypeOf; export const indexType = t.type({ index: indexRecord, }); -export type IndexType = t.TypeOf; export const privilege = t.type({ username: t.string, @@ -478,8 +397,6 @@ export enum BulkActionEditType { 'set_timeline' = 'set_timeline', } -export const bulkActionEditType = enumeration('BulkActionEditType', BulkActionEditType); - const bulkActionEditPayloadTags = t.type({ type: t.union([ t.literal(BulkActionEditType.add_tags), diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/request/add_prepackaged_rules_schema.mock.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/request/add_prepackaged_rules_schema.mock.ts index d3ed91d19b783..841e0aa5a13da 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/request/add_prepackaged_rules_schema.mock.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/request/add_prepackaged_rules_schema.mock.ts @@ -61,19 +61,3 @@ export const getAddPrepackagedThreatMatchRulesSchemaMock = (): AddPrepackagedRul }, ], }); - -export const getAddPrepackagedThresholdRulesSchemaMock = (): AddPrepackagedRulesSchema => ({ - description: 'some description', - name: 'Query with a rule id', - query: 'user.name: root or user.name: admin', - severity: 'high', - risk_score: 55, - language: 'kuery', - rule_id: 'rule-1', - version: 1, - type: 'threshold', - threshold: { - field: ['field-1', 'field-2', 'field-3', 'field-4'], - value: 1, - }, -}); diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/request/delete_signals_migration_schema.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/request/delete_signals_migration_schema.ts index 595619cefa60a..837f34f3ec14f 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/request/delete_signals_migration_schema.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/request/delete_signals_migration_schema.ts @@ -12,5 +12,3 @@ export const deleteSignalsMigrationSchema = t.exact( migration_ids: t.array(t.string), }) ); - -export type DeleteSignalsMigrationSchema = t.TypeOf; diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/request/patch_rules_schema.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/request/patch_rules_schema.ts index 300a31b0d4b55..5f4f5a4b16891 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/request/patch_rules_schema.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/request/patch_rules_schema.ts @@ -7,16 +7,7 @@ import * as t from 'io-ts'; -import { - patchTypeSpecific, - sharedPatchSchema, - eqlPatchParams, - threatMatchPatchParams, - queryPatchParams, - savedQueryPatchParams, - thresholdPatchParams, - machineLearningPatchParams, -} from './rule_schemas'; +import { patchTypeSpecific, sharedPatchSchema, thresholdPatchParams } from './rule_schemas'; /** * All of the patch elements should default to undefined if not set @@ -24,20 +15,5 @@ import { export const patchRulesSchema = t.intersection([patchTypeSpecific, sharedPatchSchema]); export type PatchRulesSchema = t.TypeOf; -const eqlPatchSchema = t.intersection([eqlPatchParams, sharedPatchSchema]); -export type EqlPatchSchema = t.TypeOf; - -const threatMatchPatchSchema = t.intersection([threatMatchPatchParams, sharedPatchSchema]); -export type ThreatMatchPatchSchema = t.TypeOf; - -const queryPatchSchema = t.intersection([queryPatchParams, sharedPatchSchema]); -export type QueryPatchSchema = t.TypeOf; - -const savedQueryPatchSchema = t.intersection([savedQueryPatchParams, sharedPatchSchema]); -export type SavedQueryPatchSchema = t.TypeOf; - const thresholdPatchSchema = t.intersection([thresholdPatchParams, sharedPatchSchema]); export type ThresholdPatchSchema = t.TypeOf; - -const machineLearningPatchSchema = t.intersection([machineLearningPatchParams, sharedPatchSchema]); -export type MachineLearningPatchSchema = t.TypeOf; diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/request/rule_schemas.mock.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/request/rule_schemas.mock.ts index a8b127563d6aa..1daf997273253 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/request/rule_schemas.mock.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/request/rule_schemas.mock.ts @@ -12,9 +12,7 @@ import type { QueryCreateSchema, QueryUpdateSchema, SavedQueryCreateSchema, - SavedQueryUpdateSchema, ThreatMatchCreateSchema, - ThreatMatchUpdateSchema, ThresholdCreateSchema, } from './rule_schemas'; @@ -143,64 +141,6 @@ export const getUpdateRulesSchemaMock = ( id, }); -export const getUpdateSavedQuerySchemaMock = ( - id = '04128c15-0d1b-4716-a4c5-46997ac7f3bd' -): SavedQueryUpdateSchema => ({ - description: 'Detecting root and admin users', - name: 'Query with a rule id', - query: 'user.name: root or user.name: admin', - severity: 'high', - type: 'saved_query', - saved_id: 'some id', - risk_score: 55, - language: 'kuery', - id, -}); - -export const getUpdateThreatMatchSchemaMock = ( - id = '04128c15-0d1b-4716-a4c5-46997ac7f3bd' -): ThreatMatchUpdateSchema => ({ - description: 'Detecting root and admin users', - name: 'Query with a rule id', - query: 'user.name: root or user.name: admin', - severity: 'high', - type: 'threat_match', - risk_score: 55, - language: 'kuery', - id, - threat_query: '*:*', - threat_index: ['list-index'], - threat_mapping: [ - { - entries: [ - { - field: 'host.name', - value: 'host.name', - type: 'mapping', - }, - ], - }, - ], - threat_filters: [ - { - bool: { - must: [ - { - query_string: { - query: 'host.name: linux', - analyze_wildcard: true, - time_zone: 'Zulu', - }, - }, - ], - filter: [], - should: [], - must_not: [], - }, - }, - ], -}); - export const getUpdateMachineLearningSchemaMock = ( id = '04128c15-0d1b-4716-a4c5-46997ac7f3bd' ): MachineLearningUpdateSchema => ({ diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/request/rule_schemas.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/request/rule_schemas.ts index bd72a6788a568..6be7446092d4a 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/request/rule_schemas.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/request/rule_schemas.ts @@ -392,11 +392,7 @@ export const previewRulesSchema = t.intersection([ export type PreviewRulesSchema = t.TypeOf; type UpdateSchema = SharedUpdateSchema & T; -export type EqlUpdateSchema = UpdateSchema>; -export type ThreatMatchUpdateSchema = UpdateSchema>; export type QueryUpdateSchema = UpdateSchema>; -export type SavedQueryUpdateSchema = UpdateSchema>; -export type ThresholdUpdateSchema = UpdateSchema>; export type MachineLearningUpdateSchema = UpdateSchema< t.TypeOf >; @@ -417,7 +413,6 @@ export { thresholdPatchParams, machineLearningPatchParams, }; -export type PatchTypeSpecific = t.TypeOf; export type EqlPatchParams = t.TypeOf; export type ThreatMatchPatchParams = t.TypeOf; @@ -439,25 +434,6 @@ export type ResponseTypeSpecific = t.TypeOf; export const updateRulesSchema = t.intersection([createTypeSpecific, sharedUpdateSchema]); export type UpdateRulesSchema = t.TypeOf; -export const eqlFullPatchSchema = t.intersection([eqlPatchParams, sharedPatchSchema]); -export type EqlFullPatchSchema = t.TypeOf; -export const threatMatchFullPatchSchema = t.intersection([ - threatMatchPatchParams, - sharedPatchSchema, -]); -export type ThreatMatchFullPatchSchema = t.TypeOf; -export const queryFullPatchSchema = t.intersection([queryPatchParams, sharedPatchSchema]); -export type QueryFullPatchSchema = t.TypeOf; -export const savedQueryFullPatchSchema = t.intersection([savedQueryPatchParams, sharedPatchSchema]); -export type SavedQueryFullPatchSchema = t.TypeOf; -export const thresholdFullPatchSchema = t.intersection([thresholdPatchParams, sharedPatchSchema]); -export type ThresholdFullPatchSchema = t.TypeOf; -export const machineLearningFullPatchSchema = t.intersection([ - machineLearningPatchParams, - sharedPatchSchema, -]); -export type MachineLearningFullPatchSchema = t.TypeOf; - const responseRequiredFields = { id, rule_id, diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/response/export_rules_details_schema.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/response/export_rules_details_schema.ts index 00e34ca9d7326..05df728aa3f5c 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/response/export_rules_details_schema.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/response/export_rules_details_schema.ts @@ -29,9 +29,6 @@ export const exportRulesDetails = { missing_rules_count: t.number, }; -const exportRulesDetailsSchema = t.exact(t.type(exportRulesDetails)); -export type ExportRulesDetailsSchema = t.TypeOf; - // With exceptions export const exportRulesDetailsWithExceptionsSchema = createSchema( exportRulesDetails, diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/response/get_rule_execution_events_response.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/response/get_rule_execution_events_response.ts index dd1a8dd9d00ec..10be3a03814a3 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/response/get_rule_execution_events_response.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/response/get_rule_execution_events_response.ts @@ -6,15 +6,7 @@ */ import * as t from 'io-ts'; -import { aggregateRuleExecutionEvent, ruleExecutionEvent } from '../common'; - -export const GetRuleExecutionEventsResponse = t.exact( - t.type({ - events: t.array(ruleExecutionEvent), - }) -); - -export type GetRuleExecutionEventsResponse = t.TypeOf; +import { aggregateRuleExecutionEvent } from '../common'; export const GetAggregateRuleExecutionEventsResponse = t.exact( t.type({ diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_bulk_schema.mocks.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_bulk_schema.mocks.ts deleted file mode 100644 index 4ae06e4f9daab..0000000000000 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_bulk_schema.mocks.ts +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RulesBulkSchema } from './rules_bulk_schema'; -import { getRulesSchemaMock } from './rules_schema.mocks'; - -export const getRulesBulkSchemaMock = (): RulesBulkSchema => [getRulesSchemaMock()]; diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.mocks.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.mocks.ts index a99626148743a..c3fbec8a6d7b3 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.mocks.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.mocks.ts @@ -12,32 +12,6 @@ import type { RulesSchema } from './rules_schema'; export const ANCHOR_DATE = '2020-02-20T03:57:54.037Z'; -export const getPartialRulesSchemaMock = (): Partial => ({ - created_by: 'elastic', - description: 'Detecting root and admin users', - enabled: true, - false_positives: [], - from: 'now-6m', - id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', - immutable: false, - index: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'], - interval: '5m', - risk_score: 50, - rule_id: 'rule-1', - language: 'kuery', - max_signals: 100, - name: 'Detect Root/Admin Users', - output_index: '.siem-signals', - query: 'user.name: root or user.name: admin', - references: ['http://www.example.com', 'https://ww.example.com'], - severity: 'high', - updated_by: 'elastic', - tags: ['some fake tag 1', 'some fake tag 2'], - to: 'now', - type: 'query', - note: '', -}); - export const getRulesSchemaMock = (anchorDate: string = ANCHOR_DATE): RulesSchema => ({ author: [], id: '7a7065d7-6e8b-4aae-8d20-c93613dec9f9', diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.test.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.test.ts index f19cc6e6ccd70..06168a4d2bdca 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.test.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/response/rules_schema.test.ts @@ -31,8 +31,6 @@ import { } from './rules_schema.mocks'; import type { ListArray } from '@kbn/securitysolution-io-ts-list-types'; -export const ANCHOR_DATE = '2020-02-20T03:57:54.037Z'; - describe('rules_schema', () => { test('it should validate a type of "query" without anything extra', () => { const payload = getRulesSchemaMock(); diff --git a/x-pack/plugins/security_solution/common/ecs/ecs_fields/index.ts b/x-pack/plugins/security_solution/common/ecs/ecs_fields/index.ts index 1962f3a7175fa..2d19f55619535 100644 --- a/x-pack/plugins/security_solution/common/ecs/ecs_fields/index.ts +++ b/x-pack/plugins/security_solution/common/ecs/ecs_fields/index.ts @@ -7,22 +7,6 @@ import { extendMap } from './extend_map'; -export const auditdMap: Readonly> = { - 'auditd.result': 'auditd.result', - 'auditd.session': 'auditd.session', - 'auditd.data.acct': 'auditd.data.acct', - 'auditd.data.terminal': 'auditd.data.terminal', - 'auditd.data.op': 'auditd.data.op', - 'auditd.summary.actor.primary': 'auditd.summary.actor.primary', - 'auditd.summary.actor.secondary': 'auditd.summary.actor.secondary', - 'auditd.summary.object.primary': 'auditd.summary.object.primary', - 'auditd.summary.object.secondary': 'auditd.summary.object.secondary', - 'auditd.summary.object.type': 'auditd.summary.object.type', - 'auditd.summary.how': 'auditd.summary.how', - 'auditd.summary.message_type': 'auditd.summary.message_type', - 'auditd.summary.sequence': 'auditd.summary.sequence', -}; - export const cloudFieldsMap: Readonly> = { 'cloud.account.id': 'cloud.account.id', 'cloud.availability_zone': 'cloud.availability_zone', @@ -33,24 +17,6 @@ export const cloudFieldsMap: Readonly> = { 'cloud.region': 'cloud.region', }; -export const fileMap: Readonly> = { - 'file.name': 'file.name', - 'file.path': 'file.path', - 'file.target_path': 'file.target_path', - 'file.extension': 'file.extension', - 'file.type': 'file.type', - 'file.device': 'file.device', - 'file.inode': 'file.inode', - 'file.uid': 'file.uid', - 'file.owner': 'file.owner', - 'file.gid': 'file.gid', - 'file.group': 'file.group', - 'file.mode': 'file.mode', - 'file.size': 'file.size', - 'file.mtime': 'file.mtime', - 'file.ctime': 'file.ctime', -}; - export const osFieldsMap: Readonly> = { 'os.platform': 'os.platform', 'os.name': 'os.name', @@ -84,10 +50,6 @@ export const processFieldsMap: Readonly> = { 'process.working_directory': 'process.working_directory', }; -export const agentFieldsMap: Readonly> = { - 'agent.type': 'agent.type', -}; - export const userFieldsMap: Readonly> = { 'user.domain': 'user.domain', 'user.id': 'user.id', @@ -102,96 +64,6 @@ export const userFieldsMap: Readonly> = { 'user.group': 'user.group', }; -export const winlogFieldsMap: Readonly> = { - 'winlog.event_id': 'winlog.event_id', -}; - -export const suricataFieldsMap: Readonly> = { - 'suricata.eve.flow_id': 'suricata.eve.flow_id', - 'suricata.eve.proto': 'suricata.eve.proto', - 'suricata.eve.alert.signature': 'suricata.eve.alert.signature', - 'suricata.eve.alert.signature_id': 'suricata.eve.alert.signature_id', -}; - -export const tlsFieldsMap: Readonly> = { - 'tls.client_certificate.fingerprint.sha1': 'tls.client_certificate.fingerprint.sha1', - 'tls.fingerprints.ja3.hash': 'tls.fingerprints.ja3.hash', - 'tls.server_certificate.fingerprint.sha1': 'tls.server_certificate.fingerprint.sha1', -}; - -export const urlFieldsMap: Readonly> = { - 'url.original': 'url.original', - 'url.domain': 'url.domain', - 'user.username': 'user.username', - 'user.password': 'user.password', -}; - -export const httpFieldsMap: Readonly> = { - 'http.version': 'http.version', - 'http.request': 'http.request', - 'http.request.method': 'http.request.method', - 'http.request.body.bytes': 'http.request.body.bytes', - 'http.request.body.content': 'http.request.body.content', - 'http.request.referrer': 'http.request.referrer', - 'http.response.status_code': 'http.response.status_code', - 'http.response.body': 'http.response.body', - 'http.response.body.bytes': 'http.response.body.bytes', - 'http.response.body.content': 'http.response.body.content', -}; - -export const zeekFieldsMap: Readonly> = { - 'zeek.session_id': 'zeek.session_id', - 'zeek.connection.local_resp': 'zeek.connection.local_resp', - 'zeek.connection.local_orig': 'zeek.connection.local_orig', - 'zeek.connection.missed_bytes': 'zeek.connection.missed_bytes', - 'zeek.connection.state': 'zeek.connection.state', - 'zeek.connection.history': 'zeek.connection.history', - 'zeek.notice.suppress_for': 'zeek.notice.suppress_for', - 'zeek.notice.msg': 'zeek.notice.msg', - 'zeek.notice.note': 'zeek.notice.note', - 'zeek.notice.sub': 'zeek.notice.sub', - 'zeek.notice.dst': 'zeek.notice.dst', - 'zeek.notice.dropped': 'zeek.notice.dropped', - 'zeek.notice.peer_descr': 'zeek.notice.peer_descr', - 'zeek.dns.AA': 'zeek.dns.AA', - 'zeek.dns.qclass_name': 'zeek.dns.qclass_name', - 'zeek.dns.RD': 'zeek.dns.RD', - 'zeek.dns.qtype_name': 'zeek.dns.qtype_name', - 'zeek.dns.qtype': 'zeek.dns.qtype', - 'zeek.dns.query': 'zeek.dns.query', - 'zeek.dns.trans_id': 'zeek.dns.trans_id', - 'zeek.dns.qclass': 'zeek.dns.qclass', - 'zeek.dns.RA': 'zeek.dns.RA', - 'zeek.dns.TC': 'zeek.dns.TC', - 'zeek.http.resp_mime_types': 'zeek.http.resp_mime_types', - 'zeek.http.trans_depth': 'zeek.http.trans_depth', - 'zeek.http.status_msg': 'zeek.http.status_msg', - 'zeek.http.resp_fuids': 'zeek.http.resp_fuids', - 'zeek.http.tags': 'zeek.http.tags', - 'zeek.files.session_ids': 'zeek.files.session_ids', - 'zeek.files.timedout': 'zeek.files.timedout', - 'zeek.files.local_orig': 'zeek.files.local_orig', - 'zeek.files.tx_host': 'zeek.files.tx_host', - 'zeek.files.source': 'zeek.files.source', - 'zeek.files.is_orig': 'zeek.files.is_orig', - 'zeek.files.overflow_bytes': 'zeek.files.overflow_bytes', - 'zeek.files.sha1': 'zeek.files.sha1', - 'zeek.files.duration': 'zeek.files.duration', - 'zeek.files.depth': 'zeek.files.depth', - 'zeek.files.analyzers': 'zeek.files.analyzers', - 'zeek.files.mime_type': 'zeek.files.mime_type', - 'zeek.files.rx_host': 'zeek.files.rx_host', - 'zeek.files.total_bytes': 'zeek.files.total_bytes', - 'zeek.files.fuid': 'zeek.files.fuid', - 'zeek.files.seen_bytes': 'zeek.files.seen_bytes', - 'zeek.files.missing_bytes': 'zeek.files.missing_bytes', - 'zeek.files.md5': 'zeek.files.md5', - 'zeek.ssl.cipher': 'zeek.ssl.cipher', - 'zeek.ssl.established': 'zeek.ssl.established', - 'zeek.ssl.resumed': 'zeek.ssl.resumed', - 'zeek.ssl.version': 'zeek.ssl.version', -}; - export const sourceFieldsMap: Readonly> = { 'source.bytes': 'source.bytes', 'source.ip': 'source.ip', @@ -205,157 +77,3 @@ export const sourceFieldsMap: Readonly> = { 'source.geo.region_iso_code': 'source.geo.region_iso_code', 'source.geo.region_name': 'source.geo.region_name', }; - -export const destinationFieldsMap: Readonly> = { - 'destination.bytes': 'destination.bytes', - 'destination.ip': 'destination.ip', - 'destination.packets': 'destination.packets', - 'destination.port': 'destination.port', - 'destination.domain': 'destination.domain', - 'destination.geo.continent_name': 'destination.geo.continent_name', - 'destination.geo.country_name': 'destination.geo.country_name', - 'destination.geo.country_iso_code': 'destination.geo.country_iso_code', - 'destination.geo.city_name': 'destination.geo.city_name', - 'destination.geo.region_iso_code': 'destination.geo.region_iso_code', - 'destination.geo.region_name': 'destination.geo.region_name', -}; - -export const networkFieldsMap: Readonly> = { - 'network.bytes': 'network.bytes', - 'network.community_id': 'network.community_id', - 'network.direction': 'network.direction', - 'network.packets': 'network.packets', - 'network.protocol': 'network.protocol', - 'network.transport': 'network.transport', -}; - -export const geoFieldsMap: Readonly> = { - 'geo.region_name': 'destination.geo.region_name', - 'geo.country_iso_code': 'destination.geo.country_iso_code', -}; - -export const dnsFieldsMap: Readonly> = { - 'dns.question.name': 'dns.question.name', - 'dns.question.type': 'dns.question.type', - 'dns.resolved_ip': 'dns.resolved_ip', - 'dns.response_code': 'dns.response_code', -}; - -export const endgameFieldsMap: Readonly> = { - 'endgame.exit_code': 'endgame.exit_code', - 'endgame.file_name': 'endgame.file_name', - 'endgame.file_path': 'endgame.file_path', - 'endgame.logon_type': 'endgame.logon_type', - 'endgame.parent_process_name': 'endgame.parent_process_name', - 'endgame.pid': 'endgame.pid', - 'endgame.process_name': 'endgame.process_name', - 'endgame.subject_domain_name': 'endgame.subject_domain_name', - 'endgame.subject_logon_id': 'endgame.subject_logon_id', - 'endgame.subject_user_name': 'endgame.subject_user_name', - 'endgame.target_domain_name': 'endgame.target_domain_name', - 'endgame.target_logon_id': 'endgame.target_logon_id', - 'endgame.target_user_name': 'endgame.target_user_name', -}; - -export const eventBaseFieldsMap: Readonly> = { - 'event.action': 'event.action', - 'event.category': 'event.category', - 'event.code': 'event.code', - 'event.created': 'event.created', - 'event.dataset': 'event.dataset', - 'event.duration': 'event.duration', - 'event.end': 'event.end', - 'event.hash': 'event.hash', - 'event.id': 'event.id', - 'event.kind': 'event.kind', - 'event.module': 'event.module', - 'event.original': 'event.original', - 'event.outcome': 'event.outcome', - 'event.risk_score': 'event.risk_score', - 'event.risk_score_norm': 'event.risk_score_norm', - 'event.severity': 'event.severity', - 'event.start': 'event.start', - 'event.timezone': 'event.timezone', - 'event.type': 'event.type', -}; - -export const systemFieldsMap: Readonly> = { - 'system.audit.package.arch': 'system.audit.package.arch', - 'system.audit.package.entity_id': 'system.audit.package.entity_id', - 'system.audit.package.name': 'system.audit.package.name', - 'system.audit.package.size': 'system.audit.package.size', - 'system.audit.package.summary': 'system.audit.package.summary', - 'system.audit.package.version': 'system.audit.package.version', - 'system.auth.ssh.signature': 'system.auth.ssh.signature', - 'system.auth.ssh.method': 'system.auth.ssh.method', -}; - -// Is this being used? -export const signalFieldsMap: Readonly> = { - 'signal.original_time': 'signal.original_time', - 'signal.rule.id': 'signal.rule.id', - 'signal.rule.saved_id': 'signal.rule.saved_id', - 'signal.rule.timeline_id': 'signal.rule.timeline_id', - 'signal.rule.timeline_title': 'signal.rule.timeline_title', - 'signal.rule.output_index': 'signal.rule.output_index', - 'signal.rule.from': 'signal.rule.from', - 'signal.rule.index': 'signal.rule.index', - 'signal.rule.language': 'signal.rule.language', - 'signal.rule.query': 'signal.rule.query', - 'signal.rule.to': 'signal.rule.to', - 'signal.rule.filters': 'signal.rule.filters', - 'signal.rule.rule_id': 'signal.rule.rule_id', - 'signal.rule.false_positives': 'signal.rule.false_positives', - 'signal.rule.max_signals': 'signal.rule.max_signals', - 'signal.rule.risk_score': 'signal.rule.risk_score', - 'signal.rule.description': 'signal.rule.description', - 'signal.rule.name': 'signal.rule.name', - 'signal.rule.immutable': 'signal.rule.immutable', - 'signal.rule.references': 'signal.rule.references', - 'signal.rule.severity': 'signal.rule.severity', - 'signal.rule.tags': 'signal.rule.tags', - 'signal.rule.threat': 'signal.rule.threat', - 'signal.rule.type': 'signal.rule.type', - 'signal.rule.size': 'signal.rule.size', - 'signal.rule.enabled': 'signal.rule.enabled', - 'signal.rule.created_at': 'signal.rule.created_at', - 'signal.rule.updated_at': 'signal.rule.updated_at', - 'signal.rule.created_by': 'signal.rule.created_by', - 'signal.rule.updated_by': 'signal.rule.updated_by', - 'signal.rule.version': 'signal.rule.version', - 'signal.rule.note': 'signal.rule.note', - 'signal.rule.threshold': 'signal.rule.threshold', - 'signal.rule.exceptions_list': 'signal.rule.exceptions_list', -}; - -export const ruleFieldsMap: Readonly> = { - 'rule.reference': 'rule.reference', -}; - -// Is this being used? -export const eventFieldsMap: Readonly> = { - timestamp: '@timestamp', - '@timestamp': '@timestamp', - message: 'message', - ...{ ...agentFieldsMap }, - ...{ ...auditdMap }, - ...{ ...destinationFieldsMap }, - ...{ ...dnsFieldsMap }, - ...{ ...endgameFieldsMap }, - ...{ ...eventBaseFieldsMap }, - ...{ ...fileMap }, - ...{ ...geoFieldsMap }, - ...{ ...hostFieldsMap }, - ...{ ...networkFieldsMap }, - ...{ ...ruleFieldsMap }, - ...{ ...signalFieldsMap }, - ...{ ...sourceFieldsMap }, - ...{ ...suricataFieldsMap }, - ...{ ...systemFieldsMap }, - ...{ ...tlsFieldsMap }, - ...{ ...zeekFieldsMap }, - ...{ ...httpFieldsMap }, - ...{ ...userFieldsMap }, - ...{ ...winlogFieldsMap }, - ...{ ...processFieldsMap }, -}; diff --git a/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts b/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts index cc8bcabd55d94..fa876a3f97c11 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts @@ -60,14 +60,6 @@ export class EndpointActionGenerator extends BaseDataGenerator { }); } - generateIsolateAction(overrides: DeepPartial = {}): LogsEndpointAction { - return merge(this.generate({ EndpointActions: { data: { command: 'isolate' } } }), overrides); - } - - generateUnIsolateAction(overrides: DeepPartial = {}): LogsEndpointAction { - return merge(this.generate({ EndpointActions: { data: { command: 'unisolate' } } }), overrides); - } - /** Generates an endpoint action response */ generateResponse( overrides: DeepPartial = {} diff --git a/x-pack/plugins/security_solution/common/endpoint/data_generators/event_filter_generator.ts b/x-pack/plugins/security_solution/common/endpoint/data_generators/event_filter_generator.ts deleted file mode 100644 index 99683bcd11868..0000000000000 --- a/x-pack/plugins/security_solution/common/endpoint/data_generators/event_filter_generator.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { - CreateExceptionListItemSchema, - ExceptionListItemSchema, -} from '@kbn/securitysolution-io-ts-list-types'; -import { ENDPOINT_EVENT_FILTERS_LIST_ID } from '@kbn/securitysolution-list-constants'; -import { BaseDataGenerator } from './base_data_generator'; -import { ExceptionsListItemGenerator } from './exceptions_list_item_generator'; -import { BY_POLICY_ARTIFACT_TAG_PREFIX, GLOBAL_ARTIFACT_TAG } from '../service/artifacts'; - -const EFFECT_SCOPE_TYPES = [BY_POLICY_ARTIFACT_TAG_PREFIX, GLOBAL_ARTIFACT_TAG]; -export class EventFilterGenerator extends BaseDataGenerator { - generate(overrides: Partial = {}): CreateExceptionListItemSchema { - const eventFilterGenerator = new ExceptionsListItemGenerator(); - const eventFilterData: CreateExceptionListItemSchema = eventFilterGenerator.generateEventFilter( - { - name: `Generated event ${this.randomString(5)}`, - item_id: `generator_endpoint_event_filter_${this.randomUUID()}`, - list_id: ENDPOINT_EVENT_FILTERS_LIST_ID, - os_types: [this.randomOSFamily()] as CreateExceptionListItemSchema['os_types'], - tags: [this.randomChoice(EFFECT_SCOPE_TYPES)], - _version: undefined, - created_at: undefined, - created_by: undefined, - id: undefined, - tie_breaker_id: undefined, - updated_at: undefined, - updated_by: undefined, - ...overrides, - } - ); - - return eventFilterData; - } -} diff --git a/x-pack/plugins/security_solution/common/endpoint/models/event.ts b/x-pack/plugins/security_solution/common/endpoint/models/event.ts index c7725afe8ab89..988d20f2101bc 100644 --- a/x-pack/plugins/security_solution/common/endpoint/models/event.ts +++ b/x-pack/plugins/security_solution/common/endpoint/models/event.ts @@ -205,34 +205,6 @@ export function winlogRecordID(event: WinlogEvent): undefined | string { return firstNonNullValue(event.winlog?.record_id); } -/** - * Minimum fields needed from the `SafeResolverEvent` type for the function below to operate correctly. - */ -type EventSequenceFields = Partial< - | { - endgame: Partial<{ - serial_event_id: ECSField; - }>; - } - | { - event: Partial<{ - sequence: ECSField; - }>; - } ->; - -/** - * Extract the first non null event sequence value from a document. Returns undefined if the field doesn't exist in the document. - * - * @param event a document from ES - */ -export function eventSequence(event: EventSequenceFields): number | undefined { - if (isLegacyEventSafeVersion(event)) { - return firstNonNullValue(event.endgame?.serial_event_id); - } - return firstNonNullValue(event.event?.sequence); -} - /** * The event.id ECS field. */ @@ -284,16 +256,6 @@ export function entityIDSafeVersion(event: EntityIDFields): string | undefined { } } -/** - * The process.parent.entity_id ECS field. - */ -export function parentEntityId(event: ResolverEvent): string | undefined { - if (isLegacyEvent(event)) { - return event.endgame.unique_ppid ? String(event.endgame.unique_ppid) : undefined; - } - return event.process.parent?.entity_id; -} - /** * Minimum fields needed from the `SafeResolverEvent` type for the function below to operate correctly. */ diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/common.ts b/x-pack/plugins/security_solution/common/endpoint/schema/common.ts index 0aff91aafa599..102563c276b0f 100644 --- a/x-pack/plugins/security_solution/common/endpoint/schema/common.ts +++ b/x-pack/plugins/security_solution/common/endpoint/schema/common.ts @@ -17,7 +17,6 @@ export const compressionAlgorithmDispatch = t.keyof({ zlib: null, none: null, }); -export type CompressionAlgorithmDispatch = t.TypeOf; export const encryptionAlgorithm = t.keyof({ none: null, diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/manifest.ts b/x-pack/plugins/security_solution/common/endpoint/schema/manifest.ts index d5b10fbd82975..c8c91a788116c 100644 --- a/x-pack/plugins/security_solution/common/endpoint/schema/manifest.ts +++ b/x-pack/plugins/security_solution/common/endpoint/schema/manifest.ts @@ -47,7 +47,6 @@ export const manifestEntryDispatchSchema = t.intersection([ }) ), ]); -export type ManifestEntryDispatchSchema = t.TypeOf; export const manifestBaseSchema = t.exact( t.type({ @@ -74,4 +73,3 @@ export const manifestDispatchSchema = t.intersection([ }) ), ]); -export type ManifestDispatchSchema = t.TypeOf; diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts index 0f08c221de91a..4b0a1ee2157de 100644 --- a/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts +++ b/x-pack/plugins/security_solution/common/endpoint/schema/trusted_apps.ts @@ -10,18 +10,6 @@ import { ConditionEntryField, OperatingSystem } from '@kbn/securitysolution-util import type { TrustedAppConditionEntry } from '../types'; import { getDuplicateFields, isValidHash } from '../service/artifacts/validations'; -export const DeleteTrustedAppsRequestSchema = { - params: schema.object({ - id: schema.string(), - }), -}; - -export const GetOneTrustedAppRequestSchema = { - params: schema.object({ - id: schema.string(), - }), -}; - export const GetTrustedAppsRequestSchema = { query: schema.object({ page: schema.maybe(schema.number({ defaultValue: 1, min: 1 })), diff --git a/x-pack/plugins/security_solution/common/endpoint/service/trusted_apps/to_update_trusted_app.ts b/x-pack/plugins/security_solution/common/endpoint/service/trusted_apps/to_update_trusted_app.ts deleted file mode 100644 index b27467ca05141..0000000000000 --- a/x-pack/plugins/security_solution/common/endpoint/service/trusted_apps/to_update_trusted_app.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { MaybeImmutable, NewTrustedApp, UpdateTrustedApp } from '../../types'; - -const NEW_TRUSTED_APP_KEYS: Array = [ - 'name', - 'effectScope', - 'entries', - 'description', - 'os', - 'version', -]; - -export const toUpdateTrustedApp = ( - trustedApp: MaybeImmutable -): UpdateTrustedApp => { - const trustedAppForUpdate: UpdateTrustedApp = {} as UpdateTrustedApp; - - for (const key of NEW_TRUSTED_APP_KEYS) { - // This should be safe. Its needed due to the inter-dependency on property values (`os` <=> `entries`) - // @ts-expect-error - trustedAppForUpdate[key] = trustedApp[key]; - } - return trustedAppForUpdate; -}; diff --git a/x-pack/plugins/security_solution/common/endpoint/types/trusted_apps.ts b/x-pack/plugins/security_solution/common/endpoint/types/trusted_apps.ts index 6ec47e24486ec..dd97ad02dcb96 100644 --- a/x-pack/plugins/security_solution/common/endpoint/types/trusted_apps.ts +++ b/x-pack/plugins/security_solution/common/endpoint/types/trusted_apps.ts @@ -11,31 +11,8 @@ import type { OperatingSystem, TrustedAppEntryTypes, } from '@kbn/securitysolution-utils'; -import type { - DeleteTrustedAppsRequestSchema, - GetOneTrustedAppRequestSchema, - GetTrustedAppsRequestSchema, - PostTrustedAppCreateRequestSchema, - PutTrustedAppUpdateRequestSchema, - GetTrustedAppsSummaryRequestSchema, -} from '../schema/trusted_apps'; +import type { PutTrustedAppUpdateRequestSchema } from '../schema/trusted_apps'; import type { ConditionEntry } from './exception_list_items'; - -/** API request params for deleting Trusted App entry */ -export type DeleteTrustedAppsRequestParams = TypeOf; - -export type GetOneTrustedAppRequestParams = TypeOf; - -export interface GetOneTrustedAppResponse { - data: TrustedApp; -} - -/** API request params for retrieving a list of Trusted Apps */ -export type GetTrustedAppsListRequest = TypeOf; - -/** API request params for retrieving summary of Trusted Apps */ -export type GetTrustedAppsSummaryRequest = TypeOf; - export interface GetTrustedAppsListResponse { per_page: number; page: number; @@ -43,34 +20,9 @@ export interface GetTrustedAppsListResponse { data: TrustedApp[]; } -/* - * API Request body for creating a new Trusted App entry - * As this is an inferred type and the schema type doesn't match at all with the - * NewTrustedApp type it needs and overwrite from the MacosLinux/Windows custom types - */ -export type PostTrustedAppCreateRequest = TypeOf & - (MacosLinuxConditionEntries | WindowsConditionEntries); - -export interface PostTrustedAppCreateResponse { - data: TrustedApp; -} - /** API request params for updating a Trusted App */ export type PutTrustedAppsRequestParams = TypeOf; -/** API Request body for Updating a new Trusted App entry */ -export type PutTrustedAppUpdateRequest = TypeOf & - (MacosLinuxConditionEntries | WindowsConditionEntries); - -export type PutTrustedAppUpdateResponse = PostTrustedAppCreateResponse; - -export interface GetTrustedAppsSummaryResponse { - total: number; - windows: number; - macos: number; - linux: number; -} - export enum OperatorFieldIds { is = 'is', matches = 'matches', @@ -120,11 +72,6 @@ export type NewTrustedApp = { effectScope: EffectScope; } & (MacosLinuxConditionEntries | WindowsConditionEntries); -/** An Update to a Trusted App Entry */ -export type UpdateTrustedApp = NewTrustedApp & { - version?: string; -}; - /** A trusted app entry */ export type TrustedApp = NewTrustedApp & { version: string; diff --git a/x-pack/plugins/security_solution/common/field_maps/field_names.ts b/x-pack/plugins/security_solution/common/field_maps/field_names.ts index ce2a78dc31e60..5c85b278508f9 100644 --- a/x-pack/plugins/security_solution/common/field_maps/field_names.ts +++ b/x-pack/plugins/security_solution/common/field_maps/field_names.ts @@ -14,18 +14,13 @@ export const ALERT_GROUP_ID = `${ALERT_NAMESPACE}.group.id` as const; export const ALERT_GROUP_INDEX = `${ALERT_NAMESPACE}.group.index` as const; export const ALERT_ORIGINAL_TIME = `${ALERT_NAMESPACE}.original_time` as const; export const ALERT_THRESHOLD_RESULT = `${ALERT_NAMESPACE}.threshold_result` as const; -export const ALERT_THRESHOLD_RESULT_CARDINALITY = `${ALERT_THRESHOLD_RESULT}.cardinality` as const; export const ALERT_THRESHOLD_RESULT_COUNT = `${ALERT_THRESHOLD_RESULT}.count` as const; -export const ALERT_THRESHOLD_RESULT_FROM = `${ALERT_THRESHOLD_RESULT}.from` as const; -export const ALERT_THRESHOLD_RESULT_TERMS = `${ALERT_THRESHOLD_RESULT}.terms` as const; export const ALERT_ORIGINAL_EVENT = `${ALERT_NAMESPACE}.original_event` as const; export const ALERT_ORIGINAL_EVENT_ACTION = `${ALERT_ORIGINAL_EVENT}.action` as const; export const ALERT_ORIGINAL_EVENT_CATEGORY = `${ALERT_ORIGINAL_EVENT}.category` as const; -export const ALERT_ORIGINAL_EVENT_DATASET = `${ALERT_ORIGINAL_EVENT}.dataset` as const; export const ALERT_ORIGINAL_EVENT_KIND = `${ALERT_ORIGINAL_EVENT}.kind` as const; export const ALERT_ORIGINAL_EVENT_MODULE = `${ALERT_ORIGINAL_EVENT}.module` as const; -export const ALERT_ORIGINAL_EVENT_TYPE = `${ALERT_ORIGINAL_EVENT}.type` as const; export const ALERT_RULE_ACTIONS = `${ALERT_RULE_NAMESPACE}.actions` as const; export const ALERT_RULE_EXCEPTIONS_LIST = `${ALERT_RULE_NAMESPACE}.exceptions_list` as const; @@ -36,8 +31,6 @@ export const ALERT_RULE_META = `${ALERT_RULE_NAMESPACE}.meta` as const; export const ALERT_RULE_RISK_SCORE_MAPPING = `${ALERT_RULE_NAMESPACE}.risk_score_mapping` as const; export const ALERT_RULE_SEVERITY_MAPPING = `${ALERT_RULE_NAMESPACE}.severity_mapping` as const; export const ALERT_RULE_THREAT = `${ALERT_RULE_NAMESPACE}.threat` as const; -export const ALERT_RULE_THRESHOLD = `${ALERT_RULE_NAMESPACE}.threshold` as const; -export const ALERT_RULE_THRESHOLD_FIELD = `${ALERT_RULE_THRESHOLD}.field` as const; export const ALERT_RULE_THROTTLE = `${ALERT_RULE_NAMESPACE}.throttle` as const; export const ALERT_RULE_TIMELINE_ID = `${ALERT_RULE_NAMESPACE}.timeline_id` as const; export const ALERT_RULE_TIMELINE_TITLE = `${ALERT_RULE_NAMESPACE}.timeline_title` as const; diff --git a/x-pack/plugins/security_solution/common/search_strategy/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/common/index.ts index 1cbe165e9f0d9..87165a1277708 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/common/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/common/index.ts @@ -25,20 +25,6 @@ export interface PageInfoPaginated { fakeTotalCount: number; showMorePagesIndicator: boolean; } -export interface PaginationInput { - /** The limit parameter allows you to configure the maximum amount of items to be returned */ - limit: number; - /** The cursor parameter defines the next result you want to fetch */ - cursor?: Maybe; - /** The tiebreaker parameter allow to be more precise to fetch the next item */ - tiebreaker?: Maybe; -} - -export interface Explanation { - value: number; - description: string; - details: Explanation[]; -} export interface ShardsResponse { total: number; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts index df454c19d52b2..4754b4c17a958 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/cti/index.mock.ts @@ -8,11 +8,7 @@ // eslint-disable-next-line @kbn/eslint/no-restricted-paths import type { IEsSearchResponse } from '@kbn/data-plugin/public'; -import type { - CtiEnrichment, - CtiEventEnrichmentRequestOptions, - CtiEventEnrichmentStrategyResponse, -} from '.'; +import type { CtiEnrichment, CtiEventEnrichmentRequestOptions } from '.'; import { CtiQueries } from '.'; export const buildEventEnrichmentRequestOptionsMock = ( @@ -150,13 +146,3 @@ export const buildEventEnrichmentMock = ( 'threat.indicator.type': ['file'], ...overrides, }); - -export const buildEventEnrichmentResponseMock = ( - overrides: Partial = {} -): CtiEventEnrichmentStrategyResponse => ({ - ...buildEventEnrichmentRawResponseMock(), - enrichments: [buildEventEnrichmentMock()], - inspect: { dsl: ['{"mocked": "json"}'] }, - totalCount: 0, - ...overrides, -}); diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts index 8b951d0a007b6..ab2c2d4d7c948 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts @@ -104,18 +104,6 @@ export interface HostAggEsItem { os?: HostOsHitsItem; } -export interface HostEsData extends SearchHit { - sort: string[]; - aggregations: { - host_count: { - value: number; - }; - host_data: { - buckets: HostAggEsItem[]; - }; - }; -} - export interface HostAggEsData extends SearchHit { sort: string[]; aggregations: HostAggEsItem; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts index df072319ec5c4..43d3d8722e797 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts @@ -58,12 +58,7 @@ import type { MatrixHistogramRequestOptions, MatrixHistogramStrategyResponse, } from './matrix_histogram'; -import type { - TimerangeInput, - SortField, - PaginationInput, - PaginationInputPaginated, -} from '../common'; +import type { TimerangeInput, SortField, PaginationInputPaginated } from '../common'; import type { CtiEventEnrichmentRequestOptions, CtiEventEnrichmentStrategyResponse, @@ -131,11 +126,6 @@ export interface RequestBasicOptions extends IEsSearchRequest { /** A mapping of semantic fields to their document counterparts */ -export interface RequestOptions extends RequestBasicOptions { - pagination: PaginationInput; - sort: SortField; -} - export interface RequestOptionsPaginated extends RequestBasicOptions { pagination: PaginationInputPaginated; sort: SortField; @@ -265,11 +255,6 @@ export type StrategyRequestType = T extends HostsQu ? KpiRiskScoreRequestOptions : never; -export interface DocValueFieldsInput { - field: string; - - format: string; -} export interface CommonFields { '@timestamp'?: string[]; } diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/anomalies/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/anomalies/index.ts index d5ce3ebe89538..d2eb1282ac880 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/anomalies/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/anomalies/index.ts @@ -5,8 +5,6 @@ * 2.0. */ -import type { SearchHit } from '../../../common'; - interface AnomaliesOverTimeHistogramData { key_as_string: string; key: number; @@ -20,15 +18,3 @@ export interface AnomaliesActionGroupData { }; doc_count: number; } - -export interface AnomalySource { - [field: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any -} - -export interface AnomalyHit extends SearchHit { - sort: string[]; - _source: AnomalySource; - aggregations: { - [agg: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any - }; -} diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts index 65c83902403ef..882cbd1717f83 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/matrix_histogram/index.ts @@ -8,12 +8,12 @@ import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, Maybe, TimerangeInput } from '../../common'; -import type { AuthenticationHit, RequestBasicOptions } from '..'; +import type { RequestBasicOptions } from '..'; import type { AlertsGroupData } from './alerts'; -import type { AnomaliesActionGroupData, AnomalyHit } from './anomalies'; +import type { AnomaliesActionGroupData } from './anomalies'; import type { DnsHistogramGroupData } from './dns'; import type { AuthenticationsActionGroupData } from './authentications'; -import type { EventsActionGroupData, EventHit } from './events'; +import type { EventsActionGroupData } from './events'; import type { PreviewHistogramGroupData } from './preview'; export * from './alerts'; @@ -102,18 +102,6 @@ export type MatrixHistogramParseData = T extends MatrixHistogramType.alerts ? PreviewHistogramGroupData[] : never; -export type MatrixHistogramHit = T extends - | MatrixHistogramType.alerts - | MatrixHistogramType.dns - | MatrixHistogramType.events - | MatrixHistogramType.preview - ? EventHit - : T extends MatrixHistogramType.anomalies - ? AnomalyHit - : T extends MatrixHistogramType.authentications - ? AuthenticationHit - : never; - export type MatrixHistogramDataConfig = Record< MatrixHistogramType, MatrixHistogramSchema diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/details/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/details/index.ts index a516bc9525e1c..3e8fd20217656 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/details/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/details/index.ts @@ -82,29 +82,3 @@ export interface NetworkHit { value_as_string: string; }; } - -export type NetworkDetailsHostHit = ResultHit; - -export interface NetworkDetailsHit { - aggregations: { - destination?: NetworkHit; - source?: NetworkHit; - host: ResultHit; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - total: { - value: number; - relation: string; - }; - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/authentications/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/authentications/index.ts index 2eb7676f3552a..27bd722ce14dc 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/authentications/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/kpi/authentications/index.ts @@ -9,10 +9,6 @@ import type { IEsSearchResponse } from '@kbn/data-plugin/common'; import type { Inspect, Maybe } from '../../../../common'; import type { KpiHistogramData, RequestBasicOptions } from '../../..'; -export interface UsersKpiAuthenticationsHistogramCount { - doc_count: number; -} - export type UsersKpiAuthenticationsRequestOptions = RequestBasicOptions; export interface UsersKpiAuthenticationsStrategyResponse extends IEsSearchResponse { diff --git a/x-pack/plugins/security_solution/common/search_strategy/timeline/index.ts b/x-pack/plugins/security_solution/common/search_strategy/timeline/index.ts index 871c24dc668d1..d6afa76b51cb9 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/timeline/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/timeline/index.ts @@ -5,26 +5,7 @@ * 2.0. */ -import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import type { IEsSearchRequest } from '@kbn/data-plugin/common'; -import type { ESQuery } from '../../typed_json'; -import type { - TimelineEventsQueries, - TimelineEventsAllRequestOptions, - TimelineEventsAllStrategyResponse, - TimelineEventsDetailsRequestOptions, - TimelineEventsDetailsStrategyResponse, - TimelineEventsLastEventTimeRequestOptions, - TimelineEventsLastEventTimeStrategyResponse, - TimelineKpiStrategyResponse, -} from './events'; -import type { - DocValueFields, - PaginationInputPaginated, - TimerangeInput, - SortField, - Maybe, -} from '../common'; +import type { SortField, Maybe } from '../common'; import type { DataProviderType, TimelineType, @@ -34,50 +15,11 @@ import type { export * from './events'; -export type TimelineFactoryQueryTypes = TimelineEventsQueries; - -export interface TimelineRequestBasicOptions extends IEsSearchRequest { - timerange: TimerangeInput; - filterQuery: ESQuery | string | undefined; - defaultIndex: string[]; - docValueFields?: DocValueFields[]; - factoryQueryType?: TimelineFactoryQueryTypes; - runtimeMappings: MappingRuntimeFields; -} - export interface TimelineRequestSortField extends SortField { type: string; esTypes: string[]; } -export interface TimelineRequestOptionsPaginated - extends TimelineRequestBasicOptions { - pagination: Pick; - sort: Array>; -} - -export type TimelineStrategyResponseType = - T extends TimelineEventsQueries.all - ? TimelineEventsAllStrategyResponse - : T extends TimelineEventsQueries.details - ? TimelineEventsDetailsStrategyResponse - : T extends TimelineEventsQueries.kpi - ? TimelineKpiStrategyResponse - : T extends TimelineEventsQueries.lastEventTime - ? TimelineEventsLastEventTimeStrategyResponse - : never; - -export type TimelineStrategyRequestType = - T extends TimelineEventsQueries.all - ? TimelineEventsAllRequestOptions - : T extends TimelineEventsQueries.details - ? TimelineEventsDetailsRequestOptions - : T extends TimelineEventsQueries.kpi - ? TimelineRequestBasicOptions - : T extends TimelineEventsQueries.lastEventTime - ? TimelineEventsLastEventTimeRequestOptions - : never; - export interface ColumnHeaderInput { aggregatable?: Maybe; category?: Maybe; diff --git a/x-pack/plugins/security_solution/common/types/timeline/index.ts b/x-pack/plugins/security_solution/common/types/timeline/index.ts index 2e9a735546f6b..223ec4d24cf00 100644 --- a/x-pack/plugins/security_solution/common/types/timeline/index.ts +++ b/x-pack/plugins/security_solution/common/types/timeline/index.ts @@ -11,7 +11,7 @@ import { PositiveInteger } from '@kbn/securitysolution-io-ts-types'; import { stringEnum, unionWithNullType } from '../../utility_types'; import type { NoteResult, NoteSavedObject } from './note'; import { NoteSavedObjectToReturnRuntimeType } from './note'; -import type { PinnedEventSavedObject, PinnedEvent } from './pinned_event'; +import type { PinnedEvent } from './pinned_event'; import { PinnedEventToReturnSavedObjectRuntimeType } from './pinned_event'; import { alias_purpose as savedObjectResolveAliasPurpose, @@ -200,7 +200,6 @@ export const TimelineStatusLiteralRt = runtimeTypes.union([ const TimelineStatusLiteralWithNullRt = unionWithNullType(TimelineStatusLiteralRt); -export type TimelineStatusLiteral = runtimeTypes.TypeOf; export type TimelineStatusLiteralWithNull = runtimeTypes.TypeOf< typeof TimelineStatusLiteralWithNullRt >; @@ -300,8 +299,6 @@ export type SavedTimeline = runtimeTypes.TypeOf export type SavedTimelineWithSavedObjectId = SavedTimeline & { savedObjectId?: string | null }; -export type SavedTimelineNote = runtimeTypes.TypeOf; - /** * This type represents a timeline type stored in a saved object that does not include any fields that reference * other saved objects. @@ -422,17 +419,6 @@ export const TimelineErrorResponseType = runtimeTypes.type({ export type TimelineErrorResponse = runtimeTypes.TypeOf; export type TimelineResponse = runtimeTypes.TypeOf; -/** - * All Timeline Saved object type with metadata - */ - -export const AllTimelineSavedObjectRuntimeType = runtimeTypes.type({ - total: runtimeTypes.number, - data: TimelineSavedToReturnObjectRuntimeType, -}); - -export type AllTimelineSavedObject = runtimeTypes.TypeOf; - /** * Import/export timelines */ @@ -455,16 +441,6 @@ export interface ExportTimelineNotFoundError { message: string; } -export interface BulkGetInput { - type: string; - id: string; -} - -export type NotesAndPinnedEventsByTimelineId = Record< - string, - { notes: NoteSavedObject[]; pinnedEvents: PinnedEventSavedObject[] } ->; - export const importTimelineResultSchema = runtimeTypes.exact( runtimeTypes.type({ success, diff --git a/x-pack/plugins/security_solution/cypress/objects/case.ts b/x-pack/plugins/security_solution/cypress/objects/case.ts index e274922044fb5..f174c80874240 100644 --- a/x-pack/plugins/security_solution/cypress/objects/case.ts +++ b/x-pack/plugins/security_solution/cypress/objects/case.ts @@ -94,8 +94,6 @@ export const getIbmResilientConnectorOptions = (): IbmResilientConnectorOptions incidentTypes: ['Communication error (fax; email)', 'Denial of Service'], }); -export const TIMELINE_CASE_ID = '68248e00-f689-11ea-9ab2-59238b522856'; - export const getConnectorIds = () => ({ jira: '000e5f86-08b0-4882-adfd-6df981d45c1b', sn: '93a69ba3-3c31-4b4c-bf86-cc79a090f437', diff --git a/x-pack/plugins/security_solution/cypress/objects/rule.ts b/x-pack/plugins/security_solution/cypress/objects/rule.ts index 4ed06d9b25151..864c2aec57210 100644 --- a/x-pack/plugins/security_solution/cypress/objects/rule.ts +++ b/x-pack/plugins/security_solution/cypress/objects/rule.ts @@ -14,10 +14,6 @@ import { getTimeline, getIndicatorMatchTimelineTemplate } from './timeline'; export const totalNumberOfPrebuiltRules = rawRules.length; -export const totalNumberOfPrebuiltRulesInEsArchive = 127; - -export const totalNumberOfPrebuiltRulesInEsArchiveCustomRule = 145; - const ccsRemoteName: string = Cypress.env('CCS_REMOTE_NAME'); interface MitreAttackTechnique { diff --git a/x-pack/plugins/security_solution/cypress/objects/timeline.ts b/x-pack/plugins/security_solution/cypress/objects/timeline.ts index e4efc5bf0ea6a..86ac59950e5fb 100644 --- a/x-pack/plugins/security_solution/cypress/objects/timeline.ts +++ b/x-pack/plugins/security_solution/cypress/objects/timeline.ts @@ -74,13 +74,6 @@ export const getTimelineNonValidQuery = (): CompleteTimeline => ({ query: 'query_to_intentionally_find_nothing: *', }); -export const caseTimeline = (): Timeline => ({ - title: 'SIEM test', - description: 'description', - query: 'host.name: *', - id: '0162c130-78be-11ea-9718-118a926974a4', -}); - export const expectedExportedTimelineTemplate = ( templateResponse: Cypress.Response ) => { diff --git a/x-pack/plugins/security_solution/cypress/screens/alerts.ts b/x-pack/plugins/security_solution/cypress/screens/alerts.ts index 913ef6bd724b4..8d484bf0111d1 100644 --- a/x-pack/plugins/security_solution/cypress/screens/alerts.ts +++ b/x-pack/plugins/security_solution/cypress/screens/alerts.ts @@ -14,9 +14,6 @@ export const ALERT_CHECKBOX = '[data-test-subj~="select-event"].euiCheckbox__inp export const ALERT_GRID_CELL = '[data-test-subj="dataGridRowCell"]'; -export const ALERT_RISK_SCORE_HEADER = - '[data-test-subj="dataGridHeaderCell-kibana.alert.risk_score"]'; - export const ALERT_RULE_NAME = '[data-test-subj="formatted-field-kibana.alert.rule.name"]'; export const ALERT_RISK_SCORE = '[data-test-subj="formatted-field-kibana.alert.risk_score"]'; diff --git a/x-pack/plugins/security_solution/cypress/screens/alerts_details.ts b/x-pack/plugins/security_solution/cypress/screens/alerts_details.ts index bba46731d4d53..16f4ec4e7e6ef 100644 --- a/x-pack/plugins/security_solution/cypress/screens/alerts_details.ts +++ b/x-pack/plugins/security_solution/cypress/screens/alerts_details.ts @@ -28,16 +28,10 @@ export const INDICATOR_MATCH_ENRICHMENT_SECTION = '[data-test-subj="threat-match export const INVESTIGATION_TIME_ENRICHMENT_SECTION = '[data-test-subj="enriched-with-threat-intel"]'; -export const JSON_VIEW_WRAPPER = '[data-test-subj="jsonViewWrapper"]'; - -export const JSON_LINES = '.euiCodeBlock__line'; - export const JSON_VIEW_TAB = '[data-test-subj="jsonViewTab"]'; export const JSON_TEXT = '[data-test-subj="jsonView"]'; -export const OVERVIEW_HOST_NAME = '[data-test-subj="event-field-host.name"]'; - export const OVERVIEW_RISK_SCORE = '[data-test-subj="eventDetails"] [data-test-subj="riskScore"]'; export const OVERVIEW_RULE = '[data-test-subj="eventDetails"] [data-test-subj="ruleName"]'; @@ -48,12 +42,6 @@ export const OVERVIEW_SEVERITY = '[data-test-subj="eventDetails"] [data-test-sub export const OVERVIEW_STATUS = '[data-test-subj="eventDetails"] [data-test-subj="alertStatus"]'; -export const OVERVIEW_THRESHOLD_COUNT = - '[data-test-subj="eventDetails"] [data-test-subj^=formatted][data-test-subj$=threshold_result\\.count]'; - -export const OVERVIEW_THRESHOLD_VALUE = - '[data-test-subj="eventDetails"] [data-test-subj="formatted-field-kibana.alert.threshold_result.terms.field"]'; - export const SUMMARY_VIEW = '[data-test-subj="summary-view"]'; export const TABLE_CELL = '.euiTableRowCell'; diff --git a/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts b/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts index 096e64cae45d2..7eb9b6262a054 100644 --- a/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts +++ b/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts @@ -102,8 +102,6 @@ export const MODAL_CONFIRMATION_BODY = '[data-test-subj="confirmModalBodyText"]' export const RULE_DETAILS_DELETE_BTN = '[data-test-subj="rules-details-delete-rule"]'; -export const ALERT_DETAILS_CELLS = '[data-test-subj="dataGridRowCell"]'; - export const SERVER_SIDE_EVENT_COUNT = '[data-test-subj="server-side-event-count"]'; export const SELECT_ALL_RULES_ON_PAGE_CHECKBOX = '[data-test-subj="checkboxSelectAll"]'; diff --git a/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts b/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts index bb87a0fe12620..7df37c218cb86 100644 --- a/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts +++ b/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts @@ -97,8 +97,6 @@ export const DEFINE_CONTINUE_BUTTON = '[data-test-subj="define-continue"]'; export const DEFINE_EDIT_BUTTON = '[data-test-subj="edit-define-rule"]'; -export const DEFINE_EDIT_TAB = '[data-test-subj="edit-rule-define-tab"]'; - export const DEFINE_INDEX_INPUT = '[data-test-subj="detectionEngineStepDefineRuleIndices"] [data-test-subj="input"]'; @@ -160,9 +158,6 @@ export const REFRESH_BUTTON = '[data-test-subj="refreshButton"]'; export const DEFAULT_RISK_SCORE_INPUT = '[data-test-subj="detectionEngineStepAboutRuleRiskScore-defaultRiskRange"].euiRangeInput'; -export const DEFAULT_RISK_SCORE_SLIDER = - '[data-test-subj="detectionEngineStepAboutRuleRiskScore-defaultRiskRange"].euiRangeSlider'; - export const RISK_MAPPING_OVERRIDE_OPTION = '#risk_score-mapping-override'; export const RISK_OVERRIDE = diff --git a/x-pack/plugins/security_solution/cypress/screens/edit_rule.ts b/x-pack/plugins/security_solution/cypress/screens/edit_rule.ts index 73f3640071251..7e67139fdbbe0 100644 --- a/x-pack/plugins/security_solution/cypress/screens/edit_rule.ts +++ b/x-pack/plugins/security_solution/cypress/screens/edit_rule.ts @@ -7,4 +7,3 @@ export const EDIT_SUBMIT_BUTTON = '[data-test-subj="ruleEditSubmitButton"]'; export const BACK_TO_RULE_DETAILS = '[data-test-subj="ruleEditBackToRuleDetails"]'; -export const KIBANA_LOADING_COMPLETE_INDICATOR = '[data-test-subj="globalLoadingIndicator-hidden"]'; diff --git a/x-pack/plugins/security_solution/cypress/screens/exceptions.ts b/x-pack/plugins/security_solution/cypress/screens/exceptions.ts index 4a98d59bc5a0f..a02a318bfb307 100644 --- a/x-pack/plugins/security_solution/cypress/screens/exceptions.ts +++ b/x-pack/plugins/security_solution/cypress/screens/exceptions.ts @@ -15,8 +15,6 @@ export const CONFIRM_BTN = '[data-test-subj="add-exception-confirm-button"]'; export const FIELD_INPUT = '[data-test-subj="fieldAutocompleteComboBox"] [data-test-subj="comboBoxInput"]'; -export const FIELD_INPUT_RESULT = '.euiFilterSelectItem'; - export const LOADING_SPINNER = '[data-test-subj="loading-spinner"]'; export const OPERATOR_INPUT = '[data-test-subj="operatorAutocompleteComboBox"]'; @@ -37,8 +35,6 @@ export const ENTRY_DELETE_BTN = '[data-test-subj="builderItemEntryDeleteButton"] export const CANCEL_BTN = '[data-test-subj="cancelExceptionAddButton"]'; -export const BUILDER_FLYOUT_BODY = '[data-test-subj="exceptionsBuilderWrapper"]'; - export const EXCEPTIONS_TABLE = '[data-test-subj="exceptions-table"]'; export const EXCEPTIONS_TABLE_SEARCH = '[data-test-subj="exceptionsHeaderSearchInput"]'; diff --git a/x-pack/plugins/security_solution/cypress/screens/fields_browser.ts b/x-pack/plugins/security_solution/cypress/screens/fields_browser.ts index a9898f73207d7..a7616e1792a65 100644 --- a/x-pack/plugins/security_solution/cypress/screens/fields_browser.ts +++ b/x-pack/plugins/security_solution/cypress/screens/fields_browser.ts @@ -40,7 +40,6 @@ export const FIELDS_BROWSER_MESSAGE_HEADER = export const FIELDS_BROWSER_RESET_FIELDS = `${FIELDS_BROWSER_CONTAINER} [data-test-subj="reset-fields"]`; export const FIELDS_BROWSER_CATEGORIES_FILTER_BUTTON = `${FIELDS_BROWSER_CONTAINER} [data-test-subj="categories-filter-button"]`; -export const FIELDS_BROWSER_SELECTED_CATEGORY_COUNT = `${FIELDS_BROWSER_CATEGORIES_FILTER_BUTTON} span.euiNotificationBadge`; export const FIELDS_BROWSER_CATEGORIES_COUNT = `${FIELDS_BROWSER_CATEGORIES_FILTER_BUTTON} span.euiNotificationBadge`; export const FIELDS_BROWSER_SELECTED_CATEGORIES_BADGES = `${FIELDS_BROWSER_CONTAINER} [data-test-subj="category-badges"]`; @@ -56,5 +55,3 @@ export const FIELDS_BROWSER_CATEGORY_FILTER_OPTION = (id: string) => { const idAttr = id.replace(/\s/g, ''); return `${FIELDS_BROWSER_CATEGORIES_FILTER_CONTAINER} [data-test-subj="categories-selector-option-${idAttr}"]`; }; - -export const FIELDS_BROWSER_SYSTEM_CATEGORIES_COUNT = `${FIELDS_BROWSER_CONTAINER} [data-test-subj="system-category-count"]`; diff --git a/x-pack/plugins/security_solution/cypress/screens/hosts/events.ts b/x-pack/plugins/security_solution/cypress/screens/hosts/events.ts index 57de63b92a08b..3fd7a6c943530 100644 --- a/x-pack/plugins/security_solution/cypress/screens/hosts/events.ts +++ b/x-pack/plugins/security_solution/cypress/screens/hosts/events.ts @@ -26,6 +26,3 @@ export const INSPECT_QUERY = '[data-test-subj="events-viewer-panel"] [data-test-subj="inspect-icon-button"]'; export const SERVER_SIDE_EVENT_COUNT = '[data-test-subj="server-side-event-count"]'; - -export const EVENTS_VIEWER_PAGINATION = - '[data-test-subj="events-viewer-panel"] .euiDataGrid__pagination'; diff --git a/x-pack/plugins/security_solution/cypress/screens/hosts/host_risk.ts b/x-pack/plugins/security_solution/cypress/screens/hosts/host_risk.ts index 50c06141c7ba9..7249e7d23f00e 100644 --- a/x-pack/plugins/security_solution/cypress/screens/hosts/host_risk.ts +++ b/x-pack/plugins/security_solution/cypress/screens/hosts/host_risk.ts @@ -7,18 +7,10 @@ export const RULE_NAME = '[data-test-subj="topRiskScoreContributors"] .euiTableCellContent'; -export const RISK_FLYOUT = '[data-test-subj="open-risk-information-flyout"] .euiFlyoutHeader'; - export const RISK_DETAILS_NAV = '[data-test-subj="navigation-hostRisk"]'; -export const RISK_FLYOUT_TRIGGER = '[data-test-subj="open-risk-information-flyout-trigger"]'; - export const LOADING_SPINNER = '[data-test-subj="loading-spinner"]'; -export const LOADING_TABLE = '.euiBasicTable-loading'; - -export const HOST_BY_RISK_TABLE = '.table-hostRisk-loading-false'; - export const HOST_BY_RISK_TABLE_CELL = '[data-test-subj="table-hostRisk-loading-false"] .euiTableCellContent'; diff --git a/x-pack/plugins/security_solution/cypress/screens/hosts/main.ts b/x-pack/plugins/security_solution/cypress/screens/hosts/main.ts index 4f1dd8387c63f..a0335d0dca766 100644 --- a/x-pack/plugins/security_solution/cypress/screens/hosts/main.ts +++ b/x-pack/plugins/security_solution/cypress/screens/hosts/main.ts @@ -9,8 +9,6 @@ export const ALL_HOSTS_TAB = '[data-test-subj="navigation-allHosts'; export const ANOMALIES_TAB = '[data-test-subj="navigation-anomalies"]'; -export const AUTHENTICATIONS_TAB = '[data-test-subj="navigation-authentications"]'; - export const EVENTS_TAB = '[data-test-subj="navigation-events"]'; export const UNCOMMON_PROCESSES_TAB = '[data-test-subj="navigation-uncommonProcesses"]'; diff --git a/x-pack/plugins/security_solution/cypress/screens/network/flows.ts b/x-pack/plugins/security_solution/cypress/screens/network/flows.ts index 0ce4117ef1350..a906a985b183d 100644 --- a/x-pack/plugins/security_solution/cypress/screens/network/flows.ts +++ b/x-pack/plugins/security_solution/cypress/screens/network/flows.ts @@ -21,8 +21,6 @@ export const COPY = '[data-test-subj="clipboard"]'; export const TOP_N_CONTAINER = '[data-test-subj="topN-container"]'; -export const CLOSE_TOP_N = '[data-test-subj="close"]'; - export const DESTINATION_DOMAIN = `[data-test-subj="more-container"] [data-test-subj="render-content-destination.domain"]`; export const OVERFLOW_ITEM = diff --git a/x-pack/plugins/security_solution/cypress/screens/network/main.ts b/x-pack/plugins/security_solution/cypress/screens/network/main.ts deleted file mode 100644 index 6e1b02a281f55..0000000000000 --- a/x-pack/plugins/security_solution/cypress/screens/network/main.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export const LOADING_SPINNER = '[data-test-subj="loading-spinner"]'; diff --git a/x-pack/plugins/security_solution/cypress/screens/overview.ts b/x-pack/plugins/security_solution/cypress/screens/overview.ts index 5e376aaea6f7c..3c9cced5ea00c 100644 --- a/x-pack/plugins/security_solution/cypress/screens/overview.ts +++ b/x-pack/plugins/security_solution/cypress/screens/overview.ts @@ -146,8 +146,6 @@ export const OVERVIEW_NETWORK_STATS = '[data-test-subj="overview-network-stats"] export const OVERVIEW_EMPTY_PAGE = '[data-test-subj="siem-landing-page"]'; -export const OVERVIEW_REVENT_TIMELINES = '[data-test-subj="overview-recent-timelines"]'; - export const OVERVIEW_CTI_LINKS = '[data-test-subj="cti-dashboard-links"]'; export const OVERVIEW_CTI_LINKS_ERROR_INNER_PANEL = '[data-test-subj="cti-inner-panel-danger"]'; export const OVERVIEW_CTI_TOTAL_EVENT_COUNT = `${OVERVIEW_CTI_LINKS} [data-test-subj="header-panel-subtitle"]`; diff --git a/x-pack/plugins/security_solution/cypress/screens/rule_details.ts b/x-pack/plugins/security_solution/cypress/screens/rule_details.ts index e8fd18c4449b1..0e2e5a1509bf7 100644 --- a/x-pack/plugins/security_solution/cypress/screens/rule_details.ts +++ b/x-pack/plugins/security_solution/cypress/screens/rule_details.ts @@ -25,22 +25,16 @@ export const CUSTOM_QUERY_DETAILS = 'Custom query'; export const DEFINITION_DETAILS = '[data-test-subj=definitionRule] [data-test-subj="listItemColumnStepRuleDescription"]'; -export const DELETE_RULE = '[data-test-subj=rules-details-delete-rule]'; - export const DETAILS_DESCRIPTION = '.euiDescriptionList__description'; export const DETAILS_TITLE = '.euiDescriptionList__title'; export const EXCEPTIONS_TAB = '[data-test-subj="exceptionsTab"]'; -export const EXCEPTIONS_TAB_SEARCH = '[data-test-subj="exceptionsHeaderSearch"]'; - export const FALSE_POSITIVES_DETAILS = 'False positive examples'; export const INDEX_PATTERNS_DETAILS = 'Index patterns'; -export const DATA_VIEW_DETAILS = 'Data View'; - export const INDICATOR_INDEX_PATTERNS = 'Indicator index patterns'; export const INDICATOR_INDEX_QUERY = 'Indicator index query'; @@ -87,8 +81,6 @@ export const EDIT_EXCEPTION_BTN = '[data-test-subj="exceptionItemCardHeader-acti export const RULE_SWITCH = '[data-test-subj="ruleSwitch"]'; -export const RULE_SWITCH_LOADER = '[data-test-subj="rule-switch-loader"]'; - export const RULE_TYPE_DETAILS = 'Rule type'; export const RUNS_EVERY_DETAILS = 'Runs every'; diff --git a/x-pack/plugins/security_solution/cypress/screens/timeline.ts b/x-pack/plugins/security_solution/cypress/screens/timeline.ts index 34eebad2746cf..60347ffe1293a 100644 --- a/x-pack/plugins/security_solution/cypress/screens/timeline.ts +++ b/x-pack/plugins/security_solution/cypress/screens/timeline.ts @@ -18,8 +18,6 @@ export const ATTACH_TIMELINE_TO_NEW_CASE_ICON = '[data-test-subj="attach-timelin export const ATTACH_TIMELINE_TO_EXISTING_CASE_ICON = '[data-test-subj="attach-timeline-existing-case"]'; -export const BULK_ACTIONS = '[data-test-subj="utility-bar-action-button"]'; - export const SELECT_CASE = (id: string) => { return `[data-test-subj="cases-table-row-select-${id}"]`; }; @@ -92,8 +90,6 @@ export const NOTES_AUTHOR = '.euiCommentEvent__headerUsername'; export const NOTES_LINK = '[data-test-subj="markdown-link"]'; -export const NOTES_COUNT = '[data-test-subj="timeline-notes-count"]'; - export const OPEN_TIMELINE_ICON = '[data-test-subj="open-timeline-button"]'; export const OPEN_TIMELINE_MODAL = '[data-test-subj="open-timeline-modal"]'; @@ -105,9 +101,6 @@ export const OPEN_TIMELINE_TEMPLATE_ICON = export const PIN_EVENT = '[data-test-subj="pin"]'; -export const PINNED_EVENT_TABLE_CELL = - '[data-test-subj="pinned-events-table"] [data-test-subj="statefulCell"]'; - export const PINNED_TAB_BUTTON = '[data-test-subj="timelineTabs-pinned"]'; export const PROCESS_KPI = '[data-test-subj="siem-timeline-process-kpi"'; @@ -246,8 +239,6 @@ export const TIMELINE_ROW_RENDERERS_MODAL = '[data-test-subj="row-renderers-moda export const TIMELINE_ROW_RENDERERS_DISABLE_ALL_BTN = `[data-test-subj="disable-all"]`; -export const TIMELINE_ROW_RENDERERS_ENABLE_ALL_BTN = `button[data-test-subj="enable-alll"]`; - export const TIMELINE_ROW_RENDERERS_MODAL_CLOSE_BUTTON = `${TIMELINE_ROW_RENDERERS_MODAL} .euiModal__closeIcon`; export const TIMELINE_ROW_RENDERERS_MODAL_ITEMS_CHECKBOX = `${TIMELINE_ROW_RENDERERS_MODAL} .euiCheckbox__input`; diff --git a/x-pack/plugins/security_solution/cypress/screens/users/all_users.ts b/x-pack/plugins/security_solution/cypress/screens/users/all_users.ts index 96009834dc7a3..dd05054fea1fb 100644 --- a/x-pack/plugins/security_solution/cypress/screens/users/all_users.ts +++ b/x-pack/plugins/security_solution/cypress/screens/users/all_users.ts @@ -8,5 +8,3 @@ export const ALL_USERS_TABLE = '[data-test-subj="table-allUsers-loading-false"]'; export const HEADER_SUBTITLE = '[data-test-subj="header-panel-subtitle"]'; - -export const USER_NAME_CELL = '[data-test-subj="render-content-user.name"]'; diff --git a/x-pack/plugins/security_solution/cypress/screens/users/main.ts b/x-pack/plugins/security_solution/cypress/screens/users/main.ts deleted file mode 100644 index 10ea62c186c6a..0000000000000 --- a/x-pack/plugins/security_solution/cypress/screens/users/main.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export const ALL_USERS_TAB = '[data-test-subj="navigation-allUsers'; diff --git a/x-pack/plugins/security_solution/cypress/screens/users/user_authentications.ts b/x-pack/plugins/security_solution/cypress/screens/users/user_authentications.ts index 2a91b5197b783..3c1b4132b363d 100644 --- a/x-pack/plugins/security_solution/cypress/screens/users/user_authentications.ts +++ b/x-pack/plugins/security_solution/cypress/screens/users/user_authentications.ts @@ -6,6 +6,4 @@ */ export const AUTHENTICATIONS_TAB = '[data-test-subj="navigation-authentications"]'; -export const HEADER_SUBTITLE = '[data-test-subj="header-panel-subtitle"]'; -export const USER_NAME_CELL = '[data-test-subj="render-content-user.name"]'; export const AUTHENTICATIONS_TABLE = '[data-test-subj="table-users-authentications-loading-false"]'; diff --git a/x-pack/plugins/security_solution/cypress/tasks/alerts.ts b/x-pack/plugins/security_solution/cypress/tasks/alerts.ts index 22e57d8b0c7db..94a4529549a6d 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/alerts.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/alerts.ts @@ -7,7 +7,6 @@ import { ADD_EXCEPTION_BTN, - ALERT_RISK_SCORE_HEADER, ALERT_CHECKBOX, CHART_SELECT, CLOSE_ALERT_BTN, @@ -111,12 +110,6 @@ export const goToOpenedAlerts = () => { cy.get(REFRESH_BUTTON).should('have.attr', 'aria-label', 'Refresh query'); }; -export const refreshAlerts = () => { - // ensure we've refetched fields the first time index is defined - cy.get(REFRESH_BUTTON).should('have.attr', 'aria-label', 'Refresh query'); - cy.get(REFRESH_BUTTON).first().click({ force: true }); -}; - export const openFirstAlert = () => { cy.get(TIMELINE_CONTEXT_MENU_BTN).first().click({ force: true }); cy.get(OPEN_ALERT_BTN).click(); @@ -155,12 +148,6 @@ export const selectNumberOfAlerts = (numberOfAlerts: number) => { } }; -export const sortRiskScore = () => { - cy.get(ALERT_RISK_SCORE_HEADER).click(); - cy.get(TIMELINE_COLUMN_SPINNER).should('exist'); - cy.get(TIMELINE_COLUMN_SPINNER).should('not.exist'); -}; - export const investigateFirstAlertInTimeline = () => { cy.get(SEND_ALERT_TO_TIMELINE_BTN).first().click({ force: true }); }; diff --git a/x-pack/plugins/security_solution/cypress/tasks/alerts_details.ts b/x-pack/plugins/security_solution/cypress/tasks/alerts_details.ts index d8f1aaf36a01e..7d79e63191847 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/alerts_details.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/alerts_details.ts @@ -7,7 +7,6 @@ import { ENRICHMENT_COUNT_NOTIFICATION, - JSON_VIEW_WRAPPER, JSON_VIEW_TAB, OVERVIEW_TAB, TABLE_TAB, @@ -33,9 +32,3 @@ export const openTable = () => { export const openThreatIndicatorDetails = () => { cy.get(ENRICHMENT_COUNT_NOTIFICATION).click(); }; - -export const scrollJsonViewToBottom = () => { - cy.get(JSON_VIEW_WRAPPER).click({ force: true }); - cy.get(JSON_VIEW_WRAPPER).type('{pagedown}{pagedown}{pagedown}'); - cy.get(JSON_VIEW_WRAPPER).should('be.visible'); -}; diff --git a/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts b/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts index 5a96d3fd20279..5f7700d3c55ef 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts @@ -248,10 +248,6 @@ export const changeRowsPerPageTo = (rowsCount: number) => { .should('not.exist'); }; -export const changeRowsPerPageTo100 = () => { - changeRowsPerPageTo(100); -}; - export const goToPage = (pageNumber: number) => { cy.get(RULES_TABLE_REFRESH_INDICATOR).should('not.exist'); cy.get(pageSelector(pageNumber)).last().click({ force: true }); diff --git a/x-pack/plugins/security_solution/cypress/tasks/api_calls/timelines.ts b/x-pack/plugins/security_solution/cypress/tasks/api_calls/timelines.ts index 07655c399b218..36d90d59f7f84 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/api_calls/timelines.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/api_calls/timelines.ts @@ -100,24 +100,6 @@ export const createTimelineTemplate = (timeline: CompleteTimeline) => headers: { 'kbn-xsrf': 'cypress-creds' }, }); -export const deleteTimeline = (timelineId: string) => { - cy.request({ - method: 'POST', - url: 'api/timeline', - body: { - id: [timelineId], - }, - headers: { 'kbn-xsrf': 'delete-signals' }, - }); -}; - -export const getTimelineById = (timelineId: string) => - cy.request({ - method: 'GET', - url: `api/timeline?id=${timelineId}`, - headers: { 'kbn-xsrf': 'timeline-by-id' }, - }); - export const loadPrepackagedTimelineTemplates = () => cy.request({ method: 'POST', diff --git a/x-pack/plugins/security_solution/cypress/tasks/common.ts b/x-pack/plugins/security_solution/cypress/tasks/common.ts index 69b88bca934c5..437ed1a254ca4 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/common.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/common.ts @@ -36,13 +36,6 @@ export const drag = (subject: JQuery) => { .wait(300); }; -/** Drags the subject being dragged on the specified drop target, but does not drop it */ -export const dragWithoutDrop = (dropTarget: JQuery) => { - cy.wrap(dropTarget).trigger('mousemove', 'center', { - button: primaryButton, - }); -}; - /** "Drops" the subject being dragged on the specified drop target */ export const drop = (dropTarget: JQuery) => { const targetLocation = dropTarget[0].getBoundingClientRect(); diff --git a/x-pack/plugins/security_solution/cypress/tasks/edit_rule.ts b/x-pack/plugins/security_solution/cypress/tasks/edit_rule.ts index 2af563973b3d3..42d5619c28a67 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/edit_rule.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/edit_rule.ts @@ -5,11 +5,7 @@ * 2.0. */ -import { - BACK_TO_RULE_DETAILS, - EDIT_SUBMIT_BUTTON, - KIBANA_LOADING_COMPLETE_INDICATOR, -} from '../screens/edit_rule'; +import { BACK_TO_RULE_DETAILS, EDIT_SUBMIT_BUTTON } from '../screens/edit_rule'; export const saveEditedRule = () => { cy.get(EDIT_SUBMIT_BUTTON).should('exist').click({ force: true }); @@ -20,7 +16,3 @@ export const goBackToRuleDetails = () => { cy.get(BACK_TO_RULE_DETAILS).should('exist').click(); cy.get(BACK_TO_RULE_DETAILS).should('not.exist'); }; - -export const waitForKibana = () => { - cy.get(KIBANA_LOADING_COMPLETE_INDICATOR).should('exist'); -}; diff --git a/x-pack/plugins/security_solution/cypress/tasks/es_archiver.ts b/x-pack/plugins/security_solution/cypress/tasks/es_archiver.ts index 588a1e94cf407..32c29d6193561 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/es_archiver.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/es_archiver.ts @@ -47,11 +47,3 @@ export const esArchiverCCSLoad = (folder: string) => { { env: { NODE_TLS_REJECT_UNAUTHORIZED } } ); }; - -export const esArchiverCCSUnload = (folder: string) => { - const path = Path.join(ES_ARCHIVE_DIR, folder); - cy.exec( - `node ../../../scripts/es_archiver unload "${path}" --config "${CONFIG_PATH}" --es-url "${CCS_ES_URL}" --kibana-url "${CCS_KIBANA_URL}"`, - { env: { NODE_TLS_REJECT_UNAUTHORIZED } } - ); -}; diff --git a/x-pack/plugins/security_solution/cypress/tasks/host_risk.ts b/x-pack/plugins/security_solution/cypress/tasks/host_risk.ts index 6120e373e4662..d843ba3094d01 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/host_risk.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/host_risk.ts @@ -11,9 +11,7 @@ import { HOST_BY_RISK_TABLE_PERPAGE_BUTTON, HOST_BY_RISK_TABLE_PERPAGE_OPTIONS, LOADING_SPINNER, - LOADING_TABLE, RISK_DETAILS_NAV, - RISK_FLYOUT_TRIGGER, } from '../screens/hosts/host_risk'; export const navigateToHostRiskDetailTab = () => { @@ -21,13 +19,6 @@ export const navigateToHostRiskDetailTab = () => { cy.get(LOADING_SPINNER).should('not.exist'); }; -export const openRiskFlyout = () => cy.get(RISK_FLYOUT_TRIGGER).click(); - -export const waitForTableToLoad = () => { - cy.get(LOADING_TABLE).should('exist'); - cy.get(LOADING_TABLE).should('not.exist'); -}; - export const openRiskTableFilterAndSelectTheCriticalOption = () => { cy.get(HOST_BY_RISK_TABLE_FILTER).click(); cy.get(HOST_BY_RISK_TABLE_FILTER_CRITICAL).click(); diff --git a/x-pack/plugins/security_solution/cypress/tasks/hosts/authentications.ts b/x-pack/plugins/security_solution/cypress/tasks/hosts/authentications.ts deleted file mode 100644 index cf6c6ae467092..0000000000000 --- a/x-pack/plugins/security_solution/cypress/tasks/hosts/authentications.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { AUTHENTICATIONS_TABLE } from '../../screens/hosts/authentications'; -import { REFRESH_BUTTON } from '../../screens/security_header'; - -export const waitForAuthenticationsToBeLoaded = () => { - cy.get(AUTHENTICATIONS_TABLE).should('exist'); - cy.get(REFRESH_BUTTON).should('not.have.attr', 'aria-label', 'Needs updating'); -}; diff --git a/x-pack/plugins/security_solution/cypress/tasks/hosts/events.ts b/x-pack/plugins/security_solution/cypress/tasks/hosts/events.ts index 519fd5d1530ac..e1c9a5d4b103f 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/hosts/events.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/hosts/events.ts @@ -5,7 +5,6 @@ * 2.0. */ -import { drag, drop } from '../common'; import { EVENTS_VIEWER_FIELDS_BUTTON, FIELDS_BROWSER_CONTAINER, @@ -14,7 +13,6 @@ import { INSPECT_QUERY, SERVER_SIDE_EVENT_COUNT, } from '../../screens/hosts/events'; -import { DATAGRID_HEADERS } from '../../screens/timeline'; export const addsHostGeoCityNameToHeader = () => { cy.get(HOST_GEO_CITY_NAME_CHECKBOX).check({ @@ -44,22 +42,3 @@ export const opensInspectQueryModal = () => { export const waitsForEventsToBeLoaded = () => { cy.get(SERVER_SIDE_EVENT_COUNT).should('not.have.text', '0'); }; - -export const dragAndDropColumn = ({ - column, - newPosition, -}: { - column: number; - newPosition: number; -}) => { - cy.get(DATAGRID_HEADERS).first().should('exist'); - cy.get(DATAGRID_HEADERS) - .eq(column) - .then((header) => drag(header)); - - cy.get(DATAGRID_HEADERS) - .eq(newPosition) - .then((targetPosition) => { - drop(targetPosition); - }); -}; diff --git a/x-pack/plugins/security_solution/cypress/tasks/hosts/main.ts b/x-pack/plugins/security_solution/cypress/tasks/hosts/main.ts index d28ecd0c51d7f..5343301432777 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/hosts/main.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/hosts/main.ts @@ -5,17 +5,10 @@ * 2.0. */ -import { - ALL_HOSTS_TAB, - AUTHENTICATIONS_TAB, - EVENTS_TAB, - UNCOMMON_PROCESSES_TAB, -} from '../../screens/hosts/main'; +import { ALL_HOSTS_TAB, EVENTS_TAB, UNCOMMON_PROCESSES_TAB } from '../../screens/hosts/main'; export const openAllHosts = () => cy.get(ALL_HOSTS_TAB).click({ force: true }); -export const openAuthentications = () => cy.get(AUTHENTICATIONS_TAB).click({ force: true }); - export const openEvents = () => cy.get(EVENTS_TAB).click({ force: true }); export const openUncommonProcesses = () => cy.get(UNCOMMON_PROCESSES_TAB).click({ force: true }); diff --git a/x-pack/plugins/security_solution/cypress/tasks/lists.ts b/x-pack/plugins/security_solution/cypress/tasks/lists.ts index e2dea6d49b15c..19f7645b8522d 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/lists.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/lists.ts @@ -122,43 +122,6 @@ export const uploadListItemData = ( }); }; -/** - * Checks a single value list file against a data set to ensure it has been uploaded. - * - * You can optionally pass in an array of test suggestions which will be useful for if you are - * using a range such as a CIDR range and need to ensure that test range has been added to the - * list but you cannot run an explicit test against that range. - * - * This also will remove any upload data such as empty strings that can happen from the fixture - * due to extra lines being added from formatters. - * @param file The file that was imported - * @param data The contents to check unless testSuggestions is given. - * @param type The type of the file import such as ip/keyword/text etc... - * @param testSuggestions The type of test to use rather than the fixture file which is useful for ranges - * Ref: https://www.elastic.co/guide/en/security/current/lists-api-import-list-items.html - */ -export const checkListItemData = ( - file: string, - data: string, - testSuggestions: string[] | undefined -): Cypress.Chainable> => { - const importCheckLines = - testSuggestions == null - ? data.split('\n').filter((line) => line.trim() !== '') - : testSuggestions; - return cy.wrap(importCheckLines).each((line) => { - return cy - .request({ - retryOnStatusCodeFailure: true, - method: 'GET', - url: `api/lists/items?list_id=${file}&value=${line}`, - }) - .then((resp) => { - expect(resp.status).to.eq(200); - }); - }); -}; - /** * Imports a single value list file this using Cypress Request and lists REST API. After it * imports the data, it will re-check and ensure that the data is there before continuing to diff --git a/x-pack/plugins/security_solution/cypress/tasks/rule_details.ts b/x-pack/plugins/security_solution/cypress/tasks/rule_details.ts index 15ef032ca4878..c021ead16a3f0 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/rule_details.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/rule_details.ts @@ -19,7 +19,6 @@ import { import { ALERTS_TAB, BACK_TO_RULES, - DATA_VIEW_DETAILS, EXCEPTIONS_TAB, FIELDS_BROWSER_BTN, REFRESH_BUTTON, @@ -132,9 +131,3 @@ export const hasIndexPatterns = (indexPatterns: string) => { getDetails(INDEX_PATTERNS_DETAILS).should('have.text', indexPatterns); }); }; - -export const doesNotHaveDataView = () => { - cy.get(DEFINITION_DETAILS).within(() => { - cy.get(DETAILS_TITLE).within(() => cy.get(DATA_VIEW_DETAILS).should('not.exist')); - }); -}; diff --git a/x-pack/plugins/security_solution/cypress/tasks/rules_bulk_edit.ts b/x-pack/plugins/security_solution/cypress/tasks/rules_bulk_edit.ts index 0b38036a4fb9d..611ec010d9d2f 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/rules_bulk_edit.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/rules_bulk_edit.ts @@ -77,10 +77,6 @@ export const waitForBulkEditActionToFinish = ({ rulesCount }: { rulesCount: numb cy.contains(TOASTER_BODY, `You've successfully updated ${rulesCount} rule`); }; -export const waitForElasticRulesBulkEditModal = (rulesCount: number) => { - cy.get(MODAL_CONFIRMATION_TITLE).should('have.text', `${rulesCount} rules cannot be edited`); -}; - export const checkElasticRulesCannotBeModified = (rulesCount: number) => { cy.get(MODAL_CONFIRMATION_BODY).contains( `${rulesCount} prebuilt Elastic rules (editing prebuilt rules is not supported)` diff --git a/x-pack/plugins/security_solution/cypress/tasks/sourcerer.ts b/x-pack/plugins/security_solution/cypress/tasks/sourcerer.ts index 95a2d01cd2f5a..d8fe638da7f0c 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/sourcerer.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/sourcerer.ts @@ -6,7 +6,6 @@ */ import { HOSTS_STAT, SOURCERER } from '../screens/sourcerer'; -import { TIMELINE_TITLE } from '../screens/timeline'; import { HOSTS_URL } from '../urls/navigation'; import { waitForPage } from './login'; import { openTimelineUsingToggle } from './security_main'; @@ -74,21 +73,6 @@ export const isSourcererOptions = (patternNames: string[]) => { }); }; -export const selectSourcererOption = (patternName: string) => { - cy.get(SOURCERER.comboBoxInput).click(); - cy.get(SOURCERER.comboBoxOptions) - .find(`button.euiFilterSelectItem[title="${patternName}"]`) - .click(); - clickOutOfSelector(); - return cy.get(SOURCERER.saveButton).click({ force: true }); -}; - -export const deselectSourcererOption = (patternName: string) => { - cy.get(SOURCERER.comboBoxInput).find(`span[title="${patternName}"] button`).click(); - clickOutOfSelector(); - return cy.get(SOURCERER.saveButton).click({ force: true }); -}; - export const deselectSourcererOptions = (patternNames: string[]) => { patternNames.forEach((patternName) => cy.get(SOURCERER.comboBoxInput).find(`span[title="${patternName}"] button`).click() @@ -104,20 +88,6 @@ export const resetSourcerer = () => { return cy.get(SOURCERER.resetButton).click(); }; -export const setSourcererOption = (patternName: string, sourcererScope?: string) => { - openSourcerer(sourcererScope); - isNotSourcererSelection(patternName); - selectSourcererOption(patternName); -}; - -export const unsetSourcererOption = (patternName: string, sourcererScope?: string) => { - openSourcerer(sourcererScope); - isSourcererSelection(patternName); - deselectSourcererOption(patternName); -}; - -export const clickOutOfSourcererTimeline = () => cy.get(TIMELINE_TITLE).first().click(); - export const clickAlertCheckbox = () => cy.get(SOURCERER.alertCheckbox).check({ force: true }); export const addIndexToDefault = (index: string) => { diff --git a/x-pack/plugins/security_solution/cypress/tasks/timeline.ts b/x-pack/plugins/security_solution/cypress/tasks/timeline.ts index 13286db96ae39..5403c4f95bf54 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/timeline.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/timeline.ts @@ -68,7 +68,6 @@ import { TIMELINE_COLLAPSED_ITEMS_BTN, TIMELINE_TAB_CONTENT_EQL, TIMESTAMP_HOVER_ACTION_OVERFLOW_BTN, - PINNED_TAB_BUTTON, TIMELINE_DATA_PROVIDER_FIELD_INPUT, } from '../screens/timeline'; import { REFRESH_BUTTON, TIMELINE } from '../screens/timelines'; @@ -132,15 +131,6 @@ export const goToQueryTab = () => { .should('have.class', 'euiTab-isSelected'); }; -export const goToPinnedTab = () => { - cy.root() - .pipe(($el) => { - $el.find(PINNED_TAB_BUTTON).trigger('click'); - return $el.find(PINNED_TAB_BUTTON); - }) - .should('have.class', 'euiTab-isSelected'); -}; - export const addNotesToTimeline = (notes: string) => { goToNotesTab().then(() => { cy.get(NOTES_TAB_BUTTON) diff --git a/x-pack/plugins/security_solution/public/cases/pages/translations.ts b/x-pack/plugins/security_solution/public/cases/pages/translations.ts index b2c03f1611def..d6f33d2a90ffa 100644 --- a/x-pack/plugins/security_solution/public/cases/pages/translations.ts +++ b/x-pack/plugins/security_solution/public/cases/pages/translations.ts @@ -7,17 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const SEND_ALERT_TO_TIMELINE = i18n.translate( - 'xpack.securitySolution.cases.caseView.sendAlertToTimelineTooltip', - { - defaultMessage: 'Investigate in timeline', - } -); - export const PAGE_TITLE = i18n.translate('xpack.securitySolution.cases.pageTitle', { defaultMessage: 'Cases', }); - -export const CREATE_BC_TITLE = i18n.translate('xpack.securitySolution.cases.caseView.breadcrumb', { - defaultMessage: 'Create', -}); diff --git a/x-pack/plugins/security_solution/public/common/components/alerts_treemap/translations.ts b/x-pack/plugins/security_solution/public/common/components/alerts_treemap/translations.ts index c5566e62506a8..886cebf434f67 100644 --- a/x-pack/plugins/security_solution/public/common/components/alerts_treemap/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/alerts_treemap/translations.ts @@ -21,18 +21,3 @@ export const RISK_LABEL = (riskScore: number) => }, defaultMessage: '(Risk {riskScore})', }); - -export const SUBTITLE = (maxItems: number) => - i18n.translate('xpack.securitySolution.components.alertsTreemap.subtitle', { - values: { - maxItems, - }, - defaultMessage: 'Showing the top {maxItems} most frequently occurring alerts', - }); - -export const SHOW_ALL = i18n.translate( - 'xpack.securitySolution.components.alertsTreemap.showAllButton', - { - defaultMessage: 'Show all alerts', - } -); diff --git a/x-pack/plugins/security_solution/public/common/components/alerts_treemap_panel/index.tsx b/x-pack/plugins/security_solution/public/common/components/alerts_treemap_panel/index.tsx index cbbbf62524178..dbc50ab96ac24 100644 --- a/x-pack/plugins/security_solution/public/common/components/alerts_treemap_panel/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/alerts_treemap_panel/index.tsx @@ -16,7 +16,6 @@ import { useGlobalTime } from '../../containers/use_global_time'; import { AlertsTreemap, DEFAULT_MIN_CHART_HEIGHT } from '../alerts_treemap'; import { KpiPanel } from '../../../detections/components/alerts_kpis/common/components'; import { useInspectButton } from '../../../detections/components/alerts_kpis/common/hooks'; -import type { AlertSearchResponse } from '../../../detections/containers/detection_engine/alerts/types'; import { useQueryAlerts } from '../../../detections/containers/detection_engine/alerts/use_query'; import { FieldSelection } from '../field_selection'; import { HeaderSection } from '../header_section'; @@ -50,10 +49,6 @@ export interface Props { title: React.ReactNode; } -export const getBucketsCount = ( - data: AlertSearchResponse | null -): number => data?.aggregations?.stackByField0?.buckets?.length ?? 0; - const AlertsTreemapPanelComponent: React.FC = ({ addFilter, alignHeader, diff --git a/x-pack/plugins/security_solution/public/common/components/alerts_viewer/translations.ts b/x-pack/plugins/security_solution/public/common/components/alerts_viewer/translations.ts index 874ea024d51e1..ab9cb3f3e3479 100644 --- a/x-pack/plugins/security_solution/public/common/components/alerts_viewer/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/alerts_viewer/translations.ts @@ -35,13 +35,6 @@ export const ALERTS_GRAPH_TITLE = i18n.translate( } ); -export const ALERTS_STACK_BY_MODULE = i18n.translate( - 'xpack.securitySolution.alertsView.alertsStackByOptions.module', - { - defaultMessage: 'module', - } -); - export const SHOWING = i18n.translate('xpack.securitySolution.alertsView.showing', { defaultMessage: 'Showing', }); @@ -62,7 +55,3 @@ export const ERROR_FETCHING_ALERTS_DATA = i18n.translate( export const CATEGORY = i18n.translate('xpack.securitySolution.alertsView.categoryLabel', { defaultMessage: 'category', }); - -export const MODULE = i18n.translate('xpack.securitySolution.alertsView.moduleLabel', { - defaultMessage: 'module', -}); diff --git a/x-pack/plugins/security_solution/public/common/components/charts/donutchart.tsx b/x-pack/plugins/security_solution/public/common/components/charts/donutchart.tsx index 74d67b8e554a5..f1db20798a582 100644 --- a/x-pack/plugins/security_solution/public/common/components/charts/donutchart.tsx +++ b/x-pack/plugins/security_solution/public/common/components/charts/donutchart.tsx @@ -22,8 +22,6 @@ import { DraggableLegend } from './draggable_legend'; import type { LegendItem } from './draggable_legend_item'; import { DonutChartEmpty } from './donutchart_empty'; -export const NO_LEGEND_DATA: LegendItem[] = []; - const donutTheme: PartialTheme = { chartMargins: { top: 0, bottom: 0, left: 0, right: 0 }, partition: { diff --git a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/translations.ts b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/translations.ts index 14c838f679e3f..0fc275a847e5a 100644 --- a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/translations.ts @@ -7,10 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const ADD_TO_TIMELINE = i18n.translate('xpack.securitySolution.dragAndDrop.addToTimeline', { - defaultMessage: 'Add to timeline investigation', -}); - export const COPY_TO_CLIPBOARD = i18n.translate( 'xpack.securitySolution.dragAndDrop.copyToClipboardTooltip', { @@ -29,35 +25,6 @@ export const FIELD = i18n.translate('xpack.securitySolution.dragAndDrop.fieldLab defaultMessage: 'Field', }); -export const FILTER_FOR_VALUE = i18n.translate( - 'xpack.securitySolution.dragAndDrop.filterForValueHoverAction', - { - defaultMessage: 'Filter for value', - } -); - -export const FILTER_OUT_VALUE = i18n.translate( - 'xpack.securitySolution.dragAndDrop.filterOutValueHoverAction', - { - defaultMessage: 'Filter out value', - } -); - export const CLOSE = i18n.translate('xpack.securitySolution.dragAndDrop.closeButtonLabel', { defaultMessage: 'Close', }); - -export const SHOW_TOP = (fieldName: string) => - i18n.translate('xpack.securitySolution.overview.showTopTooltip', { - values: { fieldName }, - defaultMessage: `Show top {fieldName}`, - }); - -export const YOU_ARE_IN_A_DIALOG_CONTAINING_OPTIONS = (fieldName: string) => - i18n.translate( - 'xpack.securitySolution.dragAndDrop.youAreInADialogContainingOptionsScreenReaderOnly', - { - values: { fieldName }, - defaultMessage: `You are in a dialog, containing options for field {fieldName}. Press tab to navigate options. Press escape to exit.`, - } - ); diff --git a/x-pack/plugins/security_solution/public/common/components/draggables/field_badge/translations.ts b/x-pack/plugins/security_solution/public/common/components/draggables/field_badge/translations.ts index d8707ded2bc3a..25e2eaf98329c 100644 --- a/x-pack/plugins/security_solution/public/common/components/draggables/field_badge/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/draggables/field_badge/translations.ts @@ -11,13 +11,6 @@ export const CATEGORY = i18n.translate('xpack.securitySolution.draggables.field. defaultMessage: 'Category', }); -export const COPY_TO_CLIPBOARD = i18n.translate( - 'xpack.securitySolution.eventDetails.copyToClipboardTooltip', - { - defaultMessage: 'Copy to Clipboard', - } -); - export const FIELD = i18n.translate('xpack.securitySolution.draggables.field.fieldLabel', { defaultMessage: 'Field', }); @@ -25,10 +18,3 @@ export const FIELD = i18n.translate('xpack.securitySolution.draggables.field.fie export const TYPE = i18n.translate('xpack.securitySolution.draggables.field.typeLabel', { defaultMessage: 'Type', }); - -export const VIEW_CATEGORY = i18n.translate( - 'xpack.securitySolution.draggables.field.viewCategoryTooltip', - { - defaultMessage: 'View Category', - } -); diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/formatted_date_time.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/formatted_date_time.tsx deleted file mode 100644 index 57b1d6530a515..0000000000000 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/formatted_date_time.tsx +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { FormattedDate, FormattedTime, FormattedRelative } from '@kbn/i18n-react'; - -/** - * @deprecated consider using `FormattedDate` from `x-pack/plugins/security_solution/public/common/components/formatted_date/index.tsx:95` - */ -export const FormattedDateAndTime: React.FC<{ date: Date }> = ({ date }) => { - // If date is greater than or equal to 1h (ago), then show it as a date - // else, show it as relative to "now" - return Date.now() - date.getTime() >= 3.6e6 ? ( - <> - - {' @'} - - - ) : ( - <> - - - ); -}; diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/translations.ts b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/translations.ts index 66d9bf3a7c71b..0fe198830530d 100644 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/translations.ts @@ -36,21 +36,10 @@ export const GET_UNISOLATION_SUCCESS_MESSAGE = (hostName: string) => values: { hostName }, }); -export const ISOLATE = i18n.translate('xpack.securitySolution.endpoint.hostisolation.isolate', { - defaultMessage: 'isolate', -}); - export const UNISOLATE = i18n.translate('xpack.securitySolution.endpoint.hostisolation.unisolate', { defaultMessage: 'release', }); -export const NOT_ISOLATED = i18n.translate( - 'xpack.securitySolution.endpoint.hostIsolation.notIsolated', - { - defaultMessage: 'not isolated', - } -); - export const ISOLATED = i18n.translate('xpack.securitySolution.endpoint.hostIsolation.isolated', { defaultMessage: 'isolated', }); diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/threat_summary_view.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/threat_summary_view.tsx index d626b862ab778..21648200f3177 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/threat_summary_view.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/threat_summary_view.tsx @@ -21,10 +21,7 @@ import { import * as i18n from './translations'; import type { CtiEnrichment } from '../../../../../common/search_strategy/security_solution/cti'; -import type { FieldsData } from '../types'; - import type { - BrowserField, BrowserFields, TimelineEventsDetailsItem, } from '../../../../../common/search_strategy'; @@ -32,17 +29,6 @@ import { HostRiskSummary } from './host_risk_summary'; import { EnrichmentSummary } from './enrichment_summary'; import type { HostRisk } from '../../../../risk_score/containers'; -export interface ThreatSummaryDescription { - browserField: BrowserField; - data: FieldsData | undefined; - eventId: string; - index: number; - provider: string | undefined; - timelineId: string; - value: string | undefined; - isDraggable?: boolean; -} - const UppercaseEuiTitle = styled(EuiTitle)` text-transform: uppercase; `; diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/translations.ts b/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/translations.ts index 59e71a2ba6f43..d0c0e7993a954 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/translations.ts @@ -58,21 +58,6 @@ export const INVESTIGATION_TOOLTIP_CONTENT = i18n.translate( } ); -export const NO_INDICATOR_ENRICHMENTS_DESCRIPTION = i18n.translate( - 'xpack.securitySolution.alertDetails.noIndicatorEnrichmentsDescription', - { - defaultMessage: - 'We did not find any threat intelligence indicators with any of the indicator match rules.', - } -); - -export const NO_INVESTIGATION_ENRICHMENTS_TITLE = i18n.translate( - 'xpack.securitySolution.alertDetails.noInvestigationEnrichmentsTitle', - { - defaultMessage: 'No Threat Intelligence Enrichment Found', - } -); - export const NO_INVESTIGATION_ENRICHMENTS_DESCRIPTION = i18n.translate( 'xpack.securitySolution.alertDetails.noInvestigationEnrichmentsDescription', { @@ -81,13 +66,6 @@ export const NO_INVESTIGATION_ENRICHMENTS_DESCRIPTION = i18n.translate( } ); -export const NO_ENRICHMENTS_FOUND_TITLE = i18n.translate( - 'xpack.securitySolution.alertDetails.noEnrichmentsFoundTitle', - { - defaultMessage: 'No Indicator Match or Threat Intel Enrichment Found', - } -); - export const NO_ENRICHMENTS_FOUND_DESCRIPTION = i18n.translate( 'xpack.securitySolution.alertDetails.noEnrichmentsFoundDescription', { @@ -103,10 +81,6 @@ export const NO_HOST_RISK_DATA_DESCRIPTION = i18n.translate( } ); -export const CHECK_DOCS = i18n.translate('xpack.securitySolution.alertDetails.checkDocs', { - defaultMessage: 'please check out our documentation', -}); - export const INVESTIGATION_QUERY_TITLE = i18n.translate( 'xpack.securitySolution.alertDetails.investigationTimeQueryTitle', { @@ -114,13 +88,6 @@ export const INVESTIGATION_QUERY_TITLE = i18n.translate( } ); -export const CHANGE_ENRICHMENT_LOOKBACK = i18n.translate( - 'xpack.securitySolution.alertDetails.changeEnrichmentQueryLookback', - { - defaultMessage: 'search a different time range', - } -); - export const ENRICHMENT_LOOKBACK_START_DATE = i18n.translate( 'xpack.securitySolution.alertDetails.enrichmentQueryStartDate', { diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx index ea9dc050cc32b..3c0102cd64513 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx @@ -72,11 +72,6 @@ interface Props { isReadOnly?: boolean; } -export const Indent = styled.div` - padding: 0 8px; - word-break: break-word; -`; - const StyledEuiTabbedContent = styled(EuiTabbedContent)` display: flex; flex: 1; diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/helpers.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/helpers.tsx index 8ef74e38eb690..d0aa5ece892af 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/helpers.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/helpers.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import { get, getOr, isEmpty, uniqBy } from 'lodash/fp'; +import { get, getOr, isEmpty } from 'lodash/fp'; import { elementOrChildrenHasFocus, @@ -14,16 +14,11 @@ import { handleSkipFocus, stopPropagationAndPreventDefault, } from '@kbn/timelines-plugin/public'; -import type { BrowserField, BrowserFields } from '../../containers/source'; -import { - DEFAULT_DATE_COLUMN_MIN_WIDTH, - DEFAULT_COLUMN_MIN_WIDTH, -} from '../../../timelines/components/timeline/body/constants'; +import type { BrowserFields } from '../../containers/source'; import type { TimelineEventsDetailsItem } from '../../../../common/search_strategy/timeline'; import type { EnrichedFieldInfo, EventSummaryField } from './types'; import * as i18n from './translations'; -import type { ColumnHeaderOptions } from '../../../../common/types'; import { AGENT_STATUS_FIELD_NAME } from '../../../timelines/components/timeline/body/renderers/constants'; /** @@ -37,11 +32,6 @@ export const search = { }, }; -export interface ItemValues { - value: JSX.Element; - valueAsString: string; -} - /** * An item rendered in the table */ @@ -61,52 +51,6 @@ export interface AlertSummaryRow { }; } -export const getColumnHeaderFromBrowserField = ({ - browserField, - width = DEFAULT_COLUMN_MIN_WIDTH, -}: { - browserField: Partial; - width?: number; -}): ColumnHeaderOptions => ({ - category: browserField.category, - columnHeaderType: 'not-filtered', - description: browserField.description != null ? browserField.description : undefined, - example: browserField.example != null ? `${browserField.example}` : undefined, - id: browserField.name || '', - type: browserField.type, - aggregatable: browserField.aggregatable, - initialWidth: width, -}); - -/** - * Returns a collection of columns, where the first column in the collection - * is a timestamp, and the remaining columns are all the columns in the - * specified category - */ -export const getColumnsWithTimestamp = ({ - browserFields, - category, -}: { - browserFields: BrowserFields; - category: string; -}): ColumnHeaderOptions[] => { - const emptyFields: Record> = {}; - const timestamp = get('base.fields.@timestamp', browserFields); - const categoryFields: Array> = [ - ...Object.values(getOr(emptyFields, `${category}.fields`, browserFields)), - ]; - - return timestamp != null && categoryFields.length - ? uniqBy('id', [ - getColumnHeaderFromBrowserField({ - browserField: timestamp, - width: DEFAULT_DATE_COLUMN_MIN_WIDTH, - }), - ...categoryFields.map((f) => getColumnHeaderFromBrowserField({ browserField: f })), - ]) - : []; -}; - /** Returns example text, or an empty string if the field does not have an example */ export const getExampleText = (example: string | number | null | undefined): string => !isEmpty(example) ? `Example: ${example}` : ''; diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts b/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts index 8ecc0e4665ba9..3b8cef529cca9 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts @@ -78,10 +78,6 @@ export const DESCRIPTION = i18n.translate('xpack.securitySolution.eventDetails.d defaultMessage: 'Description', }); -export const BLANK = i18n.translate('xpack.securitySolution.eventDetails.blank', { - defaultMessage: ' ', -}); - export const PLACEHOLDER = i18n.translate( 'xpack.securitySolution.eventDetails.filter.placeholder', { @@ -89,13 +85,6 @@ export const PLACEHOLDER = i18n.translate( } ); -export const COPY_TO_CLIPBOARD = i18n.translate( - 'xpack.securitySolution.eventDetails.copyToClipboard', - { - defaultMessage: 'Copy to Clipboard', - } -); - export const VIEW_COLUMN = (field: string) => i18n.translate('xpack.securitySolution.eventDetails.viewColumnCheckboxAriaLabel', { values: { field }, @@ -146,13 +135,6 @@ export const REASON = i18n.translate('xpack.securitySolution.eventDetails.reason defaultMessage: 'Reason', }); -export const VIEW_RULE_DETAIL_PAGE = i18n.translate( - 'xpack.securitySolution.eventDetails.viewRuleDetailPage', - { - defaultMessage: 'View Rule detail page', - } -); - export const VIEW_ALL_FIELDS = i18n.translate('xpack.securitySolution.eventDetails.viewAllFields', { defaultMessage: 'View all fields in table', }); diff --git a/x-pack/plugins/security_solution/public/common/components/events_viewer/mock.ts b/x-pack/plugins/security_solution/public/common/components/events_viewer/mock.ts index 2dc2331484ef6..446191f28a45f 100644 --- a/x-pack/plugins/security_solution/public/common/components/events_viewer/mock.ts +++ b/x-pack/plugins/security_solution/public/common/components/events_viewer/mock.ts @@ -13,91 +13,3 @@ export const mockEventViewerResponse = { }, events: [], }; - -export const mockEventViewerResponseWithEvents = { - totalCount: 1, - pageInfo: { - activePage: 0, - fakeTotalCount: 100, - }, - events: [ - { - ecs: { - _id: 'yb8TkHYBRgU82_bJu_rY', - timestamp: '2020-12-23T14:49:39.957Z', - _index: 'auditbeat-7.10.1-2020.12.18-000001', - '@timestamp': ['2020-12-23T14:49:39.957Z'], - event: { - module: ['system'], - action: ['process_started'], - category: ['process'], - dataset: ['process'], - kind: ['event'], - type: ['start'], - }, - host: { - name: ['handsome'], - os: { - family: ['darwin'], - }, - id: ['33'], - ip: ['0.0.0.0'], - }, - user: { - name: ['handsome'], - }, - message: ['Process node (PID: 77895) by user handsome STARTED'], - agent: { - type: ['auditbeat'], - }, - process: { - hash: { - sha1: ['`12345678987654323456Y7U87654`'], - }, - pid: ['77895'], - name: ['node'], - ppid: ['73537'], - args: [ - '/Users/handsome/.nvm/versions/node/v14.15.3/bin/node', - '/Users/handsome/Documents/workspace/kibana/node_modules/jest-worker/build/workers/processChild.js', - ], - entity_id: ['3arNfOyR9NwR2u03'], - executable: ['/Users/handsome/.nvm/versions/node/v14.15.3/bin/node'], - working_directory: ['/Users/handsome/Documents/workspace/kibana/x-pack'], - }, - }, - data: [ - { - field: '@timestamp', - value: ['2020-12-23T14:49:39.957Z'], - }, - { - field: 'event.module', - value: ['system'], - }, - { - field: 'event.action', - value: ['process_started'], - }, - { - field: 'host.name', - value: ['handsome'], - }, - { - field: 'user.name', - value: ['handsome'], - }, - { - field: 'message', - value: ['Process node (PID: 77895) by user handsome STARTED'], - }, - { - field: 'event.dataset', - value: ['process'], - }, - ], - _id: 'yb8TkHYBRgU82_bJu_rY', - _index: 'auditbeat-7.10.1-2020.12.18-000001', - }, - ], -}; diff --git a/x-pack/plugins/security_solution/public/common/components/events_viewer/translations.ts b/x-pack/plugins/security_solution/public/common/components/events_viewer/translations.ts index 7c79bce1d7343..85b4ce59ff9d8 100644 --- a/x-pack/plugins/security_solution/public/common/components/events_viewer/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/events_viewer/translations.ts @@ -11,13 +11,6 @@ export const SHOWING = i18n.translate('xpack.securitySolution.eventsViewer.showi defaultMessage: 'Showing', }); -export const ERROR_FETCHING_EVENTS_DATA = i18n.translate( - 'xpack.securitySolution.eventsViewer.errorFetchingEventsData', - { - defaultMessage: 'Failed to query events data', - } -); - export const EVENTS = i18n.translate('xpack.securitySolution.eventsViewer.eventsLabel', { defaultMessage: 'Events', }); diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_flyout/translations.ts b/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_flyout/translations.ts index 76a9d563533e9..fe0b316648214 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_flyout/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_flyout/translations.ts @@ -39,20 +39,6 @@ export const ADD_EXCEPTION_SUCCESS = i18n.translate( } ); -export const ADD_EXCEPTION_FETCH_ERROR_TITLE = i18n.translate( - 'xpack.securitySolution.exceptions.addException.fetchError.title', - { - defaultMessage: 'Error', - } -); - -export const ADD_EXCEPTION_FETCH_ERROR = i18n.translate( - 'xpack.securitySolution.exceptions.addException.fetchError', - { - defaultMessage: 'Error fetching exception list', - } -); - export const ENDPOINT_QUARANTINE_TEXT = i18n.translate( 'xpack.securitySolution.exceptions.addException.endpointQuarantineText', { diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/edit_exception_flyout/translations.ts b/x-pack/plugins/security_solution/public/common/components/exceptions/edit_exception_flyout/translations.ts index 0fdfac284d376..6a5fd6f44810c 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/edit_exception_flyout/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/edit_exception_flyout/translations.ts @@ -32,13 +32,6 @@ export const EDIT_ENDPOINT_EXCEPTION_TITLE = i18n.translate( } ); -export const EDIT_EXCEPTION_ERROR = i18n.translate( - 'xpack.securitySolution.exceptions.editException.error', - { - defaultMessage: 'Failed to update exception', - } -); - export const EDIT_EXCEPTION_SUCCESS = i18n.translate( 'xpack.securitySolution.exceptions.editException.success', { diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/exceptions.mock.ts b/x-pack/plugins/security_solution/public/common/components/exceptions/exceptions.mock.ts deleted file mode 100644 index 69d7f0de94d25..0000000000000 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/exceptions.mock.ts +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { FormattedEntry } from './types'; - -export const getFormattedEntryMock = (isNested = false): FormattedEntry => ({ - fieldName: 'host.name', - operator: 'is', - value: 'some name', - isNested, -}); diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/translations.ts b/x-pack/plugins/security_solution/public/common/components/exceptions/translations.ts index c5d1a5faa98f5..2372e063b48cf 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/translations.ts @@ -38,26 +38,10 @@ export const COMMENTS_HIDE = (comments: number) => defaultMessage: 'Hide ({comments}) {comments, plural, =1 {Comment} other {Comments}}', }); -export const DATE_CREATED = i18n.translate('xpack.securitySolution.exceptions.dateCreatedLabel', { - defaultMessage: 'Date created', -}); - -export const CREATED_BY = i18n.translate('xpack.securitySolution.exceptions.createdByLabel', { - defaultMessage: 'Created by', -}); - export const NAME = i18n.translate('xpack.securitySolution.exceptions.nameLabel', { defaultMessage: 'Name', }); -export const DATE_MODIFIED = i18n.translate('xpack.securitySolution.exceptions.dateModifiedLabel', { - defaultMessage: 'Date modified', -}); - -export const MODIFIED_BY = i18n.translate('xpack.securitySolution.exceptions.modifiedByLabel', { - defaultMessage: 'Modified by', -}); - export const COMMENT = i18n.translate('xpack.securitySolution.exceptions.commentLabel', { defaultMessage: 'Comment', }); @@ -66,13 +50,6 @@ export const COMMENT_EVENT = i18n.translate('xpack.securitySolution.exceptions.c defaultMessage: 'added a comment', }); -export const OPERATING_SYSTEM = i18n.translate( - 'xpack.securitySolution.exceptions.operatingSystemLabel', - { - defaultMessage: 'OS', - } -); - export const OPERATING_SYSTEM_LABEL = i18n.translate( 'xpack.securitySolution.exceptions.operatingSystemFullLabel', { diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/types.ts b/x-pack/plugins/security_solution/public/common/components/exceptions/types.ts index 605dc3a79a9d8..fe0f137800d26 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/types.ts +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/types.ts @@ -5,23 +5,10 @@ * 2.0. */ -import type { ReactNode } from 'react'; import type { NamespaceType } from '@kbn/securitysolution-io-ts-list-types'; import type { Ecs } from '../../../../common/ecs'; import type { CodeSignature } from '../../../../common/ecs/file'; -export interface FormattedEntry { - fieldName: string; - operator: string | undefined; - value: string | string[] | undefined; - isNested: boolean; -} - -export interface DescriptionListItem { - title: NonNullable; - description: NonNullable; -} - export interface ExceptionListItemIdentifiers { id: string; namespaceType: NamespaceType; diff --git a/x-pack/plugins/security_solution/public/common/components/formatted_date/index.tsx b/x-pack/plugins/security_solution/public/common/components/formatted_date/index.tsx index a837f0cbfa3ec..bf7fd230fbfc4 100644 --- a/x-pack/plugins/security_solution/public/common/components/formatted_date/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/formatted_date/index.tsx @@ -174,30 +174,3 @@ export const FormattedRelativePreferenceDate = React.memo { - if (value == null) { - return null; - } - const maybeDate = getMaybeDate(value); - if (!maybeDate.isValid()) { - return null; - } - return moment(maybeDate.toDate()).add(1, 'hours').isBefore(new Date()) ? ( - <>{preferenceLabel} - ) : ( - <>{relativeLabel} - ); -}; diff --git a/x-pack/plugins/security_solution/public/common/components/link_to/__mocks__/index.ts b/x-pack/plugins/security_solution/public/common/components/link_to/__mocks__/index.ts index 087aec917766b..52ed72dc1a2bd 100644 --- a/x-pack/plugins/security_solution/public/common/components/link_to/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/public/common/components/link_to/__mocks__/index.ts @@ -24,6 +24,7 @@ export const useFormatUrl = (page: SecurityPageName) => ({ search: '', }); +// do not delete export const useGetSecuritySolutionUrl = () => ({ path }: { path: string }) => diff --git a/x-pack/plugins/security_solution/public/common/components/link_to/redirect_to_users.tsx b/x-pack/plugins/security_solution/public/common/components/link_to/redirect_to_users.tsx index 2a587ec8cce05..20171634ad6ea 100644 --- a/x-pack/plugins/security_solution/public/common/components/link_to/redirect_to_users.tsx +++ b/x-pack/plugins/security_solution/public/common/components/link_to/redirect_to_users.tsx @@ -6,14 +6,8 @@ */ import type { UsersTableType } from '../../../users/store/model'; -import { USERS_PATH } from '../../../../common/constants'; import { appendSearch } from './helpers'; -export const getUsersUrl = (search?: string) => `${USERS_PATH}${appendSearch(search)}`; - -export const getTabsOnUsersUrl = (tabName: UsersTableType, search?: string) => - `/${tabName}${appendSearch(search)}`; - export const getUsersDetailsUrl = (detailName: string, search?: string) => `/${detailName}${appendSearch(search)}`; diff --git a/x-pack/plugins/security_solution/public/common/components/markdown_editor/constants.ts b/x-pack/plugins/security_solution/public/common/components/markdown_editor/constants.ts deleted file mode 100644 index 58b99f47271fc..0000000000000 --- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/constants.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export const MARKDOWN_HELP_LINK = 'https://www.markdownguide.org/cheat-sheet/'; diff --git a/x-pack/plugins/security_solution/public/common/components/markdown_editor/index.tsx b/x-pack/plugins/security_solution/public/common/components/markdown_editor/index.tsx index e77a36d48f7d9..ea7000b647ec9 100644 --- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/markdown_editor/index.tsx @@ -5,7 +5,6 @@ * 2.0. */ -export * from './types'; export * from './renderer'; export * from './editor'; export * from './eui_form'; diff --git a/x-pack/plugins/security_solution/public/common/components/markdown_editor/translations.ts b/x-pack/plugins/security_solution/public/common/components/markdown_editor/translations.ts deleted file mode 100644 index 794a1b035ed5e..0000000000000 --- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/translations.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { i18n } from '@kbn/i18n'; - -export const MARKDOWN_SYNTAX_HELP = i18n.translate( - 'xpack.securitySolution.markdownEditor.markdownInputHelp', - { - defaultMessage: 'Markdown syntax help', - } -); - -export const PREVIEW = i18n.translate('xpack.securitySolution.markdownEditor.preview', { - defaultMessage: 'Preview', -}); diff --git a/x-pack/plugins/security_solution/public/common/components/markdown_editor/types.ts b/x-pack/plugins/security_solution/public/common/components/markdown_editor/types.ts deleted file mode 100644 index 8a30a4a143f54..0000000000000 --- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/types.ts +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export interface CursorPosition { - start: number; - end: number; -} diff --git a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts index 0f3e38b32c9ba..9557e2be55742 100644 --- a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts +++ b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts @@ -97,18 +97,6 @@ export interface MatrixHistogramProps extends MatrixHistogramBasicProps { yTickFormatter?: (value: number) => string; } -export interface HistogramBucket { - key_as_string: string; - key: number; - doc_count: number; -} -export interface GroupBucket { - key: string; - signals: { - buckets: HistogramBucket[]; - }; -} - export interface BarchartConfigs { series: { xScaleType: ScaleType; diff --git a/x-pack/plugins/security_solution/public/common/components/ml_popover/api.mock.ts b/x-pack/plugins/security_solution/public/common/components/ml_popover/api.mock.ts index a81a4c2878c5f..5bdc4b0be84b3 100644 --- a/x-pack/plugins/security_solution/public/common/components/ml_popover/api.mock.ts +++ b/x-pack/plugins/security_solution/public/common/components/ml_popover/api.mock.ts @@ -6,31 +6,7 @@ */ import type { MlSummaryJob } from '@kbn/ml-plugin/public'; -import type { - Group, - Module, - RecognizerModule, - SetupMlResponse, - SecurityJob, - StartDatafeedResponse, - StopDatafeedResponse, -} from './types'; - -export const mockGroupsResponse: Group[] = [ - { - id: 'siem', - jobIds: [ - 'rc-original-suspicious-login-activity-2', - 'rc-rare-process-linux-7', - 'rc-rare-process-windows-5', - 'siem-api-rare_process_linux_ecs', - 'siem-api-rare_process_windows_ecs', - 'siem-api-suspicious_login_activity_ecs', - ], - calendarIds: [], - }, - { id: 'suricata', jobIds: ['suricata_alert_rate'], calendarIds: [] }, -]; +import type { Module, RecognizerModule, SecurityJob } from './types'; export const mockOpenedJob: MlSummaryJob = { datafeedId: 'datafeed-siem-api-rare_process_linux_ecs', @@ -365,136 +341,6 @@ export const checkRecognizerSuccess: RecognizerModule[] = [ }, ]; -export const mockSetupMlJobAllError: SetupMlResponse = { - jobs: [ - { - id: 'linux_anomalous_network_url_activity_ecs', - success: false, - error: { - msg: "[resource_already_exists_exception] The job cannot be created with the Id 'linux_anomalous_network_url_activity_ecs'. The Id is already used.", - path: '/_ml/anomaly_detectors/linux_anomalous_network_url_activity_ecs', - query: {}, - body: '{"job_type":"anomaly_detector","groups":["siem","auditbeat","process"],"description":"SIEM Auditbeat: Looks for an unusual web URL request from a Linux instance. Curl and wget web request activity is very common but unusual web requests from a Linux server can sometimes be malware delivery or execution (beta)","analysis_config":{"bucket_span":"15m","detectors":[{"detector_description":"rare by \\"process.title\\"","function":"rare","by_field_name":"process.title"}],"influencers":["host.name","destination.ip","destination.port"]},"analysis_limits":{"model_memory_limit":"32mb"},"data_description":{"time_field":"@timestamp"},"custom_settings":{"created_by":"ml-module-siem-auditbeat","custom_urls":[{"url_name":"Host Details","url_value":"siem#/ml-hosts/$host.name$?timerange=(global:(linkTo:!(timeline),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')),timeline:(linkTo:!(global),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')))"}]},"results_index_name":"linux_anomalous_network_url_activity_ecs"}', - statusCode: 400, - response: - '{"error":{"root_cause":[{"type":"resource_already_exists_exception","reason":"The job cannot be created with the Id \'linux_anomalous_network_url_activity_ecs\'. The Id is already used."}],"type":"resource_already_exists_exception","reason":"The job cannot be created with the Id \'linux_anomalous_network_url_activity_ecs\'. The Id is already used."},"status":400}', - }, - }, - { - id: 'linux_anomalous_network_port_activity_ecs', - success: false, - error: { - msg: "[resource_already_exists_exception] The job cannot be created with the Id 'linux_anomalous_network_port_activity_ecs'. The Id is already used.", - path: '/_ml/anomaly_detectors/linux_anomalous_network_port_activity_ecs', - query: {}, - body: '{"job_type":"anomaly_detector","description":"SIEM Auditbeat: Looks for unusual destination port activity that could indicate command-and-control, persistence mechanism, or data exfiltration activity (beta)","groups":["siem","auditbeat","process"],"analysis_config":{"bucket_span":"15m","detectors":[{"detector_description":"rare by \\"destination.port\\"","function":"rare","by_field_name":"destination.port"}],"influencers":["host.name","process.name","user.name","destination.ip"]},"analysis_limits":{"model_memory_limit":"32mb"},"data_description":{"time_field":"@timestamp"},"custom_settings":{"created_by":"ml-module-siem-auditbeat","custom_urls":[{"url_name":"Host Details by process name","url_value":"siem#/ml-hosts/$host.name$?kqlQuery=(filterQuery:(expression:\'process.name%20:%20%22$process.name$%22\',kind:kuery),queryLocation:hosts.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')),timeline:(linkTo:!(global),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')))"},{"url_name":"Host Details by user name","url_value":"siem#/ml-hosts/$host.name$?kqlQuery=(filterQuery:(expression:\'user.name%20:%20%22$user.name$%22\',kind:kuery),queryLocation:hosts.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')),timeline:(linkTo:!(global),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')))"},{"url_name":"Hosts Overview by process name","url_value":"siem#/ml-hosts?kqlQuery=(filterQuery:(expression:\'process.name%20:%20%22$process.name$%22\',kind:kuery),queryLocation:hosts.page,type:page)&timerange=(global:(linkTo:!(timeline),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')),timeline:(linkTo:!(global),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')))"},{"url_name":"Hosts Overview by user name","url_value":"siem#/ml-hosts?kqlQuery=(filterQuery:(expression:\'user.name%20:%20%22$user.name$%22\',kind:kuery),queryLocation:hosts.page,type:page)&timerange=(global:(linkTo:!(timeline),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')),timeline:(linkTo:!(global),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')))"}]},"results_index_name":"linux_anomalous_network_port_activity_ecs"}', - statusCode: 400, - response: - '{"error":{"root_cause":[{"type":"resource_already_exists_exception","reason":"The job cannot be created with the Id \'linux_anomalous_network_port_activity_ecs\'. The Id is already used."}],"type":"resource_already_exists_exception","reason":"The job cannot be created with the Id \'linux_anomalous_network_port_activity_ecs\'. The Id is already used."},"status":400}', - }, - }, - ], - datafeeds: [ - { - id: 'datafeed-linux_anomalous_network_activity_ecs', - success: false, - started: false, - error: { - msg: '[status_exception] A datafeed [datafeed-linux_anomalous_network_activity_ecs] already exists for job [linux_anomalous_network_activity_ecs]', - path: '/_ml/datafeeds/datafeed-linux_anomalous_network_activity_ecs', - query: {}, - body: '{"job_id":"linux_anomalous_network_activity_ecs","indices":["auditbeat-*"],"query":{"bool":{"filter":[{"term":{"event.action":"connected-to"}},{"term":{"agent.type":"auditbeat"}}],"must_not":[{"bool":{"should":[{"term":{"destination.ip":"127.0.0.1"}},{"term":{"destination.ip":"127.0.0.53"}},{"term":{"destination.ip":"::1"}}],"minimum_should_match":1}}]}}}', - statusCode: 409, - response: - '{"error":{"root_cause":[{"type":"status_exception","reason":"A datafeed [datafeed-linux_anomalous_network_activity_ecs] already exists for job [linux_anomalous_network_activity_ecs]"}],"type":"status_exception","reason":"A datafeed [datafeed-linux_anomalous_network_activity_ecs] already exists for job [linux_anomalous_network_activity_ecs]"},"status":409}', - }, - }, - { - id: 'datafeed-linux_anomalous_network_port_activity_ecs', - success: false, - started: false, - error: { - msg: '[status_exception] A datafeed [datafeed-linux_anomalous_network_port_activity_ecs] already exists for job [linux_anomalous_network_port_activity_ecs]', - path: '/_ml/datafeeds/datafeed-linux_anomalous_network_port_activity_ecs', - query: {}, - body: '{"job_id":"linux_anomalous_network_port_activity_ecs","indices":["auditbeat-*"],"query":{"bool":{"filter":[{"term":{"event.action":"connected-to"}},{"term":{"agent.type":"auditbeat"}}],"must_not":[{"bool":{"should":[{"term":{"destination.ip":"::1"}},{"term":{"destination.ip":"127.0.0.1"}},{"term":{"destination.ip":"::"}},{"term":{"user.name_map.uid":"jenkins"}}],"minimum_should_match":1}}]}}}', - statusCode: 409, - response: - '{"error":{"root_cause":[{"type":"status_exception","reason":"A datafeed [datafeed-linux_anomalous_network_port_activity_ecs] already exists for job [linux_anomalous_network_port_activity_ecs]"}],"type":"status_exception","reason":"A datafeed [datafeed-linux_anomalous_network_port_activity_ecs] already exists for job [linux_anomalous_network_port_activity_ecs]"},"status":409}', - }, - }, - ], - kibana: {}, -}; - -export const mockSetupMlJobSingleErrorSingleSuccess: SetupMlResponse = { - jobs: [ - { - id: 'linux_anomalous_network_activity_ecs', - success: false, - error: { - msg: "[resource_already_exists_exception] The job cannot be created with the Id 'linux_anomalous_network_activity_ecs'. The Id is already used.", - path: '/_ml/anomaly_detectors/linux_anomalous_network_activity_ecs', - query: {}, - body: '{"job_type":"anomaly_detector","description":"SIEM Auditbeat: Looks for unusual processes using the network which could indicate command-and-control, lateral movement, persistence, or data exfiltration activity (beta)","groups":["siem","auditbeat","network"],"analysis_config":{"bucket_span":"15m","detectors":[{"detector_description":"rare by \\"process.name\\"","function":"rare","by_field_name":"process.name"}],"influencers":["host.name","process.name","user.name","destination.ip"]},"analysis_limits":{"model_memory_limit":"64mb"},"data_description":{"time_field":"@timestamp"},"custom_settings":{"created_by":"ml-module-siem-auditbeat","custom_urls":[{"url_name":"Host Details by process name","url_value":"siem#/ml-hosts/$host.name$?kqlQuery=(filterQuery:(expression:\'process.name%20:%20%22$process.name$%22\',kind:kuery),queryLocation:hosts.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')),timeline:(linkTo:!(global),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')))"},{"url_name":"Host Details by user name","url_value":"siem#/ml-hosts/$host.name$?kqlQuery=(filterQuery:(expression:\'user.name%20:%20%22$user.name$%22\',kind:kuery),queryLocation:hosts.details,type:details)&timerange=(global:(linkTo:!(timeline),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')),timeline:(linkTo:!(global),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')))"},{"url_name":"Hosts Overview by process name","url_value":"siem#/ml-hosts?kqlQuery=(filterQuery:(expression:\'process.name%20:%20%22$process.name$%22\',kind:kuery),queryLocation:hosts.page,type:page)&timerange=(global:(linkTo:!(timeline),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')),timeline:(linkTo:!(global),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')))"},{"url_name":"Hosts Overview by user name","url_value":"siem#/ml-hosts?kqlQuery=(filterQuery:(expression:\'user.name%20:%20%22$user.name$%22\',kind:kuery),queryLocation:hosts.page,type:page)&timerange=(global:(linkTo:!(timeline),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')),timeline:(linkTo:!(global),timerange:(from:\'$earliest$\',kind:absolute,to:\'$latest$\')))"}]},"results_index_name":"linux_anomalous_network_activity_ecs"}', - statusCode: 400, - response: - '{"error":{"root_cause":[{"type":"resource_already_exists_exception","reason":"The job cannot be created with the Id \'linux_anomalous_network_activity_ecs\'. The Id is already used."}],"type":"resource_already_exists_exception","reason":"The job cannot be created with the Id \'linux_anomalous_network_activity_ecs\'. The Id is already used."},"status":400}', - }, - }, - { id: 'linux_anomalous_network_port_activity_ecs', success: true }, - ], - datafeeds: [ - { - id: 'datafeed-linux_anomalous_network_activity_ecs', - success: false, - started: false, - error: { - msg: '[status_exception] A datafeed [datafeed-linux_anomalous_network_activity_ecs] already exists for job [linux_anomalous_network_activity_ecs]', - path: '/_ml/datafeeds/datafeed-linux_anomalous_network_activity_ecs', - query: {}, - body: '{"job_id":"linux_anomalous_network_activity_ecs","indices":["auditbeat-*"],"query":{"bool":{"filter":[{"term":{"event.action":"connected-to"}},{"term":{"agent.type":"auditbeat"}}],"must_not":[{"bool":{"should":[{"term":{"destination.ip":"127.0.0.1"}},{"term":{"destination.ip":"127.0.0.53"}},{"term":{"destination.ip":"::1"}}],"minimum_should_match":1}}]}}}', - statusCode: 409, - response: - '{"error":{"root_cause":[{"type":"status_exception","reason":"A datafeed [datafeed-linux_anomalous_network_activity_ecs] already exists for job [linux_anomalous_network_activity_ecs]"}],"type":"status_exception","reason":"A datafeed [datafeed-linux_anomalous_network_activity_ecs] already exists for job [linux_anomalous_network_activity_ecs]"},"status":409}', - }, - }, - - { id: 'datafeed-linux_anomalous_network_port_activity_ecs', success: true, started: false }, - ], - kibana: {}, -}; - -export const mockSetupMlJobAllSuccess: SetupMlResponse = { - jobs: [ - { - id: 'linux_anomalous_network_activity_ecs', - success: true, - }, - { id: 'linux_anomalous_network_port_activity_ecs', success: true }, - ], - datafeeds: [ - { id: 'datafeed-linux_anomalous_network_activity_ecs', success: true, started: false }, - - { id: 'datafeed-linux_anomalous_network_port_activity_ecs', success: true, started: false }, - ], - kibana: {}, -}; - -export const mockStartDatafeedsError: StartDatafeedResponse = { - 'datafeed-linux_anomalous_network_service': { started: false, error: 'Job has no datafeed' }, -}; - -export const mockStartDatafeedsSuccess: StartDatafeedResponse = { - 'datafeed-linux_anomalous_network_service': { started: true }, -}; - -export const mockStopDatafeedsErrorDoesNotExist: StopDatafeedResponse = {}; - -export const mockStopDatafeedsSuccess: StopDatafeedResponse = { - 'datafeed-linux_anomalous_network_service': { stopped: true }, -}; - export const mockSecurityJobs: SecurityJob[] = [ { id: 'linux_anomalous_network_activity_ecs', diff --git a/x-pack/plugins/security_solution/public/common/components/navigation/solution_grouped_nav/solution_grouped_nav_panel.tsx b/x-pack/plugins/security_solution/public/common/components/navigation/solution_grouped_nav/solution_grouped_nav_panel.tsx index a2773f2223247..1ce41b7e26472 100644 --- a/x-pack/plugins/security_solution/public/common/components/navigation/solution_grouped_nav/solution_grouped_nav_panel.tsx +++ b/x-pack/plugins/security_solution/public/common/components/navigation/solution_grouped_nav/solution_grouped_nav_panel.tsx @@ -44,10 +44,6 @@ export interface SolutionNavPanelItemsProps { items: DefaultSideNavItem[]; onClose: () => void; } -export interface SolutionNavPanelItemProps { - item: DefaultSideNavItem; - onClose: () => void; -} /** * Renders the side navigation panel for secondary links diff --git a/x-pack/plugins/security_solution/public/common/components/navigation/types.ts b/x-pack/plugins/security_solution/public/common/components/navigation/types.ts index f810f08328164..9c5fa4d0d15ad 100644 --- a/x-pack/plugins/security_solution/public/common/components/navigation/types.ts +++ b/x-pack/plugins/security_solution/public/common/components/navigation/types.ts @@ -75,10 +75,6 @@ export interface SecuritySolutionTabNavigationProps { display?: 'default' | 'condensed'; navTabs: GenericNavRecord; } -export type GetUrlForApp = ( - appId: string, - options?: { deepLinkId?: string; path?: string; absolute?: boolean } -) => string; export type NavigateToUrl = (url: string) => void; export interface NavLinkItem { diff --git a/x-pack/plugins/security_solution/public/common/components/page/translations.ts b/x-pack/plugins/security_solution/public/common/components/page/translations.ts index cfd3f81433989..997af1bfe952a 100644 --- a/x-pack/plugins/security_solution/public/common/components/page/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/page/translations.ts @@ -7,10 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const LIVE = i18n.translate('xpack.securitySolution.footer.live', { - defaultMessage: 'Live', -}); - export const DATA = i18n.translate('xpack.securitySolution.footer.data', { defaultMessage: 'data', }); diff --git a/x-pack/plugins/security_solution/public/common/components/sourcerer/translations.ts b/x-pack/plugins/security_solution/public/common/components/sourcerer/translations.ts index 1e1d300f4acf9..51698a9fa7547 100644 --- a/x-pack/plugins/security_solution/public/common/components/sourcerer/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/sourcerer/translations.ts @@ -157,14 +157,6 @@ export const INDEX_PATTERNS_DESCRIPTIONS = i18n.translate( } ); -export const DISABLED_INDEX_PATTERNS = i18n.translate( - 'xpack.securitySolution.indexPatterns.disabled', - { - defaultMessage: - 'Disabled index patterns are recommended on this page, but first need to be configured in your Kibana index pattern settings', - } -); - export const DISABLED_SOURCERER = i18n.translate('xpack.securitySolution.sourcerer.disabled', { defaultMessage: 'The updates to the Data view require a page reload to take effect.', }); diff --git a/x-pack/plugins/security_solution/public/common/components/threat_match/reducer.ts b/x-pack/plugins/security_solution/public/common/components/threat_match/reducer.ts index 42a4d8fd63fa6..3371cfe0e3317 100644 --- a/x-pack/plugins/security_solution/public/common/components/threat_match/reducer.ts +++ b/x-pack/plugins/security_solution/public/common/components/threat_match/reducer.ts @@ -8,8 +8,6 @@ import type { ThreatMapEntries } from './types'; import { getDefaultEmptyEntry } from './helpers'; -export type ViewerModalName = 'addModal' | 'editModal' | null; - export interface State { andLogicIncluded: boolean; entries: ThreatMapEntries[]; diff --git a/x-pack/plugins/security_solution/public/common/components/toasters/utils.ts b/x-pack/plugins/security_solution/public/common/components/toasters/utils.ts index 6063db96de8ed..69914ed3116bd 100644 --- a/x-pack/plugins/security_solution/public/common/components/toasters/utils.ts +++ b/x-pack/plugins/security_solution/public/common/components/toasters/utils.ts @@ -39,30 +39,6 @@ export const displayErrorToast = ( }); }; -/** - * Displays a warning toast for the provided title and message - * @deprecated Use x-pack/plugins/security_solution/public/common/hooks/use_app_toasts.ts instead - * @param title warning message to display in toaster and modal - * @param dispatchToaster provided by useStateToaster() - * @param id unique ID if necessary - */ -export const displayWarningToast = ( - title: string, - dispatchToaster: React.Dispatch, - id: string = uuid.v4() -): void => { - const toast: AppToast = { - id, - title, - color: 'warning', - iconType: 'help', - }; - dispatchToaster({ - type: 'addToaster', - toast, - }); -}; - /** * Displays a success toast for the provided title and message * @deprecated Use x-pack/plugins/security_solution/public/common/hooks/use_app_toasts.ts instead diff --git a/x-pack/plugins/security_solution/public/common/components/top_n/selectors.tsx b/x-pack/plugins/security_solution/public/common/components/top_n/selectors.tsx deleted file mode 100644 index 4bbcd689d47cd..0000000000000 --- a/x-pack/plugins/security_solution/public/common/components/top_n/selectors.tsx +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { State } from '../../store'; -import { sourcererSelectors } from '../../store/selectors'; -import type { SourcererScopeName } from '../../store/sourcerer/model'; - -export interface IndicesSelector { - all: string[]; - raw: string[]; -} - -export const getIndicesSelector = () => { - const getSignalIndexNameSelector = sourcererSelectors.signalIndexNameSelector(); - const getScopeSelector = sourcererSelectors.scopeIdSelector(); - - return (state: State, scopeId: SourcererScopeName): IndicesSelector => { - const signalIndexName = getSignalIndexNameSelector(state); - const { selectedPatterns } = getScopeSelector(state, scopeId); - const raw: string[] = selectedPatterns.filter((index) => index !== signalIndexName); - - return { - all: signalIndexName != null ? [...raw, signalIndexName] : [...raw], - raw, - }; - }; -}; diff --git a/x-pack/plugins/security_solution/public/common/components/url_state/__mocks__/normalize_time_range.ts b/x-pack/plugins/security_solution/public/common/components/url_state/__mocks__/normalize_time_range.ts index 3a0cf43e8c67d..3b26c72224ee2 100644 --- a/x-pack/plugins/security_solution/public/common/components/url_state/__mocks__/normalize_time_range.ts +++ b/x-pack/plugins/security_solution/public/common/components/url_state/__mocks__/normalize_time_range.ts @@ -5,6 +5,7 @@ * 2.0. */ +// do not delete export const normalizeTimeRange = () => ({ from: '2020-07-07T08:20:18.966Z', to: '2020-07-08T08:20:18.966Z', diff --git a/x-pack/plugins/security_solution/public/common/components/url_state/test_dependencies.ts b/x-pack/plugins/security_solution/public/common/components/url_state/test_dependencies.ts index 9a3dd5f7d2896..19dc9828c495b 100644 --- a/x-pack/plugins/security_solution/public/common/components/url_state/test_dependencies.ts +++ b/x-pack/plugins/security_solution/public/common/components/url_state/test_dependencies.ts @@ -8,7 +8,6 @@ import type { Query } from '@kbn/es-query'; import { navTabs } from '../../../app/home/home_navigations'; import { SecurityPageName } from '../../../app/types'; -import { inputsActions } from '../../store/actions'; import { CONSTANTS } from './constants'; import type { UrlStateContainerPropTypes, LocationTypes } from './types'; @@ -23,19 +22,6 @@ export const getFilterQuery = (): Query => ({ language: 'kuery', }); -export const mockSetFilterQuery: jest.Mock = inputsActions.setFilterQuery as unknown as jest.Mock; -export const mockAddGlobalLinkTo: jest.Mock = inputsActions.addGlobalLinkTo as unknown as jest.Mock; -export const mockAddTimelineLinkTo: jest.Mock = - inputsActions.addTimelineLinkTo as unknown as jest.Mock; -export const mockRemoveGlobalLinkTo: jest.Mock = - inputsActions.removeGlobalLinkTo as unknown as jest.Mock; -export const mockRemoveTimelineLinkTo: jest.Mock = - inputsActions.removeTimelineLinkTo as unknown as jest.Mock; -export const mockSetAbsoluteRangeDatePicker: jest.Mock = - inputsActions.setAbsoluteRangeDatePicker as unknown as jest.Mock; -export const mockSetRelativeRangeDatePicker: jest.Mock = - inputsActions.setRelativeRangeDatePicker as unknown as jest.Mock; - jest.mock('../../store/actions', () => ({ inputsActions: { addGlobalLinkTo: jest.fn(), diff --git a/x-pack/plugins/security_solution/public/common/components/url_state/types.ts b/x-pack/plugins/security_solution/public/common/components/url_state/types.ts index 6c74320ce237c..dc23416f8b65a 100644 --- a/x-pack/plugins/security_solution/public/common/components/url_state/types.ts +++ b/x-pack/plugins/security_solution/public/common/components/url_state/types.ts @@ -52,11 +52,6 @@ export interface UrlStateStateToPropsType { urlState: UrlState; } -export interface UpdateTimelineIsLoading { - id: string; - isLoading: boolean; -} - export interface PreviousLocationUrlState { pathName: string | undefined; pageName: string | undefined; diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/translations.ts b/x-pack/plugins/security_solution/public/common/components/visualization_actions/translations.ts index c3850ab7ade8a..9814a98817ef4 100644 --- a/x-pack/plugins/security_solution/public/common/components/visualization_actions/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/translations.ts @@ -73,17 +73,3 @@ export const FAIL_CHART_LABEL = i18n.translate( defaultMessage: 'Fail', } ); - -export const SUCCESS_UNIT_LABEL = i18n.translate( - 'xpack.securitySolution.visualizationActions.userAuthentications.successUnitLabel', - { - defaultMessage: 'success', - } -); - -export const FAIL_UNIT_LABEL = i18n.translate( - 'xpack.securitySolution.visualizationActions.userAuthentications.failUnitLabel', - { - defaultMessage: 'fail', - } -); diff --git a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence.ts b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence.ts index 1a750a371245b..242a5bd440b81 100644 --- a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence.ts +++ b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence.ts @@ -16,7 +16,6 @@ import { useDeepEqualSelector } from '../../hooks/use_selector'; import { inputsSelectors } from '../../store'; const ALERT_PREVALENCE_AGG = 'countOfAlertsWithSameFieldAndValue'; -export const DETECTIONS_ALERTS_COUNT_ID = 'detections-alerts-count'; interface UseAlertPrevalenceOptions { field: string; diff --git a/x-pack/plugins/security_solution/public/common/containers/authentications/translations.ts b/x-pack/plugins/security_solution/public/common/containers/authentications/translations.ts index 4d176197d1bbb..8e1268679fead 100644 --- a/x-pack/plugins/security_solution/public/common/containers/authentications/translations.ts +++ b/x-pack/plugins/security_solution/public/common/containers/authentications/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const ERROR_AUTHENTICATIONS = i18n.translate( - 'xpack.securitySolution.authentications.errorSearchDescription', - { - defaultMessage: `An error has occurred on authentications search`, - } -); - export const FAIL_AUTHENTICATIONS = i18n.translate( 'xpack.securitySolution.authentications.failSearchDescription', { diff --git a/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/use_event_enrichment.ts b/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/use_event_enrichment.ts index 939566d6e59c3..b8565f9d3e13e 100644 --- a/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/use_event_enrichment.ts +++ b/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/use_event_enrichment.ts @@ -7,11 +7,7 @@ import { useObservable, withOptionalSignal } from '@kbn/securitysolution-hook-utils'; -import { getEventEnrichment, getEventEnrichmentComplete } from './api'; - -const getEventEnrichmentOptionalSignal = withOptionalSignal(getEventEnrichment); - -export const useEventEnrichment = () => useObservable(getEventEnrichmentOptionalSignal); +import { getEventEnrichmentComplete } from './api'; const getEventEnrichmentCompleteWithOptionalSignal = withOptionalSignal(getEventEnrichmentComplete); diff --git a/x-pack/plugins/security_solution/public/common/containers/source/index.tsx b/x-pack/plugins/security_solution/public/common/containers/source/index.tsx index 5233a38cdde36..68beb34712a6e 100644 --- a/x-pack/plugins/security_solution/public/common/containers/source/index.tsx +++ b/x-pack/plugins/security_solution/public/common/containers/source/index.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import { isEmpty, isEqual, isUndefined, keyBy, pick } from 'lodash/fp'; +import { isEmpty, isEqual, keyBy, pick } from 'lodash/fp'; import memoizeOne from 'memoize-one'; import { useCallback, useEffect, useRef, useState } from 'react'; import ReactDOM from 'react-dom'; @@ -84,28 +84,6 @@ export const getBrowserFields = memoizeOne( (newArgs, lastArgs) => newArgs[0] === lastArgs[0] && newArgs[1].length === lastArgs[1].length ); -export const getDocValueFields = memoizeOne( - (_title: string, fields: IndexField[]): DocValueFields[] => - fields && fields.length > 0 - ? fields.reduce((accumulator: DocValueFields[], field: IndexField) => { - if (field.readFromDocValues && accumulator.length < 100) { - return [ - ...accumulator, - { - field: field.name, - }, - ]; - } - return accumulator; - }, []) - : [], - (newArgs, lastArgs) => newArgs[0] === lastArgs[0] && newArgs[1].length === lastArgs[1].length -); - -export const indicesExistOrDataTemporarilyUnavailable = ( - indicesExist: boolean | null | undefined -) => indicesExist || isUndefined(indicesExist); - const DEFAULT_BROWSER_FIELDS = {}; const DEFAULT_INDEX_PATTERNS = { fields: [], title: '' }; const DEFAULT_DOC_VALUE_FIELDS: DocValueFields[] = []; diff --git a/x-pack/plugins/security_solution/public/common/containers/sourcerer/mocks.ts b/x-pack/plugins/security_solution/public/common/containers/sourcerer/mocks.ts index 8a5cc1ca3ac42..cfa0b1dadec15 100644 --- a/x-pack/plugins/security_solution/public/common/containers/sourcerer/mocks.ts +++ b/x-pack/plugins/security_solution/public/common/containers/sourcerer/mocks.ts @@ -17,36 +17,6 @@ export const mockPatterns = [ 'journalbeat-*', ]; -export const mockSource = { - data: { - source: { - id: 'default', - status: { - indicesExist: true, - indexFields: [ - { - category: '_id', - description: 'Each document has an _id that uniquely identifies it', - example: 'Y-6TfmcB0WOhS6qyMv3s', - indexes: mockPatterns, - name: '_id', - searchable: true, - type: 'string', - aggregatable: false, - format: null, - esTypes: null, - subType: null, - __typename: 'IndexField', - }, - ], - }, - }, - }, - loading: false, - networkStatus: 7, - stale: false, -}; - export const mockSourcererScope = { ...initSourcererScope, scopePatterns: mockPatterns, diff --git a/x-pack/plugins/security_solution/public/common/hooks/eql/helpers.ts b/x-pack/plugins/security_solution/public/common/hooks/eql/helpers.ts index 52d8ec4f70123..87150062c3682 100644 --- a/x-pack/plugins/security_solution/public/common/hooks/eql/helpers.ts +++ b/x-pack/plugins/security_solution/public/common/hooks/eql/helpers.ts @@ -16,8 +16,6 @@ import type { BaseHit, EqlSearchResponse } from '../../../../common/detection_en type EqlAggBuckets = Record; -export const EQL_QUERY_EVENT_SIZE = 100; - /** * Calculates which 2 min bucket segment, event should be sorted into * @param eventTimestamp The event to be bucketed timestamp diff --git a/x-pack/plugins/security_solution/public/common/hooks/translations.ts b/x-pack/plugins/security_solution/public/common/hooks/translations.ts index 520cfef74ce41..54ed3a79d017f 100644 --- a/x-pack/plugins/security_solution/public/common/hooks/translations.ts +++ b/x-pack/plugins/security_solution/public/common/hooks/translations.ts @@ -19,20 +19,6 @@ export const ADDED_TO_TIMELINE_TEMPLATE_MESSAGE = (fieldOrValue: string) => defaultMessage: `Added {fieldOrValue} to timeline template`, }); -export const STATUS_CODE = i18n.translate( - 'xpack.securitySolution.components.ml.api.errors.statusCodeFailureTitle', - { - defaultMessage: 'Status Code:', - } -); - -export const NETWORK_ERROR = i18n.translate( - 'xpack.securitySolution.components.ml.api.errors.networkErrorFailureTitle', - { - defaultMessage: 'Network Error:', - } -); - export const INDEX_PATTERN_FETCH_FAILURE = i18n.translate( 'xpack.securitySolution.components.mlPopup.hooks.errors.indexPatternFetchFailureTitle', { diff --git a/x-pack/plugins/security_solution/public/common/hooks/use_providers_portal.tsx b/x-pack/plugins/security_solution/public/common/hooks/use_providers_portal.tsx deleted file mode 100644 index 699f09b3d8a51..0000000000000 --- a/x-pack/plugins/security_solution/public/common/hooks/use_providers_portal.tsx +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { useState } from 'react'; -import { createPortalNode } from 'react-reverse-portal'; - -/** - * A singleton portal for rendering the draggable groups of providers in the - * header of the timeline, or in the animated flyout - */ -const proivdersPortalNodeSingleton = createPortalNode(); - -export const useProvidersPortal = () => { - const [proivdersPortalNode] = useState(proivdersPortalNodeSingleton); - - return proivdersPortalNode; -}; diff --git a/x-pack/plugins/security_solution/public/common/lib/helpers/scheduler.ts b/x-pack/plugins/security_solution/public/common/lib/helpers/scheduler.ts index 89c51757e420f..c72779b7a4f1d 100644 --- a/x-pack/plugins/security_solution/public/common/lib/helpers/scheduler.ts +++ b/x-pack/plugins/security_solution/public/common/lib/helpers/scheduler.ts @@ -11,6 +11,7 @@ import { scaleLog } from 'd3-scale'; * Polyfill is from: https://developers.google.com/web/updates/2015/08/using-requestidlecallback * This is for Safari 12.1.2 and IE-11 */ +// do not delete export const polyFillRequestIdleCallback = (callback: IdleRequestCallback) => { const start = Date.now(); return setTimeout(() => { @@ -34,6 +35,7 @@ export const polyFillRequestIdleCallback = (callback: IdleRequestCallback) => { * scheduler with fibers (Concurrent React) and we would then remove * this and all usages. Otherwise, just remove this note */ +// do not delete export const requestIdleCallbackViaScheduler = ( callback: IdleRequestCallback, opts?: IdleRequestOptions @@ -66,4 +68,5 @@ export const requestIdleCallbackViaScheduler = ( * delayMax setting value meaning at most beyond 25 elements to display, they will take at most * 2 seconds to delay before show up. */ +// do not delete export const maxDelay = scaleLog().domain([1, 25]).range([100, 2000]).clamp(true); diff --git a/x-pack/plugins/security_solution/public/common/lib/kibana/__mocks__/index.ts b/x-pack/plugins/security_solution/public/common/lib/kibana/__mocks__/index.ts index ae3e7bdcef3f7..4e58875601ddd 100644 --- a/x-pack/plugins/security_solution/public/common/lib/kibana/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/public/common/lib/kibana/__mocks__/index.ts @@ -80,6 +80,7 @@ export const useAppUrl = jest.fn().mockReturnValue({ mockStartServicesMock.application.getUrlForApp(appId, options) ), }); +// do not delete export const useNavigateTo = jest.fn().mockReturnValue({ navigateTo: jest.fn().mockImplementation(({ appId = APP_UI_ID, url, ...options }) => { if (url) { diff --git a/x-pack/plugins/security_solution/public/common/lib/kibana/kibana_react.ts b/x-pack/plugins/security_solution/public/common/lib/kibana/kibana_react.ts index 42d8e9e0f1d0d..4878ee2a30919 100644 --- a/x-pack/plugins/security_solution/public/common/lib/kibana/kibana_react.ts +++ b/x-pack/plugins/security_solution/public/common/lib/kibana/kibana_react.ts @@ -5,7 +5,6 @@ * 2.0. */ -import type { KibanaReactContextValue } from '@kbn/kibana-react-plugin/public'; import { KibanaContextProvider, useKibana, @@ -16,11 +15,6 @@ import { import type { ApmBase } from '@elastic/apm-rum'; import type { StartServices } from '../../../types'; -export type KibanaContext = KibanaReactContextValue; -export interface WithKibanaProps { - kibana: KibanaContext; -} - const useTypedKibana = () => useKibana(); export { diff --git a/x-pack/plugins/security_solution/public/common/mock/index.ts b/x-pack/plugins/security_solution/public/common/mock/index.ts index 83710f2f2ef96..89330cad8d478 100644 --- a/x-pack/plugins/security_solution/public/common/mock/index.ts +++ b/x-pack/plugins/security_solution/public/common/mock/index.ts @@ -12,7 +12,6 @@ export * from './index_pattern'; export * from './mock_detail_item'; export * from './mock_detection_alerts'; export * from './mock_detection_alerts_aad'; -export * from './mock_ecs'; export * from './mock_local_storage'; export * from './mock_timeline_data'; export * from './netflow'; diff --git a/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts.ts b/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts.ts index 7aba743b2e057..b39d301c39a41 100644 --- a/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts.ts +++ b/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts.ts @@ -6,7 +6,6 @@ */ import type { Ecs } from '../../../common/ecs'; -import type { TimelineNonEcsData } from '../../../common/search_strategy'; export const getDetectionAlertMock = (overrides: Partial = {}): Ecs => ({ ...{ @@ -103,11 +102,3 @@ export const getThreatMatchDetectionAlert = (overrides: Partial = {}): Ecs }, ...overrides, }); - -export const getDetectionAlertFieldsMock = ( - fields: TimelineNonEcsData[] = [] -): TimelineNonEcsData[] => [ - { field: '@timestamp', value: ['2021-03-27T06:28:47.292Z'] }, - { field: 'signal.rule.type', value: ['threat_match'] }, - ...fields, -]; diff --git a/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts_aad.ts b/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts_aad.ts index d5c18472043b0..0fddaae8026ab 100644 --- a/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts_aad.ts +++ b/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts_aad.ts @@ -91,11 +91,6 @@ export const mockAADEcsDataWithAlert: Ecs = { }, }; -export const getDetectionAlertAADMock = (overrides: Partial = {}): Ecs => ({ - ...mockAADEcsDataWithAlert, - ...overrides, -}); - export const getThresholdDetectionAlertAADMock = (overrides: Partial = {}): Ecs[] => [ { ...mockAADEcsDataWithAlert, diff --git a/x-pack/plugins/security_solution/public/common/mock/mock_ecs.ts b/x-pack/plugins/security_solution/public/common/mock/mock_ecs.ts deleted file mode 100644 index 547dea1601006..0000000000000 --- a/x-pack/plugins/security_solution/public/common/mock/mock_ecs.ts +++ /dev/null @@ -1,1028 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { Ecs } from '../../../common/ecs'; - -export const mockEcsData: Ecs[] = [ - { - _id: '1', - timestamp: '2018-11-05T19:03:25.937Z', - host: { - name: ['apache'], - ip: ['192.168.0.1'], - }, - event: { - id: ['1'], - action: ['Action'], - category: ['Access'], - module: ['nginx'], - severity: [3], - }, - source: { - ip: ['192.168.0.1'], - port: [80], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - user: { - id: ['1'], - name: ['john.dee'], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '3', - timestamp: '2018-11-07T19:03:25.937Z', - host: { - name: ['nginx'], - ip: ['192.168.0.1'], - }, - event: { - id: ['3'], - category: ['Access'], - type: ['HTTP Request'], - module: ['nginx'], - severity: [1], - }, - source: { - ip: ['192.168.0.3'], - port: [443], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - user: { - id: ['3'], - name: ['evan.davis'], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '4', - timestamp: '2018-11-08T19:03:25.937Z', - host: { - name: ['suricata'], - ip: ['192.168.0.1'], - }, - event: { - id: ['4'], - category: ['Attempted Administrator Privilege Gain'], - type: ['Alert'], - module: ['suricata'], - severity: [1], - }, - source: { - ip: ['192.168.0.3'], - port: [53], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - suricata: { - eve: { - flow_id: [4], - proto: [''], - alert: { - signature: [ - 'ET EXPLOIT NETGEAR WNR2000v5 hidden_lang_avi Stack Overflow (CVE-2016-10174)', - ], - signature_id: [4], - }, - }, - }, - user: { - id: ['4'], - name: ['jenny.jones'], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '5', - timestamp: '2018-11-09T19:03:25.937Z', - host: { - name: ['joe.computer'], - ip: ['192.168.0.1'], - }, - event: { - id: ['5'], - category: ['Access'], - type: ['HTTP Request'], - module: ['nginx'], - severity: [3], - }, - source: { - ip: ['192.168.0.3'], - port: [80], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - user: { - id: ['5'], - name: ['becky.davis'], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '6', - timestamp: '2018-11-10T19:03:25.937Z', - host: { - name: ['braden.davis'], - ip: ['192.168.0.1'], - }, - event: { - id: ['6'], - category: ['Access'], - type: ['HTTP Request'], - module: ['nginx'], - severity: [3], - }, - source: { - ip: ['192.168.0.6'], - port: [80], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '8', - timestamp: '2018-11-12T19:03:25.937Z', - host: { - name: ['joe.computer'], - ip: ['192.168.0.1'], - }, - event: { - id: ['8'], - category: ['Web Application Attack'], - type: ['Alert'], - module: ['suricata'], - severity: [2], - }, - suricata: { - eve: { - flow_id: [8], - proto: [''], - alert: { - signature: ['ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie'], - signature_id: [8], - }, - }, - }, - source: { - ip: ['192.168.0.8'], - port: [80], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - user: { - id: ['8'], - name: ['jone.doe'], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '7', - timestamp: '2018-11-11T19:03:25.937Z', - host: { - name: ['joe.computer'], - ip: ['192.168.0.1'], - }, - event: { - id: ['7'], - category: ['Access'], - type: ['HTTP Request'], - module: ['apache'], - severity: [3], - }, - source: { - ip: ['192.168.0.7'], - port: [80], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - user: { - id: ['7'], - name: ['jone.doe'], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '9', - timestamp: '2018-11-13T19:03:25.937Z', - host: { - name: ['joe.computer'], - ip: ['192.168.0.1'], - }, - event: { - id: ['9'], - category: ['Access'], - type: ['HTTP Request'], - module: ['nginx'], - severity: [3], - }, - source: { - ip: ['192.168.0.9'], - port: [80], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - user: { - id: ['9'], - name: ['jone.doe'], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '10', - timestamp: '2018-11-14T19:03:25.937Z', - host: { - name: ['joe.computer'], - ip: ['192.168.0.1'], - }, - event: { - id: ['10'], - category: ['Access'], - type: ['HTTP Request'], - module: ['nginx'], - severity: [3], - }, - source: { - ip: ['192.168.0.10'], - port: [80], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - user: { - id: ['10'], - name: ['jone.doe'], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '11', - timestamp: '2018-11-15T19:03:25.937Z', - host: { - name: ['joe.computer'], - ip: ['192.168.0.1'], - }, - event: { - id: ['11'], - category: ['Access'], - type: ['HTTP Request'], - module: ['nginx'], - severity: [3], - }, - source: { - ip: ['192.168.0.11'], - port: [80], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - user: { - id: ['11'], - name: ['jone.doe'], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '12', - timestamp: '2018-11-16T19:03:25.937Z', - host: { - name: ['joe.computer'], - ip: ['192.168.0.1'], - }, - event: { - id: ['12'], - category: ['Access'], - type: ['HTTP Request'], - module: ['nginx'], - severity: [3], - }, - source: { - ip: ['192.168.0.12'], - port: [80], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - user: { - id: ['12'], - name: ['jone.doe'], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '2', - timestamp: '2018-11-06T19:03:25.937Z', - host: { - name: ['joe.computer'], - ip: ['192.168.0.1'], - }, - event: { - id: ['2'], - category: ['Authentication'], - type: ['Authentication Success'], - module: ['authlog'], - severity: [3], - }, - source: { - ip: ['192.168.0.2'], - port: [80], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - user: { - id: ['1'], - name: ['joe.bob'], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '13', - timestamp: '2018-13-12T19:03:25.937Z', - host: { - name: ['joe.computer'], - ip: ['192.168.0.1'], - }, - event: { - id: ['13'], - category: ['Web Application Attack'], - type: ['Alert'], - module: ['suricata'], - severity: [1], - }, - suricata: { - eve: { - flow_id: [13], - proto: [''], - alert: { - signature: ['ET WEB_SERVER Possible Attempt in HTTP Cookie'], - signature_id: [13], - }, - }, - }, - source: { - ip: ['192.168.0.8'], - port: [80], - }, - destination: { - ip: ['192.168.0.3'], - port: [6343], - }, - geo: { - region_name: ['xx'], - country_iso_code: ['xx'], - }, - }, - { - _id: '14', - timestamp: '2019-03-07T05:06:51.000Z', - event: { - module: ['zeek'], - dataset: ['zeek.connection'], - }, - host: { - id: ['37c81253e0fc4c46839c19b981be5177'], - name: ['zeek-franfurt'], - ip: ['207.154.238.205', '10.19.0.5', 'fe80::d82b:9aff:fe0d:1e12'], - }, - source: { - ip: ['185.176.26.101'], - port: [44059], - }, - destination: { - ip: ['207.154.238.205'], - port: [11568], - }, - geo: { - region_name: ['New York'], - country_iso_code: ['US'], - }, - network: { - transport: ['tcp'], - }, - zeek: { - session_id: ['C8DRTq362Fios6hw16'], - connection: { - local_resp: [false], - local_orig: [false], - missed_bytes: [0], - state: ['REJ'], - history: ['Sr'], - }, - }, - }, - { - _id: '15', - timestamp: '2019-03-07T00:51:28.000Z', - event: { - module: ['zeek'], - dataset: ['zeek.dns'], - }, - host: { - id: ['af3fddf15f1d47979ce817ba0df10c6e'], - name: ['suricata-zeek-singapore'], - ip: ['206.189.35.240', '10.15.0.5', 'fe80::98c7:eff:fe29:4455'], - }, - source: { - ip: ['206.189.35.240'], - port: [57475], - }, - destination: { - ip: ['67.207.67.3'], - port: [53], - }, - geo: { - region_name: ['New York'], - country_iso_code: ['US'], - }, - network: { - transport: ['udp'], - }, - zeek: { - session_id: ['CyIrMA1L1JtLqdIuol'], - dns: { - AA: [false], - RD: [false], - trans_id: [65252], - RA: [false], - TC: [false], - }, - }, - }, - { - _id: '16', - timestamp: '2019-03-05T07:00:20.000Z', - event: { - module: ['zeek'], - dataset: ['zeek.http'], - }, - host: { - id: ['af3fddf15f1d47979ce817ba0df10c6e'], - name: ['suricata-zeek-singapore'], - ip: ['206.189.35.240', '10.15.0.5', 'fe80::98c7:eff:fe29:4455'], - }, - source: { - ip: ['206.189.35.240'], - port: [36220], - }, - destination: { - ip: ['192.241.164.26'], - port: [80], - }, - geo: { - region_name: ['New York'], - country_iso_code: ['US'], - }, - http: { - version: ['1.1'], - request: { - body: { - bytes: [0], - }, - }, - response: { - status_code: [302], - body: { - bytes: [154], - }, - }, - }, - zeek: { - session_id: ['CZLkpC22NquQJOpkwe'], - http: { - resp_mime_types: ['text/html'], - trans_depth: ['3'], - status_msg: ['Moved Temporarily'], - resp_fuids: ['FzeujEPP7GTHmYPsc'], - tags: [], - }, - }, - }, - { - _id: '17', - timestamp: '2019-02-28T22:36:28.000Z', - event: { - module: ['zeek'], - dataset: ['zeek.notice'], - }, - host: { - id: ['37c81253e0fc4c46839c19b981be5177'], - name: ['zeek-franfurt'], - ip: ['207.154.238.205', '10.19.0.5', 'fe80::d82b:9aff:fe0d:1e12'], - }, - source: { - ip: ['8.42.77.171'], - }, - zeek: { - notice: { - suppress_for: [3600], - msg: ['8.42.77.171 scanned at least 15 unique ports of host 207.154.238.205 in 0m0s'], - note: ['Scan::Port_Scan'], - sub: ['remote'], - dst: ['207.154.238.205'], - dropped: [false], - peer_descr: ['bro'], - }, - }, - }, - { - _id: '18', - timestamp: '2019-02-22T21:12:13.000Z', - event: { - module: ['zeek'], - dataset: ['zeek.ssl'], - }, - host: { - id: ['2ce8b1e7d69e4a1d9c6bcddc473da9d9'], - name: ['zeek-sensor-amsterdam'], - }, - source: { - ip: ['188.166.66.184'], - port: [34514], - }, - destination: { - ip: ['91.189.95.15'], - port: [443], - }, - geo: { - region_name: ['England'], - country_iso_code: ['GB'], - }, - zeek: { - session_id: ['CmTxzt2OVXZLkGDaRe'], - ssl: { - cipher: ['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'], - established: [false], - resumed: [false], - version: ['TLSv12'], - }, - }, - }, - { - _id: '19', - timestamp: '2019-03-03T04:26:38.000Z', - event: { - module: ['zeek'], - dataset: ['zeek.files'], - }, - host: { - id: ['af3fddf15f1d47979ce817ba0df10c6e'], - name: ['suricata-zeek-singapore'], - ip: ['206.189.35.240', '10.15.0.5', 'fe80::98c7:eff:fe29:4455'], - }, - zeek: { - session_id: ['Cu0n232QMyvNtzb75j'], - files: { - session_ids: ['Cu0n232QMyvNtzb75j'], - timedout: [false], - local_orig: [false], - tx_host: ['5.101.111.50'], - source: ['HTTP'], - is_orig: [false], - overflow_bytes: [0], - sha1: ['fa5195a5dfacc9d1c68d43600f0e0262cad14dde'], - duration: [0], - depth: [0], - analyzers: ['MD5', 'SHA1'], - mime_type: ['text/plain'], - rx_host: ['206.189.35.240'], - total_bytes: [88722], - fuid: ['FePz1uVEVCZ3I0FQi'], - seen_bytes: [1198], - missing_bytes: [0], - md5: ['f7653f1951693021daa9e6be61226e32'], - }, - }, - }, - { - _id: '20', - timestamp: '2019-03-13T05:42:11.815Z', - event: { - action: ['executed'], - module: ['auditd'], - category: ['audit-rule'], - }, - host: { - id: ['f896741c3b3b44bdb8e351a4ab6d2d7c'], - name: ['zeek-sanfran'], - ip: ['134.209.63.134', '10.46.0.5', 'fe80::a0d9:16ff:fecf:e70b'], - }, - user: { - name: ['alice'], - }, - process: { - pid: [5402], - name: ['gpgconf'], - ppid: [5401], - args: ['gpgconf', '--list-dirs', 'agent-socket'], - executable: ['/usr/bin/gpgconf'], - title: ['gpgconf --list-dirs agent-socket'], - working_directory: ['/'], - }, - }, - { - _id: '21', - timestamp: '2019-03-14T22:30:25.527Z', - event: { - action: ['logged-in'], - module: ['auditd'], - category: ['user-login'], - }, - auditd: { - result: ['success'], - session: ['14'], - data: { - terminal: ['/dev/pts/0'], - op: ['login'], - }, - summary: { - actor: { - primary: ['alice'], - secondary: ['alice'], - }, - object: { - primary: ['/dev/pts/0'], - secondary: ['8.42.77.171'], - type: ['user-session'], - }, - how: ['/usr/sbin/sshd'], - }, - }, - host: { - id: ['7c21f5ed03b04d0299569d221fe18bbc'], - name: ['zeek-london'], - ip: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - }, - source: { - ip: ['8.42.77.171'], - }, - user: { - name: ['root'], - }, - process: { - pid: [17471], - executable: ['/usr/sbin/sshd'], - }, - }, - { - _id: '22', - timestamp: '2019-03-13T03:35:21.614Z', - event: { - action: ['disposed-credentials'], - module: ['auditd'], - category: ['user-login'], - }, - auditd: { - result: ['success'], - session: ['340'], - data: { - acct: ['alice'], - terminal: ['ssh'], - op: ['PAM:setcred'], - }, - summary: { - actor: { - primary: ['alice'], - secondary: ['alice'], - }, - object: { - primary: ['ssh'], - secondary: ['8.42.77.171'], - type: ['user-session'], - }, - how: ['/usr/sbin/sshd'], - }, - }, - host: { - id: ['0a63559c1acf4c419d979c4b4d8b83ff'], - name: ['suricata-bangalore'], - ip: ['139.59.11.147', '10.47.0.5', 'fe80::ec0b:1bff:fe29:80bd'], - }, - user: { - name: ['root'], - }, - process: { - pid: [21202], - executable: ['/usr/sbin/sshd'], - }, - }, - { - _id: '23', - timestamp: '2019-03-13T03:35:21.614Z', - event: { - action: ['ended-session'], - module: ['auditd'], - category: ['user-login'], - }, - auditd: { - result: ['success'], - session: ['340'], - data: { - acct: ['alice'], - terminal: ['ssh'], - op: ['PAM:session_close'], - }, - summary: { - actor: { - primary: ['alice'], - secondary: ['alice'], - }, - object: { - primary: ['ssh'], - secondary: ['8.42.77.171'], - type: ['user-session'], - }, - how: ['/usr/sbin/sshd'], - }, - }, - host: { - id: ['0a63559c1acf4c419d979c4b4d8b83ff'], - name: ['suricata-bangalore'], - ip: ['139.59.11.147', '10.47.0.5', 'fe80::ec0b:1bff:fe29:80bd'], - }, - user: { - name: ['root'], - }, - process: { - pid: [21202], - executable: ['/usr/sbin/sshd'], - }, - }, - { - _id: '24', - timestamp: '2019-03-18T23:17:01.645Z', - event: { - action: ['acquired-credentials'], - module: ['auditd'], - category: ['user-login'], - }, - auditd: { - result: ['success'], - session: ['unset'], - data: { - acct: ['root'], - terminal: ['cron'], - op: ['PAM:setcred'], - }, - summary: { - actor: { - primary: ['unset'], - secondary: ['root'], - }, - object: { - primary: ['cron'], - type: ['user-session'], - }, - how: ['/usr/sbin/cron'], - }, - }, - host: { - id: ['7c21f5ed03b04d0299569d221fe18bbc'], - name: ['zeek-london'], - ip: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - }, - user: { - name: ['root'], - }, - process: { - pid: [9592], - executable: ['/usr/sbin/cron'], - }, - }, - { - _id: '25', - timestamp: '2019-03-19T01:17:01.336Z', - event: { - action: ['started-session'], - module: ['auditd'], - category: ['user-login'], - }, - auditd: { - result: ['success'], - session: ['2908'], - data: { - acct: ['root'], - terminal: ['cron'], - op: ['PAM:session_open'], - }, - summary: { - actor: { - primary: ['root'], - secondary: ['root'], - }, - object: { - primary: ['cron'], - type: ['user-session'], - }, - how: ['[/usr/sbin/cron'], - }, - }, - host: { - id: ['aa7ca589f1b8220002f2fc61c64cfbf1'], - name: ['siem-kibana'], - }, - user: { - name: ['root'], - }, - process: { - pid: [725], - executable: ['/usr/sbin/cron'], - }, - }, - { - _id: '26', - timestamp: '2019-03-13T03:34:08.890Z', - event: { - action: ['was-authorized'], - module: ['auditd'], - category: ['user-login'], - }, - auditd: { - result: ['success'], - session: ['338'], - data: { - terminal: ['/dev/pts/0'], - }, - summary: { - actor: { - primary: ['root'], - secondary: ['alice'], - }, - object: { - primary: ['/dev/pts/0'], - type: ['user-session'], - }, - how: ['/sbin/pam_tally2'], - }, - }, - host: { - id: ['0a63559c1acf4c419d979c4b4d8b83ff'], - name: ['suricata-bangalore'], - ip: ['139.59.11.147', '10.47.0.5', 'fe80::ec0b:1bff:fe29:80bd'], - }, - user: { - name: ['alice'], - }, - process: { - pid: [21170], - executable: ['/sbin/pam_tally2'], - }, - }, - { - _id: '27', - timestamp: '2019-03-22T19:13:11.026Z', - event: { - action: ['connected-to'], - module: ['auditd'], - category: ['audit-rule'], - }, - auditd: { - result: ['success'], - session: ['246'], - summary: { - actor: { - primary: ['alice'], - secondary: ['alice'], - }, - object: { - primary: ['93.184.216.34'], - secondary: ['80'], - type: ['socket'], - }, - how: ['/usr/bin/wget'], - }, - }, - host: { - id: ['7c21f5ed03b04d0299569d221fe18bbc'], - name: ['zeek-london'], - ip: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - }, - destination: { - ip: ['93.184.216.34'], - port: [80], - }, - user: { - name: ['alice'], - }, - process: { - pid: [1490], - name: ['wget'], - ppid: [1476], - executable: ['/usr/bin/wget'], - title: ['wget www.example.com'], - }, - }, - { - _id: '28', - timestamp: '2019-03-26T22:12:18.609Z', - event: { - action: ['opened-file'], - module: ['auditd'], - category: ['audit-rule'], - }, - auditd: { - result: ['success'], - session: ['unset'], - summary: { - actor: { - primary: ['unset'], - secondary: ['root'], - }, - object: { - primary: ['/proc/15990/attr/current'], - type: ['file'], - }, - how: ['/lib/systemd/systemd-journald'], - }, - }, - file: { - path: ['/proc/15990/attr/current'], - device: ['00:00'], - inode: ['27672309'], - uid: ['0'], - owner: ['root'], - gid: ['0'], - group: ['root'], - mode: ['0666'], - }, - host: { - id: ['7c21f5ed03b04d0299569d221fe18bbc'], - name: ['zeek-london'], - ip: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - }, - - user: { - name: ['root'], - }, - process: { - pid: [27244], - name: ['systemd-journal'], - ppid: [1], - executable: ['/lib/systemd/systemd-journald'], - title: ['/lib/systemd/systemd-journald'], - working_directory: ['/'], - }, - }, -]; diff --git a/x-pack/plugins/security_solution/public/common/mock/router.tsx b/x-pack/plugins/security_solution/public/common/mock/router.tsx index 58b7bb0ac2688..d9cf89a74db08 100644 --- a/x-pack/plugins/security_solution/public/common/mock/router.tsx +++ b/x-pack/plugins/security_solution/public/common/mock/router.tsx @@ -30,11 +30,4 @@ export const mockHistory = { listen: jest.fn(), }; -export const mockLocation = { - pathname: '/welcome', - hash: '', - search: '', - state: '', -}; - export { Router, routeData }; diff --git a/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts b/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts index 93058c3acf2b5..d857522b7dcd0 100644 --- a/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts +++ b/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts @@ -2178,16 +2178,3 @@ export const mockTimelineDetails: TimelineEventsDetailsItem[] = [ isObjectArray: false, }, ]; - -export const mockTimelineDetailsApollo = { - data: { - source: { - TimelineDetails: { - data: mockTimelineDetails, - }, - }, - }, - loading: false, - networkStatus: 7, - stale: false, -}; diff --git a/x-pack/plugins/security_solution/public/common/store/inputs/selectors.ts b/x-pack/plugins/security_solution/public/common/store/inputs/selectors.ts index cc4e90cf18317..e53a73160221b 100644 --- a/x-pack/plugins/security_solution/public/common/store/inputs/selectors.ts +++ b/x-pack/plugins/security_solution/public/common/store/inputs/selectors.ts @@ -55,8 +55,6 @@ export const timelineFullScreenSelector = createSelector( export const globalTimeRangeSelector = createSelector(selectGlobal, (global) => global.timerange); -export const globalPolicySelector = createSelector(selectGlobal, (global) => global.policy); - export const globalQuery = () => createSelector(selectGlobal, (global) => global.queries); export const globalQueryByIdSelector = () => createSelector(selectGlobalQuery, (query) => query); diff --git a/x-pack/plugins/security_solution/public/common/store/sourcerer/selectors.ts b/x-pack/plugins/security_solution/public/common/store/sourcerer/selectors.ts index 29ab145597ee9..9a229f16e08e3 100644 --- a/x-pack/plugins/security_solution/public/common/store/sourcerer/selectors.ts +++ b/x-pack/plugins/security_solution/public/common/store/sourcerer/selectors.ts @@ -11,7 +11,6 @@ import type { SourcererDataView, SourcererModel, SourcererScope, - SourcererScopeById, SourcererScopeName, } from './model'; @@ -39,11 +38,6 @@ export const sourcererScopeIdSelector = ( export const scopeIdSelector = () => createSelector(sourcererScopeIdSelector, (scope) => scope); -export const sourcererScopesSelector = ({ sourcerer }: State): SourcererScopeById => - sourcerer.sourcererScopes; - -export const scopesSelector = () => createSelector(sourcererScopesSelector, (scopes) => scopes); - export const kibanaDataViewsSelector = () => createSelector(sourcererKibanaDataViewsSelector, (dataViews) => dataViews); diff --git a/x-pack/plugins/security_solution/public/common/translations.ts b/x-pack/plugins/security_solution/public/common/translations.ts index 64d31e7f6530d..3acff1d1dbfca 100644 --- a/x-pack/plugins/security_solution/public/common/translations.ts +++ b/x-pack/plugins/security_solution/public/common/translations.ts @@ -11,58 +11,6 @@ export const SOLUTION_NAME = i18n.translate('xpack.securitySolution.pages.common defaultMessage: 'Security', }); -export const EMPTY_ACTION_ELASTIC_AGENT = i18n.translate( - 'xpack.securitySolution.pages.common.emptyActionElasticAgent', - { - defaultMessage: 'Add data with Elastic Agent', - } -); - -export const EMPTY_ACTION_ELASTIC_AGENT_DESCRIPTION = i18n.translate( - 'xpack.securitySolution.pages.common.emptyActionElasticAgentDescription', - { - defaultMessage: - 'The Elastic Agent provides a simple, unified way to add monitoring to your hosts.', - } -); - -export const EMPTY_ACTION_BEATS = i18n.translate( - 'xpack.securitySolution.pages.common.emptyActionBeats', - { - defaultMessage: 'Add data with Beats', - } -); - -export const EMPTY_ACTION_BEATS_DESCRIPTION = i18n.translate( - 'xpack.securitySolution.pages.common.emptyActionBeatsDescription', - { - defaultMessage: - 'Lightweight Beats can send data from hundreds or thousands of machines and systems', - } -); - -export const EMPTY_ACTION_SECONDARY = i18n.translate( - 'xpack.securitySolution.pages.common.emptyActionSecondary', - { - defaultMessage: 'getting started guide.', - } -); - -export const EMPTY_ACTION_ENDPOINT = i18n.translate( - 'xpack.securitySolution.pages.common.emptyActionEndpoint', - { - defaultMessage: 'Add Endpoint Security', - } -); - -export const EMPTY_ACTION_ENDPOINT_DESCRIPTION = i18n.translate( - 'xpack.securitySolution.pages.common.emptyActionEndpointDescription', - { - defaultMessage: - 'Protect your hosts with threat prevention, detection, and deep security data visibility.', - } -); - export const BETA = i18n.translate('xpack.securitySolution.pages.common.beta', { defaultMessage: 'Beta', }); diff --git a/x-pack/plugins/security_solution/public/common/utils/alerts.ts b/x-pack/plugins/security_solution/public/common/utils/alerts.ts index 9c56725369ce0..461adbcc6e8c1 100644 --- a/x-pack/plugins/security_solution/public/common/utils/alerts.ts +++ b/x-pack/plugins/security_solution/public/common/utils/alerts.ts @@ -28,41 +28,6 @@ export const buildAlertsQuery = (alertIds: string[]) => { }; }; -export const toStringArray = (value: unknown): string[] => { - if (Array.isArray(value)) { - return value.reduce((acc, v) => { - if (v != null) { - switch (typeof v) { - case 'number': - case 'boolean': - return [...acc, v.toString()]; - case 'object': - try { - return [...acc, JSON.stringify(v)]; - } catch { - return [...acc, 'Invalid Object']; - } - case 'string': - return [...acc, v]; - default: - return [...acc, `${v}`]; - } - } - return acc; - }, []); - } else if (value == null) { - return []; - } else if (!Array.isArray(value) && typeof value === 'object') { - try { - return [JSON.stringify(value)]; - } catch { - return ['Invalid Object']; - } - } else { - return [`${value}`]; - } -}; - const formatAlertItem = (item: unknown): Ecs => { if (item != null && isPlainObject(item)) { return Object.keys(item as object).reduce( diff --git a/x-pack/plugins/security_solution/public/common/utils/route/types.ts b/x-pack/plugins/security_solution/public/common/utils/route/types.ts index ca7c809a63a60..71d58f487da66 100644 --- a/x-pack/plugins/security_solution/public/common/utils/route/types.ts +++ b/x-pack/plugins/security_solution/public/common/utils/route/types.ts @@ -47,10 +47,6 @@ export interface NetworkRouteSpyState extends RouteSpyState { tabName: NetworkRouteType | undefined; } -export interface TimelineRouteSpyState extends RouteSpyState { - tabName: TimelineType | undefined; -} - export interface AdministrationRouteSpyState extends RouteSpyState { tabName: AdministrationType | undefined; } diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_info/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_info/index.tsx deleted file mode 100644 index e4da679fed8f1..0000000000000 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_info/index.tsx +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { EuiLoadingSpinner } from '@elastic/eui'; -import { FormattedRelative } from '@kbn/i18n-react'; -import React, { useState, useEffect } from 'react'; - -import { useQueryAlerts } from '../../containers/detection_engine/alerts/use_query'; -import { buildLastAlertsQuery } from './query.dsl'; -import type { Aggs } from './types'; - -interface AlertInfo { - ruleId?: string | null; -} - -type Return = [React.ReactNode, React.ReactNode]; - -export const useAlertInfo = ({ ruleId = null }: AlertInfo): Return => { - const [lastAlerts, setLastAlerts] = useState( - - ); - const [totalAlerts, setTotalAlerts] = useState( - - ); - - const { loading, data: alerts } = useQueryAlerts({ - query: buildLastAlertsQuery(ruleId), - }); - - useEffect(() => { - if (alerts != null) { - const myAlerts = alerts; - setLastAlerts( - myAlerts.aggregations?.lastSeen.value != null ? ( - - ) : null - ); - setTotalAlerts(<>{myAlerts.hits.total.value}); - } else { - setLastAlerts(null); - setTotalAlerts(null); - } - }, [loading, alerts]); - - return [lastAlerts, totalAlerts]; -}; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_info/query.dsl.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_info/query.dsl.ts deleted file mode 100644 index e12ad779ebc96..0000000000000 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_info/query.dsl.ts +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { ALERT_WORKFLOW_STATUS, ALERT_RULE_UUID } from '@kbn/rule-data-utils'; - -export const buildLastAlertsQuery = (ruleId: string | undefined | null) => { - const queryFilter = [ - { - bool: { - should: [{ match: { [ALERT_WORKFLOW_STATUS]: 'open' } }], - minimum_should_match: 1, - }, - }, - ]; - - return { - aggs: { - lastSeen: { max: { field: '@timestamp' } }, - }, - query: { - bool: { - filter: - ruleId != null - ? [ - ...queryFilter, - { - bool: { - should: [ - { match: { 'signal.rule.id': ruleId } }, - { match: { [ALERT_RULE_UUID]: ruleId } }, - ], - minimum_should_match: 1, - }, - }, - ] - : queryFilter, - }, - }, - size: 1, - track_total_hits: true, - }; -}; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_info/types.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_info/types.ts deleted file mode 100644 index 9827786c0cd74..0000000000000 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_info/types.ts +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export interface Aggs { - lastSeen: { - value: number; - value_as_string: string; - }; -} diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/alerts_histogram_panel/types.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/alerts_histogram_panel/types.ts index 7b1136d5b11c6..ba0205577aa3a 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/alerts_histogram_panel/types.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/alerts_histogram_panel/types.ts @@ -5,8 +5,6 @@ * 2.0. */ -import type { inputsModel } from '../../../../common/store'; - export interface HistogramData { x: number; y: number; @@ -38,10 +36,3 @@ export interface AlertsTotal { value: number; relation: string; } - -export interface RegisterQuery { - id: string; - inspect: inputsModel.InspectQuery | null; - loading: boolean; - refetch: inputsModel.Refetch; -} diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/config.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/config.ts index 8110c963cb356..8c026a740efb4 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/config.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/config.ts @@ -5,28 +5,8 @@ * 2.0. */ -import type { AlertsStackByOption } from './types'; - -export const alertsStackByOptions: AlertsStackByOption[] = [ - { text: 'kibana.alert.risk_score', value: 'kibana.alert.risk_score' }, - { text: 'kibana.alert.severity', value: 'kibana.alert.severity' }, - { text: 'kibana.alert.rule.threat.tactic.name', value: 'kibana.alert.rule.threat.tactic.name' }, - { text: 'destination.ip', value: 'destination.ip' }, - { text: 'event.action', value: 'event.action' }, - { text: 'event.category', value: 'event.category' }, - { text: 'host.name', value: 'host.name' }, - { text: 'kibana.alert.rule.type', value: 'kibana.alert.rule.type' }, - { text: 'kibana.alert.rule.name', value: 'kibana.alert.rule.name' }, - { text: 'source.ip', value: 'source.ip' }, - { text: 'user.name', value: 'user.name' }, - { text: 'process.name', value: 'process.name' }, - { text: 'file.name', value: 'file.name' }, - { text: 'hash.sha256', value: 'hash.sha256' }, -]; - export const DEFAULT_STACK_BY_FIELD = 'kibana.alert.rule.name'; export const DEFAULT_STACK_BY_FIELD1 = 'host.name'; export const PANEL_HEIGHT = 300; export const MOBILE_PANEL_HEIGHT = 500; -export const CHART_HEIGHT = 200; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/types.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/types.ts index 8886b182dfaf5..5ffbedd80032f 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/types.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/types.ts @@ -5,11 +5,6 @@ * 2.0. */ -export interface AlertsStackByOption { - text: AlertsStackByField; - value: AlertsStackByField; -} - export type AlertsStackByField = | 'kibana.alert.risk_score' | 'kibana.alert.severity' diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts index 66fcbae494a41..5da63a5ab9598 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts @@ -63,34 +63,6 @@ export const TAKE_ACTION = i18n.translate( } ); -export const BATCH_ACTIONS = i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActionsTitle', - { - defaultMessage: 'Batch actions', - } -); - -export const BATCH_ACTION_VIEW_SELECTED_IN_HOSTS = i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInHostsTitle', - { - defaultMessage: 'View selected in hosts', - } -); - -export const BATCH_ACTION_VIEW_SELECTED_IN_NETWORK = i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInNetworkTitle', - { - defaultMessage: 'View selected in network', - } -); - -export const BATCH_ACTION_VIEW_SELECTED_IN_TIMELINE = i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInTimelineTitle', - { - defaultMessage: 'View selected in timeline', - } -); - export const BATCH_ACTION_OPEN_SELECTED = i18n.translate( 'xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.openSelectedTitle', { diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_resolver.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_resolver.tsx index d6876468e4652..ff737ef39b6f4 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_resolver.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_resolver.tsx @@ -5,20 +5,7 @@ * 2.0. */ -import React, { useCallback, useMemo } from 'react'; -import { useDispatch } from 'react-redux'; -import { EuiContextMenuItem } from '@elastic/eui'; import { get } from 'lodash/fp'; -import { - setActiveTabTimeline, - updateTimelineGraphEventId, -} from '../../../../timelines/store/timeline/actions'; -import { - useGlobalFullScreen, - useTimelineFullScreen, -} from '../../../../common/containers/use_full_screen'; -import { TimelineId, TimelineTabs } from '../../../../../common/types'; -import { ACTION_INVESTIGATE_IN_RESOLVER } from '../../../../timelines/components/timeline/body/translations'; import type { Ecs } from '../../../../../common/ecs'; export const isInvestigateInResolverActionEnabled = (ecsData?: Ecs) => @@ -27,44 +14,3 @@ export const isInvestigateInResolverActionEnabled = (ecsData?: Ecs) => get(['event', 'module', 0], ecsData) === 'sysmon')) && get(['process', 'entity_id'], ecsData)?.length === 1 && get(['process', 'entity_id', 0], ecsData) !== ''; -interface InvestigateInResolverProps { - timelineId: string; - ecsData: Ecs; - onClose: () => void; -} -export const useInvestigateInResolverContextItem = ({ - timelineId, - ecsData, - onClose, -}: InvestigateInResolverProps) => { - const dispatch = useDispatch(); - const isDisabled = useMemo(() => !isInvestigateInResolverActionEnabled(ecsData), [ecsData]); - const { setGlobalFullScreen } = useGlobalFullScreen(); - const { setTimelineFullScreen } = useTimelineFullScreen(); - const handleClick = useCallback(() => { - const dataGridIsFullScreen = document.querySelector('.euiDataGrid--fullScreen'); - dispatch(updateTimelineGraphEventId({ id: timelineId, graphEventId: ecsData._id })); - if (timelineId === TimelineId.active) { - if (dataGridIsFullScreen) { - setTimelineFullScreen(true); - } - dispatch(setActiveTabTimeline({ id: timelineId, activeTab: TimelineTabs.graph })); - } else { - if (dataGridIsFullScreen) { - setGlobalFullScreen(true); - } - } - onClose(); - }, [dispatch, ecsData._id, onClose, timelineId, setGlobalFullScreen, setTimelineFullScreen]); - return isDisabled - ? [] - : [ - - {ACTION_INVESTIGATE_IN_RESOLVER} - , - ]; -}; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/translations.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_table/translations.ts index 215973d964739..b77cd6dd29bf8 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/translations.ts @@ -18,12 +18,6 @@ export const ALERTS_DOCUMENT_TYPE = i18n.translate( } ); -export const ALERTS_UNIT = (totalCount: number) => - i18n.translate('xpack.securitySolution.detectionEngine.alerts.alertsUnit', { - values: { totalCount }, - defaultMessage: `{totalCount, plural, =1 {alert} other {alerts}}`, - }); - export const OPEN_ALERTS = i18n.translate( 'xpack.securitySolution.detectionEngine.alerts.openAlertsTitle', { @@ -80,20 +74,6 @@ export const ALERTS_HEADERS_RULE_DESCRIPTION = i18n.translate( } ); -export const ALERTS_HEADERS_VERSION = i18n.translate( - 'xpack.securitySolution.eventsViewer.alerts.defaultHeaders.versionTitle', - { - defaultMessage: 'Version', - } -); - -export const ALERTS_HEADERS_METHOD = i18n.translate( - 'xpack.securitySolution.eventsViewer.alerts.defaultHeaders.methodTitle', - { - defaultMessage: 'Method', - } -); - export const ALERTS_HEADERS_SEVERITY = i18n.translate( 'xpack.securitySolution.eventsViewer.alerts.defaultHeaders.severityTitle', { @@ -136,27 +116,6 @@ export const ALERTS_HEADERS_THRESHOLD_CARDINALITY = i18n.translate( } ); -export const ACTION_OPEN_ALERT = i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.actions.openAlertTitle', - { - defaultMessage: 'Open alert', - } -); - -export const ACTION_CLOSE_ALERT = i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.actions.closeAlertTitle', - { - defaultMessage: 'Close alert', - } -); - -export const ACTION_ACKNOWLEDGED_ALERT = i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.actions.acknowledgedAlertTitle', - { - defaultMessage: 'Mark as acknowledged', - } -); - export const ACTION_INVESTIGATE_IN_TIMELINE = i18n.translate( 'xpack.securitySolution.detectionEngine.alerts.actions.investigateInTimelineTitle', { diff --git a/x-pack/plugins/security_solution/public/detections/components/osquery/translations.ts b/x-pack/plugins/security_solution/public/detections/components/osquery/translations.ts index d3c92ebdf44e2..6dbcee0e1112f 100644 --- a/x-pack/plugins/security_solution/public/detections/components/osquery/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/osquery/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const BACK_TO_ALERT_DETAILS = i18n.translate( - 'xpack.securitySolution.alertsView.osqueryBackToAlertDetails', - { - defaultMessage: 'Alert Details', - } -); - export const ACTION_OSQUERY = i18n.translate( 'xpack.securitySolution.alertsView.osqueryAlertTitle', { diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/eql_query_bar/translations.ts b/x-pack/plugins/security_solution/public/detections/components/rules/eql_query_bar/translations.ts index 463d326b4a74a..092c9b4bc1a11 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/eql_query_bar/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/eql_query_bar/translations.ts @@ -28,13 +28,6 @@ export const EQL_VALIDATION_ERROR_POPOVER_LABEL = i18n.translate( } ); -export const EQL_QUERY_BAR_LABEL = i18n.translate( - 'xpack.securitySolution.detectionEngine.eqlQueryBar.label', - { - defaultMessage: 'Enter an EQL Query', - } -); - export const EQL_OVERVIEW_LINK_TEXT = i18n.translate( 'xpack.securitySolution.detectionEngine.eqlOverViewLink.text', { diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/eql_query_bar/validators.mock.ts b/x-pack/plugins/security_solution/public/detections/components/rules/eql_query_bar/validators.mock.ts index d65d54ebb669e..83d24114e4f86 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/eql_query_bar/validators.mock.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/eql_query_bar/validators.mock.ts @@ -8,11 +8,6 @@ import type { ValidationError } from '../../../../shared_imports'; import { ERROR_CODES } from './validators'; -export const getEqlResponseError = (): ValidationError => ({ - code: ERROR_CODES.FAILED_REQUEST, - message: 'something went wrong', -}); - export const getEqlValidationError = (): ValidationError => ({ code: ERROR_CODES.INVALID_EQL, messages: ['line 1: WRONG\nline 2: ALSO WRONG'], diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/integration_privileges.ts b/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/integration_privileges.ts deleted file mode 100644 index 0f6df986e55b3..0000000000000 --- a/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/integration_privileges.ts +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export interface IntegrationPrivileges { - canReadInstalledIntegrations: boolean; -} diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/mock.ts b/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/mock.ts index fafa581d6ff11..786e33ad69293 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/mock.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/mock.ts @@ -5,10 +5,7 @@ * 2.0. */ -import type { - InstalledIntegrationArray, - RelatedIntegrationArray, -} from '../../../../../common/detection_engine/schemas/common'; +import type { RelatedIntegrationArray } from '../../../../../common/detection_engine/schemas/common'; export const relatedIntegrations: RelatedIntegrationArray = [ { @@ -21,43 +18,3 @@ export const relatedIntegrations: RelatedIntegrationArray = [ version: '~1.11.0', }, ]; - -export const installedIntegrationsBase: InstalledIntegrationArray = [ - { package_name: 'system', package_title: 'System', package_version: '1.6.4', is_enabled: true }, -]; - -export const installedIntegrationsAWSCloudwatch: InstalledIntegrationArray = [ - { - package_name: 'aws', - package_title: 'AWS', - package_version: '1.11.0', - integration_name: 'billing', - integration_title: 'AWS Billing Metrics', - is_enabled: false, - }, - { - package_name: 'aws', - package_title: 'AWS', - package_version: '1.11.0', - integration_name: 'cloudtrail', - integration_title: 'AWS Cloudtrail Logs', - is_enabled: false, - }, - { - package_name: 'aws', - package_title: 'AWS', - package_version: '1.11.0', - integration_name: 'cloudwatch', - integration_title: 'AWS CloudWatch', - is_enabled: true, - }, - { package_name: 'system', package_title: 'System', package_version: '1.6.4', is_enabled: true }, - { - package_name: 'atlassian_bitbucket', - package_title: 'Atlassian Bitbucket', - package_version: '1.0.1', - integration_name: 'audit', - integration_title: 'Audit Logs', - is_enabled: true, - }, -]; diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/translations.ts b/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/translations.ts index 8e46cdf2d447b..1037993a246d2 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/translations.ts @@ -85,10 +85,3 @@ export const INTEGRATIONS_INSTALLED_VERSION_TOOLTIP = ( 'Version mismatch -- please resolve! Installed version `{installedVersion}` when required version `{requiredVersion}`', } ); - -export const INTEGRATIONS_FETCH_FAILURE = i18n.translate( - 'xpack.securitySolution.containers.detectionEngine.relatedIntegrations.fetchFailDescription', - { - defaultMessage: 'Failed to fetch installed integrations', - } -); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/use_integration_privileges.ts b/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/use_integration_privileges.ts deleted file mode 100644 index ad8fe48cfa638..0000000000000 --- a/x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/use_integration_privileges.ts +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { useKibana } from '../../../../common/lib/kibana'; -import type { IntegrationPrivileges } from './integration_privileges'; - -/** - * Hook for determining if user has fleet/integrations/SOM privileges for fetching - * installed integrations. Initially used as we weren't using the fleet.internalReadonlySoClient - * for fetching integrations, but keeping this around for a release or two as we add more - * fleet/integration features within Security Solution in case it needs to be leveraged for those. - */ -export const useIntegrationPrivileges = (): IntegrationPrivileges => { - const services = useKibana().services; - - const hasReadPrivilegesFor: Record = { - savedObjectsManagement: Boolean(services.application.capabilities.savedObjectsManagement.read), - integrations: Boolean(services.application.capabilities.fleet.read), - fleet: Boolean(services.application.capabilities.fleetv2.read), - }; - - const canReadInstalledIntegrations = - hasReadPrivilegesFor.savedObjectsManagement || - hasReadPrivilegesFor.integrations || - hasReadPrivilegesFor.fleet; - - return { - canReadInstalledIntegrations, - }; -}; diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/helpers.ts b/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/helpers.ts index 222886fe734c7..cdde94a8f286c 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/helpers.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/helpers.ts @@ -159,48 +159,6 @@ export const getHistogramConfig = ( }; }; -/** - * Threshold histogram is displayed a bit differently, - * x-axis is not time based, but ordinal. - */ -export const getThresholdHistogramConfig = (): ChartSeriesConfigs => { - return { - series: { - xScaleType: ScaleType.Ordinal, - yScaleType: ScaleType.Linear, - stackAccessors: ['g'], - }, - axis: { - yTickFormatter: (value: string | number): string => value.toLocaleString(), - tickSize: 8, - }, - yAxisTitle: i18n.THRESHOLD_QUERY_GRAPH_COUNT, - settings: { - legendPosition: Position.Right, - showLegend: true, - showLegendExtra: true, - theme: { - scales: { - barsPadding: 0.08, - }, - chartMargins: { - left: 0, - right: 0, - top: 0, - bottom: 0, - }, - chartPaddings: { - left: 0, - right: 0, - top: 0, - bottom: 0, - }, - }, - }, - customHeight: 200, - }; -}; - export const getIsRulePreviewDisabled = ({ ruleType, isQueryBarValid, diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/translations.ts b/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/translations.ts index 568688857bb2d..4d8679b91f21b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/translations.ts @@ -65,13 +65,6 @@ export const QUERY_GRAPH_COUNT = i18n.translate( } ); -export const THRESHOLD_QUERY_GRAPH_COUNT = i18n.translate( - 'xpack.securitySolution.detectionEngine.queryPreview.queryThresholdGraphCountLabel', - { - defaultMessage: 'Cumulative Event Count', - } -); - export const QUERY_GRAPH_HITS_TITLE = i18n.translate( 'xpack.securitySolution.detectionEngine.queryPreview.queryPreviewTitle', { @@ -79,28 +72,6 @@ export const QUERY_GRAPH_HITS_TITLE = i18n.translate( } ); -export const QUERY_PREVIEW_TITLE = (hits: number) => - i18n.translate('xpack.securitySolution.detectionEngine.queryPreview.queryPreviewGraphTitle', { - values: { hits }, - defaultMessage: '{hits} {hits, plural, =1 {hit} other {hits}}', - }); - -export const QUERY_PREVIEW_THRESHOLD_WITH_FIELD_TITLE = (buckets: number) => - i18n.translate( - 'xpack.securitySolution.detectionEngine.queryPreview.queryPreviewGraphThresholdWithFieldTitle', - { - values: { buckets }, - defaultMessage: '{buckets} {buckets, plural, =1 {unique hit} other {unique hits}}', - } - ); - -export const QUERY_PREVIEW_INSPECT_TITLE = i18n.translate( - 'xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewInspectTitle', - { - defaultMessage: 'query preview', - } -); - export const QUERY_PREVIEW_NOISE_WARNING = i18n.translate( 'xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewNoiseWarning', { @@ -109,13 +80,6 @@ export const QUERY_PREVIEW_NOISE_WARNING = i18n.translate( } ); -export const QUERY_PREVIEW_NO_HITS = i18n.translate( - 'xpack.securitySolution.detectionEngine.queryPreview.queryNoHits', - { - defaultMessage: 'No hits were found.', - } -); - export const QUERY_PREVIEW_ERROR = i18n.translate( 'xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewError', { @@ -146,21 +110,6 @@ export const ML_PREVIEW_HISTOGRAM_DISCLAIMER = i18n.translate( } ); -export const QUERY_PREVIEW_EQL_SEQUENCE_TITLE = i18n.translate( - 'xpack.securitySolution.detectionEngine.queryPreview.queryPreviewEqlSequenceTitle', - { - defaultMessage: 'No histogram available', - } -); - -export const QUERY_PREVIEW_EQL_SEQUENCE_DESCRIPTION = i18n.translate( - 'xpack.securitySolution.detectionEngine.queryPreview.queryPreviewEqlSequenceDescription', - { - defaultMessage: - 'No histogram is available at this time for EQL sequence queries. You can use the inspect in the top right corner to view query details.', - } -); - export const QUERY_PREVIEW_SEE_ALL_ERRORS = i18n.translate( 'xpack.securitySolution.detectionEngine.queryPreview.queryPreviewSeeAllErrors', { diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/schedule_item_form/translations.ts b/x-pack/plugins/security_solution/public/detections/components/rules/schedule_item_form/translations.ts index 0226b7e732b90..56943492095e0 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/schedule_item_form/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/schedule_item_form/translations.ts @@ -27,10 +27,3 @@ export const HOURS = i18n.translate( defaultMessage: 'Hours', } ); - -export const INVALID_TIME = i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.invalidTimeMessageDescription', - { - defaultMessage: 'A time is required.', - } -); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/types.ts b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/types.ts deleted file mode 100644 index 50918886e3202..0000000000000 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/types.ts +++ /dev/null @@ -1,12 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { FieldValueQueryBar } from '../query_bar'; - -export interface QueryBarStepDefineRule { - queryBar: FieldValueQueryBar; -} diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx index dadb3d4229734..f0d3d7b7d351e 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx @@ -22,13 +22,6 @@ export const COMPLETE_WITH_ENABLING = i18n.translate( } ); -export const NO_CONNECTOR_SELECTED = i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noConnectorSelectedErrorMessage', - { - defaultMessage: 'No connector selected', - } -); - export const NO_ACTIONS_READ_PERMISSIONS = i18n.translate( 'xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noReadActionsPrivileges', { diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/threatmatch_input/translations.ts b/x-pack/plugins/security_solution/public/detections/components/rules/threatmatch_input/translations.ts deleted file mode 100644 index 4513c27ad02c4..0000000000000 --- a/x-pack/plugins/security_solution/public/detections/components/rules/threatmatch_input/translations.ts +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { i18n } from '@kbn/i18n'; - -export const THREAT_MATCH_FIELD_PLACEHOLDER = i18n.translate( - 'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchField.threatMatchFieldPlaceholderText', - { - defaultMessage: 'All results', - } -); diff --git a/x-pack/plugins/security_solution/public/detections/components/take_action_dropdown/translations.ts b/x-pack/plugins/security_solution/public/detections/components/take_action_dropdown/translations.ts deleted file mode 100644 index 09177c7de4623..0000000000000 --- a/x-pack/plugins/security_solution/public/detections/components/take_action_dropdown/translations.ts +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { i18n } from '@kbn/i18n'; - -export const CHANGE_ALERT_STATUS = i18n.translate( - 'xpack.securitySolution.endpoint.takeAction.changeAlertStatus', - { - defaultMessage: 'Change alert status', - } -); diff --git a/x-pack/plugins/security_solution/public/detections/components/user_privileges/use_fetch_detection_engine_privileges.mock.ts b/x-pack/plugins/security_solution/public/detections/components/user_privileges/use_fetch_detection_engine_privileges.mock.ts deleted file mode 100644 index dfcbc5eeda496..0000000000000 --- a/x-pack/plugins/security_solution/public/detections/components/user_privileges/use_fetch_detection_engine_privileges.mock.ts +++ /dev/null @@ -1,12 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { useFetchDetectionEnginePrivileges } from './use_fetch_detection_engine_privileges'; - -export const useFetchDetectionEnginePrivilegesMock: () => jest.Mocked< - ReturnType -> = () => ({ loading: false, error: undefined, result: undefined }); diff --git a/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/translations.ts b/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/translations.ts index 59cda7ca53ce7..343d4cbc42b61 100644 --- a/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/value_lists_management_flyout/translations.ts @@ -108,13 +108,6 @@ export const COLUMN_ACTIONS = i18n.translate( } ); -export const ACTION_EXPORT_NAME = i18n.translate( - 'xpack.securitySolution.lists.valueListsTable.exportActionName', - { - defaultMessage: 'Export', - } -); - export const ACTION_EXPORT_DESCRIPTION = i18n.translate( 'xpack.securitySolution.lists.valueListsTable.exportActionDescription', { @@ -122,13 +115,6 @@ export const ACTION_EXPORT_DESCRIPTION = i18n.translate( } ); -export const ACTION_DELETE_NAME = i18n.translate( - 'xpack.securitySolution.lists.valueListsTable.deleteActionName', - { - defaultMessage: 'Remove', - } -); - export const ACTION_DELETE_DESCRIPTION = i18n.translate( 'xpack.securitySolution.lists.valueListsTable.deleteActionDescription', { diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/__mocks__/api.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/__mocks__/api.ts index e08f3c2287304..d2eda8a8762e1 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/__mocks__/api.ts +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/__mocks__/api.ts @@ -30,6 +30,7 @@ export const getUserPrivilege = async ({ signal }: BasicSignals): Promise => Promise.resolve(mockSignalIndex); +// do not delete export const getCaseIdsFromAlertId = async ({ alertId, }: { diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/api.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/api.ts index 55dac273595f7..9e59a79a19917 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/api.ts +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/api.ts @@ -14,7 +14,6 @@ import { DETECTION_ENGINE_INDEX_URL, DETECTION_ENGINE_PRIVILEGES_URL, ALERTS_AS_DATA_FIND_URL, - DETECTION_ENGINE_RULES_PREVIEW, } from '../../../../../common/constants'; import { HOST_METADATA_GET_ROUTE } from '../../../../../common/endpoint/constants'; import { KibanaServices } from '../../../../common/lib/kibana'; @@ -133,15 +132,6 @@ export const createSignalIndex = async ({ signal }: BasicSignals): Promise => - KibanaServices.get().http.fetch(DETECTION_ENGINE_RULES_PREVIEW, { - method: 'POST', - }); - /** * Get Host Isolation index * diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/translations.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/translations.ts index ed6a22375a776..1f667cc42be1e 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const ALERT_FETCH_FAILURE = i18n.translate( - 'xpack.securitySolution.containers.detectionEngine.alerts.errorFetchingAlertsDescription', - { - defaultMessage: 'Failed to query alerts', - } -); - export const SIGNAL_GET_NAME_FAILURE = i18n.translate( 'xpack.securitySolution.containers.detectionEngine.alerts.errorGetAlertDescription', { diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/__mocks__/api.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/__mocks__/api.ts index 04df981c197f0..346acb249dbb0 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/__mocks__/api.ts +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/__mocks__/api.ts @@ -106,6 +106,7 @@ export const fetchRuleExecutionEvents = async ({ export const fetchTags = async ({ signal }: { signal: AbortSignal }): Promise => Promise.resolve(['elastic', 'love', 'quality', 'code']); +// do not delete export const fetchInstalledIntegrations = async ({ packages, signal, diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/translations.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/translations.ts index 5d2bac9e8b501..86107a4019b0a 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/translations.ts @@ -14,13 +14,6 @@ export const RULE_AND_TIMELINE_FETCH_FAILURE = i18n.translate( } ); -export const RULE_EXECUTION_FETCH_FAILURE = i18n.translate( - 'xpack.securitySolution.containers.detectionEngine.ruleExecutionLogFailureDescription', - { - defaultMessage: 'Failed to fetch Rule Execution Events', - } -); - export const RULE_ADD_FAILURE = i18n.translate( 'xpack.securitySolution.containers.detectionEngine.addRuleFailDescription', { diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/types.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/types.ts index 1cadf793091a6..3abf94e6b4127 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/types.ts +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/types.ts @@ -176,19 +176,6 @@ export const RulesSchema = t.array(RuleSchema); export type Rule = t.TypeOf; export type Rules = t.TypeOf; -export interface RuleError { - id?: string; - rule_id?: string; - error: { status_code: number; message: string }; -} - -export type BulkRuleResponse = Array; - -export interface RuleResponseBuckets { - rules: Rule[]; - errors: RuleError[]; -} - export interface PaginationOptions { page: number; perPage: number; diff --git a/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts b/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts index 440ea07e373b9..0d098588f6b26 100644 --- a/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts +++ b/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts @@ -3622,2662 +3622,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, ]; -export const subtechniques = [ - { - name: '/etc/passwd and /etc/shadow', - id: 'T1003.008', - reference: 'https://attack.mitre.org/techniques/T1003/008', - tactics: ['credential-access'], - techniqueId: 'T1003', - }, - { - name: 'ARP Cache Poisoning', - id: 'T1557.002', - reference: 'https://attack.mitre.org/techniques/T1557/002', - tactics: ['credential-access', 'collection'], - techniqueId: 'T1557', - }, - { - name: 'AS-REP Roasting', - id: 'T1558.004', - reference: 'https://attack.mitre.org/techniques/T1558/004', - tactics: ['credential-access'], - techniqueId: 'T1558', - }, - { - name: 'Accessibility Features', - id: 'T1546.008', - reference: 'https://attack.mitre.org/techniques/T1546/008', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Active Setup', - id: 'T1547.014', - reference: 'https://attack.mitre.org/techniques/T1547/014', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Add Office 365 Global Administrator Role', - id: 'T1098.003', - reference: 'https://attack.mitre.org/techniques/T1098/003', - tactics: ['persistence'], - techniqueId: 'T1098', - }, - { - name: 'Add-ins', - id: 'T1137.006', - reference: 'https://attack.mitre.org/techniques/T1137/006', - tactics: ['persistence'], - techniqueId: 'T1137', - }, - { - name: 'Additional Cloud Credentials', - id: 'T1098.001', - reference: 'https://attack.mitre.org/techniques/T1098/001', - tactics: ['persistence'], - techniqueId: 'T1098', - }, - { - name: 'AppCert DLLs', - id: 'T1546.009', - reference: 'https://attack.mitre.org/techniques/T1546/009', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'AppInit DLLs', - id: 'T1546.010', - reference: 'https://attack.mitre.org/techniques/T1546/010', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'AppleScript', - id: 'T1059.002', - reference: 'https://attack.mitre.org/techniques/T1059/002', - tactics: ['execution'], - techniqueId: 'T1059', - }, - { - name: 'Application Access Token', - id: 'T1550.001', - reference: 'https://attack.mitre.org/techniques/T1550/001', - tactics: ['defense-evasion', 'lateral-movement'], - techniqueId: 'T1550', - }, - { - name: 'Application Exhaustion Flood', - id: 'T1499.003', - reference: 'https://attack.mitre.org/techniques/T1499/003', - tactics: ['impact'], - techniqueId: 'T1499', - }, - { - name: 'Application Shimming', - id: 'T1546.011', - reference: 'https://attack.mitre.org/techniques/T1546/011', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Application or System Exploitation', - id: 'T1499.004', - reference: 'https://attack.mitre.org/techniques/T1499/004', - tactics: ['impact'], - techniqueId: 'T1499', - }, - { - name: 'Archive via Custom Method', - id: 'T1560.003', - reference: 'https://attack.mitre.org/techniques/T1560/003', - tactics: ['collection'], - techniqueId: 'T1560', - }, - { - name: 'Archive via Library', - id: 'T1560.002', - reference: 'https://attack.mitre.org/techniques/T1560/002', - tactics: ['collection'], - techniqueId: 'T1560', - }, - { - name: 'Archive via Utility', - id: 'T1560.001', - reference: 'https://attack.mitre.org/techniques/T1560/001', - tactics: ['collection'], - techniqueId: 'T1560', - }, - { - name: 'Asymmetric Cryptography', - id: 'T1573.002', - reference: 'https://attack.mitre.org/techniques/T1573/002', - tactics: ['command-and-control'], - techniqueId: 'T1573', - }, - { - name: 'Asynchronous Procedure Call', - id: 'T1055.004', - reference: 'https://attack.mitre.org/techniques/T1055/004', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1055', - }, - { - name: 'At (Linux)', - id: 'T1053.001', - reference: 'https://attack.mitre.org/techniques/T1053/001', - tactics: ['execution', 'persistence', 'privilege-escalation'], - techniqueId: 'T1053', - }, - { - name: 'At (Windows)', - id: 'T1053.002', - reference: 'https://attack.mitre.org/techniques/T1053/002', - tactics: ['execution', 'persistence', 'privilege-escalation'], - techniqueId: 'T1053', - }, - { - name: 'Authentication Package', - id: 'T1547.002', - reference: 'https://attack.mitre.org/techniques/T1547/002', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Bash History', - id: 'T1552.003', - reference: 'https://attack.mitre.org/techniques/T1552/003', - tactics: ['credential-access'], - techniqueId: 'T1552', - }, - { - name: 'Bidirectional Communication', - id: 'T1102.002', - reference: 'https://attack.mitre.org/techniques/T1102/002', - tactics: ['command-and-control'], - techniqueId: 'T1102', - }, - { - name: 'Binary Padding', - id: 'T1027.001', - reference: 'https://attack.mitre.org/techniques/T1027/001', - tactics: ['defense-evasion'], - techniqueId: 'T1027', - }, - { - name: 'Bootkit', - id: 'T1542.003', - reference: 'https://attack.mitre.org/techniques/T1542/003', - tactics: ['persistence', 'defense-evasion'], - techniqueId: 'T1542', - }, - { - name: 'Botnet', - id: 'T1583.005', - reference: 'https://attack.mitre.org/techniques/T1583/005', - tactics: ['resource-development'], - techniqueId: 'T1583', - }, - { - name: 'Botnet', - id: 'T1584.005', - reference: 'https://attack.mitre.org/techniques/T1584/005', - tactics: ['resource-development'], - techniqueId: 'T1584', - }, - { - name: 'Business Relationships', - id: 'T1591.002', - reference: 'https://attack.mitre.org/techniques/T1591/002', - tactics: ['reconnaissance'], - techniqueId: 'T1591', - }, - { - name: 'Bypass User Account Control', - id: 'T1548.002', - reference: 'https://attack.mitre.org/techniques/T1548/002', - tactics: ['privilege-escalation', 'defense-evasion'], - techniqueId: 'T1548', - }, - { - name: 'CDNs', - id: 'T1596.004', - reference: 'https://attack.mitre.org/techniques/T1596/004', - tactics: ['reconnaissance'], - techniqueId: 'T1596', - }, - { - name: 'CMSTP', - id: 'T1218.003', - reference: 'https://attack.mitre.org/techniques/T1218/003', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'COR_PROFILER', - id: 'T1574.012', - reference: 'https://attack.mitre.org/techniques/T1574/012', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - techniqueId: 'T1574', - }, - { - name: 'Cached Domain Credentials', - id: 'T1003.005', - reference: 'https://attack.mitre.org/techniques/T1003/005', - tactics: ['credential-access'], - techniqueId: 'T1003', - }, - { - name: 'Change Default File Association', - id: 'T1546.001', - reference: 'https://attack.mitre.org/techniques/T1546/001', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Clear Command History', - id: 'T1070.003', - reference: 'https://attack.mitre.org/techniques/T1070/003', - tactics: ['defense-evasion'], - techniqueId: 'T1070', - }, - { - name: 'Clear Linux or Mac System Logs', - id: 'T1070.002', - reference: 'https://attack.mitre.org/techniques/T1070/002', - tactics: ['defense-evasion'], - techniqueId: 'T1070', - }, - { - name: 'Clear Windows Event Logs', - id: 'T1070.001', - reference: 'https://attack.mitre.org/techniques/T1070/001', - tactics: ['defense-evasion'], - techniqueId: 'T1070', - }, - { - name: 'Client Configurations', - id: 'T1592.004', - reference: 'https://attack.mitre.org/techniques/T1592/004', - tactics: ['reconnaissance'], - techniqueId: 'T1592', - }, - { - name: 'Cloud Account', - id: 'T1136.003', - reference: 'https://attack.mitre.org/techniques/T1136/003', - tactics: ['persistence'], - techniqueId: 'T1136', - }, - { - name: 'Cloud Account', - id: 'T1087.004', - reference: 'https://attack.mitre.org/techniques/T1087/004', - tactics: ['discovery'], - techniqueId: 'T1087', - }, - { - name: 'Cloud Accounts', - id: 'T1078.004', - reference: 'https://attack.mitre.org/techniques/T1078/004', - tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], - techniqueId: 'T1078', - }, - { - name: 'Cloud Groups', - id: 'T1069.003', - reference: 'https://attack.mitre.org/techniques/T1069/003', - tactics: ['discovery'], - techniqueId: 'T1069', - }, - { - name: 'Cloud Instance Metadata API', - id: 'T1552.005', - reference: 'https://attack.mitre.org/techniques/T1552/005', - tactics: ['credential-access'], - techniqueId: 'T1552', - }, - { - name: 'Code Repositories', - id: 'T1213.003', - reference: 'https://attack.mitre.org/techniques/T1213/003', - tactics: ['collection'], - techniqueId: 'T1213', - }, - { - name: 'Code Signing', - id: 'T1553.002', - reference: 'https://attack.mitre.org/techniques/T1553/002', - tactics: ['defense-evasion'], - techniqueId: 'T1553', - }, - { - name: 'Code Signing Certificates', - id: 'T1587.002', - reference: 'https://attack.mitre.org/techniques/T1587/002', - tactics: ['resource-development'], - techniqueId: 'T1587', - }, - { - name: 'Code Signing Certificates', - id: 'T1588.003', - reference: 'https://attack.mitre.org/techniques/T1588/003', - tactics: ['resource-development'], - techniqueId: 'T1588', - }, - { - name: 'Code Signing Policy Modification', - id: 'T1553.006', - reference: 'https://attack.mitre.org/techniques/T1553/006', - tactics: ['defense-evasion'], - techniqueId: 'T1553', - }, - { - name: 'Compile After Delivery', - id: 'T1027.004', - reference: 'https://attack.mitre.org/techniques/T1027/004', - tactics: ['defense-evasion'], - techniqueId: 'T1027', - }, - { - name: 'Compiled HTML File', - id: 'T1218.001', - reference: 'https://attack.mitre.org/techniques/T1218/001', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'Component Firmware', - id: 'T1542.002', - reference: 'https://attack.mitre.org/techniques/T1542/002', - tactics: ['persistence', 'defense-evasion'], - techniqueId: 'T1542', - }, - { - name: 'Component Object Model', - id: 'T1559.001', - reference: 'https://attack.mitre.org/techniques/T1559/001', - tactics: ['execution'], - techniqueId: 'T1559', - }, - { - name: 'Component Object Model Hijacking', - id: 'T1546.015', - reference: 'https://attack.mitre.org/techniques/T1546/015', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Compromise Hardware Supply Chain', - id: 'T1195.003', - reference: 'https://attack.mitre.org/techniques/T1195/003', - tactics: ['initial-access'], - techniqueId: 'T1195', - }, - { - name: 'Compromise Software Dependencies and Development Tools', - id: 'T1195.001', - reference: 'https://attack.mitre.org/techniques/T1195/001', - tactics: ['initial-access'], - techniqueId: 'T1195', - }, - { - name: 'Compromise Software Supply Chain', - id: 'T1195.002', - reference: 'https://attack.mitre.org/techniques/T1195/002', - tactics: ['initial-access'], - techniqueId: 'T1195', - }, - { - name: 'Confluence', - id: 'T1213.001', - reference: 'https://attack.mitre.org/techniques/T1213/001', - tactics: ['collection'], - techniqueId: 'T1213', - }, - { - name: 'Container API', - id: 'T1552.007', - reference: 'https://attack.mitre.org/techniques/T1552/007', - tactics: ['credential-access'], - techniqueId: 'T1552', - }, - { - name: 'Container Orchestration Job', - id: 'T1053.007', - reference: 'https://attack.mitre.org/techniques/T1053/007', - tactics: ['execution', 'persistence', 'privilege-escalation'], - techniqueId: 'T1053', - }, - { - name: 'Control Panel', - id: 'T1218.002', - reference: 'https://attack.mitre.org/techniques/T1218/002', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'Create Cloud Instance', - id: 'T1578.002', - reference: 'https://attack.mitre.org/techniques/T1578/002', - tactics: ['defense-evasion'], - techniqueId: 'T1578', - }, - { - name: 'Create Process with Token', - id: 'T1134.002', - reference: 'https://attack.mitre.org/techniques/T1134/002', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1134', - }, - { - name: 'Create Snapshot', - id: 'T1578.001', - reference: 'https://attack.mitre.org/techniques/T1578/001', - tactics: ['defense-evasion'], - techniqueId: 'T1578', - }, - { - name: 'Credential API Hooking', - id: 'T1056.004', - reference: 'https://attack.mitre.org/techniques/T1056/004', - tactics: ['collection', 'credential-access'], - techniqueId: 'T1056', - }, - { - name: 'Credential Stuffing', - id: 'T1110.004', - reference: 'https://attack.mitre.org/techniques/T1110/004', - tactics: ['credential-access'], - techniqueId: 'T1110', - }, - { - name: 'Credentials', - id: 'T1589.001', - reference: 'https://attack.mitre.org/techniques/T1589/001', - tactics: ['reconnaissance'], - techniqueId: 'T1589', - }, - { - name: 'Credentials In Files', - id: 'T1552.001', - reference: 'https://attack.mitre.org/techniques/T1552/001', - tactics: ['credential-access'], - techniqueId: 'T1552', - }, - { - name: 'Credentials from Web Browsers', - id: 'T1555.003', - reference: 'https://attack.mitre.org/techniques/T1555/003', - tactics: ['credential-access'], - techniqueId: 'T1555', - }, - { - name: 'Credentials in Registry', - id: 'T1552.002', - reference: 'https://attack.mitre.org/techniques/T1552/002', - tactics: ['credential-access'], - techniqueId: 'T1552', - }, - { - name: 'Cron', - id: 'T1053.003', - reference: 'https://attack.mitre.org/techniques/T1053/003', - tactics: ['execution', 'persistence', 'privilege-escalation'], - techniqueId: 'T1053', - }, - { - name: 'DCSync', - id: 'T1003.006', - reference: 'https://attack.mitre.org/techniques/T1003/006', - tactics: ['credential-access'], - techniqueId: 'T1003', - }, - { - name: 'DLL Search Order Hijacking', - id: 'T1574.001', - reference: 'https://attack.mitre.org/techniques/T1574/001', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - techniqueId: 'T1574', - }, - { - name: 'DLL Side-Loading', - id: 'T1574.002', - reference: 'https://attack.mitre.org/techniques/T1574/002', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - techniqueId: 'T1574', - }, - { - name: 'DNS', - id: 'T1071.004', - reference: 'https://attack.mitre.org/techniques/T1071/004', - tactics: ['command-and-control'], - techniqueId: 'T1071', - }, - { - name: 'DNS', - id: 'T1590.002', - reference: 'https://attack.mitre.org/techniques/T1590/002', - tactics: ['reconnaissance'], - techniqueId: 'T1590', - }, - { - name: 'DNS Calculation', - id: 'T1568.003', - reference: 'https://attack.mitre.org/techniques/T1568/003', - tactics: ['command-and-control'], - techniqueId: 'T1568', - }, - { - name: 'DNS Server', - id: 'T1583.002', - reference: 'https://attack.mitre.org/techniques/T1583/002', - tactics: ['resource-development'], - techniqueId: 'T1583', - }, - { - name: 'DNS Server', - id: 'T1584.002', - reference: 'https://attack.mitre.org/techniques/T1584/002', - tactics: ['resource-development'], - techniqueId: 'T1584', - }, - { - name: 'DNS/Passive DNS', - id: 'T1596.001', - reference: 'https://attack.mitre.org/techniques/T1596/001', - tactics: ['reconnaissance'], - techniqueId: 'T1596', - }, - { - name: 'Dead Drop Resolver', - id: 'T1102.001', - reference: 'https://attack.mitre.org/techniques/T1102/001', - tactics: ['command-and-control'], - techniqueId: 'T1102', - }, - { - name: 'Default Accounts', - id: 'T1078.001', - reference: 'https://attack.mitre.org/techniques/T1078/001', - tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], - techniqueId: 'T1078', - }, - { - name: 'Delete Cloud Instance', - id: 'T1578.003', - reference: 'https://attack.mitre.org/techniques/T1578/003', - tactics: ['defense-evasion'], - techniqueId: 'T1578', - }, - { - name: 'Determine Physical Locations', - id: 'T1591.001', - reference: 'https://attack.mitre.org/techniques/T1591/001', - tactics: ['reconnaissance'], - techniqueId: 'T1591', - }, - { - name: 'Digital Certificates', - id: 'T1587.003', - reference: 'https://attack.mitre.org/techniques/T1587/003', - tactics: ['resource-development'], - techniqueId: 'T1587', - }, - { - name: 'Digital Certificates', - id: 'T1588.004', - reference: 'https://attack.mitre.org/techniques/T1588/004', - tactics: ['resource-development'], - techniqueId: 'T1588', - }, - { - name: 'Digital Certificates', - id: 'T1596.003', - reference: 'https://attack.mitre.org/techniques/T1596/003', - tactics: ['reconnaissance'], - techniqueId: 'T1596', - }, - { - name: 'Direct Network Flood', - id: 'T1498.001', - reference: 'https://attack.mitre.org/techniques/T1498/001', - tactics: ['impact'], - techniqueId: 'T1498', - }, - { - name: 'Disable Cloud Logs', - id: 'T1562.008', - reference: 'https://attack.mitre.org/techniques/T1562/008', - tactics: ['defense-evasion'], - techniqueId: 'T1562', - }, - { - name: 'Disable Crypto Hardware', - id: 'T1600.002', - reference: 'https://attack.mitre.org/techniques/T1600/002', - tactics: ['defense-evasion'], - techniqueId: 'T1600', - }, - { - name: 'Disable Windows Event Logging', - id: 'T1562.002', - reference: 'https://attack.mitre.org/techniques/T1562/002', - tactics: ['defense-evasion'], - techniqueId: 'T1562', - }, - { - name: 'Disable or Modify Cloud Firewall', - id: 'T1562.007', - reference: 'https://attack.mitre.org/techniques/T1562/007', - tactics: ['defense-evasion'], - techniqueId: 'T1562', - }, - { - name: 'Disable or Modify System Firewall', - id: 'T1562.004', - reference: 'https://attack.mitre.org/techniques/T1562/004', - tactics: ['defense-evasion'], - techniqueId: 'T1562', - }, - { - name: 'Disable or Modify Tools', - id: 'T1562.001', - reference: 'https://attack.mitre.org/techniques/T1562/001', - tactics: ['defense-evasion'], - techniqueId: 'T1562', - }, - { - name: 'Disk Content Wipe', - id: 'T1561.001', - reference: 'https://attack.mitre.org/techniques/T1561/001', - tactics: ['impact'], - techniqueId: 'T1561', - }, - { - name: 'Disk Structure Wipe', - id: 'T1561.002', - reference: 'https://attack.mitre.org/techniques/T1561/002', - tactics: ['impact'], - techniqueId: 'T1561', - }, - { - name: 'Distributed Component Object Model', - id: 'T1021.003', - reference: 'https://attack.mitre.org/techniques/T1021/003', - tactics: ['lateral-movement'], - techniqueId: 'T1021', - }, - { - name: 'Domain Account', - id: 'T1136.002', - reference: 'https://attack.mitre.org/techniques/T1136/002', - tactics: ['persistence'], - techniqueId: 'T1136', - }, - { - name: 'Domain Account', - id: 'T1087.002', - reference: 'https://attack.mitre.org/techniques/T1087/002', - tactics: ['discovery'], - techniqueId: 'T1087', - }, - { - name: 'Domain Accounts', - id: 'T1078.002', - reference: 'https://attack.mitre.org/techniques/T1078/002', - tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], - techniqueId: 'T1078', - }, - { - name: 'Domain Controller Authentication', - id: 'T1556.001', - reference: 'https://attack.mitre.org/techniques/T1556/001', - tactics: ['credential-access', 'defense-evasion', 'persistence'], - techniqueId: 'T1556', - }, - { - name: 'Domain Fronting', - id: 'T1090.004', - reference: 'https://attack.mitre.org/techniques/T1090/004', - tactics: ['command-and-control'], - techniqueId: 'T1090', - }, - { - name: 'Domain Generation Algorithms', - id: 'T1568.002', - reference: 'https://attack.mitre.org/techniques/T1568/002', - tactics: ['command-and-control'], - techniqueId: 'T1568', - }, - { - name: 'Domain Groups', - id: 'T1069.002', - reference: 'https://attack.mitre.org/techniques/T1069/002', - tactics: ['discovery'], - techniqueId: 'T1069', - }, - { - name: 'Domain Properties', - id: 'T1590.001', - reference: 'https://attack.mitre.org/techniques/T1590/001', - tactics: ['reconnaissance'], - techniqueId: 'T1590', - }, - { - name: 'Domain Trust Modification', - id: 'T1484.002', - reference: 'https://attack.mitre.org/techniques/T1484/002', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1484', - }, - { - name: 'Domains', - id: 'T1583.001', - reference: 'https://attack.mitre.org/techniques/T1583/001', - tactics: ['resource-development'], - techniqueId: 'T1583', - }, - { - name: 'Domains', - id: 'T1584.001', - reference: 'https://attack.mitre.org/techniques/T1584/001', - tactics: ['resource-development'], - techniqueId: 'T1584', - }, - { - name: 'Double File Extension', - id: 'T1036.007', - reference: 'https://attack.mitre.org/techniques/T1036/007', - tactics: ['defense-evasion'], - techniqueId: 'T1036', - }, - { - name: 'Downgrade Attack', - id: 'T1562.010', - reference: 'https://attack.mitre.org/techniques/T1562/010', - tactics: ['defense-evasion'], - techniqueId: 'T1562', - }, - { - name: 'Downgrade System Image', - id: 'T1601.002', - reference: 'https://attack.mitre.org/techniques/T1601/002', - tactics: ['defense-evasion'], - techniqueId: 'T1601', - }, - { - name: 'Drive-by Target', - id: 'T1608.004', - reference: 'https://attack.mitre.org/techniques/T1608/004', - tactics: ['resource-development'], - techniqueId: 'T1608', - }, - { - name: 'Dylib Hijacking', - id: 'T1574.004', - reference: 'https://attack.mitre.org/techniques/T1574/004', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - techniqueId: 'T1574', - }, - { - name: 'Dynamic Data Exchange', - id: 'T1559.002', - reference: 'https://attack.mitre.org/techniques/T1559/002', - tactics: ['execution'], - techniqueId: 'T1559', - }, - { - name: 'Dynamic Linker Hijacking', - id: 'T1574.006', - reference: 'https://attack.mitre.org/techniques/T1574/006', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - techniqueId: 'T1574', - }, - { - name: 'Dynamic-link Library Injection', - id: 'T1055.001', - reference: 'https://attack.mitre.org/techniques/T1055/001', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1055', - }, - { - name: 'Elevated Execution with Prompt', - id: 'T1548.004', - reference: 'https://attack.mitre.org/techniques/T1548/004', - tactics: ['privilege-escalation', 'defense-evasion'], - techniqueId: 'T1548', - }, - { - name: 'Email Account', - id: 'T1087.003', - reference: 'https://attack.mitre.org/techniques/T1087/003', - tactics: ['discovery'], - techniqueId: 'T1087', - }, - { - name: 'Email Accounts', - id: 'T1585.002', - reference: 'https://attack.mitre.org/techniques/T1585/002', - tactics: ['resource-development'], - techniqueId: 'T1585', - }, - { - name: 'Email Accounts', - id: 'T1586.002', - reference: 'https://attack.mitre.org/techniques/T1586/002', - tactics: ['resource-development'], - techniqueId: 'T1586', - }, - { - name: 'Email Addresses', - id: 'T1589.002', - reference: 'https://attack.mitre.org/techniques/T1589/002', - tactics: ['reconnaissance'], - techniqueId: 'T1589', - }, - { - name: 'Email Forwarding Rule', - id: 'T1114.003', - reference: 'https://attack.mitre.org/techniques/T1114/003', - tactics: ['collection'], - techniqueId: 'T1114', - }, - { - name: 'Email Hiding Rules', - id: 'T1564.008', - reference: 'https://attack.mitre.org/techniques/T1564/008', - tactics: ['defense-evasion'], - techniqueId: 'T1564', - }, - { - name: 'Emond', - id: 'T1546.014', - reference: 'https://attack.mitre.org/techniques/T1546/014', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Employee Names', - id: 'T1589.003', - reference: 'https://attack.mitre.org/techniques/T1589/003', - tactics: ['reconnaissance'], - techniqueId: 'T1589', - }, - { - name: 'Environmental Keying', - id: 'T1480.001', - reference: 'https://attack.mitre.org/techniques/T1480/001', - tactics: ['defense-evasion'], - techniqueId: 'T1480', - }, - { - name: 'Exchange Email Delegate Permissions', - id: 'T1098.002', - reference: 'https://attack.mitre.org/techniques/T1098/002', - tactics: ['persistence'], - techniqueId: 'T1098', - }, - { - name: 'Executable Installer File Permissions Weakness', - id: 'T1574.005', - reference: 'https://attack.mitre.org/techniques/T1574/005', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - techniqueId: 'T1574', - }, - { - name: 'Exfiltration Over Asymmetric Encrypted Non-C2 Protocol', - id: 'T1048.002', - reference: 'https://attack.mitre.org/techniques/T1048/002', - tactics: ['exfiltration'], - techniqueId: 'T1048', - }, - { - name: 'Exfiltration Over Bluetooth', - id: 'T1011.001', - reference: 'https://attack.mitre.org/techniques/T1011/001', - tactics: ['exfiltration'], - techniqueId: 'T1011', - }, - { - name: 'Exfiltration Over Symmetric Encrypted Non-C2 Protocol', - id: 'T1048.001', - reference: 'https://attack.mitre.org/techniques/T1048/001', - tactics: ['exfiltration'], - techniqueId: 'T1048', - }, - { - name: 'Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol', - id: 'T1048.003', - reference: 'https://attack.mitre.org/techniques/T1048/003', - tactics: ['exfiltration'], - techniqueId: 'T1048', - }, - { - name: 'Exfiltration over USB', - id: 'T1052.001', - reference: 'https://attack.mitre.org/techniques/T1052/001', - tactics: ['exfiltration'], - techniqueId: 'T1052', - }, - { - name: 'Exfiltration to Cloud Storage', - id: 'T1567.002', - reference: 'https://attack.mitre.org/techniques/T1567/002', - tactics: ['exfiltration'], - techniqueId: 'T1567', - }, - { - name: 'Exfiltration to Code Repository', - id: 'T1567.001', - reference: 'https://attack.mitre.org/techniques/T1567/001', - tactics: ['exfiltration'], - techniqueId: 'T1567', - }, - { - name: 'Exploits', - id: 'T1587.004', - reference: 'https://attack.mitre.org/techniques/T1587/004', - tactics: ['resource-development'], - techniqueId: 'T1587', - }, - { - name: 'Exploits', - id: 'T1588.005', - reference: 'https://attack.mitre.org/techniques/T1588/005', - tactics: ['resource-development'], - techniqueId: 'T1588', - }, - { - name: 'External Defacement', - id: 'T1491.002', - reference: 'https://attack.mitre.org/techniques/T1491/002', - tactics: ['impact'], - techniqueId: 'T1491', - }, - { - name: 'External Proxy', - id: 'T1090.002', - reference: 'https://attack.mitre.org/techniques/T1090/002', - tactics: ['command-and-control'], - techniqueId: 'T1090', - }, - { - name: 'Extra Window Memory Injection', - id: 'T1055.011', - reference: 'https://attack.mitre.org/techniques/T1055/011', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1055', - }, - { - name: 'Fast Flux DNS', - id: 'T1568.001', - reference: 'https://attack.mitre.org/techniques/T1568/001', - tactics: ['command-and-control'], - techniqueId: 'T1568', - }, - { - name: 'File Deletion', - id: 'T1070.004', - reference: 'https://attack.mitre.org/techniques/T1070/004', - tactics: ['defense-evasion'], - techniqueId: 'T1070', - }, - { - name: 'File Transfer Protocols', - id: 'T1071.002', - reference: 'https://attack.mitre.org/techniques/T1071/002', - tactics: ['command-and-control'], - techniqueId: 'T1071', - }, - { - name: 'Firmware', - id: 'T1592.003', - reference: 'https://attack.mitre.org/techniques/T1592/003', - tactics: ['reconnaissance'], - techniqueId: 'T1592', - }, - { - name: 'GUI Input Capture', - id: 'T1056.002', - reference: 'https://attack.mitre.org/techniques/T1056/002', - tactics: ['collection', 'credential-access'], - techniqueId: 'T1056', - }, - { - name: 'Gatekeeper Bypass', - id: 'T1553.001', - reference: 'https://attack.mitre.org/techniques/T1553/001', - tactics: ['defense-evasion'], - techniqueId: 'T1553', - }, - { - name: 'Golden Ticket', - id: 'T1558.001', - reference: 'https://attack.mitre.org/techniques/T1558/001', - tactics: ['credential-access'], - techniqueId: 'T1558', - }, - { - name: 'Group Policy Modification', - id: 'T1484.001', - reference: 'https://attack.mitre.org/techniques/T1484/001', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1484', - }, - { - name: 'Group Policy Preferences', - id: 'T1552.006', - reference: 'https://attack.mitre.org/techniques/T1552/006', - tactics: ['credential-access'], - techniqueId: 'T1552', - }, - { - name: 'HTML Smuggling', - id: 'T1027.006', - reference: 'https://attack.mitre.org/techniques/T1027/006', - tactics: ['defense-evasion'], - techniqueId: 'T1027', - }, - { - name: 'Hardware', - id: 'T1592.001', - reference: 'https://attack.mitre.org/techniques/T1592/001', - tactics: ['reconnaissance'], - techniqueId: 'T1592', - }, - { - name: 'Hidden File System', - id: 'T1564.005', - reference: 'https://attack.mitre.org/techniques/T1564/005', - tactics: ['defense-evasion'], - techniqueId: 'T1564', - }, - { - name: 'Hidden Files and Directories', - id: 'T1564.001', - reference: 'https://attack.mitre.org/techniques/T1564/001', - tactics: ['defense-evasion'], - techniqueId: 'T1564', - }, - { - name: 'Hidden Users', - id: 'T1564.002', - reference: 'https://attack.mitre.org/techniques/T1564/002', - tactics: ['defense-evasion'], - techniqueId: 'T1564', - }, - { - name: 'Hidden Window', - id: 'T1564.003', - reference: 'https://attack.mitre.org/techniques/T1564/003', - tactics: ['defense-evasion'], - techniqueId: 'T1564', - }, - { - name: 'IIS Components', - id: 'T1505.004', - reference: 'https://attack.mitre.org/techniques/T1505/004', - tactics: ['persistence'], - techniqueId: 'T1505', - }, - { - name: 'IP Addresses', - id: 'T1590.005', - reference: 'https://attack.mitre.org/techniques/T1590/005', - tactics: ['reconnaissance'], - techniqueId: 'T1590', - }, - { - name: 'Identify Business Tempo', - id: 'T1591.003', - reference: 'https://attack.mitre.org/techniques/T1591/003', - tactics: ['reconnaissance'], - techniqueId: 'T1591', - }, - { - name: 'Identify Roles', - id: 'T1591.004', - reference: 'https://attack.mitre.org/techniques/T1591/004', - tactics: ['reconnaissance'], - techniqueId: 'T1591', - }, - { - name: 'Image File Execution Options Injection', - id: 'T1546.012', - reference: 'https://attack.mitre.org/techniques/T1546/012', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Impair Command History Logging', - id: 'T1562.003', - reference: 'https://attack.mitre.org/techniques/T1562/003', - tactics: ['defense-evasion'], - techniqueId: 'T1562', - }, - { - name: 'Indicator Blocking', - id: 'T1562.006', - reference: 'https://attack.mitre.org/techniques/T1562/006', - tactics: ['defense-evasion'], - techniqueId: 'T1562', - }, - { - name: 'Indicator Removal from Tools', - id: 'T1027.005', - reference: 'https://attack.mitre.org/techniques/T1027/005', - tactics: ['defense-evasion'], - techniqueId: 'T1027', - }, - { - name: 'Install Digital Certificate', - id: 'T1608.003', - reference: 'https://attack.mitre.org/techniques/T1608/003', - tactics: ['resource-development'], - techniqueId: 'T1608', - }, - { - name: 'Install Root Certificate', - id: 'T1553.004', - reference: 'https://attack.mitre.org/techniques/T1553/004', - tactics: ['defense-evasion'], - techniqueId: 'T1553', - }, - { - name: 'InstallUtil', - id: 'T1218.004', - reference: 'https://attack.mitre.org/techniques/T1218/004', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'Internal Defacement', - id: 'T1491.001', - reference: 'https://attack.mitre.org/techniques/T1491/001', - tactics: ['impact'], - techniqueId: 'T1491', - }, - { - name: 'Internal Proxy', - id: 'T1090.001', - reference: 'https://attack.mitre.org/techniques/T1090/001', - tactics: ['command-and-control'], - techniqueId: 'T1090', - }, - { - name: 'Internet Connection Discovery', - id: 'T1016.001', - reference: 'https://attack.mitre.org/techniques/T1016/001', - tactics: ['discovery'], - techniqueId: 'T1016', - }, - { - name: 'Invalid Code Signature', - id: 'T1036.001', - reference: 'https://attack.mitre.org/techniques/T1036/001', - tactics: ['defense-evasion'], - techniqueId: 'T1036', - }, - { - name: 'JavaScript', - id: 'T1059.007', - reference: 'https://attack.mitre.org/techniques/T1059/007', - tactics: ['execution'], - techniqueId: 'T1059', - }, - { - name: 'Junk Data', - id: 'T1001.001', - reference: 'https://attack.mitre.org/techniques/T1001/001', - tactics: ['command-and-control'], - techniqueId: 'T1001', - }, - { - name: 'Kerberoasting', - id: 'T1558.003', - reference: 'https://attack.mitre.org/techniques/T1558/003', - tactics: ['credential-access'], - techniqueId: 'T1558', - }, - { - name: 'Kernel Modules and Extensions', - id: 'T1547.006', - reference: 'https://attack.mitre.org/techniques/T1547/006', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Keychain', - id: 'T1555.001', - reference: 'https://attack.mitre.org/techniques/T1555/001', - tactics: ['credential-access'], - techniqueId: 'T1555', - }, - { - name: 'Keylogging', - id: 'T1056.001', - reference: 'https://attack.mitre.org/techniques/T1056/001', - tactics: ['collection', 'credential-access'], - techniqueId: 'T1056', - }, - { - name: 'LC_LOAD_DYLIB Addition', - id: 'T1546.006', - reference: 'https://attack.mitre.org/techniques/T1546/006', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'LLMNR/NBT-NS Poisoning and SMB Relay', - id: 'T1557.001', - reference: 'https://attack.mitre.org/techniques/T1557/001', - tactics: ['credential-access', 'collection'], - techniqueId: 'T1557', - }, - { - name: 'LSA Secrets', - id: 'T1003.004', - reference: 'https://attack.mitre.org/techniques/T1003/004', - tactics: ['credential-access'], - techniqueId: 'T1003', - }, - { - name: 'LSASS Driver', - id: 'T1547.008', - reference: 'https://attack.mitre.org/techniques/T1547/008', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'LSASS Memory', - id: 'T1003.001', - reference: 'https://attack.mitre.org/techniques/T1003/001', - tactics: ['credential-access'], - techniqueId: 'T1003', - }, - { - name: 'Launch Agent', - id: 'T1543.001', - reference: 'https://attack.mitre.org/techniques/T1543/001', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1543', - }, - { - name: 'Launch Daemon', - id: 'T1543.004', - reference: 'https://attack.mitre.org/techniques/T1543/004', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1543', - }, - { - name: 'Launchctl', - id: 'T1569.001', - reference: 'https://attack.mitre.org/techniques/T1569/001', - tactics: ['execution'], - techniqueId: 'T1569', - }, - { - name: 'Launchd', - id: 'T1053.004', - reference: 'https://attack.mitre.org/techniques/T1053/004', - tactics: ['execution', 'persistence', 'privilege-escalation'], - techniqueId: 'T1053', - }, - { - name: 'Link Target', - id: 'T1608.005', - reference: 'https://attack.mitre.org/techniques/T1608/005', - tactics: ['resource-development'], - techniqueId: 'T1608', - }, - { - name: 'Linux and Mac File and Directory Permissions Modification', - id: 'T1222.002', - reference: 'https://attack.mitre.org/techniques/T1222/002', - tactics: ['defense-evasion'], - techniqueId: 'T1222', - }, - { - name: 'Local Account', - id: 'T1136.001', - reference: 'https://attack.mitre.org/techniques/T1136/001', - tactics: ['persistence'], - techniqueId: 'T1136', - }, - { - name: 'Local Account', - id: 'T1087.001', - reference: 'https://attack.mitre.org/techniques/T1087/001', - tactics: ['discovery'], - techniqueId: 'T1087', - }, - { - name: 'Local Accounts', - id: 'T1078.003', - reference: 'https://attack.mitre.org/techniques/T1078/003', - tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], - techniqueId: 'T1078', - }, - { - name: 'Local Data Staging', - id: 'T1074.001', - reference: 'https://attack.mitre.org/techniques/T1074/001', - tactics: ['collection'], - techniqueId: 'T1074', - }, - { - name: 'Local Email Collection', - id: 'T1114.001', - reference: 'https://attack.mitre.org/techniques/T1114/001', - tactics: ['collection'], - techniqueId: 'T1114', - }, - { - name: 'Local Groups', - id: 'T1069.001', - reference: 'https://attack.mitre.org/techniques/T1069/001', - tactics: ['discovery'], - techniqueId: 'T1069', - }, - { - name: 'Login Items', - id: 'T1547.015', - reference: 'https://attack.mitre.org/techniques/T1547/015', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Logon Script (Mac)', - id: 'T1037.002', - reference: 'https://attack.mitre.org/techniques/T1037/002', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1037', - }, - { - name: 'Logon Script (Windows)', - id: 'T1037.001', - reference: 'https://attack.mitre.org/techniques/T1037/001', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1037', - }, - { - name: 'MMC', - id: 'T1218.014', - reference: 'https://attack.mitre.org/techniques/T1218/014', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'MSBuild', - id: 'T1127.001', - reference: 'https://attack.mitre.org/techniques/T1127/001', - tactics: ['defense-evasion'], - techniqueId: 'T1127', - }, - { - name: 'Mail Protocols', - id: 'T1071.003', - reference: 'https://attack.mitre.org/techniques/T1071/003', - tactics: ['command-and-control'], - techniqueId: 'T1071', - }, - { - name: 'Make and Impersonate Token', - id: 'T1134.003', - reference: 'https://attack.mitre.org/techniques/T1134/003', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1134', - }, - { - name: 'Malicious File', - id: 'T1204.002', - reference: 'https://attack.mitre.org/techniques/T1204/002', - tactics: ['execution'], - techniqueId: 'T1204', - }, - { - name: 'Malicious Image', - id: 'T1204.003', - reference: 'https://attack.mitre.org/techniques/T1204/003', - tactics: ['execution'], - techniqueId: 'T1204', - }, - { - name: 'Malicious Link', - id: 'T1204.001', - reference: 'https://attack.mitre.org/techniques/T1204/001', - tactics: ['execution'], - techniqueId: 'T1204', - }, - { - name: 'Malware', - id: 'T1587.001', - reference: 'https://attack.mitre.org/techniques/T1587/001', - tactics: ['resource-development'], - techniqueId: 'T1587', - }, - { - name: 'Malware', - id: 'T1588.001', - reference: 'https://attack.mitre.org/techniques/T1588/001', - tactics: ['resource-development'], - techniqueId: 'T1588', - }, - { - name: 'Mark-of-the-Web Bypass', - id: 'T1553.005', - reference: 'https://attack.mitre.org/techniques/T1553/005', - tactics: ['defense-evasion'], - techniqueId: 'T1553', - }, - { - name: 'Masquerade Task or Service', - id: 'T1036.004', - reference: 'https://attack.mitre.org/techniques/T1036/004', - tactics: ['defense-evasion'], - techniqueId: 'T1036', - }, - { - name: 'Match Legitimate Name or Location', - id: 'T1036.005', - reference: 'https://attack.mitre.org/techniques/T1036/005', - tactics: ['defense-evasion'], - techniqueId: 'T1036', - }, - { - name: 'Mavinject', - id: 'T1218.013', - reference: 'https://attack.mitre.org/techniques/T1218/013', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'Mshta', - id: 'T1218.005', - reference: 'https://attack.mitre.org/techniques/T1218/005', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'Msiexec', - id: 'T1218.007', - reference: 'https://attack.mitre.org/techniques/T1218/007', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'Multi-hop Proxy', - id: 'T1090.003', - reference: 'https://attack.mitre.org/techniques/T1090/003', - tactics: ['command-and-control'], - techniqueId: 'T1090', - }, - { - name: 'NTDS', - id: 'T1003.003', - reference: 'https://attack.mitre.org/techniques/T1003/003', - tactics: ['credential-access'], - techniqueId: 'T1003', - }, - { - name: 'NTFS File Attributes', - id: 'T1564.004', - reference: 'https://attack.mitre.org/techniques/T1564/004', - tactics: ['defense-evasion'], - techniqueId: 'T1564', - }, - { - name: 'Netsh Helper DLL', - id: 'T1546.007', - reference: 'https://attack.mitre.org/techniques/T1546/007', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Network Address Translation Traversal', - id: 'T1599.001', - reference: 'https://attack.mitre.org/techniques/T1599/001', - tactics: ['defense-evasion'], - techniqueId: 'T1599', - }, - { - name: 'Network Device Authentication', - id: 'T1556.004', - reference: 'https://attack.mitre.org/techniques/T1556/004', - tactics: ['credential-access', 'defense-evasion', 'persistence'], - techniqueId: 'T1556', - }, - { - name: 'Network Device CLI', - id: 'T1059.008', - reference: 'https://attack.mitre.org/techniques/T1059/008', - tactics: ['execution'], - techniqueId: 'T1059', - }, - { - name: 'Network Device Configuration Dump', - id: 'T1602.002', - reference: 'https://attack.mitre.org/techniques/T1602/002', - tactics: ['collection'], - techniqueId: 'T1602', - }, - { - name: 'Network Logon Script', - id: 'T1037.003', - reference: 'https://attack.mitre.org/techniques/T1037/003', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1037', - }, - { - name: 'Network Security Appliances', - id: 'T1590.006', - reference: 'https://attack.mitre.org/techniques/T1590/006', - tactics: ['reconnaissance'], - techniqueId: 'T1590', - }, - { - name: 'Network Share Connection Removal', - id: 'T1070.005', - reference: 'https://attack.mitre.org/techniques/T1070/005', - tactics: ['defense-evasion'], - techniqueId: 'T1070', - }, - { - name: 'Network Topology', - id: 'T1590.004', - reference: 'https://attack.mitre.org/techniques/T1590/004', - tactics: ['reconnaissance'], - techniqueId: 'T1590', - }, - { - name: 'Network Trust Dependencies', - id: 'T1590.003', - reference: 'https://attack.mitre.org/techniques/T1590/003', - tactics: ['reconnaissance'], - techniqueId: 'T1590', - }, - { - name: 'Non-Standard Encoding', - id: 'T1132.002', - reference: 'https://attack.mitre.org/techniques/T1132/002', - tactics: ['command-and-control'], - techniqueId: 'T1132', - }, - { - name: 'OS Exhaustion Flood', - id: 'T1499.001', - reference: 'https://attack.mitre.org/techniques/T1499/001', - tactics: ['impact'], - techniqueId: 'T1499', - }, - { - name: 'Odbcconf', - id: 'T1218.008', - reference: 'https://attack.mitre.org/techniques/T1218/008', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'Office Template Macros', - id: 'T1137.001', - reference: 'https://attack.mitre.org/techniques/T1137/001', - tactics: ['persistence'], - techniqueId: 'T1137', - }, - { - name: 'Office Test', - id: 'T1137.002', - reference: 'https://attack.mitre.org/techniques/T1137/002', - tactics: ['persistence'], - techniqueId: 'T1137', - }, - { - name: 'One-Way Communication', - id: 'T1102.003', - reference: 'https://attack.mitre.org/techniques/T1102/003', - tactics: ['command-and-control'], - techniqueId: 'T1102', - }, - { - name: 'Outlook Forms', - id: 'T1137.003', - reference: 'https://attack.mitre.org/techniques/T1137/003', - tactics: ['persistence'], - techniqueId: 'T1137', - }, - { - name: 'Outlook Home Page', - id: 'T1137.004', - reference: 'https://attack.mitre.org/techniques/T1137/004', - tactics: ['persistence'], - techniqueId: 'T1137', - }, - { - name: 'Outlook Rules', - id: 'T1137.005', - reference: 'https://attack.mitre.org/techniques/T1137/005', - tactics: ['persistence'], - techniqueId: 'T1137', - }, - { - name: 'Parent PID Spoofing', - id: 'T1134.004', - reference: 'https://attack.mitre.org/techniques/T1134/004', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1134', - }, - { - name: 'Pass the Hash', - id: 'T1550.002', - reference: 'https://attack.mitre.org/techniques/T1550/002', - tactics: ['defense-evasion', 'lateral-movement'], - techniqueId: 'T1550', - }, - { - name: 'Pass the Ticket', - id: 'T1550.003', - reference: 'https://attack.mitre.org/techniques/T1550/003', - tactics: ['defense-evasion', 'lateral-movement'], - techniqueId: 'T1550', - }, - { - name: 'Password Cracking', - id: 'T1110.002', - reference: 'https://attack.mitre.org/techniques/T1110/002', - tactics: ['credential-access'], - techniqueId: 'T1110', - }, - { - name: 'Password Filter DLL', - id: 'T1556.002', - reference: 'https://attack.mitre.org/techniques/T1556/002', - tactics: ['credential-access', 'defense-evasion', 'persistence'], - techniqueId: 'T1556', - }, - { - name: 'Password Guessing', - id: 'T1110.001', - reference: 'https://attack.mitre.org/techniques/T1110/001', - tactics: ['credential-access'], - techniqueId: 'T1110', - }, - { - name: 'Password Managers', - id: 'T1555.005', - reference: 'https://attack.mitre.org/techniques/T1555/005', - tactics: ['credential-access'], - techniqueId: 'T1555', - }, - { - name: 'Password Spraying', - id: 'T1110.003', - reference: 'https://attack.mitre.org/techniques/T1110/003', - tactics: ['credential-access'], - techniqueId: 'T1110', - }, - { - name: 'Patch System Image', - id: 'T1601.001', - reference: 'https://attack.mitre.org/techniques/T1601/001', - tactics: ['defense-evasion'], - techniqueId: 'T1601', - }, - { - name: 'Path Interception by PATH Environment Variable', - id: 'T1574.007', - reference: 'https://attack.mitre.org/techniques/T1574/007', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - techniqueId: 'T1574', - }, - { - name: 'Path Interception by Search Order Hijacking', - id: 'T1574.008', - reference: 'https://attack.mitre.org/techniques/T1574/008', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - techniqueId: 'T1574', - }, - { - name: 'Path Interception by Unquoted Path', - id: 'T1574.009', - reference: 'https://attack.mitre.org/techniques/T1574/009', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - techniqueId: 'T1574', - }, - { - name: 'Plist Modification', - id: 'T1547.011', - reference: 'https://attack.mitre.org/techniques/T1547/011', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Pluggable Authentication Modules', - id: 'T1556.003', - reference: 'https://attack.mitre.org/techniques/T1556/003', - tactics: ['credential-access', 'defense-evasion', 'persistence'], - techniqueId: 'T1556', - }, - { - name: 'Port Knocking', - id: 'T1205.001', - reference: 'https://attack.mitre.org/techniques/T1205/001', - tactics: ['defense-evasion', 'persistence', 'command-and-control'], - techniqueId: 'T1205', - }, - { - name: 'Port Monitors', - id: 'T1547.010', - reference: 'https://attack.mitre.org/techniques/T1547/010', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Portable Executable Injection', - id: 'T1055.002', - reference: 'https://attack.mitre.org/techniques/T1055/002', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1055', - }, - { - name: 'PowerShell', - id: 'T1059.001', - reference: 'https://attack.mitre.org/techniques/T1059/001', - tactics: ['execution'], - techniqueId: 'T1059', - }, - { - name: 'PowerShell Profile', - id: 'T1546.013', - reference: 'https://attack.mitre.org/techniques/T1546/013', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Print Processors', - id: 'T1547.012', - reference: 'https://attack.mitre.org/techniques/T1547/012', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Private Keys', - id: 'T1552.004', - reference: 'https://attack.mitre.org/techniques/T1552/004', - tactics: ['credential-access'], - techniqueId: 'T1552', - }, - { - name: 'Proc Filesystem', - id: 'T1003.007', - reference: 'https://attack.mitre.org/techniques/T1003/007', - tactics: ['credential-access'], - techniqueId: 'T1003', - }, - { - name: 'Proc Memory', - id: 'T1055.009', - reference: 'https://attack.mitre.org/techniques/T1055/009', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1055', - }, - { - name: 'Process Doppelgänging', - id: 'T1055.013', - reference: 'https://attack.mitre.org/techniques/T1055/013', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1055', - }, - { - name: 'Process Hollowing', - id: 'T1055.012', - reference: 'https://attack.mitre.org/techniques/T1055/012', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1055', - }, - { - name: 'Protocol Impersonation', - id: 'T1001.003', - reference: 'https://attack.mitre.org/techniques/T1001/003', - tactics: ['command-and-control'], - techniqueId: 'T1001', - }, - { - name: 'Ptrace System Calls', - id: 'T1055.008', - reference: 'https://attack.mitre.org/techniques/T1055/008', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1055', - }, - { - name: 'PubPrn', - id: 'T1216.001', - reference: 'https://attack.mitre.org/techniques/T1216/001', - tactics: ['defense-evasion'], - techniqueId: 'T1216', - }, - { - name: 'Purchase Technical Data', - id: 'T1597.002', - reference: 'https://attack.mitre.org/techniques/T1597/002', - tactics: ['reconnaissance'], - techniqueId: 'T1597', - }, - { - name: 'Python', - id: 'T1059.006', - reference: 'https://attack.mitre.org/techniques/T1059/006', - tactics: ['execution'], - techniqueId: 'T1059', - }, - { - name: 'RC Scripts', - id: 'T1037.004', - reference: 'https://attack.mitre.org/techniques/T1037/004', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1037', - }, - { - name: 'RDP Hijacking', - id: 'T1563.002', - reference: 'https://attack.mitre.org/techniques/T1563/002', - tactics: ['lateral-movement'], - techniqueId: 'T1563', - }, - { - name: 'ROMMONkit', - id: 'T1542.004', - reference: 'https://attack.mitre.org/techniques/T1542/004', - tactics: ['defense-evasion', 'persistence'], - techniqueId: 'T1542', - }, - { - name: 'Re-opened Applications', - id: 'T1547.007', - reference: 'https://attack.mitre.org/techniques/T1547/007', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Reduce Key Space', - id: 'T1600.001', - reference: 'https://attack.mitre.org/techniques/T1600/001', - tactics: ['defense-evasion'], - techniqueId: 'T1600', - }, - { - name: 'Reflection Amplification', - id: 'T1498.002', - reference: 'https://attack.mitre.org/techniques/T1498/002', - tactics: ['impact'], - techniqueId: 'T1498', - }, - { - name: 'Registry Run Keys / Startup Folder', - id: 'T1547.001', - reference: 'https://attack.mitre.org/techniques/T1547/001', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Regsvcs/Regasm', - id: 'T1218.009', - reference: 'https://attack.mitre.org/techniques/T1218/009', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'Regsvr32', - id: 'T1218.010', - reference: 'https://attack.mitre.org/techniques/T1218/010', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'Remote Data Staging', - id: 'T1074.002', - reference: 'https://attack.mitre.org/techniques/T1074/002', - tactics: ['collection'], - techniqueId: 'T1074', - }, - { - name: 'Remote Desktop Protocol', - id: 'T1021.001', - reference: 'https://attack.mitre.org/techniques/T1021/001', - tactics: ['lateral-movement'], - techniqueId: 'T1021', - }, - { - name: 'Remote Email Collection', - id: 'T1114.002', - reference: 'https://attack.mitre.org/techniques/T1114/002', - tactics: ['collection'], - techniqueId: 'T1114', - }, - { - name: 'Rename System Utilities', - id: 'T1036.003', - reference: 'https://attack.mitre.org/techniques/T1036/003', - tactics: ['defense-evasion'], - techniqueId: 'T1036', - }, - { - name: 'Resource Forking', - id: 'T1564.009', - reference: 'https://attack.mitre.org/techniques/T1564/009', - tactics: ['defense-evasion'], - techniqueId: 'T1564', - }, - { - name: 'Revert Cloud Instance', - id: 'T1578.004', - reference: 'https://attack.mitre.org/techniques/T1578/004', - tactics: ['defense-evasion'], - techniqueId: 'T1578', - }, - { - name: 'Right-to-Left Override', - id: 'T1036.002', - reference: 'https://attack.mitre.org/techniques/T1036/002', - tactics: ['defense-evasion'], - techniqueId: 'T1036', - }, - { - name: 'Run Virtual Instance', - id: 'T1564.006', - reference: 'https://attack.mitre.org/techniques/T1564/006', - tactics: ['defense-evasion'], - techniqueId: 'T1564', - }, - { - name: 'Rundll32', - id: 'T1218.011', - reference: 'https://attack.mitre.org/techniques/T1218/011', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'Runtime Data Manipulation', - id: 'T1565.003', - reference: 'https://attack.mitre.org/techniques/T1565/003', - tactics: ['impact'], - techniqueId: 'T1565', - }, - { - name: 'SAML Tokens', - id: 'T1606.002', - reference: 'https://attack.mitre.org/techniques/T1606/002', - tactics: ['credential-access'], - techniqueId: 'T1606', - }, - { - name: 'SID-History Injection', - id: 'T1134.005', - reference: 'https://attack.mitre.org/techniques/T1134/005', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1134', - }, - { - name: 'SIP and Trust Provider Hijacking', - id: 'T1553.003', - reference: 'https://attack.mitre.org/techniques/T1553/003', - tactics: ['defense-evasion'], - techniqueId: 'T1553', - }, - { - name: 'SMB/Windows Admin Shares', - id: 'T1021.002', - reference: 'https://attack.mitre.org/techniques/T1021/002', - tactics: ['lateral-movement'], - techniqueId: 'T1021', - }, - { - name: 'SNMP (MIB Dump)', - id: 'T1602.001', - reference: 'https://attack.mitre.org/techniques/T1602/001', - tactics: ['collection'], - techniqueId: 'T1602', - }, - { - name: 'SQL Stored Procedures', - id: 'T1505.001', - reference: 'https://attack.mitre.org/techniques/T1505/001', - tactics: ['persistence'], - techniqueId: 'T1505', - }, - { - name: 'SSH', - id: 'T1021.004', - reference: 'https://attack.mitre.org/techniques/T1021/004', - tactics: ['lateral-movement'], - techniqueId: 'T1021', - }, - { - name: 'SSH Authorized Keys', - id: 'T1098.004', - reference: 'https://attack.mitre.org/techniques/T1098/004', - tactics: ['persistence'], - techniqueId: 'T1098', - }, - { - name: 'SSH Hijacking', - id: 'T1563.001', - reference: 'https://attack.mitre.org/techniques/T1563/001', - tactics: ['lateral-movement'], - techniqueId: 'T1563', - }, - { - name: 'Safe Mode Boot', - id: 'T1562.009', - reference: 'https://attack.mitre.org/techniques/T1562/009', - tactics: ['defense-evasion'], - techniqueId: 'T1562', - }, - { - name: 'Scan Databases', - id: 'T1596.005', - reference: 'https://attack.mitre.org/techniques/T1596/005', - tactics: ['reconnaissance'], - techniqueId: 'T1596', - }, - { - name: 'Scanning IP Blocks', - id: 'T1595.001', - reference: 'https://attack.mitre.org/techniques/T1595/001', - tactics: ['reconnaissance'], - techniqueId: 'T1595', - }, - { - name: 'Scheduled Task', - id: 'T1053.005', - reference: 'https://attack.mitre.org/techniques/T1053/005', - tactics: ['execution', 'persistence', 'privilege-escalation'], - techniqueId: 'T1053', - }, - { - name: 'Screensaver', - id: 'T1546.002', - reference: 'https://attack.mitre.org/techniques/T1546/002', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Search Engines', - id: 'T1593.002', - reference: 'https://attack.mitre.org/techniques/T1593/002', - tactics: ['reconnaissance'], - techniqueId: 'T1593', - }, - { - name: 'Security Account Manager', - id: 'T1003.002', - reference: 'https://attack.mitre.org/techniques/T1003/002', - tactics: ['credential-access'], - techniqueId: 'T1003', - }, - { - name: 'Security Software Discovery', - id: 'T1518.001', - reference: 'https://attack.mitre.org/techniques/T1518/001', - tactics: ['discovery'], - techniqueId: 'T1518', - }, - { - name: 'Security Support Provider', - id: 'T1547.005', - reference: 'https://attack.mitre.org/techniques/T1547/005', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Securityd Memory', - id: 'T1555.002', - reference: 'https://attack.mitre.org/techniques/T1555/002', - tactics: ['credential-access'], - techniqueId: 'T1555', - }, - { - name: 'Server', - id: 'T1583.004', - reference: 'https://attack.mitre.org/techniques/T1583/004', - tactics: ['resource-development'], - techniqueId: 'T1583', - }, - { - name: 'Server', - id: 'T1584.004', - reference: 'https://attack.mitre.org/techniques/T1584/004', - tactics: ['resource-development'], - techniqueId: 'T1584', - }, - { - name: 'Service Execution', - id: 'T1569.002', - reference: 'https://attack.mitre.org/techniques/T1569/002', - tactics: ['execution'], - techniqueId: 'T1569', - }, - { - name: 'Service Exhaustion Flood', - id: 'T1499.002', - reference: 'https://attack.mitre.org/techniques/T1499/002', - tactics: ['impact'], - techniqueId: 'T1499', - }, - { - name: 'Services File Permissions Weakness', - id: 'T1574.010', - reference: 'https://attack.mitre.org/techniques/T1574/010', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - techniqueId: 'T1574', - }, - { - name: 'Services Registry Permissions Weakness', - id: 'T1574.011', - reference: 'https://attack.mitre.org/techniques/T1574/011', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - techniqueId: 'T1574', - }, - { - name: 'Setuid and Setgid', - id: 'T1548.001', - reference: 'https://attack.mitre.org/techniques/T1548/001', - tactics: ['privilege-escalation', 'defense-evasion'], - techniqueId: 'T1548', - }, - { - name: 'Sharepoint', - id: 'T1213.002', - reference: 'https://attack.mitre.org/techniques/T1213/002', - tactics: ['collection'], - techniqueId: 'T1213', - }, - { - name: 'Shortcut Modification', - id: 'T1547.009', - reference: 'https://attack.mitre.org/techniques/T1547/009', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Silver Ticket', - id: 'T1558.002', - reference: 'https://attack.mitre.org/techniques/T1558/002', - tactics: ['credential-access'], - techniqueId: 'T1558', - }, - { - name: 'Social Media', - id: 'T1593.001', - reference: 'https://attack.mitre.org/techniques/T1593/001', - tactics: ['reconnaissance'], - techniqueId: 'T1593', - }, - { - name: 'Social Media Accounts', - id: 'T1585.001', - reference: 'https://attack.mitre.org/techniques/T1585/001', - tactics: ['resource-development'], - techniqueId: 'T1585', - }, - { - name: 'Social Media Accounts', - id: 'T1586.001', - reference: 'https://attack.mitre.org/techniques/T1586/001', - tactics: ['resource-development'], - techniqueId: 'T1586', - }, - { - name: 'Software', - id: 'T1592.002', - reference: 'https://attack.mitre.org/techniques/T1592/002', - tactics: ['reconnaissance'], - techniqueId: 'T1592', - }, - { - name: 'Software Packing', - id: 'T1027.002', - reference: 'https://attack.mitre.org/techniques/T1027/002', - tactics: ['defense-evasion'], - techniqueId: 'T1027', - }, - { - name: 'Space after Filename', - id: 'T1036.006', - reference: 'https://attack.mitre.org/techniques/T1036/006', - tactics: ['defense-evasion'], - techniqueId: 'T1036', - }, - { - name: 'Spearphishing Attachment', - id: 'T1566.001', - reference: 'https://attack.mitre.org/techniques/T1566/001', - tactics: ['initial-access'], - techniqueId: 'T1566', - }, - { - name: 'Spearphishing Attachment', - id: 'T1598.002', - reference: 'https://attack.mitre.org/techniques/T1598/002', - tactics: ['reconnaissance'], - techniqueId: 'T1598', - }, - { - name: 'Spearphishing Link', - id: 'T1566.002', - reference: 'https://attack.mitre.org/techniques/T1566/002', - tactics: ['initial-access'], - techniqueId: 'T1566', - }, - { - name: 'Spearphishing Link', - id: 'T1598.003', - reference: 'https://attack.mitre.org/techniques/T1598/003', - tactics: ['reconnaissance'], - techniqueId: 'T1598', - }, - { - name: 'Spearphishing Service', - id: 'T1598.001', - reference: 'https://attack.mitre.org/techniques/T1598/001', - tactics: ['reconnaissance'], - techniqueId: 'T1598', - }, - { - name: 'Spearphishing via Service', - id: 'T1566.003', - reference: 'https://attack.mitre.org/techniques/T1566/003', - tactics: ['initial-access'], - techniqueId: 'T1566', - }, - { - name: 'Standard Encoding', - id: 'T1132.001', - reference: 'https://attack.mitre.org/techniques/T1132/001', - tactics: ['command-and-control'], - techniqueId: 'T1132', - }, - { - name: 'Startup Items', - id: 'T1037.005', - reference: 'https://attack.mitre.org/techniques/T1037/005', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1037', - }, - { - name: 'Steganography', - id: 'T1027.003', - reference: 'https://attack.mitre.org/techniques/T1027/003', - tactics: ['defense-evasion'], - techniqueId: 'T1027', - }, - { - name: 'Steganography', - id: 'T1001.002', - reference: 'https://attack.mitre.org/techniques/T1001/002', - tactics: ['command-and-control'], - techniqueId: 'T1001', - }, - { - name: 'Stored Data Manipulation', - id: 'T1565.001', - reference: 'https://attack.mitre.org/techniques/T1565/001', - tactics: ['impact'], - techniqueId: 'T1565', - }, - { - name: 'Sudo and Sudo Caching', - id: 'T1548.003', - reference: 'https://attack.mitre.org/techniques/T1548/003', - tactics: ['privilege-escalation', 'defense-evasion'], - techniqueId: 'T1548', - }, - { - name: 'Symmetric Cryptography', - id: 'T1573.001', - reference: 'https://attack.mitre.org/techniques/T1573/001', - tactics: ['command-and-control'], - techniqueId: 'T1573', - }, - { - name: 'System Checks', - id: 'T1497.001', - reference: 'https://attack.mitre.org/techniques/T1497/001', - tactics: ['defense-evasion', 'discovery'], - techniqueId: 'T1497', - }, - { - name: 'System Firmware', - id: 'T1542.001', - reference: 'https://attack.mitre.org/techniques/T1542/001', - tactics: ['persistence', 'defense-evasion'], - techniqueId: 'T1542', - }, - { - name: 'System Language Discovery', - id: 'T1614.001', - reference: 'https://attack.mitre.org/techniques/T1614/001', - tactics: ['discovery'], - techniqueId: 'T1614', - }, - { - name: 'Systemd Service', - id: 'T1543.002', - reference: 'https://attack.mitre.org/techniques/T1543/002', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1543', - }, - { - name: 'Systemd Timers', - id: 'T1053.006', - reference: 'https://attack.mitre.org/techniques/T1053/006', - tactics: ['execution', 'persistence', 'privilege-escalation'], - techniqueId: 'T1053', - }, - { - name: 'TFTP Boot', - id: 'T1542.005', - reference: 'https://attack.mitre.org/techniques/T1542/005', - tactics: ['defense-evasion', 'persistence'], - techniqueId: 'T1542', - }, - { - name: 'Thread Execution Hijacking', - id: 'T1055.003', - reference: 'https://attack.mitre.org/techniques/T1055/003', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1055', - }, - { - name: 'Thread Local Storage', - id: 'T1055.005', - reference: 'https://attack.mitre.org/techniques/T1055/005', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1055', - }, - { - name: 'Threat Intel Vendors', - id: 'T1597.001', - reference: 'https://attack.mitre.org/techniques/T1597/001', - tactics: ['reconnaissance'], - techniqueId: 'T1597', - }, - { - name: 'Time Based Evasion', - id: 'T1497.003', - reference: 'https://attack.mitre.org/techniques/T1497/003', - tactics: ['defense-evasion', 'discovery'], - techniqueId: 'T1497', - }, - { - name: 'Time Providers', - id: 'T1547.003', - reference: 'https://attack.mitre.org/techniques/T1547/003', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'Timestomp', - id: 'T1070.006', - reference: 'https://attack.mitre.org/techniques/T1070/006', - tactics: ['defense-evasion'], - techniqueId: 'T1070', - }, - { - name: 'Token Impersonation/Theft', - id: 'T1134.001', - reference: 'https://attack.mitre.org/techniques/T1134/001', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1134', - }, - { - name: 'Tool', - id: 'T1588.002', - reference: 'https://attack.mitre.org/techniques/T1588/002', - tactics: ['resource-development'], - techniqueId: 'T1588', - }, - { - name: 'Traffic Duplication', - id: 'T1020.001', - reference: 'https://attack.mitre.org/techniques/T1020/001', - tactics: ['exfiltration'], - techniqueId: 'T1020', - }, - { - name: 'Transmitted Data Manipulation', - id: 'T1565.002', - reference: 'https://attack.mitre.org/techniques/T1565/002', - tactics: ['impact'], - techniqueId: 'T1565', - }, - { - name: 'Transport Agent', - id: 'T1505.002', - reference: 'https://attack.mitre.org/techniques/T1505/002', - tactics: ['persistence'], - techniqueId: 'T1505', - }, - { - name: 'Trap', - id: 'T1546.005', - reference: 'https://attack.mitre.org/techniques/T1546/005', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Unix Shell', - id: 'T1059.004', - reference: 'https://attack.mitre.org/techniques/T1059/004', - tactics: ['execution'], - techniqueId: 'T1059', - }, - { - name: 'Unix Shell Configuration Modification', - id: 'T1546.004', - reference: 'https://attack.mitre.org/techniques/T1546/004', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Upload Malware', - id: 'T1608.001', - reference: 'https://attack.mitre.org/techniques/T1608/001', - tactics: ['resource-development'], - techniqueId: 'T1608', - }, - { - name: 'Upload Tool', - id: 'T1608.002', - reference: 'https://attack.mitre.org/techniques/T1608/002', - tactics: ['resource-development'], - techniqueId: 'T1608', - }, - { - name: 'User Activity Based Checks', - id: 'T1497.002', - reference: 'https://attack.mitre.org/techniques/T1497/002', - tactics: ['defense-evasion', 'discovery'], - techniqueId: 'T1497', - }, - { - name: 'VBA Stomping', - id: 'T1564.007', - reference: 'https://attack.mitre.org/techniques/T1564/007', - tactics: ['defense-evasion'], - techniqueId: 'T1564', - }, - { - name: 'VDSO Hijacking', - id: 'T1055.014', - reference: 'https://attack.mitre.org/techniques/T1055/014', - tactics: ['defense-evasion', 'privilege-escalation'], - techniqueId: 'T1055', - }, - { - name: 'VNC', - id: 'T1021.005', - reference: 'https://attack.mitre.org/techniques/T1021/005', - tactics: ['lateral-movement'], - techniqueId: 'T1021', - }, - { - name: 'Verclsid', - id: 'T1218.012', - reference: 'https://attack.mitre.org/techniques/T1218/012', - tactics: ['defense-evasion'], - techniqueId: 'T1218', - }, - { - name: 'Virtual Private Server', - id: 'T1583.003', - reference: 'https://attack.mitre.org/techniques/T1583/003', - tactics: ['resource-development'], - techniqueId: 'T1583', - }, - { - name: 'Virtual Private Server', - id: 'T1584.003', - reference: 'https://attack.mitre.org/techniques/T1584/003', - tactics: ['resource-development'], - techniqueId: 'T1584', - }, - { - name: 'Visual Basic', - id: 'T1059.005', - reference: 'https://attack.mitre.org/techniques/T1059/005', - tactics: ['execution'], - techniqueId: 'T1059', - }, - { - name: 'Vulnerabilities', - id: 'T1588.006', - reference: 'https://attack.mitre.org/techniques/T1588/006', - tactics: ['resource-development'], - techniqueId: 'T1588', - }, - { - name: 'Vulnerability Scanning', - id: 'T1595.002', - reference: 'https://attack.mitre.org/techniques/T1595/002', - tactics: ['reconnaissance'], - techniqueId: 'T1595', - }, - { - name: 'WHOIS', - id: 'T1596.002', - reference: 'https://attack.mitre.org/techniques/T1596/002', - tactics: ['reconnaissance'], - techniqueId: 'T1596', - }, - { - name: 'Web Cookies', - id: 'T1606.001', - reference: 'https://attack.mitre.org/techniques/T1606/001', - tactics: ['credential-access'], - techniqueId: 'T1606', - }, - { - name: 'Web Portal Capture', - id: 'T1056.003', - reference: 'https://attack.mitre.org/techniques/T1056/003', - tactics: ['collection', 'credential-access'], - techniqueId: 'T1056', - }, - { - name: 'Web Protocols', - id: 'T1071.001', - reference: 'https://attack.mitre.org/techniques/T1071/001', - tactics: ['command-and-control'], - techniqueId: 'T1071', - }, - { - name: 'Web Services', - id: 'T1583.006', - reference: 'https://attack.mitre.org/techniques/T1583/006', - tactics: ['resource-development'], - techniqueId: 'T1583', - }, - { - name: 'Web Services', - id: 'T1584.006', - reference: 'https://attack.mitre.org/techniques/T1584/006', - tactics: ['resource-development'], - techniqueId: 'T1584', - }, - { - name: 'Web Session Cookie', - id: 'T1550.004', - reference: 'https://attack.mitre.org/techniques/T1550/004', - tactics: ['defense-evasion', 'lateral-movement'], - techniqueId: 'T1550', - }, - { - name: 'Web Shell', - id: 'T1505.003', - reference: 'https://attack.mitre.org/techniques/T1505/003', - tactics: ['persistence'], - techniqueId: 'T1505', - }, - { - name: 'Windows Command Shell', - id: 'T1059.003', - reference: 'https://attack.mitre.org/techniques/T1059/003', - tactics: ['execution'], - techniqueId: 'T1059', - }, - { - name: 'Windows Credential Manager', - id: 'T1555.004', - reference: 'https://attack.mitre.org/techniques/T1555/004', - tactics: ['credential-access'], - techniqueId: 'T1555', - }, - { - name: 'Windows File and Directory Permissions Modification', - id: 'T1222.001', - reference: 'https://attack.mitre.org/techniques/T1222/001', - tactics: ['defense-evasion'], - techniqueId: 'T1222', - }, - { - name: 'Windows Management Instrumentation Event Subscription', - id: 'T1546.003', - reference: 'https://attack.mitre.org/techniques/T1546/003', - tactics: ['privilege-escalation', 'persistence'], - techniqueId: 'T1546', - }, - { - name: 'Windows Remote Management', - id: 'T1021.006', - reference: 'https://attack.mitre.org/techniques/T1021/006', - tactics: ['lateral-movement'], - techniqueId: 'T1021', - }, - { - name: 'Windows Service', - id: 'T1543.003', - reference: 'https://attack.mitre.org/techniques/T1543/003', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1543', - }, - { - name: 'Winlogon Helper DLL', - id: 'T1547.004', - reference: 'https://attack.mitre.org/techniques/T1547/004', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, - { - name: 'XDG Autostart Entries', - id: 'T1547.013', - reference: 'https://attack.mitre.org/techniques/T1547/013', - tactics: ['persistence', 'privilege-escalation'], - techniqueId: 'T1547', - }, -]; - export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ { label: i18n.translate( diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.test.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.test.tsx index 0e86d6e972f3d..a1c53bc2beffe 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.test.tsx @@ -56,10 +56,6 @@ jest.mock('react-router-dom', () => { useHistory: jest.fn(), }; }); -jest.mock('../../components/alerts_info', () => ({ - useAlertInfo: jest.fn().mockReturnValue([]), -})); - jest.mock('../../../common/lib/kibana', () => { const original = jest.requireActual('../../../common/lib/kibana'); diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts index 56ac425650d5a..ff2ad222c3c61 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts @@ -6,7 +6,7 @@ */ import { FilterStateStore } from '@kbn/es-query'; -import type { Rule, RuleError } from '../../../../../containers/detection_engine/rules'; +import type { Rule } from '../../../../../containers/detection_engine/rules'; import type { AboutStepRule, ActionsStepRule, DefineStepRule, ScheduleStepRule } from '../../types'; import type { FieldValueQueryBar } from '../../../../../components/rules/query_bar'; import { fillEmptySeverityMappings } from '../../helpers'; @@ -221,13 +221,3 @@ export const mockScheduleStepRule = (): ScheduleStepRule => ({ from: '6m', to: 'now', }); - -export const mockRuleError = (id: string): RuleError => ({ - rule_id: id, - error: { status_code: 404, message: `id: "${id}" not found` }, -}); - -export const mockRules: Rule[] = [ - mockRule('abe6c564-050d-45a5-aaf0-386c37dd1f61'), - mockRule('63f06f34-c181-4b2d-af35-f2ace572a1ee'), -]; diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/exceptions/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/exceptions/translations.ts index 74157aa44408f..004b6c5d97bec 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/exceptions/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/exceptions/translations.ts @@ -28,13 +28,6 @@ export const EXCEPTION_LIST_ACTIONS = i18n.translate( } ); -export const NUMBER_RULES_ASSIGNED_TO_TITLE = i18n.translate( - 'xpack.securitySolution.detectionEngine.rules.all.exceptions.numberRulesAssignedTitle', - { - defaultMessage: 'Number of rules assigned to', - } -); - export const RULES_ASSIGNED_TO_TITLE = i18n.translate( 'xpack.securitySolution.detectionEngine.rules.all.exceptions.rulesAssignedTitle', { diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table/__mocks__/rules_table_context.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table/__mocks__/rules_table_context.tsx index c7715ccffa135..bc47880b6422a 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table/__mocks__/rules_table_context.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table/__mocks__/rules_table_context.tsx @@ -56,14 +56,15 @@ export const useRulesTableContextMock = { }), }; +// do not delete export const useRulesTableContext = jest .fn, []>() .mockImplementation(useRulesTableContextMock.create); - +// do not delete export const useRulesTableContextOptional = jest .fn, []>() .mockImplementation(useRulesTableContextMock.create); - +// do not delete export const RulesTableContextProvider = jest .fn() .mockImplementation(({ children }: { children: React.ReactNode }) => <>{children}); diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table_actions.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table_actions.tsx index 8708c473f45ba..747c0c6afe37b 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table_actions.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/rules_table_actions.tsx @@ -5,11 +5,7 @@ * 2.0. */ -import type { - DefaultItemAction, - EuiBasicTableColumn, - EuiTableActionsColumnType, -} from '@elastic/eui'; +import type { DefaultItemAction } from '@elastic/eui'; import { EuiToolTip } from '@elastic/eui'; import React from 'react'; import type { NavigateToAppOptions } from '@kbn/core/public'; @@ -25,8 +21,6 @@ import { SINGLE_RULE_ACTIONS } from '../../../../../common/lib/apm/user_actions' type NavigateToApp = (appId: string, options?: NavigateToAppOptions | undefined) => Promise; -export type TableColumn = EuiBasicTableColumn | EuiTableActionsColumnType; - export const getRulesTableActions = ({ toasts, navigateToApp, diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/__mocks__/rule_details_context.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/__mocks__/rule_details_context.tsx index 2995e39ba942f..220a0635f2011 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/__mocks__/rule_details_context.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/__mocks__/rule_details_context.tsx @@ -5,8 +5,8 @@ * 2.0. */ -import type { RuleDetailsContextType } from '../rule_details_context'; import React from 'react'; +import type { RuleDetailsContextType } from '../rule_details_context'; export const useRuleDetailsContextMock = { create: (): jest.Mocked => ({ @@ -49,14 +49,17 @@ export const useRuleDetailsContextMock = { }), }; +// do not delete export const useRuleDetailsContext = jest .fn, []>() .mockImplementation(useRuleDetailsContextMock.create); +// do not delete export const useRuleDetailsContextOptional = jest .fn, []>() .mockImplementation(useRuleDetailsContextMock.create); +// do not delete export const RulesTableContextProvider = jest .fn() .mockImplementation(({ children }: { children: React.ReactNode }) => <>{children}); diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/rule_details_context.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/rule_details_context.tsx index f0238d54f5796..f7f6f735069d1 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/rule_details_context.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/rule_details_context.tsx @@ -211,6 +211,3 @@ export const useRuleDetailsContext = (): RuleDetailsContextType => { ); return ruleDetailsContext; }; - -export const useRuleDetailsContextOptional = (): RuleDetailsContextType | null => - useContext(RuleDetailsContext); diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts index 595396e0fd28a..e0c6f319f6e91 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts @@ -21,13 +21,6 @@ export const BACK_TO_RULES = i18n.translate( } ); -export const EXPERIMENTAL = i18n.translate( - 'xpack.securitySolution.detectionEngine.ruleDetails.experimentalDescription', - { - defaultMessage: 'Technical preview', - } -); - export const ENABLE_RULE = i18n.translate( 'xpack.securitySolution.detectionEngine.ruleDetails.enableRuleLabel', { @@ -49,13 +42,6 @@ export const RULE_EXECUTION_LOGS = i18n.translate( } ); -export const TYPE_FAILED = i18n.translate( - 'xpack.securitySolution.detectionEngine.ruleDetails.statusFailedDescription', - { - defaultMessage: 'Failed', - } -); - export const EXCEPTIONS_TAB = i18n.translate( 'xpack.securitySolution.detectionEngine.ruleDetails.exceptionsTab', { diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts index 703e5feb836ca..90dfaa5086a35 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts @@ -7,12 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const BACK_TO_DETECTIONS = i18n.translate( - 'xpack.securitySolution.detectionEngine.rules.backOptionsHeader', - { - defaultMessage: 'Back to detections', - } -); export const POPOVER_TOOLTIP_ARIA_LABEL = (columnName: string) => i18n.translate('xpack.securitySolution.detectionEngine.rules.popoverTooltip.ariaLabel', { defaultMessage: 'Tooltip for column: {columnName}', @@ -102,20 +96,6 @@ export const BATCH_ACTIONS = i18n.translate( } ); -export const ACTIVE = i18n.translate( - 'xpack.securitySolution.detectionEngine.rules.allRules.activeRuleDescription', - { - defaultMessage: 'active', - } -); - -export const INACTIVE = i18n.translate( - 'xpack.securitySolution.detectionEngine.rules.allRules.inactiveRuleDescription', - { - defaultMessage: 'inactive', - } -); - export const BULK_ACTION_ENABLE = i18n.translate( 'xpack.securitySolution.detectionEngine.rules.allRules.bulkActions.enableTitle', { @@ -477,13 +457,6 @@ export const EDIT_RULE_SETTINGS_TOOLTIP = i18n.translate( } ); -export const DUPLICATE = i18n.translate( - 'xpack.securitySolution.detectionEngine.rules.allRules.actions.duplicateTitle', - { - defaultMessage: 'Duplicate', - } -); - export const DUPLICATE_RULE = i18n.translate( 'xpack.securitySolution.detectionEngine.rules.allRules.actions.duplicateRuleDescription', { @@ -561,13 +534,6 @@ export const COLUMN_TAGS = i18n.translate( } ); -export const COLUMN_SEE_ALL_POPOVER = i18n.translate( - 'xpack.securitySolution.detectionEngine.rules.allRules.columns.tagsPopoverTitle', - { - defaultMessage: 'See all', - } -); - export const COLUMN_ENABLE = i18n.translate( 'xpack.securitySolution.detectionEngine.rules.allRules.columns.enabledTitle', { @@ -631,13 +597,6 @@ export const MONITORING_TAB = i18n.translate( } ); -export const EXCEPTIONS_TAB = i18n.translate( - 'xpack.securitySolution.detectionEngine.rules.allRules.tabs.exceptions', - { - defaultMessage: 'Exception Lists', - } -); - export const CUSTOM_RULES = i18n.translate( 'xpack.securitySolution.detectionEngine.rules.allRules.filters.customRulesTitle', { @@ -818,27 +777,6 @@ export const IMPORT_FAILED_DETAILED = (message: string) => } ); -export const REFRESH_PROMPT_TITLE = i18n.translate( - 'xpack.securitySolution.detectionEngine.components.allRules.refreshPromptTitle', - { - defaultMessage: 'Are you still there?', - } -); - -export const REFRESH_PROMPT_CONFIRM = i18n.translate( - 'xpack.securitySolution.detectionEngine.components.allRules.refreshPromptConfirm', - { - defaultMessage: 'Continue', - } -); - -export const REFRESH_PROMPT_BODY = i18n.translate( - 'xpack.securitySolution.detectionEngine.components.allRules.refreshPromptBody', - { - defaultMessage: 'Rule auto-refresh has been paused. Click "Continue" to resume.', - } -); - export const DELETE_CONFIRMATION_TITLE = i18n.translate( 'xpack.securitySolution.detectionEngine.components.allRules.deleteConfirmationTitle', { diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/translations.ts index fedf119025304..9e6727df72a18 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const BREADCRUMB_TITLE = i18n.translate( - 'xpack.securitySolution.detectionEngine.detectionsBreadcrumbTitle', - { - defaultMessage: 'Detections', - } -); - export const PAGE_TITLE = i18n.translate( 'xpack.securitySolution.detectionEngine.detectionsPageTitle', { @@ -21,21 +14,6 @@ export const PAGE_TITLE = i18n.translate( } ); -export const LAST_ALERT = i18n.translate('xpack.securitySolution.detectionEngine.lastSignalTitle', { - defaultMessage: 'Last alert', -}); - -export const TOTAL_SIGNAL = i18n.translate( - 'xpack.securitySolution.detectionEngine.totalSignalTitle', - { - defaultMessage: 'Total', - } -); - -export const SIGNAL = i18n.translate('xpack.securitySolution.detectionEngine.signalTitle', { - defaultMessage: 'Detected alerts', -}); - export const ALERT = i18n.translate('xpack.securitySolution.detectionEngine.alertTitle', { defaultMessage: 'Alerts', }); @@ -47,32 +25,6 @@ export const BUTTON_MANAGE_RULES = i18n.translate( } ); -export const PANEL_SUBTITLE_SHOWING = i18n.translate( - 'xpack.securitySolution.detectionEngine.panelSubtitleShowing', - { - defaultMessage: 'Showing', - } -); - -export const EMPTY_TITLE = i18n.translate('xpack.securitySolution.detectionEngine.emptyTitle', { - defaultMessage: - 'It looks like you don’t have any indices relevant to the detection engine in the Security application', -}); - -export const EMPTY_ACTION_BEATS = i18n.translate( - 'xpack.securitySolution.detectionEngine.emptyActionBeats', - { - defaultMessage: 'View setup instructions', - } -); - -export const EMPTY_ACTION_SECONDARY = i18n.translate( - 'xpack.securitySolution.detectionEngine.emptyActionSecondary', - { - defaultMessage: 'Go to documentation', - } -); - export const NO_INDEX_TITLE = i18n.translate( 'xpack.securitySolution.detectionEngine.noIndexTitle', { diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/types.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/types.ts deleted file mode 100644 index 39ba409fcdcac..0000000000000 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/types.ts +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export enum DetectionEngineTab { - signals = 'signals', - alerts = 'alerts', -} diff --git a/x-pack/plugins/security_solution/public/hosts/containers/hosts/translations.ts b/x-pack/plugins/security_solution/public/hosts/containers/hosts/translations.ts index 7e470600a96da..1aae8882bed4e 100644 --- a/x-pack/plugins/security_solution/public/hosts/containers/hosts/translations.ts +++ b/x-pack/plugins/security_solution/public/hosts/containers/hosts/translations.ts @@ -7,30 +7,9 @@ import { i18n } from '@kbn/i18n'; -export const ERROR_ALL_HOST = i18n.translate( - 'xpack.securitySolution.allHost.errorSearchDescription', - { - defaultMessage: `An error has occurred on all hosts search`, - } -); - export const FAIL_ALL_HOST = i18n.translate( 'xpack.securitySolution.allHost.failSearchDescription', { defaultMessage: `Failed to run search on all hosts`, } ); - -export const ERROR_HOST_OVERVIEW = i18n.translate( - 'xpack.securitySolution.hostOverview.errorSearchDescription', - { - defaultMessage: `An error has occurred on host overview search`, - } -); - -export const FAIL_HOST_OVERVIEW = i18n.translate( - 'xpack.securitySolution.hostOverview.failSearchDescription', - { - defaultMessage: `Failed to run search on host overview`, - } -); diff --git a/x-pack/plugins/security_solution/public/hosts/containers/uncommon_processes/translations.ts b/x-pack/plugins/security_solution/public/hosts/containers/uncommon_processes/translations.ts index 22416f171b3ce..42bea4d232f4c 100644 --- a/x-pack/plugins/security_solution/public/hosts/containers/uncommon_processes/translations.ts +++ b/x-pack/plugins/security_solution/public/hosts/containers/uncommon_processes/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const ERROR_UNCOMMON_PROCESSES = i18n.translate( - 'xpack.securitySolution.uncommonProcesses.errorSearchDescription', - { - defaultMessage: `An error has occurred on uncommon processes search`, - } -); - export const FAIL_UNCOMMON_PROCESSES = i18n.translate( 'xpack.securitySolution.uncommonProcesses.failSearchDescription', { diff --git a/x-pack/plugins/security_solution/public/hosts/pages/details/types.ts b/x-pack/plugins/security_solution/public/hosts/pages/details/types.ts index b0664c4e91762..118a60c27b017 100644 --- a/x-pack/plugins/security_solution/public/hosts/pages/details/types.ts +++ b/x-pack/plugins/security_solution/public/hosts/pages/details/types.ts @@ -6,17 +6,13 @@ */ import type { ActionCreator } from 'typescript-fsa'; -import type { DataViewBase, Filter, Query } from '@kbn/es-query'; +import type { DataViewBase, Filter } from '@kbn/es-query'; import type { InputsModelId } from '../../../common/store/inputs/constants'; import type { HostsTableType } from '../../store/model'; import type { HostsQueryProps } from '../types'; import type { NavTab } from '../../../common/components/navigation/types'; import type { KeyHostsNavTabWithoutMlPermission } from '../navigation/types'; import type { hostsModel } from '../../store'; -interface HostDetailsComponentReduxProps { - query: Query; - filters: Filter[]; -} interface HostBodyComponentDispatchProps { setAbsoluteRangeDatePicker: ActionCreator<{ @@ -28,19 +24,11 @@ interface HostBodyComponentDispatchProps { hostDetailsPagePath: string; } -interface HostDetailsComponentDispatchProps extends HostBodyComponentDispatchProps { - setHostDetailsTablesActivePageToZero: ActionCreator; -} - export interface HostDetailsProps { detailName: string; hostDetailsPagePath: string; } -export type HostDetailsComponentProps = HostDetailsComponentReduxProps & - HostDetailsComponentDispatchProps & - HostsQueryProps; - type KeyHostDetailsNavTabWithoutMlPermission = HostsTableType.authentications & HostsTableType.uncommonProcesses & HostsTableType.events; diff --git a/x-pack/plugins/security_solution/public/hosts/pages/navigation/types.ts b/x-pack/plugins/security_solution/public/hosts/pages/navigation/types.ts index bbbcdb9e63d0f..0499808992686 100644 --- a/x-pack/plugins/security_solution/public/hosts/pages/navigation/types.ts +++ b/x-pack/plugins/security_solution/public/hosts/pages/navigation/types.ts @@ -46,5 +46,3 @@ export type AlertsComponentQueryProps = HostsComponentsQueryProps & { filterQuery?: string; pageFilters?: Filter[]; }; - -export type CommonChildren = (args: HostsComponentsQueryProps) => JSX.Element; diff --git a/x-pack/plugins/security_solution/public/hosts/pages/translations.ts b/x-pack/plugins/security_solution/public/hosts/pages/translations.ts index b0b64dcd43d8e..b2ac1611087c6 100644 --- a/x-pack/plugins/security_solution/public/hosts/pages/translations.ts +++ b/x-pack/plugins/security_solution/public/hosts/pages/translations.ts @@ -7,10 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const KQL_PLACEHOLDER = i18n.translate('xpack.securitySolution.hosts.kqlPlaceholder', { - defaultMessage: 'e.g. host.name: "foo"', -}); - export const PAGE_TITLE = i18n.translate('xpack.securitySolution.hosts.pageTitle', { defaultMessage: 'Hosts', }); @@ -71,13 +67,6 @@ export const NAVIGATION_SESSIONS_TITLE = i18n.translate( } ); -export const ERROR_FETCHING_AUTHENTICATIONS_DATA = i18n.translate( - 'xpack.securitySolution.hosts.navigaton.matrixHistogram.errorFetchingAuthenticationsData', - { - defaultMessage: 'Failed to query authentications data', - } -); - export const ERROR_FETCHING_EVENTS_DATA = i18n.translate( 'xpack.securitySolution.hosts.navigaton.matrixHistogram.errorFetchingEventsData', { diff --git a/x-pack/plugins/security_solution/public/hosts/store/selectors.ts b/x-pack/plugins/security_solution/public/hosts/store/selectors.ts index 859819a045dff..5addc9c2ccf4d 100644 --- a/x-pack/plugins/security_solution/public/hosts/store/selectors.ts +++ b/x-pack/plugins/security_solution/public/hosts/store/selectors.ts @@ -28,10 +28,5 @@ export const hostRiskScoreSelector = () => export const hostRiskScoreSeverityFilterSelector = () => createSelector(selectHosts, (hosts) => hosts.queries[HostsTableType.risk].severitySelection); -export const eventsSelector = () => createSelector(selectHosts, (hosts) => hosts.queries.events); - export const uncommonProcessesSelector = () => createSelector(selectHosts, (hosts) => hosts.queries.uncommonProcesses); - -export const alertsSelector = () => - createSelector(selectHosts, (hosts) => hosts.queries[HostsTableType.alerts]); diff --git a/x-pack/plugins/security_solution/public/management/common/constants.ts b/x-pack/plugins/security_solution/public/management/common/constants.ts index e19bfd01da4ca..a46a9d8a9397f 100644 --- a/x-pack/plugins/security_solution/public/management/common/constants.ts +++ b/x-pack/plugins/security_solution/public/management/common/constants.ts @@ -32,11 +32,6 @@ export const MANAGEMENT_STORE_GLOBAL_NAMESPACE: ManagementStoreGlobalNamespace = export const MANAGEMENT_STORE_POLICY_DETAILS_NAMESPACE = 'policyDetails'; /** Namespace within the Management state where endpoint-host state is maintained */ export const MANAGEMENT_STORE_ENDPOINTS_NAMESPACE = 'endpoints'; -/** Namespace within the Management state where trusted apps page state is maintained */ -export const MANAGEMENT_STORE_TRUSTED_APPS_NAMESPACE = 'trustedApps'; -/** Namespace within the Management state where event filters page state is maintained */ -export const MANAGEMENT_STORE_EVENT_FILTERS_NAMESPACE = 'eventFilters'; -export const MANAGEMENT_STORE_HOST_ISOLATION_EXCEPTIONS_NAMESPACE = 'hostIsolationExceptions'; export const MANAGEMENT_PAGE_SIZE_OPTIONS: readonly number[] = [10, 20, 50]; export const MANAGEMENT_DEFAULT_PAGE = 0; diff --git a/x-pack/plugins/security_solution/public/management/common/routing.ts b/x-pack/plugins/security_solution/public/management/common/routing.ts index bb65a7dffe3e5..040ce1e14a9d2 100644 --- a/x-pack/plugins/security_solution/public/management/common/routing.ts +++ b/x-pack/plugins/security_solution/public/management/common/routing.ts @@ -221,26 +221,12 @@ const extractFilter = (query: querystring.ParsedUrlQuery): string => { return extractFirstParamValue(query, 'filter') || ''; }; -const extractIncludedPolicies = (query: querystring.ParsedUrlQuery): string => { - return extractFirstParamValue(query, 'included_policies') || ''; -}; - export const extractListPaginationParams = (query: querystring.ParsedUrlQuery) => ({ page_index: extractPageIndex(query), page_size: extractPageSize(query), filter: extractFilter(query), }); -export const extractTrustedAppsListPaginationParams = (query: querystring.ParsedUrlQuery) => ({ - ...extractListPaginationParams(query), - included_policies: extractIncludedPolicies(query), -}); - -export const extractArtifactsListPaginationParams = (query: querystring.ParsedUrlQuery) => ({ - ...extractListPaginationParams(query), - included_policies: extractIncludedPolicies(query), -}); - export const getTrustedAppsListPath = (location?: Partial): string => { const path = generatePath(MANAGEMENT_ROUTING_TRUSTED_APPS_PATH, { tabName: AdministrationSubTab.trustedApps, @@ -279,19 +265,6 @@ export const getPolicyDetailsArtifactsListPath = ( )}`; }; -export const extractEventFiltersPageLocation = ( - query: querystring.ParsedUrlQuery -): EventFiltersPageLocation => { - const showParamValue = extractFirstParamValue(query, 'show') as EventFiltersPageLocation['show']; - - return { - ...extractArtifactsListPaginationParams(query), - show: - showParamValue && ['edit', 'create'].includes(showParamValue) ? showParamValue : undefined, - id: extractFirstParamValue(query, 'id'), - }; -}; - export const getEventFiltersListPath = (location?: Partial): string => { const path = generatePath(MANAGEMENT_ROUTING_EVENT_FILTERS_PATH, { tabName: AdministrationSubTab.eventFilters, diff --git a/x-pack/plugins/security_solution/public/management/common/translations.ts b/x-pack/plugins/security_solution/public/management/common/translations.ts index c144aae80ddfe..bd054654aa344 100644 --- a/x-pack/plugins/security_solution/public/management/common/translations.ts +++ b/x-pack/plugins/security_solution/public/management/common/translations.ts @@ -25,10 +25,6 @@ export const EVENT_FILTERS_TAB = i18n.translate('xpack.securitySolution.eventFil defaultMessage: 'Event filters', }); -export const BETA_BADGE_LABEL = i18n.translate('xpack.securitySolution.administration.list.beta', { - defaultMessage: 'Beta', -}); - export const OS_TITLES: Readonly<{ [K in OperatingSystem]: string }> = { [OperatingSystem.WINDOWS]: i18n.translate('xpack.securitySolution.administration.os.windows', { defaultMessage: 'Windows', diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/bad_argument.tsx b/x-pack/plugins/security_solution/public/management/components/console/components/bad_argument.tsx index 3eccdd5ab7ca5..2d07932e388b4 100644 --- a/x-pack/plugins/security_solution/public/management/components/console/components/bad_argument.tsx +++ b/x-pack/plugins/security_solution/public/management/components/console/components/bad_argument.tsx @@ -5,23 +5,17 @@ * 2.0. */ -import type { PropsWithChildren, ReactNode } from 'react'; +import type { ReactNode } from 'react'; import React, { memo, useEffect } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; import { EuiSpacer } from '@elastic/eui'; import { UnsupportedMessageCallout } from './unsupported_message_callout'; -import type { ParsedCommandInterface } from '../service/parsed_command_input'; -import type { CommandDefinition, CommandExecutionComponentProps } from '../types'; +import type { CommandExecutionComponentProps } from '../types'; import { CommandInputUsage } from './command_usage'; import { useDataTestSubj } from '../hooks/state_selectors/use_data_test_subj'; import { useTestIdGenerator } from '../../../hooks/use_test_id_generator'; import { ConsoleCodeBlock } from './console_code_block'; -export type BadArgumentProps = PropsWithChildren<{ - parsedInput: ParsedCommandInterface; - commandDefinition: CommandDefinition; -}>; - /** * Shows a bad argument error. The error message needs to be defined via the Command History Item's * `state.errorMessage` diff --git a/x-pack/plugins/security_solution/public/management/components/console/components/history_item.tsx b/x-pack/plugins/security_solution/public/management/components/console/components/history_item.tsx index 72419c1cb56da..6c2a7c3d2e192 100644 --- a/x-pack/plugins/security_solution/public/management/components/console/components/history_item.tsx +++ b/x-pack/plugins/security_solution/public/management/components/console/components/history_item.tsx @@ -37,5 +37,3 @@ export const HistoryItem = memo(({ children }) => { }); HistoryItem.displayName = 'HistoryItem'; - -export type HistoryItemComponent = typeof HistoryItem; diff --git a/x-pack/plugins/security_solution/public/management/components/effected_policy_select/utils.ts b/x-pack/plugins/security_solution/public/management/components/effected_policy_select/utils.ts index 3d51955f65dc6..7e5e27e90db7e 100644 --- a/x-pack/plugins/security_solution/public/management/components/effected_policy_select/utils.ts +++ b/x-pack/plugins/security_solution/public/management/components/effected_policy_select/utils.ts @@ -72,12 +72,3 @@ export function getEffectedPolicySelectionByTags( export function isGlobalPolicyEffected(tags?: string[]): boolean { return tags !== undefined && tags.find((tag) => tag === GLOBAL_ARTIFACT_TAG) !== undefined; } - -/** - * Given an array of an artifact tags, return the ids of policies inside - * those tags. It will only return tags starting with `policy:` and it will - * return them without the suffix - */ -export function getArtifactPoliciesIdByTag(tags: string[] = []): string[] { - return tags.filter((tag) => tag.startsWith('policy:')).map((tag) => tag.substring(7)); -} diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/endpoint_details_tabs.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/endpoint_details_tabs.tsx index 1fb83a2a552b9..a293e278721ec 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/endpoint_details_tabs.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/components/endpoint_details_tabs.tsx @@ -18,10 +18,6 @@ export enum EndpointDetailsTabsTypes { activityLog = 'activity_log', } -export type EndpointDetailsTabsId = - | EndpointDetailsTabsTypes.overview - | EndpointDetailsTabsTypes.activityLog; - interface EndpointDetailsTabs { id: string; name: string; diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks/hooks.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks/hooks.ts index c9a0eec58a94d..88750a757bcc3 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks/hooks.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/hooks/hooks.ts @@ -6,15 +6,12 @@ */ import { useSelector } from 'react-redux'; -import { useMemo } from 'react'; -import { pagePathGetters } from '@kbn/fleet-plugin/public'; import type { EndpointState } from '../../types'; import type { State } from '../../../../../common/store'; import { MANAGEMENT_STORE_ENDPOINTS_NAMESPACE, MANAGEMENT_STORE_GLOBAL_NAMESPACE, } from '../../../../common/constants'; -import { useAppUrl } from '../../../../../common/lib/kibana'; export function useEndpointSelector(selector: (state: EndpointState) => TSelected) { return useSelector(function (state: State) { @@ -25,35 +22,3 @@ export function useEndpointSelector(selector: (state: EndpointState) ); }); } - -/** - * Returns an object that contains Fleet app and URL information - */ -export const useIngestUrl = (subpath: string): { url: string; appId: string; appPath: string } => { - const { getAppUrl } = useAppUrl(); - return useMemo(() => { - const appPath = `#/${subpath}`; - return { - url: `${getAppUrl({ appId: 'fleet' })}${appPath}`, - appId: 'fleet', - appPath, - }; - }, [getAppUrl, subpath]); -}; -/** - * Returns an object that contains Fleet app and URL information - */ -export const useAgentDetailsIngestUrl = ( - agentId: string -): { url: string; appId: string; appPath: string } => { - const { getAppUrl } = useAppUrl(); - return useMemo(() => { - const appPath = pagePathGetters.agent_details_logs({ agentId })[1]; - - return { - url: `${getAppUrl({ appId: 'fleet' })}${appPath}`, - appId: 'fleet', - appPath, - }; - }, [getAppUrl, agentId]); -}; diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/translations.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/translations.ts index 2f032d15be064..30001f41c3636 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/translations.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/translations.ts @@ -121,10 +121,3 @@ export const ACTIVITY_LOG = { }, }, }; - -export const SEARCH_ACTIVITY_LOG = i18n.translate( - 'xpack.securitySolution.endpointDetails.activityLog.search', - { - defaultMessage: 'Search activity log', - } -); diff --git a/x-pack/plugins/security_solution/public/management/pages/event_filters/service/index.ts b/x-pack/plugins/security_solution/public/management/pages/event_filters/service/index.ts deleted file mode 100644 index e5f5cc7e9cbfa..0000000000000 --- a/x-pack/plugins/security_solution/public/management/pages/event_filters/service/index.ts +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { HttpStart } from '@kbn/core/public'; -import type { - FoundExceptionListItemSchema, - ExceptionListItemSchema, - CreateExceptionListItemSchema, - UpdateExceptionListItemSchema, - ExceptionListSummarySchema, -} from '@kbn/securitysolution-io-ts-list-types'; - -import type { Immutable } from '../../../../../common/endpoint/types'; - -import type { EventFiltersService } from '../types'; -import { - addEventFilters, - getList, - getOne, - updateOne, - deleteOne, - getSummary, -} from './service_actions'; - -/** - * @deprecated Don't use this class for future implementations, use the service_actions module instead! - */ -export class EventFiltersHttpService implements EventFiltersService { - constructor(private http: HttpStart) { - this.http = http; - } - - async getList({ - perPage, - page, - sortField, - sortOrder, - filter, - }: Partial<{ - page: number; - perPage: number; - sortField: string; - sortOrder: string; - filter: string; - }> = {}): Promise { - return getList({ http: this.http, perPage, page, sortField, sortOrder, filter }); - } - - async addEventFilters(exception: ExceptionListItemSchema | CreateExceptionListItemSchema) { - return addEventFilters(this.http, exception); - } - - async getOne(id: string) { - return getOne(this.http, id); - } - - async updateOne( - exception: Immutable - ): Promise { - return updateOne(this.http, exception); - } - - async deleteOne(id: string): Promise { - return deleteOne(this.http, id); - } - - async getSummary(filter?: string): Promise { - return getSummary({ http: this.http, filter }); - } -} diff --git a/x-pack/plugins/security_solution/public/management/pages/event_filters/service/service_actions.ts b/x-pack/plugins/security_solution/public/management/pages/event_filters/service/service_actions.ts index 9b4e05bfd14fd..497a608ff2ece 100644 --- a/x-pack/plugins/security_solution/public/management/pages/event_filters/service/service_actions.ts +++ b/x-pack/plugins/security_solution/public/management/pages/event_filters/service/service_actions.ts @@ -6,7 +6,6 @@ */ import type { - CreateExceptionListItemSchema, ExceptionListItemSchema, ExceptionListSummarySchema, FoundExceptionListItemSchema, @@ -71,48 +70,6 @@ export async function getList({ }); } -export async function addEventFilters( - http: HttpStart, - exception: ExceptionListItemSchema | CreateExceptionListItemSchema -) { - await ensureEventFiltersListExists(http); - // Clean meta data before create event flter as the API throws an error with it - delete exception.meta; - return http.post(EXCEPTION_LIST_ITEM_URL, { - body: JSON.stringify(exception), - }); -} - -export async function getOne(http: HttpStart, id: string) { - await ensureEventFiltersListExists(http); - return http.get(EXCEPTION_LIST_ITEM_URL, { - query: { - id, - namespace_type: 'agnostic', - }, - }); -} - -export async function updateOne( - http: HttpStart, - exception: Immutable -): Promise { - await ensureEventFiltersListExists(http); - return http.put(EXCEPTION_LIST_ITEM_URL, { - body: JSON.stringify(cleanEventFilterToUpdate(exception)), - }); -} - -export async function deleteOne(http: HttpStart, id: string): Promise { - await ensureEventFiltersListExists(http); - return http.delete(EXCEPTION_LIST_ITEM_URL, { - query: { - id, - namespace_type: 'agnostic', - }, - }); -} - export async function getSummary({ http, filter, diff --git a/x-pack/plugins/security_solution/public/management/pages/event_filters/test_utils/index.ts b/x-pack/plugins/security_solution/public/management/pages/event_filters/test_utils/index.ts index 2f35e82959e61..224214d9451af 100644 --- a/x-pack/plugins/security_solution/public/management/pages/event_filters/test_utils/index.ts +++ b/x-pack/plugins/security_solution/public/management/pages/event_filters/test_utils/index.ts @@ -60,30 +60,6 @@ export const ecsEventMock = (): Ecs => ({ }, }); -export const createdEventFilterEntryMock = (): ExceptionListItemSchema => ({ - _version: 'WzM4MDgsMV0=', - meta: undefined, - comments: [], - created_at: '2021-04-19T10:30:36.425Z', - created_by: 'elastic', - description: '', - entries: [ - { field: 'event.category', operator: 'included', type: 'match', value: 'process' }, - { field: 'process.executable', operator: 'included', type: 'match', value: 'C:\\iexlorer.exe' }, - ], - id: '47598790-a0fa-11eb-8458-69ac85f1fa18', - item_id: '93f65a04-6f5c-4f9e-9be5-e674b3c2392f', - list_id: '.endpointEventFilterList', - name: 'Test', - namespace_type: 'agnostic', - os_types: ['windows'], - tags: ['policy:all'], - tie_breaker_id: 'c42f3dbd-292f-49e8-83ab-158d024a4d8b', - type: 'simple', - updated_at: '2021-04-19T10:30:36.428Z', - updated_by: 'elastic', -}); - export type EventFiltersListQueryHttpMockProviders = ResponseProvidersInterface<{ eventFiltersList: () => FoundExceptionListItemSchema; eventFiltersCreateList: () => ExceptionListItemSchema; diff --git a/x-pack/plugins/security_solution/public/management/pages/event_filters/types.ts b/x-pack/plugins/security_solution/public/management/pages/event_filters/types.ts index b14d22952758b..7d05af2ba6bb9 100644 --- a/x-pack/plugins/security_solution/public/management/pages/event_filters/types.ts +++ b/x-pack/plugins/security_solution/public/management/pages/event_filters/types.ts @@ -5,15 +5,6 @@ * 2.0. */ -import type { - FoundExceptionListItemSchema, - CreateExceptionListItemSchema, - ExceptionListItemSchema, - UpdateExceptionListItemSchema, - ExceptionListSummarySchema, -} from '@kbn/securitysolution-io-ts-list-types'; -import type { Immutable } from '../../../../common/endpoint/types'; - export interface EventFiltersPageLocation { page_index: number; page_size: number; @@ -23,30 +14,3 @@ export interface EventFiltersPageLocation { filter: string; included_policies: string; } - -export type EventFiltersServiceGetListOptions = Partial<{ - page: number; - perPage: number; - sortField: keyof ExceptionListItemSchema; - sortOrder: 'asc' | 'desc'; - filter: string; -}>; - -export interface EventFiltersService { - addEventFilters( - exception: Immutable - ): Promise; - - getList(options?: EventFiltersServiceGetListOptions): Promise; - getOne(id: string): Promise; - updateOne(exception: Immutable): Promise; - deleteOne(id: string): Promise; - getSummary(filter?: string): Promise; -} - -export interface EventFiltersListPageData { - /** The query that was used to retrieve the data */ - query: EventFiltersServiceGetListOptions; - /** The data retrieved from the API */ - content: FoundExceptionListItemSchema; -} diff --git a/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/view/components/translations.ts b/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/view/components/translations.ts index 75b9235c23aed..f3a123b9788b8 100644 --- a/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/view/components/translations.ts +++ b/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/view/components/translations.ts @@ -6,7 +6,6 @@ */ import { i18n } from '@kbn/i18n'; -import type { ServerApiError } from '../../../../../common/types'; export const NAME_PLACEHOLDER = i18n.translate( 'xpack.securitySolution.hostIsolationExceptions.form.name.placeholder', @@ -63,67 +62,3 @@ export const IP_ERROR = i18n.translate( defaultMessage: 'The IP is invalid. Only IPv4 with optional CIDR is supported', } ); - -export const DELETE_HOST_ISOLATION_EXCEPTION_LABEL = i18n.translate( - 'xpack.securitySolution.hostIsolationExceptions.list.action.delete', - { - defaultMessage: 'Delete Exception', - } -); - -export const EDIT_HOST_ISOLATION_EXCEPTION_LABEL = i18n.translate( - 'xpack.securitySolution.hostIsolationExceptions.list.action.edit', - { - defaultMessage: 'Edit Exception', - } -); - -export const getCreateErrorMessage = (creationError: ServerApiError) => { - return i18n.translate( - 'xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.create', - { - defaultMessage: 'There was an error creating the exception: "{error}"', - values: { error: creationError.message }, - } - ); -}; - -export const getUpdateErrorMessage = (updateError: ServerApiError) => { - return i18n.translate( - 'xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.update', - { - defaultMessage: 'There was an error updating the exception: "{error}"', - values: { error: updateError.message }, - } - ); -}; - -export const getLoadErrorMessage = (getError: ServerApiError) => { - return i18n.translate( - 'xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.get', - { - defaultMessage: 'Unable to edit exception: "{error}"', - values: { error: getError.message }, - } - ); -}; - -export const getUpdateSuccessMessage = (name: string) => { - return i18n.translate( - 'xpack.securitySolution.hostIsolationExceptions.form.editingSuccessToastTitle', - { - defaultMessage: '"{name}" has been updated.', - values: { name }, - } - ); -}; - -export const getCreationSuccessMessage = (name: string) => { - return i18n.translate( - 'xpack.securitySolution.hostIsolationExceptions.form.creationSuccessToastTitle', - { - defaultMessage: '"{name}" has been added to the host isolation exceptions list.', - values: { name }, - } - ); -}; diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/models/policy_details_config.ts b/x-pack/plugins/security_solution/public/management/pages/policy/models/policy_details_config.ts index 724ade095694f..e4bf68d337bbf 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/models/policy_details_config.ts +++ b/x-pack/plugins/security_solution/public/management/pages/policy/models/policy_details_config.ts @@ -8,19 +8,6 @@ import { cloneDeep } from 'lodash'; import type { UIPolicyConfig } from '../../../../../common/endpoint/types'; -/** - * Returns value from `configuration` - */ -export const getIn = - (a: UIPolicyConfig) => - (key: Key) => - (subKey: SubKey) => - ( - leafKey: LeafKey - ): UIPolicyConfig[Key][SubKey][LeafKey] => { - return a[key][subKey][leafKey]; - }; - /** * Returns cloned `configuration` with `value` set by the `keyPath`. */ diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.ts b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.ts index 5109d1aedf458..2d7bbc8edfaef 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.ts +++ b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.ts @@ -5,19 +5,7 @@ * 2.0. */ -import type { PolicyDetailsState } from '../../types'; -import type { ImmutableReducer } from '../../../../../common/store'; -import type { AppAction } from '../../../../../common/store/actions'; -import type { Immutable } from '../../../../../../common/endpoint/types'; - export { policyDetailsMiddlewareFactory } from './middleware'; export { policyDetailsReducer, initialPolicyDetailsState } from './reducer'; -export interface EndpointPolicyDetailsStatePluginState { - policyDetails: Immutable; -} - -export interface EndpointPolicyDetailsStatePluginReducer { - policyDetails: ImmutableReducer; -} export type { PolicyDetailsAction } from './action'; diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/selectors/policy_settings_selectors.ts b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/selectors/policy_settings_selectors.ts index 0a83916d5fd08..04c5934a5b334 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/selectors/policy_settings_selectors.ts +++ b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/selectors/policy_settings_selectors.ts @@ -194,66 +194,6 @@ export const isCredentialHardeningEnabled = createSelector(policyConfig, (uiPoli return uiPolicyConfig.windows.attack_surface_reduction.credential_hardening.enabled; }); -/** Returns the total number of possible windows eventing configurations */ -export const totalWindowsEvents = (state: PolicyDetailsState): number => { - const config = policyConfig(state); - if (config) { - return Object.keys(config.windows.events).length; - } - return 0; -}; - -/** Returns the number of selected windows eventing configurations */ -export const selectedWindowsEvents = (state: PolicyDetailsState): number => { - const config = policyConfig(state); - if (config) { - return Object.values(config.windows.events).reduce((count, event) => { - return event === true ? count + 1 : count; - }, 0); - } - return 0; -}; - -/** Returns the total number of possible mac eventing configurations */ -export const totalMacEvents = (state: PolicyDetailsState): number => { - const config = policyConfig(state); - if (config) { - return Object.keys(config.mac.events).length; - } - return 0; -}; - -/** Returns the number of selected mac eventing configurations */ -export const selectedMacEvents = (state: PolicyDetailsState): number => { - const config = policyConfig(state); - if (config) { - return Object.values(config.mac.events).reduce((count, event) => { - return event === true ? count + 1 : count; - }, 0); - } - return 0; -}; - -/** Returns the total number of possible linux eventing configurations */ -export const totalLinuxEvents = (state: PolicyDetailsState): number => { - const config = policyConfig(state); - if (config) { - return Object.keys(config.linux.events).length; - } - return 0; -}; - -/** Returns the number of selected linux eventing configurations */ -export const selectedLinuxEvents = (state: PolicyDetailsState): number => { - const config = policyConfig(state); - if (config) { - return Object.values(config.linux.events).reduce((count, event) => { - return event === true ? count + 1 : count; - }, 0); - } - return 0; -}; - /** is there an api call in flight */ export const isLoading = (state: PolicyDetailsState) => state.isLoading; diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/types.ts b/x-pack/plugins/security_solution/public/management/pages/policy/types.ts index bd23160b2f15a..faa5677a5ad8c 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/types.ts +++ b/x-pack/plugins/security_solution/public/management/pages/policy/types.ts @@ -20,9 +20,6 @@ import type { PolicyData, UIPolicyConfig, MaybeImmutable, - GetTrustedAppsListResponse, - TrustedApp, - PutTrustedAppUpdateResponse, } from '../../../../common/endpoint/types'; import type { ServerApiError } from '../../../common/types'; import type { ImmutableMiddlewareAPI } from '../../../common/store'; @@ -71,16 +68,6 @@ export interface PolicyDetailsState { license?: ILicense; } -export interface PolicyAssignedTrustedApps { - location: PolicyDetailsArtifactsPageListLocationParams; - artifacts: GetTrustedAppsListResponse; -} - -export interface PolicyRemoveTrustedApps { - artifacts: TrustedApp[]; - response: PutTrustedAppUpdateResponse[]; -} - /** * Policy artifacts store state */ diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/exception_items_summary.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/exception_items_summary.tsx index 188bead260b06..98c41019c204e 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/exception_items_summary.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/ingest_manager_integration/endpoint_package_custom_extension/components/exception_items_summary.tsx @@ -39,12 +39,6 @@ const SUMMARY_LABELS: Readonly<{ [key in keyof GetExceptionSummaryResponse]: str ), }; -export const StyledEuiFlexGridGroup = styled(EuiFlexGroup)` - display: grid; - min-width: 240px; - grid-template-columns: 50% 50%; -`; - const StyledEuiFlexGroup = styled(EuiFlexGroup)<{ isSmall: boolean; }>` diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_hooks.ts b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_hooks.ts index 133089481d529..9ffef5333ca93 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_hooks.ts +++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_hooks.ts @@ -44,27 +44,6 @@ export function usePolicyDetailsSelector( ); } -export type NavigationCallback = ( - ...args: Parameters[0]> -) => Partial; - -export function usePolicyDetailsNavigateCallback() { - const location = usePolicyDetailsSelector(getCurrentArtifactsLocation); - const history = useHistory(); - const policyId = usePolicyDetailsSelector(policyIdFromParams); - - return useCallback( - (args: Partial) => - history.push( - getPolicyDetailsArtifactsListPath(policyId, { - ...location, - ...args, - }) - ), - [history, location, policyId] - ); -} - export function usePolicyDetailsArtifactsNavigateCallback(listId: string) { const location = usePolicyDetailsSelector(getCurrentArtifactsLocation); const history = useHistory(); diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/vertical_divider.ts b/x-pack/plugins/security_solution/public/management/pages/policy/view/vertical_divider.ts deleted file mode 100644 index b1b26737e9eab..0000000000000 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/vertical_divider.ts +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import styled from 'styled-components'; - -type SpacingOptions = 'xs' | 's' | 'm' | 'l' | 'xl'; - -/** - * A vertical divider - show a vertical line that spans 100% of the height of its parent container. - * Ideal for use (for example) in `EuiFlexItem` - * - * @param [spacing] optional horizontal spacing (on each side of the vertical line). Uses the value `EuiSpacer` - * - */ -export const VerticalDivider = styled.div<{ spacing?: SpacingOptions }>` - width: 0; - height: 100%; - border-left: ${(props) => props.theme.eui.euiBorderThin}; - margin-left: ${(props) => { - const size = props?.spacing && `euiSize${props.spacing.toUpperCase()}`; - return size ? props.theme.eui[size] : 0; - }}; - margin-right: ${(props) => { - const size = props?.spacing && `euiSize${props.spacing.toUpperCase()}`; - return size ? props.theme.eui[size] : 0; - }}; -`; diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/service/errors.ts b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/service/errors.ts deleted file mode 100644 index bcfff3f4bf360..0000000000000 --- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/service/errors.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { EndpointError } from '../../../../../common/endpoint/errors'; - -export class HttpRequestValidationError extends EndpointError { - public readonly body: { message: string }; - constructor(validationFailures: string[]) { - super('Invalid trusted application', validationFailures); - // Attempts to mirror an HTTP API error body - this.body = { - message: validationFailures.join(', ') ?? 'unknown', - }; - } -} diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/service/mappers.ts b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/service/mappers.ts index 791df4cd130bd..987582ea2e9ad 100644 --- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/service/mappers.ts +++ b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/service/mappers.ts @@ -5,108 +5,21 @@ * 2.0. */ -import type { - CreateExceptionListItemSchema, - ExceptionListItemSchema, - OsType, - UpdateExceptionListItemSchema, -} from '@kbn/securitysolution-io-ts-list-types'; +import type { CreateExceptionListItemSchema, OsType } from '@kbn/securitysolution-io-ts-list-types'; import { ENDPOINT_TRUSTED_APPS_LIST_ID } from '@kbn/securitysolution-list-constants'; -import { ConditionEntryField, OperatingSystem } from '@kbn/securitysolution-utils'; -import type { - EffectScope, - NewTrustedApp, - TrustedApp, - TrustedAppConditionEntry, - UpdateTrustedApp, - ConditionEntriesMap, -} from '../../../../../common/endpoint/types'; -import { tagsToEffectScope } from '../../../../../common/endpoint/service/trusted_apps/mapping'; +import { OperatingSystem } from '@kbn/securitysolution-utils'; +import type { EffectScope, NewTrustedApp } from '../../../../../common/endpoint/types'; import { BY_POLICY_ARTIFACT_TAG_PREFIX } from '../../../../../common/endpoint/service/artifacts/constants'; -import { - conditionEntriesToEntries, - entriesToConditionEntriesMap, -} from '../../../../common/utils/exception_list_items'; +import { conditionEntriesToEntries } from '../../../../common/utils/exception_list_items'; type Mapping = { [K in T]: U }; -const OS_TYPE_TO_OPERATING_SYSTEM: Mapping = { - linux: OperatingSystem.LINUX, - macos: OperatingSystem.MAC, - windows: OperatingSystem.WINDOWS, -}; - const OPERATING_SYSTEM_TO_OS_TYPE: Mapping = { [OperatingSystem.LINUX]: 'linux', [OperatingSystem.MAC]: 'macos', [OperatingSystem.WINDOWS]: 'windows', }; -const filterUndefined = (list: Array): T[] => { - return list.filter((item: T | undefined): item is T => item !== undefined); -}; - -/** - * Map an ExceptionListItem to a TrustedApp item - * @param exceptionListItem - */ -export const exceptionListItemToTrustedApp = ( - exceptionListItem: ExceptionListItemSchema -): TrustedApp => { - if (exceptionListItem.os_types[0]) { - const os = osFromExceptionItem(exceptionListItem); - let groupedWin: ConditionEntriesMap = {}; - let groupedMacLinux: ConditionEntriesMap< - TrustedAppConditionEntry - > = {}; - if (os === OperatingSystem.WINDOWS) { - groupedWin = entriesToConditionEntriesMap( - exceptionListItem.entries - ); - } else { - groupedMacLinux = entriesToConditionEntriesMap< - TrustedAppConditionEntry - >(exceptionListItem.entries); - } - - return { - id: exceptionListItem.item_id, - version: exceptionListItem._version || '', - name: exceptionListItem.name, - description: exceptionListItem.description, - effectScope: tagsToEffectScope(exceptionListItem.tags), - created_at: exceptionListItem.created_at, - created_by: exceptionListItem.created_by, - updated_at: exceptionListItem.updated_at, - updated_by: exceptionListItem.updated_by, - ...(os === OperatingSystem.LINUX || os === OperatingSystem.MAC - ? { - os, - entries: filterUndefined< - TrustedAppConditionEntry - >([ - groupedMacLinux[ConditionEntryField.HASH], - groupedMacLinux[ConditionEntryField.PATH], - ]), - } - : { - os, - entries: filterUndefined([ - groupedWin[ConditionEntryField.HASH], - groupedWin[ConditionEntryField.PATH], - groupedWin[ConditionEntryField.SIGNER], - ]), - }), - }; - } else { - throw new Error('Unknown Operating System assigned to trusted application.'); - } -}; - -const osFromExceptionItem = (exceptionListItem: ExceptionListItemSchema): TrustedApp['os'] => { - return OS_TYPE_TO_OPERATING_SYSTEM[exceptionListItem.os_types[0]]; -}; - const effectScopeToTags = (effectScope: EffectScope) => { if (effectScope.type === 'policy') { return effectScope.policies.map((policy) => `${BY_POLICY_ARTIFACT_TAG_PREFIX}${policy}`); @@ -138,38 +51,3 @@ export const newTrustedAppToCreateExceptionListItem = ({ type: 'simple', }; }; - -/** - * Map UpdateTrustedApp to UpdateExceptionListItemOptions - * - * @param {ExceptionListItemSchema} currentTrustedAppExceptionItem - * @param {UpdateTrustedApp} updatedTrustedApp - */ -export const updatedTrustedAppToUpdateExceptionListItem = ( - { - id, - item_id: itemId, - namespace_type: namespaceType, - type, - comments, - meta, - }: ExceptionListItemSchema, - { os, entries, name, description = '', effectScope, version }: UpdateTrustedApp -): UpdateExceptionListItemSchema => { - return { - _version: version, - name, - description, - entries: conditionEntriesToEntries(entries, true), - os_types: [OPERATING_SYSTEM_TO_OS_TYPE[os]], - tags: effectScopeToTags(effectScope), - - // Copied from current trusted app exception item - id, - comments, - item_id: itemId, - meta, - namespace_type: namespaceType, - type, - }; -}; diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/translations.ts b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/translations.ts index d27b727c40a66..c19b3c78d0f8c 100644 --- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/translations.ts +++ b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/translations.ts @@ -13,12 +13,6 @@ import type { OperatorFieldIds, } from '../../../../../common/endpoint/types'; -export const ABOUT_TRUSTED_APPS = i18n.translate('xpack.securitySolution.trustedapps.aboutInfo', { - defaultMessage: - 'Add a trusted application to improve performance or alleviate conflicts with other applications running on ' + - 'your hosts.', -}); - export const NAME_LABEL = i18n.translate('xpack.securitySolution.trustedApps.name.label', { defaultMessage: 'Name', }); diff --git a/x-pack/plugins/security_solution/public/management/services/policies/ingest.ts b/x-pack/plugins/security_solution/public/management/services/policies/ingest.ts index 3fa2a14387c96..b77ab8a725ecf 100644 --- a/x-pack/plugins/security_solution/public/management/services/policies/ingest.ts +++ b/x-pack/plugins/security_solution/public/management/services/policies/ingest.ts @@ -9,8 +9,6 @@ import type { HttpFetchOptions, HttpStart } from '@kbn/core/public'; import type { GetAgentStatusResponse, GetAgentsResponse, - DeletePackagePoliciesResponse, - DeletePackagePoliciesRequest, GetPackagesResponse, GetAgentPoliciesRequest, GetAgentPoliciesResponse, @@ -24,7 +22,6 @@ export const INGEST_API_AGENT_POLICIES = `${INGEST_API_ROOT}/agent_policies`; const INGEST_API_FLEET_AGENT_STATUS = `${INGEST_API_ROOT}/agent_status`; export const INGEST_API_FLEET_AGENTS = `${INGEST_API_ROOT}/agents`; export const INGEST_API_EPM_PACKAGES = `${INGEST_API_ROOT}/epm/packages`; -const INGEST_API_DELETE_PACKAGE_POLICY = `${INGEST_API_PACKAGE_POLICIES}/delete`; /** * Retrieves a single package policy based on ID from ingest @@ -40,23 +37,6 @@ export const sendGetPackagePolicy = ( return http.get(`${INGEST_API_PACKAGE_POLICIES}/${packagePolicyId}`, options); }; -/** - * Retrieves a single package policy based on ID from ingest - * @param http - * @param body - * @param options - */ -export const sendDeletePackagePolicy = ( - http: HttpStart, - body: DeletePackagePoliciesRequest, - options?: HttpFetchOptions -) => { - return http.post(INGEST_API_DELETE_PACKAGE_POLICY, { - ...options, - body: JSON.stringify(body.body), - }); -}; - /** * Retrieve a list of Agent Policies * @param http diff --git a/x-pack/plugins/security_solution/public/network/components/embeddables/translations.ts b/x-pack/plugins/security_solution/public/network/components/embeddables/translations.ts index 488661931ae97..42b29eb09b97e 100644 --- a/x-pack/plugins/security_solution/public/network/components/embeddables/translations.ts +++ b/x-pack/plugins/security_solution/public/network/components/embeddables/translations.ts @@ -63,13 +63,6 @@ export const LINE_LAYER = i18n.translate( } ); -export const ERROR_CONFIGURING_EMBEDDABLES_API = i18n.translate( - 'xpack.securitySolution.components.embeddables.embeddedMap.errorConfiguringEmbeddableApiTitle', - { - defaultMessage: 'Error configuring Embeddables API', - } -); - export const ERROR_CREATING_EMBEDDABLE = i18n.translate( 'xpack.securitySolution.components.embeddables.embeddedMap.errorCreatingMapEmbeddableTitle', { @@ -91,13 +84,6 @@ export const ERROR_BUTTON = i18n.translate( } ); -export const FILTER_FOR_VALUE = i18n.translate( - 'xpack.securitySolution.components.embeddables.mapToolTip.filterForValueHoverAction', - { - defaultMessage: 'Filter for value', - } -); - export const MAP_TOOL_TIP_ERROR = i18n.translate( 'xpack.securitySolution.components.embeddables.mapToolTip.errorTitle', { diff --git a/x-pack/plugins/security_solution/public/network/components/embeddables/types.ts b/x-pack/plugins/security_solution/public/network/components/embeddables/types.ts index c6e32210f7835..a75fea895bef8 100644 --- a/x-pack/plugins/security_solution/public/network/components/embeddables/types.ts +++ b/x-pack/plugins/security_solution/public/network/components/embeddables/types.ts @@ -28,14 +28,4 @@ export interface LayerMappingCollection { [indexPatternTitle: string]: LayerMapping; } -export interface MapFeature { - id: number; - layerId: string; -} - -export interface FeatureGeometry { - coordinates: [number]; - type: string; -} - export type MapToolTipProps = Partial; diff --git a/x-pack/plugins/security_solution/public/network/components/kpi_network/mock.ts b/x-pack/plugins/security_solution/public/network/components/kpi_network/mock.ts index 3220101bf226f..07ff974e1f3c7 100644 --- a/x-pack/plugins/security_solution/public/network/components/kpi_network/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/kpi_network/mock.ts @@ -76,85 +76,6 @@ export const mockNoChartMappings: Readonly = [ }, ]; -export const mockDisableChartsInitialData = { - fields: [ - { - key: 'uniqueSourcePrivateIps', - value: undefined, - name: 'Src.', - description: 'source', - color: '#D36086', - icon: 'visMapCoordinate', - }, - { - key: 'uniqueDestinationPrivateIps', - value: undefined, - name: 'Dest.', - description: 'destination', - color: '#9170B8', - icon: 'visMapCoordinate', - }, - ], - description: 'Unique private IPs', - enableAreaChart: false, - enableBarChart: false, - areaChart: undefined, - barChart: undefined, -}; - -export const mockEnableChartsInitialData = { - fields: [ - { - key: 'uniqueSourcePrivateIps', - value: undefined, - name: 'Src.', - description: 'source', - color: '#D36086', - icon: 'visMapCoordinate', - lensAttributes: kpiUniquePrivateIpsSourceMetricLensAttributes, - }, - { - key: 'uniqueDestinationPrivateIps', - value: undefined, - name: 'Dest.', - description: 'destination', - color: '#9170B8', - icon: 'visMapCoordinate', - lensAttributes: kpiUniquePrivateIpsDestinationMetricLensAttributes, - }, - ], - description: 'Unique private IPs', - enableAreaChart: true, - enableBarChart: true, - areaChartLensAttributes: kpiUniquePrivateIpsAreaLensAttributes, - barChartLensAttributes: kpiUniquePrivateIpsBarLensAttributes, - areaChart: [], - barChart: [ - { - color: '#D36086', - key: 'uniqueSourcePrivateIps', - value: [ - { - g: 'uniqueSourcePrivateIps', - x: 'Src.', - y: null, - }, - ], - }, - { - color: '#9170B8', - key: 'uniqueDestinationPrivateIps', - value: [ - { - g: 'uniqueDestinationPrivateIps', - x: 'Dest.', - y: null, - }, - ], - }, - ], -}; - export const mockEnableChartsData = { areaChart: [ { diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/translations.ts b/x-pack/plugins/security_solution/public/network/containers/network_dns/translations.ts index efbccc03e21a2..891e85fc96a44 100644 --- a/x-pack/plugins/security_solution/public/network/containers/network_dns/translations.ts +++ b/x-pack/plugins/security_solution/public/network/containers/network_dns/translations.ts @@ -13,10 +13,3 @@ export const ERROR_NETWORK_DNS = i18n.translate( defaultMessage: `An error has occurred on network dns search`, } ); - -export const FAIL_NETWORK_DNS = i18n.translate( - 'xpack.securitySolution.networkDns.failSearchDescription', - { - defaultMessage: `Failed to run search on network dns`, - } -); diff --git a/x-pack/plugins/security_solution/public/network/containers/network_http/translations.ts b/x-pack/plugins/security_solution/public/network/containers/network_http/translations.ts index fa997156f9171..43a59d22cea3c 100644 --- a/x-pack/plugins/security_solution/public/network/containers/network_http/translations.ts +++ b/x-pack/plugins/security_solution/public/network/containers/network_http/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const ERROR_NETWORK_HTTP = i18n.translate( - 'xpack.securitySolution.networkHttp.errorSearchDescription', - { - defaultMessage: `An error has occurred on network http search`, - } -); - export const FAIL_NETWORK_HTTP = i18n.translate( 'xpack.securitySolution.networkHttp.failSearchDescription', { diff --git a/x-pack/plugins/security_solution/public/network/containers/network_top_countries/translations.ts b/x-pack/plugins/security_solution/public/network/containers/network_top_countries/translations.ts index 1cf580b6d3132..3e373f026f275 100644 --- a/x-pack/plugins/security_solution/public/network/containers/network_top_countries/translations.ts +++ b/x-pack/plugins/security_solution/public/network/containers/network_top_countries/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const ERROR_NETWORK_TOP_COUNTRIES = i18n.translate( - 'xpack.securitySolution.networkTopCountries.errorSearchDescription', - { - defaultMessage: `An error has occurred on network top countries search`, - } -); - export const FAIL_NETWORK_TOP_COUNTRIES = i18n.translate( 'xpack.securitySolution.networkTopCountries.failSearchDescription', { diff --git a/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/translations.ts b/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/translations.ts index d17fb10479c9e..4dba32e67cc9f 100644 --- a/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/translations.ts +++ b/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const ERROR_NETWORK_TOP_N_FLOW = i18n.translate( - 'xpack.securitySolution.networkTopNFlow.errorSearchDescription', - { - defaultMessage: `An error has occurred on network top n flow search`, - } -); - export const FAIL_NETWORK_TOP_N_FLOW = i18n.translate( 'xpack.securitySolution.networkTopNFlow.failSearchDescription', { diff --git a/x-pack/plugins/security_solution/public/network/pages/details/types.ts b/x-pack/plugins/security_solution/public/network/pages/details/types.ts index 6e7250607ee09..26d27f26415f8 100644 --- a/x-pack/plugins/security_solution/public/network/pages/details/types.ts +++ b/x-pack/plugins/security_solution/public/network/pages/details/types.ts @@ -5,14 +5,8 @@ * 2.0. */ -import type { DataViewBase } from '@kbn/es-query'; - import type { ESTermQuery } from '../../../../common/typed_json'; import { NetworkType } from '../../store/model'; -import type { - FlowTarget, - FlowTargetSourceDest, -} from '../../../../common/search_strategy/security_solution'; import type { GlobalTimeArgs } from '../../../common/containers/use_global_time'; export const type = NetworkType.details; @@ -27,16 +21,3 @@ export interface OwnProps { skip: boolean; setQuery: GlobalTimeArgs['setQuery']; } - -export type NetworkComponentsQueryProps = OwnProps & { - flowTarget: FlowTarget; -}; - -export type TlsQueryTableComponentProps = OwnProps & { - flowTarget: FlowTargetSourceDest; -}; - -export type NetworkWithIndexComponentsQueryTableProps = OwnProps & { - flowTarget: FlowTargetSourceDest; - indexPattern: DataViewBase; -}; diff --git a/x-pack/plugins/security_solution/public/network/pages/translations.ts b/x-pack/plugins/security_solution/public/network/pages/translations.ts index f7c1f1c7e06ac..d461e45ab4534 100644 --- a/x-pack/plugins/security_solution/public/network/pages/translations.ts +++ b/x-pack/plugins/security_solution/public/network/pages/translations.ts @@ -7,10 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const KQL_PLACEHOLDER = i18n.translate('xpack.securitySolution.network.kqlPlaceholder', { - defaultMessage: 'e.g. source.ip: "foo"', -}); - export const PAGE_TITLE = i18n.translate('xpack.securitySolution.network.pageTitle', { defaultMessage: 'Network', }); diff --git a/x-pack/plugins/security_solution/public/network/store/model.ts b/x-pack/plugins/security_solution/public/network/store/model.ts index 4ba7d331f8880..b1bf415e3cb08 100644 --- a/x-pack/plugins/security_solution/public/network/store/model.ts +++ b/x-pack/plugins/security_solution/public/network/store/model.ts @@ -45,8 +45,6 @@ export type TopCountriesTableType = export type TopTlsTableType = NetworkDetailsTableType.tls | NetworkTableType.tls; -export type HttpTableType = NetworkDetailsTableType.http | NetworkTableType.http; - export enum NetworkDetailsTableType { http = 'http', tls = 'tls', @@ -57,8 +55,6 @@ export enum NetworkDetailsTableType { users = 'users', } -export type AllNetworkTables = NetworkTableType | NetworkDetailsTableType; - export interface BasicQueryPaginated { activePage: number; limit: number; diff --git a/x-pack/plugins/security_solution/public/overview/components/detection_response/cases_by_status/cases_by_status.tsx b/x-pack/plugins/security_solution/public/overview/components/detection_response/cases_by_status/cases_by_status.tsx index 0fce509b6b280..e71935d217c55 100644 --- a/x-pack/plugins/security_solution/public/overview/components/detection_response/cases_by_status/cases_by_status.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/detection_response/cases_by_status/cases_by_status.tsx @@ -86,24 +86,6 @@ const barColors = { closed: '#d3dae6', }; -export const emptyChartSettings = [ - { - key: 'open', - value: [{ y: 20, x: STATUS_OPEN, g: STATUS_OPEN }], - color: barColors.empty, - }, - { - key: 'in-progress', - value: [{ y: 20, x: STATUS_IN_PROGRESS, g: STATUS_IN_PROGRESS }], - color: barColors.empty, - }, - { - key: 'closed', - value: [{ y: 20, x: STATUS_CLOSED, g: STATUS_CLOSED }], - color: barColors.empty, - }, -]; - const StyledEuiFlexItem = styled(EuiFlexItem)` align-items: center; width: 70%; diff --git a/x-pack/plugins/security_solution/public/overview/components/detection_response/translations.ts b/x-pack/plugins/security_solution/public/overview/components/detection_response/translations.ts index ab9336af7f734..99a1fb63224ac 100644 --- a/x-pack/plugins/security_solution/public/overview/components/detection_response/translations.ts +++ b/x-pack/plugins/security_solution/public/overview/components/detection_response/translations.ts @@ -153,12 +153,6 @@ export const OPEN_RULE_DETAIL_TOOLTIP = i18n.translate( defaultMessage: 'Open rule detail', } ); -export const OPEN_RULE_ALERTS_TOOLTIP = i18n.translate( - 'xpack.securitySolution.detectionResponse.openRuleAlertsTooltip', - { - defaultMessage: 'Open rule alerts', - } -); export const OPEN_ALL_ALERTS_BUTTON = i18n.translate( 'xpack.securitySolution.detectionResponse.openAllAlertsButton', @@ -167,13 +161,6 @@ export const OPEN_ALL_ALERTS_BUTTON = i18n.translate( } ); -export const VIEW_ALL_USER_ALERTS = i18n.translate( - 'xpack.securitySolution.detectionResponse.viewAllUserAlerts', - { - defaultMessage: 'View all users', - } -); - export const VIEW_RECENT_CASES = i18n.translate( 'xpack.securitySolution.detectionResponse.viewRecentCases', { @@ -181,13 +168,6 @@ export const VIEW_RECENT_CASES = i18n.translate( } ); -export const VIEW_ALL_HOST_ALERTS = i18n.translate( - 'xpack.securitySolution.detectionResponse.viewAllHostAlerts', - { - defaultMessage: 'View all hosts', - } -); - export const HOST_ALERTS_HOSTNAME_COLUMN = i18n.translate( 'xpack.securitySolution.detectionResponse.hostAlertsHostName', { diff --git a/x-pack/plugins/security_solution/public/overview/components/events_by_dataset/__mocks__/index.tsx b/x-pack/plugins/security_solution/public/overview/components/events_by_dataset/__mocks__/index.tsx deleted file mode 100644 index dd7e58c7a99ef..0000000000000 --- a/x-pack/plugins/security_solution/public/overview/components/events_by_dataset/__mocks__/index.tsx +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export const EventsByDataset = () => 'mock EventsByDataset'; diff --git a/x-pack/plugins/security_solution/public/overview/components/overview_cti_links/mock.ts b/x-pack/plugins/security_solution/public/overview/components/overview_cti_links/mock.ts index f631084d880bf..facc993da117c 100644 --- a/x-pack/plugins/security_solution/public/overview/components/overview_cti_links/mock.ts +++ b/x-pack/plugins/security_solution/public/overview/components/overview_cti_links/mock.ts @@ -23,21 +23,6 @@ export const mockTiDataSources = { ], }; -export const mockEventCountsByDataset = { - abuseurl: 1, - abusemalware: 1, - alienvaultotx: 0, - anomali: 2, - anomalithreatstream: 0, - malwarebazaar: 2, - misp: 4, -}; - -export const mockCtiEventCountsResponse = { - eventCountsByDataset: mockEventCountsByDataset, - totalCount: 10, -}; - export const mockCtiLinksResponse = { listItems: [ { title: 'abuseurl', count: 1, path: '/dashboard_path_abuseurl' }, @@ -50,20 +35,6 @@ export const mockCtiLinksResponse = { ], }; -export const mockEmptyCtiLinksResponse = { - isPluginDisabled: false, - buttonHref: '/button', - listItems: [ - { title: 'abuseurl', count: 0, path: '/dashboard_path_abuseurl' }, - { title: 'abusemalware', count: 0, path: '/dashboard_path_abusemalware' }, - { title: 'alienvaultotx', count: 0, path: '/dashboard_path_alienvaultotx' }, - { title: 'anomali', count: 0, path: '/dashboard_path_anomali' }, - { title: 'anomalithreatstream', count: 0, path: '/dashboard_path_anomalithreatstream' }, - { title: 'malwarebazaar', count: 0, path: '/dashboard_path_malwarebazaar' }, - { title: 'misp', count: 0, path: '/dashboard_path_misp' }, - ], -}; - export const mockProps = { to: '2020-01-20T20:49:57.080Z', from: '2020-01-21T20:49:57.080Z', @@ -74,16 +45,3 @@ export const mockProps = { { dataset: 'ti_abusech', name: 'AbuseCH', count: 5, path: '/dashboard_path_abuseurl' }, ], }; - -export const mockCtiWithEventsProps = { - ...mockProps, - ...mockCtiEventCountsResponse, -}; - -export const mockThreatIntelPanelViewProps = { - buttonHref: '/button_href', - isPluginDisabled: false, - listItems: mockCtiLinksResponse.listItems, - splitPanel: undefined, - totalEventCount: 1337, -}; diff --git a/x-pack/plugins/security_solution/public/overview/components/overview_cti_links/translations.ts b/x-pack/plugins/security_solution/public/overview/components/overview_cti_links/translations.ts index ab3c9559ea291..87a5178a1d5ca 100644 --- a/x-pack/plugins/security_solution/public/overview/components/overview_cti_links/translations.ts +++ b/x-pack/plugins/security_solution/public/overview/components/overview_cti_links/translations.ts @@ -7,42 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const INFO_TITLE = i18n.translate( - 'xpack.securitySolution.overview.ctiDashboardInfoPanelTitle', - { - defaultMessage: 'Enable Kibana dashboard to view sources', - } -); - -export const INFO_BODY = i18n.translate( - 'xpack.securitySolution.overview.ctiDashboardInfoPanelBody', - { - defaultMessage: - 'Follow this guide to enable your dashboard so that you can view your sources in visualizations.', - } -); - -export const INFO_BUTTON = i18n.translate( - 'xpack.securitySolution.overview.ctiDashboardInfoPanelButton', - { - defaultMessage: 'How to load Kibana dashboards', - } -); - -export const WARNING_TITLE = i18n.translate( - 'xpack.securitySolution.overview.ctiDashboardWarningPanelTitle', - { - defaultMessage: 'No threat intel data available to display', - } -); - -export const WARNING_BODY = i18n.translate( - 'xpack.securitySolution.overview.ctiDashboardWarningPanelBody', - { - defaultMessage: `We haven't detected any data from the selected time range, please try to search for another time range.`, - } -); - export const DANGER_TITLE = i18n.translate( 'xpack.securitySolution.overview.ctiDashboardDangerPanelTitle', { diff --git a/x-pack/plugins/security_solution/public/overview/components/recent_timelines/translations.ts b/x-pack/plugins/security_solution/public/overview/components/recent_timelines/translations.ts index d0578ba0b4bec..8e590378d2a38 100644 --- a/x-pack/plugins/security_solution/public/overview/components/recent_timelines/translations.ts +++ b/x-pack/plugins/security_solution/public/overview/components/recent_timelines/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const ERROR_RETRIEVING_USER_DETAILS = i18n.translate( - 'xpack.securitySolution.recentTimelines.errorRetrievingUserDetailsMessage', - { - defaultMessage: 'Recent Timelines: An error occurred while retrieving user details', - } -); - export const FAVORITES = i18n.translate( 'xpack.securitySolution.recentTimelines.favoritesButtonLabel', { diff --git a/x-pack/plugins/security_solution/public/overview/containers/overview_cti_links/api.ts b/x-pack/plugins/security_solution/public/overview/containers/overview_cti_links/api.ts deleted file mode 100644 index a121efed34779..0000000000000 --- a/x-pack/plugins/security_solution/public/overview/containers/overview_cti_links/api.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import { EPM_API_ROUTES } from '@kbn/fleet-plugin/common'; -import { KibanaServices } from '../../../common/lib/kibana'; - -export interface IntegrationResponse { - id: string; - status: string; - savedObject?: { - attributes?: { - installed_kibana: Array<{ - type: string; - id: string; - }>; - }; - }; -} - -export const fetchFleetIntegrations = () => - KibanaServices.get().http.fetch<{ - response: IntegrationResponse[]; - }>(EPM_API_ROUTES.LIST_PATTERN, { - method: 'GET', - }); diff --git a/x-pack/plugins/security_solution/public/overview/containers/overview_host/translations.ts b/x-pack/plugins/security_solution/public/overview/containers/overview_host/translations.ts index b9787b218f813..7b8f9363e9c2b 100644 --- a/x-pack/plugins/security_solution/public/overview/containers/overview_host/translations.ts +++ b/x-pack/plugins/security_solution/public/overview/containers/overview_host/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const ERROR_HOST_OVERVIEW = i18n.translate( - 'xpack.securitySolution.allHost.errorSearchDescription', - { - defaultMessage: `An error has occurred on all hosts search`, - } -); - export const FAIL_HOST_OVERVIEW = i18n.translate( 'xpack.securitySolution.allHost.failSearchDescription', { diff --git a/x-pack/plugins/security_solution/public/overview/pages/translations.ts b/x-pack/plugins/security_solution/public/overview/pages/translations.ts index 414326dd0539b..4dc99c8850b64 100644 --- a/x-pack/plugins/security_solution/public/overview/pages/translations.ts +++ b/x-pack/plugins/security_solution/public/overview/pages/translations.ts @@ -18,17 +18,6 @@ export const NEWS_FEED_TITLE = i18n.translate( } ); -export const PAGE_SUBTITLE = i18n.translate('xpack.securitySolution.overview.pageSubtitle', { - defaultMessage: 'Security Information & Event Management with the Elastic Stack', -}); - -export const RECENT_CASES = i18n.translate( - 'xpack.securitySolution.overview.recentCasesSidebarTitle', - { - defaultMessage: 'Recent cases', - } -); - export const RECENT_TIMELINES = i18n.translate( 'xpack.securitySolution.overview.recentTimelinesSidebarTitle', { diff --git a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children_with_related_events_and_cursor_on_origin.ts b/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children_with_related_events_and_cursor_on_origin.ts deleted file mode 100644 index 79a2eb23a671f..0000000000000 --- a/x-pack/plugins/security_solution/public/resolver/data_access_layer/mocks/no_ancestors_two_children_with_related_events_and_cursor_on_origin.ts +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { DataAccessLayer, TimeRange } from '../../types'; -import { - mockTreeWithNoAncestorsAndTwoChildrenAndRelatedEventsOnOrigin, - firstRelatedEventID, - secondRelatedEventID, -} from '../../mocks/resolver_tree'; -import type { - ResolverRelatedEvents, - ResolverEntityIndex, - SafeResolverEvent, - ResolverNode, - ResolverSchema, -} from '../../../../common/endpoint/types'; -import * as eventModel from '../../../../common/endpoint/models/event'; - -interface Metadata { - /** - * The `_id` of the document being analyzed. - */ - databaseDocumentID: string; - /** - * A record of entityIDs to be used in tests assertions. - */ - entityIDs: { - /** - * The entityID of the node related to the document being analyzed. - */ - origin: 'origin'; - /** - * The entityID of the first child of the origin. - */ - firstChild: 'firstChild'; - /** - * The entityID of the second child of the origin. - */ - secondChild: 'secondChild'; - }; -} - -/** - * See the other mock `noAncestorsTwoChildrenWithRelatedEventsOnOrigin` but this one - * has one of the related events "after" the first (i.e. you have to call with `after` to - * get the second one). - */ -export function noAncestorsTwoChildrenWithRelatedEventsOnOriginWithOneAfterCursor(): { - dataAccessLayer: DataAccessLayer; - metadata: Metadata; -} { - const metadata: Metadata = { - databaseDocumentID: '_id', - entityIDs: { origin: 'origin', firstChild: 'firstChild', secondChild: 'secondChild' }, - }; - const { tree, relatedEvents, nodeDataResponse } = - mockTreeWithNoAncestorsAndTwoChildrenAndRelatedEventsOnOrigin({ - originID: metadata.entityIDs.origin, - firstChildID: metadata.entityIDs.firstChild, - secondChildID: metadata.entityIDs.secondChild, - }); - - return { - metadata, - dataAccessLayer: { - /** - * Fetch related events for an entity ID - */ - async relatedEvents({ - entityID, - timeRange, - indexPatterns, - }: { - entityID: string; - timeRange: TimeRange; - indexPatterns: string[]; - }): Promise { - /** - * Respond with the mocked related events when the origin's related events are fetched. - **/ - const events = entityID === metadata.entityIDs.origin ? relatedEvents.events : []; - - return { - entityID, - events, - nextEvent: null, - }; - }, - - /** - * Any of the origin's related events by category. - * `entityID` must match the origin node's `process.entity_id`. - * These are split by the `after` cursor: Calling without the cursor will - * return the first event, calling with the cursor set to the id of the first event - * will return the second. - */ - async eventsWithEntityIDAndCategory({ - entityID, - category, - after, - timeRange, - indexPatterns, - }: { - entityID: string; - category: string; - after?: string; - timeRange: TimeRange; - indexPatterns: string[]; - }): Promise<{ events: SafeResolverEvent[]; nextEvent: string | null }> { - /** - * For testing: This 'fakes' the behavior of one related event being `after` - * a cursor for an earlier event. - * @param event A `SafeResolverEvent` to filter - */ - function splitOnCursor(event: SafeResolverEvent) { - if (typeof after === 'undefined') { - return eventModel.eventID(event) === firstRelatedEventID; - } - if (after === firstRelatedEventID) { - return eventModel.eventID(event) === secondRelatedEventID; - } - return false; - } - - const events = - entityID === metadata.entityIDs.origin - ? relatedEvents.events.filter( - (event) => - eventModel.eventCategory(event).includes(category) && splitOnCursor(event) - ) - : []; - return { - events, - nextEvent: typeof after === 'undefined' ? firstRelatedEventID : null, - }; - }, - - /** - * Any of the origin's related events by event.id - */ - async event({ - nodeID, - eventID, - eventCategory, - eventTimestamp, - winlogRecordID, - timeRange, - indexPatterns, - }: { - nodeID: string; - eventCategory: string[]; - eventTimestamp: string; - eventID?: string | number; - winlogRecordID: string; - timeRange: TimeRange; - indexPatterns: string[]; - }): Promise { - return relatedEvents.events.find((event) => eventModel.eventID(event) === eventID) ?? null; - }, - - /** - * Returns a static array of events. Ignores request parameters. - */ - async nodeData({ - ids, - timeRange, - indexPatterns, - limit, - }: { - ids: string[]; - timeRange: TimeRange; - indexPatterns: string[]; - limit: number; - }): Promise { - return nodeDataResponse; - }, - - /** - * Fetch a ResolverTree for a entityID - */ - async resolverTree({ - dataId, - schema, - timeRange, - indices, - ancestors, - descendants, - }: { - dataId: string; - schema: ResolverSchema; - timeRange: TimeRange; - indices: string[]; - ancestors: number; - descendants: number; - }): Promise { - return tree.nodes; - }, - - /** - * Get entities matching a document. - */ - async entities(): Promise { - return [ - { - name: 'endpoint', - schema: { - id: 'process.entity_id', - parent: 'process.parent.entity_id', - ancestry: 'process.Ext.ancestry', - name: 'process.name', - }, - id: metadata.entityIDs.origin, - }, - ]; - }, - }, - }; -} diff --git a/x-pack/plugins/security_solution/public/resolver/models/process_event.ts b/x-pack/plugins/security_solution/public/resolver/models/process_event.ts index 025a5c75324fd..3d91cdd9a72a4 100644 --- a/x-pack/plugins/security_solution/public/resolver/models/process_event.ts +++ b/x-pack/plugins/security_solution/public/resolver/models/process_event.ts @@ -16,15 +16,6 @@ import type { } from '../../../common/endpoint/types'; import type { ResolverProcessType } from '../types'; -/** - * Returns true if the process's eventType is either 'processCreated' or 'processRan'. - * Resolver will only render 'graphable' process events. - * - */ -export function isGraphableProcess(passedEvent: SafeResolverEvent) { - return eventType(passedEvent) === 'processCreated' || eventType(passedEvent) === 'processRan'; -} - /** * Returns true if the process was terminated. */ @@ -88,17 +79,6 @@ export function eventType(passedEvent: SafeResolverEvent): ResolverProcessType { return 'unknownEvent'; } -/** - * Returns the process event's PID - */ -export function uniquePidForProcess(passedEvent: ResolverEvent): string { - if (eventModel.isLegacyEvent(passedEvent)) { - return String(passedEvent.endgame.unique_pid); - } else { - return passedEvent.process.entity_id; - } -} - /** * Returns the PID for the process on the host */ @@ -108,17 +88,6 @@ export function processPID(event: SafeResolverEvent): number | undefined { ); } -/** - * Returns the process event's parent PID - */ -export function uniqueParentPidForProcess(passedEvent: ResolverEvent): string | undefined { - if (eventModel.isLegacyEvent(passedEvent)) { - return String(passedEvent.endgame.unique_ppid); - } else { - return passedEvent.process.parent?.entity_id; - } -} - /** * Returns the process event's path on its host */ @@ -139,20 +108,6 @@ export function userInfoForProcess( return passedEvent.user; } -/** - * Returns the command line path and arguments used to run the `passedEvent` if any - * - * @param {ResolverEvent} passedEvent The `ResolverEvent` to get the arguments value for - * @returns {string | undefined} The arguments (including the path) used to run the process - */ -export function argsForProcess(passedEvent: ResolverEvent): string | undefined { - if (eventModel.isLegacyEvent(passedEvent)) { - // There is not currently a key for this on Legacy event types - return undefined; - } - return passedEvent?.process?.args; -} - /** * used to sort events */ diff --git a/x-pack/plugins/security_solution/public/resolver/store/data/selectors.ts b/x-pack/plugins/security_solution/public/resolver/store/data/selectors.ts index 07ab14242bc68..2aaf6206b06bc 100644 --- a/x-pack/plugins/security_solution/public/resolver/store/data/selectors.ts +++ b/x-pack/plugins/security_solution/public/resolver/store/data/selectors.ts @@ -228,23 +228,6 @@ export function currentRelatedEventData(state: DataState): SafeResolverEvent | n return state.currentRelatedEvent.data; } -export const relatedEventCountByCategory: ( - state: DataState -) => (nodeID: string, eventCategory: string) => number | undefined = createSelector( - nodeStats, - (getNodeStats) => { - return (nodeID: string, eventCategory: string): number | undefined => { - const stats = getNodeStats(nodeID); - if (stats) { - const value = Object.prototype.hasOwnProperty.call(stats.byCategory, eventCategory); - if (typeof value === 'number' && Number.isFinite(value)) { - return value; - } - } - }; - } -); - /** * Returns true if there might be more generations in the graph that we didn't get because we reached * the requested generations limit. diff --git a/x-pack/plugins/security_solution/public/resolver/store/selectors.ts b/x-pack/plugins/security_solution/public/resolver/store/selectors.ts index 51c75b0eaa047..60e8507ba1bc3 100644 --- a/x-pack/plugins/security_solution/public/resolver/store/selectors.ts +++ b/x-pack/plugins/security_solution/public/resolver/store/selectors.ts @@ -22,7 +22,6 @@ export const projectionMatrix = composeSelectors( cameraSelectors.projectionMatrix ); -export const clippingPlanes = composeSelectors(cameraStateSelector, cameraSelectors.clippingPlanes); export const translation = composeSelectors(cameraStateSelector, cameraSelectors.translation); /** @@ -80,14 +79,6 @@ export const treeRequestParametersToAbort = composeSelectors( dataSelectors.treeRequestParametersToAbort ); -/** - * This should be the siem default indices to pass to the backend for querying data. - */ -export const treeParameterIndices = composeSelectors( - dataStateSelector, - dataSelectors.treeParameterIndices -); - /** * An array of indices to use for resolver panel requests. */ @@ -116,13 +107,6 @@ export const relatedEventTotalCount: ( dataSelectors.relatedEventTotalCount ); -export const relatedEventCountByCategory: ( - state: ResolverState -) => (nodeID: string, eventCategory: string) => number | undefined = composeSelectors( - dataStateSelector, - dataSelectors.relatedEventCountByCategory -); - /** * the loading state of the current related event data for the `event_detail` view */ @@ -206,11 +190,6 @@ export const hasMoreGenerations = composeSelectors( dataSelectors.hasMoreGenerations ); -/** - * An array containing all the processes currently in the Resolver than can be graphed - */ -export const graphableNodes = composeSelectors(dataStateSelector, dataSelectors.graphableNodes); - const boundingBox = composeSelectors(cameraStateSelector, cameraSelectors.viewableBoundingBox); const nodesAndEdgelines = composeSelectors(dataStateSelector, dataSelectors.nodesAndEdgelines); @@ -300,14 +279,6 @@ export const panelViewAndParameters = composeSelectors( export const relativeHref = composeSelectors(uiStateSelector, uiSelectors.relativeHref); -/** - * @deprecated use `useLinkProps` - */ -export const relatedEventsRelativeHrefs = composeSelectors( - uiStateSelector, - uiSelectors.relatedEventsRelativeHrefs -); - /** * Total count of events related to `nodeID`. * Based on `ResolverNodeStats` diff --git a/x-pack/plugins/security_solution/public/resolver/store/ui/selectors.ts b/x-pack/plugins/security_solution/public/resolver/store/ui/selectors.ts index ef60c139aced6..95b1a286f1f51 100644 --- a/x-pack/plugins/security_solution/public/resolver/store/ui/selectors.ts +++ b/x-pack/plugins/security_solution/public/resolver/store/ui/selectors.ts @@ -74,31 +74,3 @@ export const relativeHref: ( }; } ); - -/** - * Returns a map of ecs category name to urls for use in panel navigation. - * @deprecated use `useLinkProps` - */ -export const relatedEventsRelativeHrefs: (state: ResolverUIState) => ( - categories: Record | undefined, - nodeID: string - // eslint-disable-next-line @typescript-eslint/no-shadow -) => Map = createSelector(relativeHref, (relativeHref) => { - return (categories: Record | undefined, nodeID: string) => { - const hrefsByCategory = new Map(); - if (categories !== undefined) { - Object.keys(categories).map((category) => { - const categoryPanelParams: PanelViewAndParameters = { - panelView: 'nodeEventsInCategory', - panelParameters: { - nodeID, - eventCategory: category, - }, - }; - hrefsByCategory.set(category, relativeHref(categoryPanelParams)); - return category; - }); - } - return hrefsByCategory; - }; -}); diff --git a/x-pack/plugins/security_solution/public/resolver/types.ts b/x-pack/plugins/security_solution/public/resolver/types.ts index 29124a89bd548..d0f63ff522438 100644 --- a/x-pack/plugins/security_solution/public/resolver/types.ts +++ b/x-pack/plugins/security_solution/public/resolver/types.ts @@ -174,22 +174,6 @@ export interface IndexedTreeNode extends BBox { position: Vector2; } -/** - * A type describing the shape of section titles and entries for description lists - */ -export type SectionData = Array<{ - sectionTitle: string; - entries: Array<{ title: string; description: string }>; -}>; - -/** - * The two query parameters we read/write on to control which view the table presents: - */ -export interface CrumbInfo { - crumbId: string; - crumbEvent: string; -} - /** * A type containing all things to actually be rendered to the DOM. */ diff --git a/x-pack/plugins/security_solution/public/resolver/view/limit_warnings.tsx b/x-pack/plugins/security_solution/public/resolver/view/limit_warnings.tsx index 22d6990710687..04b25d044917f 100644 --- a/x-pack/plugins/security_solution/public/resolver/view/limit_warnings.tsx +++ b/x-pack/plugins/security_solution/public/resolver/view/limit_warnings.tsx @@ -28,70 +28,6 @@ const LineageTitleMessage = React.memo(function ({ numberOfEntries }: { numberOf ); }); -const RelatedEventsLimitMessage = React.memo(function ({ - category, - numberOfEventsMissing, -}: { - numberOfEventsMissing: number; - category: string; -}) { - return ( - - ); -}); - -const RelatedLimitTitleMessage = React.memo(function ({ - category, - numberOfEventsDisplayed, -}: { - numberOfEventsDisplayed: number; - category: string; -}) { - return ( - - ); -}); - -/** - * Limit warning for hitting the /events API limit - */ -export const RelatedEventLimitWarning = React.memo(function ({ - eventCategory, - numberActuallyDisplayed, - numberMissing, -}: { - eventCategory: string; - numberActuallyDisplayed: number; - numberMissing: number; -}) { - /** - * Based on API limits, all related events may not be displayed. - */ - return ( - - } - > -

- -

-
- ); -}); - /** * Limit warning for hitting a limit of nodes in the tree */ diff --git a/x-pack/plugins/security_solution/public/resolver/view/panels/styles.tsx b/x-pack/plugins/security_solution/public/resolver/view/panels/styles.tsx index 3bf63f984b617..ef39fbb5b686f 100644 --- a/x-pack/plugins/security_solution/public/resolver/view/panels/styles.tsx +++ b/x-pack/plugins/security_solution/public/resolver/view/panels/styles.tsx @@ -25,13 +25,6 @@ export const StyledTitle = styled('h4')` overflow-wrap: break-word; `; -/** - * Used for a 'BETA' badge in the breadcrumbs of each panel. - */ -export const BetaHeader = styled(`header`)` - margin-bottom: 1em; -`; - /** * Styled version of EuiBreadcrumbs that is used by the breadcrumbs in each panel. */ diff --git a/x-pack/plugins/security_solution/public/timelines/components/flyout/bottom_bar/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/flyout/bottom_bar/index.tsx index 732212b29051c..3bb2d4d7530c9 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/flyout/bottom_bar/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/flyout/bottom_bar/index.tsx @@ -9,16 +9,11 @@ import { EuiPanel } from '@elastic/eui'; import React from 'react'; import styled from 'styled-components'; -import type { DataProvider } from '../../timeline/data_providers/data_provider'; -import { flattenIntoAndGroups } from '../../timeline/data_providers/helpers'; import { DataProviders } from '../../timeline/data_providers'; import { FLYOUT_BUTTON_BAR_CLASS_NAME } from '../../timeline/helpers'; import { FlyoutHeaderPanel } from '../header'; import { TimelineTabs } from '../../../../../common/types/timeline'; -export const getBadgeCount = (dataProviders: DataProvider[]): number => - flattenIntoAndGroups(dataProviders).reduce((total, group) => total + group.length, 0); - const DataProvidersPanel = styled(EuiPanel)` border-radius: 0; padding: 0 4px 0 4px; diff --git a/x-pack/plugins/security_solution/public/timelines/components/flyout/bottom_bar/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/flyout/bottom_bar/translations.ts index a7096d375b003..10f5e3faafd00 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/flyout/bottom_bar/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/flyout/bottom_bar/translations.ts @@ -10,7 +10,3 @@ import { i18n } from '@kbn/i18n'; export const TIMELINE = i18n.translate('xpack.securitySolution.flyout.button.timeline', { defaultMessage: 'timeline', }); - -export const FLYOUT_BUTTON = i18n.translate('xpack.securitySolution.flyout.button.text', { - defaultMessage: 'Timeline', -}); diff --git a/x-pack/plugins/security_solution/public/timelines/components/netflow/netflow_columns/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/netflow/netflow_columns/index.tsx index 60275a3e55041..b07731b3cc225 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/netflow/netflow_columns/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/netflow/netflow_columns/index.tsx @@ -15,9 +15,6 @@ import { DurationEventStartEnd } from './duration_event_start_end'; import type { NetflowColumnsProps } from './types'; import { UserProcess } from './user_process'; -export const EVENT_START = 'event.start'; -export const EVENT_END = 'event.end'; - const EuiFlexItemMarginRight = styled(EuiFlexItem)` margin-right: 10px; `; diff --git a/x-pack/plugins/security_solution/public/timelines/components/notes/helpers.tsx b/x-pack/plugins/security_solution/public/timelines/components/notes/helpers.tsx index af2bfbf20365f..d3c992d5696a6 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/notes/helpers.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/notes/helpers.tsx @@ -20,12 +20,8 @@ import { CountBadge } from '../../../common/components/page'; export type UpdateNote = (note: Note) => void; /** Performs IO to associate a note with something (e.g. a timeline, an event, etc). (The "something" is opaque to the caller) */ export type AssociateNote = (noteId: string) => void; -/** Performs IO to get a new note ID */ -export type GetNewNoteId = () => string; /** Updates the local state containing a new note being edited by the user */ export type UpdateInternalNewNote = (newNote: string) => void; -/** Closes the notes popover */ -export type OnClosePopover = () => void; /** * Defines the behavior of the search input that appears above the table of data diff --git a/x-pack/plugins/security_solution/public/timelines/components/notes/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/notes/translations.ts index 3b25c58d97610..05317fae259e5 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/notes/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/notes/translations.ts @@ -11,14 +11,6 @@ export const ADD_NOTE = i18n.translate('xpack.securitySolution.notes.addNoteButt defaultMessage: 'Add Note', }); -export const ADD_A_NOTE = i18n.translate('xpack.securitySolution.notes.addANotePlaceholder', { - defaultMessage: 'Add a Note', -}); - -export const ADDED_A_NOTE = i18n.translate('xpack.securitySolution.notes.addedANoteLabel', { - defaultMessage: 'Added a Note', -}); - export const NOTE = i18n.translate('xpack.securitySolution.notes.noteLabel', { defaultMessage: 'Note', }); @@ -27,13 +19,6 @@ export const NOTES = i18n.translate('xpack.securitySolution.notes.notesTitle', { defaultMessage: 'Notes', }); -export const PREVIEW_MARKDOWN = i18n.translate( - 'xpack.securitySolution.notes.previewMarkdownTitle', - { - defaultMessage: 'Preview (Markdown)', - } -); - export const SEARCH_PLACEHOLDER = i18n.translate( 'xpack.securitySolution.notes.search.FilterByUserOrNotePlaceholder', { @@ -45,13 +30,6 @@ export const CANCEL = i18n.translate('xpack.securitySolution.notes.cancelButtonL defaultMessage: 'Cancel', }); -export const COPY_TO_CLIPBOARD = i18n.translate( - 'xpack.securitySolution.notes.copyToClipboardButtonLabel', - { - defaultMessage: 'Copy to Clipboard', - } -); - export const YOU_ARE_EDITING_A_NOTE = i18n.translate( 'xpack.securitySolution.notes.youAreEditingANoteScreenReaderOnly', { diff --git a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/translations.ts index 9c540f54c3824..98e9300b9661a 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/translations.ts @@ -165,10 +165,6 @@ export const PINNED_EVENTS = i18n.translate( } ); -export const POSTED = i18n.translate('xpack.securitySolution.open.timeline.postedLabel', { - defaultMessage: 'Posted:', -}); - export const REFRESH = i18n.translate('xpack.securitySolution.open.timeline.refreshTitle', { defaultMessage: 'Refresh', }); @@ -230,34 +226,6 @@ export const ZERO_TIMELINE_TEMPLATES_MATCH = i18n.translate( } ); -export const SINGLE_TIMELINE = i18n.translate( - 'xpack.securitySolution.open.timeline.singleTimelineLabel', - { - defaultMessage: 'timeline', - } -); - -export const PLURAL_TIMELINES = i18n.translate( - 'xpack.securitySolution.open.timeline.pluralTimelinesLabel', - { - defaultMessage: 'timelines', - } -); - -export const SINGLE_TEMPLATE = i18n.translate( - 'xpack.securitySolution.open.timeline.singleTemplateLabel', - { - defaultMessage: 'template', - } -); - -export const PLURAL_TEMPLATES = i18n.translate( - 'xpack.securitySolution.open.timeline.pluralTemplatesLabel', - { - defaultMessage: 'templates', - } -); - export const SELECTED_TEMPLATES = (selectedTemplates: number) => i18n.translate('xpack.securitySolution.open.timeline.selectedTemplatesTitle', { values: { selectedTemplates }, diff --git a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/types.ts b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/types.ts index 1f8e966141a7c..625e30bb9727e 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/types.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/types.ts @@ -97,9 +97,7 @@ export type OnOpenTimeline = ({ }) => void; export type OnOpenDeleteTimelineModal = (selectedItem: OpenTimelineResult) => void; -export type SetActionTimeline = React.Dispatch< - React.SetStateAction ->; + export type EnableExportTimelineDownloader = (selectedItem: OpenTimelineResult) => void; /** Invoked when the user presses enters to submit the text in the search input */ export type OnQueryChange = (query: EuiSearchBarQuery) => void; diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/common/dragging_container.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/common/dragging_container.tsx deleted file mode 100644 index bcfdc80794585..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/common/dragging_container.tsx +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { FC } from 'react'; -import { memo, useEffect } from 'react'; - -interface DraggingContainerProps { - children: JSX.Element; - onDragging: Function; -} - -const DraggingContainerComponent: FC = ({ children, onDragging }) => { - useEffect(() => { - onDragging(true); - - return () => onDragging(false); - }); - - return children; -}; - -export const DraggingContainer = memo(DraggingContainerComponent); diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/common/styles.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/common/styles.tsx deleted file mode 100644 index 254c7076fcf5a..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/common/styles.tsx +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; -import styled from 'styled-components'; - -export const FullHeightFlexGroup = styled(EuiFlexGroup)` - height: 100%; -`; -FullHeightFlexGroup.displayName = 'FullHeightFlexGroup'; - -export const FullHeightFlexItem = styled(EuiFlexItem)` - height: 100%; -`; -FullHeightFlexItem.displayName = 'FullHeightFlexItem'; diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/default_headers.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/default_headers.ts index d407b7da847cd..cdd01740de948 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/default_headers.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/default_headers.ts @@ -55,6 +55,3 @@ export const defaultHeaders: ColumnHeaderOptions[] = [ initialWidth: DEFAULT_COLUMN_MIN_WIDTH, }, ]; - -/** The default category of fields shown in the Timeline */ -export const DEFAULT_CATEGORY_NAME = 'default ECS'; diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/helpers.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/helpers.tsx index 876afd8cbd989..c05d5d9592d9e 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/helpers.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/helpers.tsx @@ -127,6 +127,4 @@ export const getEventType = (event: Ecs): Omit => { return 'raw'; }; -export const ROW_RENDERER_CLASS_NAME = 'row-renderer'; - export const NOTE_CONTENT_CLASS_NAME = 'note-content'; diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/index.tsx index c1c5f7e9056b2..ab38d9f001125 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/index.tsx @@ -23,7 +23,7 @@ import type { RowRenderer, TimelineTabs, } from '../../../../../common/types/timeline'; -import { RowRendererId, TimelineId } from '../../../../../common/types/timeline'; +import { RowRendererId } from '../../../../../common/types/timeline'; import type { BrowserFields } from '../../../../common/containers/source'; import type { TimelineItem } from '../../../../../common/search_strategy/timeline'; import type { inputsModel, State } from '../../../../common/store'; @@ -56,11 +56,6 @@ export interface Props { onRuleChange?: () => void; } -export const hasAdditionalActions = (id: TimelineId): boolean => - [TimelineId.detectionsPage, TimelineId.detectionsRulesDetailsPage, TimelineId.active].includes( - id - ); - /** * The Body component is used everywhere timeline is used within the security application. It is the highest level component * that is shared across all implementations of the timeline. diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/helpers.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/helpers.tsx index 396ee9e96b54e..8fdb4301eb0c6 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/helpers.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/helpers.tsx @@ -73,13 +73,3 @@ export const showVia = (eventAction: string | null | undefined): boolean => 'overwrite', 'rename', ].includes(`${eventAction}`.toLowerCase()); - -export const excludeFileNameAndPath = ({ - eventAction, - eventCategory, - eventType, -}: { - eventAction: string | null | undefined; - eventCategory: string | null | undefined; - eventType: string | null | undefined; -}) => false; diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/system/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/system/translations.ts index 266579fbc228e..5ff7bd725728b 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/system/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/system/translations.ts @@ -18,21 +18,10 @@ import { i18n } from '@kbn/i18n'; // Example with user name, hostname, but no result // Session 20 frank@server-1 started process curl -export const SESSION = i18n.translate('xpack.securitySolution.system.systemDescription', { - defaultMessage: 'System', -}); - export const WITH_RESULT = i18n.translate('xpack.securitySolution.system.withResultDescription', { defaultMessage: 'with result', }); -export const WAS_AUTHORIZED_TO_USE = i18n.translate( - 'xpack.securitySolution.system.wasAuthorizedToUseDescription', - { - defaultMessage: 'was authorized to use', - } -); - export const ACCEPTED_A_CONNECTION_VIA = i18n.translate( 'xpack.securitySolution.system.acceptedAConnectionViaDescription', { diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/translations.ts index 53cffa7d3708d..d303fe45bba53 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/translations.ts @@ -22,10 +22,6 @@ export const FROM_ITS_ORIGINAL_PATH = i18n.translate( } ); -export const PROTOCOL = i18n.translate('xpack.securitySolution.timeline.protocol', { - defaultMessage: 'Protocol', -}); - export const SOURCE = i18n.translate('xpack.securitySolution.timeline.source', { defaultMessage: 'Source', }); diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/translations.ts index ef502c03b0c02..771a7960a6e12 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/translations.ts @@ -21,13 +21,6 @@ export const NOTES_DISABLE_TOOLTIP = i18n.translate( } ); -export const COPY_TO_CLIPBOARD = i18n.translate( - 'xpack.securitySolution.timeline.body.copyToClipboardButtonLabel', - { - defaultMessage: 'Copy to Clipboard', - } -); - export const OPEN_SESSION_VIEW = i18n.translate( 'xpack.securitySolution.timeline.body.openSessionViewLabel', { @@ -35,13 +28,6 @@ export const OPEN_SESSION_VIEW = i18n.translate( } ); -export const INVESTIGATE = i18n.translate( - 'xpack.securitySolution.timeline.body.actions.investigateLabel', - { - defaultMessage: 'Investigate', - } -); - export const UNPINNED = (isAlert: boolean) => i18n.translate('xpack.securitySolution.timeline.body.pinning.pinTooltip', { values: { isAlert }, @@ -89,13 +75,6 @@ export const VIEW_DETAILS = i18n.translate( } ); -export const VIEW_SUMMARY = i18n.translate( - 'xpack.securitySolution.timeline.body.actions.viewSummaryLabel', - { - defaultMessage: 'View summary', - } -); - export const VIEW_DETAILS_FOR_ROW = ({ ariaRowindex, columnValues, @@ -109,20 +88,6 @@ export const VIEW_DETAILS_FOR_ROW = ({ 'View details for the alert or event in row {ariaRowindex}, with columns {columnValues}', }); -export const EXPAND_EVENT = i18n.translate( - 'xpack.securitySolution.timeline.body.actions.expandEventTooltip', - { - defaultMessage: 'View details', - } -); - -export const COLLAPSE = i18n.translate( - 'xpack.securitySolution.timeline.body.actions.collapseAriaLabel', - { - defaultMessage: 'Collapse', - } -); - export const ACTION_INVESTIGATE_IN_RESOLVER = i18n.translate( 'xpack.securitySolution.timeline.body.actions.investigateInResolverTooltip', { @@ -205,18 +170,6 @@ export const PIN_EVENT_FOR_ROW = ({ '{isEventPinned, select, false {Pin} true {Unpin}} the event in row {ariaRowindex} to timeline, with columns {columnValues}', }); -export const TIMELINE_TOGGLE_BUTTON_ARIA_LABEL = ({ - isOpen, - title, -}: { - isOpen: boolean; - title: string; -}) => - i18n.translate('xpack.securitySolution.timeline.properties.timelineToggleButtonAriaLabel', { - values: { isOpen, title }, - defaultMessage: '{isOpen, select, false {Open} true {Close} other {Toggle}} timeline {title}', - }); - export const ATTACH_ALERT_TO_CASE_FOR_ROW = ({ ariaRowindex, columnValues, @@ -242,10 +195,3 @@ export const MORE_ACTIONS_FOR_ROW = ({ defaultMessage: 'Select more actions for the alert or event in row {ariaRowindex}, with columns {columnValues}', }); - -export const INVESTIGATE_IN_RESOLVER_DISABLED = i18n.translate( - 'xpack.securitySolution.timeline.body.actions.investigateInResolverDisabledTooltip', - { - defaultMessage: 'This event cannot be analyzed since it has incompatible field mappings', - } -); diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/mock/mock_data_providers.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/mock/mock_data_providers.tsx index c5a491bd01975..7c6e6bece7da5 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/mock/mock_data_providers.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/mock/mock_data_providers.tsx @@ -29,9 +29,6 @@ const mockSourceNameToEventCount: NameToEventCount = { 'Provider 10': 863, }; -/** Returns a collection of mock data provider names */ -export const mockDataProviderNames = (): string[] => Object.keys(mockSourceNameToEventCount); - /** Returns a count of the events for a mock data provider */ export const getEventCount = (dataProviderName: string): number => mockSourceNameToEventCount[dataProviderName] || 0; diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/translations.ts index 76d36ec67bd85..18ca62a71c6d1 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/data_providers/translations.ts @@ -11,29 +11,12 @@ export const AND = i18n.translate('xpack.securitySolution.dataProviders.and', { defaultMessage: 'AND', }); -export const COPY_TO_CLIPBOARD = i18n.translate( - 'xpack.securitySolution.dataProviders.copyToClipboardTooltip', - { - defaultMessage: 'Copy to Clipboard', - } -); - export const DELETE_DATA_PROVIDER = i18n.translate( 'xpack.securitySolution.dataProviders.deleteDataProvider', { defaultMessage: 'Delete', } ); -export const DROP_HERE_TO_ADD_AN = i18n.translate( - 'xpack.securitySolution.dataProviders.dropHereToAddAnLabel', - { - defaultMessage: 'Drop here to add an', - } -); - -export const DROP_HERE = i18n.translate('xpack.securitySolution.dataProviders.dropHere', { - defaultMessage: 'Drop here', -}); export const DROP_ANYTHING = i18n.translate('xpack.securitySolution.dataProviders.dropAnything', { defaultMessage: 'Drop anything', @@ -98,10 +81,6 @@ export const HERE_TO_BUILD_AN = i18n.translate( } ); -export const TO_BUILD_AN = i18n.translate('xpack.securitySolution.dataProviders.toBuildAn', { - defaultMessage: 'to build an', -}); - export const INCLUDE_DATA_PROVIDER = i18n.translate( 'xpack.securitySolution.dataProviders.includeDataProvider', { @@ -156,13 +135,6 @@ export const VALUE = i18n.translate('xpack.securitySolution.dataProviders.valueP defaultMessage: 'value', }); -export const VALUE_ARIA_LABEL = i18n.translate( - 'xpack.securitySolution.dataProviders.valueAriaLabel', - { - defaultMessage: 'value', - } -); - export const ADD_FIELD_LABEL = i18n.translate( 'xpack.securitySolution.dataProviders.addFieldPopoverButtonLabel', { diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/date_picker_lock/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/date_picker_lock/translations.ts index c396c539de0da..352030d4a6a55 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/date_picker_lock/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/date_picker_lock/translations.ts @@ -23,20 +23,6 @@ export const UNLOCK_SYNC_MAIN_DATE_PICKER_TOOL_TIP = i18n.translate( } ); -export const LOCK_SYNC_MAIN_DATE_PICKER_LABEL = i18n.translate( - 'xpack.securitySolution.timeline.properties.lockedDatePickerLabel', - { - defaultMessage: 'Global date picker is locked to timeline date picker', - } -); - -export const UNLOCK_SYNC_MAIN_DATE_PICKER_LABEL = i18n.translate( - 'xpack.securitySolution.timeline.properties.unlockedDatePickerLabel', - { - defaultMessage: 'Global date picker NOT locked to timeline date picker', - } -); - export const LOCK_SYNC_MAIN_DATE_PICKER_ARIA = i18n.translate( 'xpack.securitySolution.timeline.properties.lockDatePickerDescription', { diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/translations.ts index 6736573cac293..01d6f747a56b5 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const LOADING_TIMELINE_DATA = i18n.translate( - 'xpack.securitySolution.footer.loadingTimelineData', - { - defaultMessage: 'Loading Timeline data', - } -); - export const EVENTS = i18n.translate('xpack.securitySolution.footer.events', { defaultMessage: 'Events', }); diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.tsx index 94e42c158a469..592130a2db170 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/helpers.tsx @@ -300,7 +300,6 @@ export const onTimelineTabKeyPressed = ({ export const ACTIVE_TIMELINE_BUTTON_CLASS_NAME = 'active-timeline-button'; export const FLYOUT_BUTTON_BAR_CLASS_NAME = 'timeline-flyout-button-bar'; -export const FLYOUT_BUTTON_CLASS_NAME = 'timeline-flyout-button'; /** * This function focuses the active timeline button on the next tick. Focus diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/properties/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/properties/translations.ts index 030dcb324d27d..0bafd36d6fa1c 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/properties/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/properties/translations.ts @@ -74,13 +74,6 @@ export const ADD_TIMELINE = i18n.translate( } ); -export const ATTACH_TIMELINE_TO_NEW_CASE = i18n.translate( - 'xpack.securitySolution.timeline.properties.newCaseButtonLabel', - { - defaultMessage: 'Attach timeline to new case', - } -); - export const ATTACH_TO_CASE = i18n.translate( 'xpack.securitySolution.timeline.properties.attachToCaseButtonLabel', { @@ -94,24 +87,9 @@ export const ATTACH_TO_NEW_CASE = i18n.translate( defaultMessage: 'Attach to new case', } ); - -export const ATTACH_TIMELINE_TO_EXISTING_CASE = i18n.translate( - 'xpack.securitySolution.timeline.properties.existingCaseButtonLabel', - { - defaultMessage: 'Attach timeline to existing case...', - } -); - export const ATTACH_TO_EXISTING_CASE = i18n.translate( 'xpack.securitySolution.timeline.properties.attachToExistingCaseButtonLabel', { defaultMessage: 'Attach to existing case...', } ); - -export const ATTACH_TIMELINE_TO_CASE_TOOLTIP = i18n.translate( - 'xpack.securitySolution.timeline.properties.attachTimelineToCaseTooltip', - { - defaultMessage: 'Please provide a title for your timeline in order to attach it to a case', - } -); diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/search_or_filter/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/search_or_filter/translations.ts index d16573e7b748c..560a82a329684 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/search_or_filter/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/search_or_filter/translations.ts @@ -70,80 +70,3 @@ export const FILTER_OR_SEARCH_WITH_KQL = i18n.translate( defaultMessage: 'Filter or Search with KQL', } ); - -export const ALL_EVENT = i18n.translate( - 'xpack.securitySolution.timeline.searchOrFilter.eventTypeAllEvent', - { - defaultMessage: 'All data sources', - } -); - -export const RAW_EVENT = i18n.translate( - 'xpack.securitySolution.timeline.searchOrFilter.eventTypeRawEvent', - { - defaultMessage: 'Events', - } -); - -export const DETECTION_ALERTS_EVENT = i18n.translate( - 'xpack.securitySolution.timeline.searchOrFilter.eventTypeDetectionAlertsEvent', - { - defaultMessage: 'Detection Alerts', - } -); - -export const CUSTOM_INDEX_PATTERNS = i18n.translate( - 'xpack.securitySolution.timeline.searchOrFilter.customeIndexNames', - { - defaultMessage: 'Custom', - } -); - -export const SELECT_INDEX_PATTERNS = i18n.translate( - 'xpack.securitySolution.timeline.searchOrFilter.indexPatterns.help', - { - defaultMessage: 'Data sources selection', - } -); - -export const CONFIGURE_INDEX_PATTERNS = i18n.translate( - 'xpack.securitySolution.timeline.searchOrFilter.indexPatterns.configure', - { - defaultMessage: 'View data sources associated with each of the above selections', - } -); - -export const SAVE_INDEX_PATTERNS = i18n.translate( - 'xpack.securitySolution.timeline.searchOrFilter.indexPatterns.save', - { - defaultMessage: 'Save', - } -); - -export const SHOW_INDEX_PATTERNS_ADVANCED_SETTINGS = i18n.translate( - 'xpack.securitySolution.timeline.searchOrFilter.indexPatterns.showAdvancedSettings', - { - defaultMessage: 'Show Advanced', - } -); - -export const HIDE_INDEX_PATTERNS_ADVANCED_SETTINGS = i18n.translate( - 'xpack.securitySolution.timeline.searchOrFilter.indexPatterns.hideAdvancedSettings', - { - defaultMessage: 'Hide Advanced', - } -); - -export const DATA_SOURCES_RESET = i18n.translate( - 'xpack.securitySolution.timeline.searchOrFilter.indexPatterns.resetSettings', - { - defaultMessage: 'Reset', - } -); - -export const PICK_INDEX_PATTERNS = i18n.translate( - 'xpack.securitySolution.timeline.searchOrFilter.indexPatterns.pickIndexPatternsCombo', - { - defaultMessage: 'Pick index patterns', - } -); diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/styles.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/styles.tsx index 2e39316424812..61fe4d162c16d 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/styles.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/styles.tsx @@ -82,7 +82,6 @@ TimelineBody.displayName = 'TimelineBody'; */ export const EVENTS_TABLE_CLASS_NAME = 'siemEventsTable'; -export const EVENTS_TABLE_HEAD_CLASS_NAME = 'siemEventsTable__thead'; interface EventsTableProps { $activePage: number; diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/translations.ts index 0ce743cf69cf2..02f8f63c6eab7 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/translations.ts @@ -41,13 +41,6 @@ export const SEARCH_BOX_TIMELINE_PLACEHOLDER = (timelineType: TimelineTypeLitera defaultMessage: 'e.g. {timeline} name or description', }); -export const INSERT_TIMELINE = i18n.translate( - 'xpack.securitySolution.insert.timeline.insertTimelineButton', - { - defaultMessage: 'Insert timeline link', - } -); - export const TIMELINE_TEMPLATE = i18n.translate( 'xpack.securitySolution.timeline.flyoutTimelineTemplateLabel', { diff --git a/x-pack/plugins/security_solution/public/timelines/store/timeline/helpers.ts b/x-pack/plugins/security_solution/public/timelines/store/timeline/helpers.ts index 0e4e64c1971b2..7aa4c4bca5404 100644 --- a/x-pack/plugins/security_solution/public/timelines/store/timeline/helpers.ts +++ b/x-pack/plugins/security_solution/public/timelines/store/timeline/helpers.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { getOr, omit, uniq, isEmpty, isEqualWith, union } from 'lodash/fp'; +import { getOr, omit, uniq, isEmpty, isEqualWith } from 'lodash/fp'; import uuid from 'uuid'; @@ -22,22 +22,15 @@ import { IS_OPERATOR, EXISTS_OPERATOR, } from '../../components/timeline/data_providers/data_provider'; -import type { TimelineNonEcsData } from '../../../../common/search_strategy/timeline'; import type { ColumnHeaderOptions, TimelineEventsType, TimelineTypeLiteral, RowRendererId, SerializedFilterQuery, - ToggleDetailPanel, TimelinePersistInput, } from '../../../../common/types/timeline'; -import { - TimelineType, - TimelineStatus, - TimelineId, - TimelineTabs, -} from '../../../../common/types/timeline'; +import { TimelineType, TimelineStatus, TimelineId } from '../../../../common/types/timeline'; import { normalizeTimeRange } from '../../../common/components/url_state/normalize_time_range'; import { timelineDefaults } from './defaults'; @@ -1234,104 +1227,6 @@ export const removeTimelineProvider = ({ }; }; -interface SetDeletedTimelineEventsParams { - id: string; - eventIds: string[]; - isDeleted: boolean; - timelineById: TimelineById; -} - -export const setDeletedTimelineEvents = ({ - id, - eventIds, - isDeleted, - timelineById, -}: SetDeletedTimelineEventsParams): TimelineById => { - const timeline = timelineById[id]; - - const deletedEventIds = isDeleted - ? union(timeline.deletedEventIds, eventIds) - : timeline.deletedEventIds.filter((currentEventId) => !eventIds.includes(currentEventId)); - - const selectedEventIds = Object.fromEntries( - Object.entries(timeline.selectedEventIds).filter( - ([selectedEventId]) => !deletedEventIds.includes(selectedEventId) - ) - ); - - const isSelectAllChecked = - Object.keys(selectedEventIds).length > 0 ? timeline.isSelectAllChecked : false; - - return { - ...timelineById, - [id]: { - ...timeline, - deletedEventIds, - selectedEventIds, - isSelectAllChecked, - }, - }; -}; - -interface SetLoadingTimelineEventsParams { - id: string; - eventIds: string[]; - isLoading: boolean; - timelineById: TimelineById; -} - -export const setLoadingTimelineEvents = ({ - id, - eventIds, - isLoading, - timelineById, -}: SetLoadingTimelineEventsParams): TimelineById => { - const timeline = timelineById[id]; - - const loadingEventIds = isLoading - ? union(timeline.loadingEventIds, eventIds) - : timeline.loadingEventIds.filter((currentEventId) => !eventIds.includes(currentEventId)); - - return { - ...timelineById, - [id]: { - ...timeline, - loadingEventIds, - }, - }; -}; - -interface SetSelectedTimelineEventsParams { - id: string; - eventIds: Record; - isSelectAllChecked: boolean; - isSelected: boolean; - timelineById: TimelineById; -} - -export const setSelectedTimelineEvents = ({ - id, - eventIds, - isSelectAllChecked = false, - isSelected, - timelineById, -}: SetSelectedTimelineEventsParams): TimelineById => { - const timeline = timelineById[id]; - - const selectedEventIds = isSelected - ? { ...timeline.selectedEventIds, ...eventIds } - : omit(Object.keys(eventIds), timeline.selectedEventIds); - - return { - ...timelineById, - [id]: { - ...timeline, - selectedEventIds, - isSelectAllChecked, - }, - }; -}; - interface UnPinTimelineEventParams { id: string; eventId: string; @@ -1353,28 +1248,6 @@ export const unPinTimelineEvent = ({ }; }; -interface UpdateHighlightedDropAndProviderIdParams { - id: string; - providerId: string; - timelineById: TimelineById; -} - -export const updateHighlightedDropAndProvider = ({ - id, - providerId, - timelineById, -}: UpdateHighlightedDropAndProviderIdParams): TimelineById => { - const timeline = timelineById[id]; - - return { - ...timelineById, - [id]: { - ...timeline, - highlightedDropAndProviderId: providerId, - }, - }; -}; - interface UpdateSavedQueryParams { id: string; savedQueryId: string | null; @@ -1436,21 +1309,3 @@ export const updateExcludedRowRenderersIds = ({ }, }; }; - -export const updateTimelineDetailsPanel = (action: ToggleDetailPanel) => { - const { tabType } = action; - - const panelViewOptions = new Set(['eventDetail', 'hostDetail', 'networkDetail']); - const expandedTabType = tabType ?? TimelineTabs.query; - - return action.panelView && panelViewOptions.has(action.panelView) - ? { - [expandedTabType]: { - params: action.params ? { ...action.params } : {}, - panelView: action.panelView, - }, - } - : { - [expandedTabType]: {}, - }; -}; diff --git a/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts b/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts index bf2c717b4d3b2..14f9259f31a05 100644 --- a/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts +++ b/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts @@ -18,7 +18,6 @@ import type { PinnedEvent } from '../../../../common/types/timeline/pinned_event import type { ResolveTimelineConfig } from '../../components/open_timeline/types'; import type { SessionViewConfig } from '../../components/timeline/session_tab_content/use_session_view'; -export const DEFAULT_PAGE_COUNT = 2; // Eui Pager will not render unless this is a minimum of 2 pages export type KqlMode = 'filter' | 'search'; export type ColumnHeaderType = 'not-filtered' | 'text-filter'; diff --git a/x-pack/plugins/security_solution/public/timelines/store/timeline/selectors.ts b/x-pack/plugins/security_solution/public/timelines/store/timeline/selectors.ts index 8b1fc372c474a..56b4a6e05b30a 100644 --- a/x-pack/plugins/security_solution/public/timelines/store/timeline/selectors.ts +++ b/x-pack/plugins/security_solution/public/timelines/store/timeline/selectors.ts @@ -39,8 +39,6 @@ export const getShowCallOutUnauthorizedMsg = () => (showCallOutUnauthorizedMsg) => showCallOutUnauthorizedMsg ); -export const getTimelines = () => timelineByIdSelector; - export const getTimelineByIdSelector = () => createSelector(selectTimeline, (timeline) => timeline); export const getKqlFilterQuerySelector = () => diff --git a/x-pack/plugins/security_solution/public/users/components/user_risk_information/index.tsx b/x-pack/plugins/security_solution/public/users/components/user_risk_information/index.tsx index 408f13638e6a4..07fd273625d93 100644 --- a/x-pack/plugins/security_solution/public/users/components/user_risk_information/index.tsx +++ b/x-pack/plugins/security_solution/public/users/components/user_risk_information/index.tsx @@ -60,8 +60,6 @@ const tableItems: TableItem[] = [ { classification: RiskSeverity.unknown, range: i18n.UNKNOWN_RISK_DESCRIPTION }, ]; -export const USER_RISK_INFO_BUTTON_CLASS = 'UserRiskInformation__button'; - export const UserRiskInformationButtonEmpty = () => { const [isFlyoutVisible, handleOnOpen, handleOnClose] = useOnOpenCloseHandler(); diff --git a/x-pack/plugins/security_solution/public/users/components/user_risk_information/translations.ts b/x-pack/plugins/security_solution/public/users/components/user_risk_information/translations.ts index dbf4ad96e486c..e1ea8afd6cdec 100644 --- a/x-pack/plugins/security_solution/public/users/components/user_risk_information/translations.ts +++ b/x-pack/plugins/security_solution/public/users/components/user_risk_information/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const INFORMATION_ARIA_LABEL = i18n.translate( - 'xpack.securitySolution.users.userRiskInformation.informationAriaLabel', - { - defaultMessage: 'Information', - } -); - export const INFORMATION_CLASSIFICATION_HEADER = i18n.translate( 'xpack.securitySolution.users.userRiskInformation.classificationHeader', { diff --git a/x-pack/plugins/security_solution/public/users/containers/users/details/translations.ts b/x-pack/plugins/security_solution/public/users/containers/users/details/translations.ts index abf96e1b52c7d..f0f4a3a71fede 100644 --- a/x-pack/plugins/security_solution/public/users/containers/users/details/translations.ts +++ b/x-pack/plugins/security_solution/public/users/containers/users/details/translations.ts @@ -7,13 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const ERROR_USER_DETAILS = i18n.translate( - 'xpack.securitySolution.userDetails.errorSearchDescription', - { - defaultMessage: `An error has occurred on user details search`, - } -); - export const FAIL_USER_DETAILS = i18n.translate( 'xpack.securitySolution.userDetails.failSearchDescription', { diff --git a/x-pack/plugins/security_solution/public/users/pages/details/types.ts b/x-pack/plugins/security_solution/public/users/pages/details/types.ts index 3c6f105e4a072..8f702577713f2 100644 --- a/x-pack/plugins/security_solution/public/users/pages/details/types.ts +++ b/x-pack/plugins/security_solution/public/users/pages/details/types.ts @@ -6,7 +6,7 @@ */ import type { ActionCreator } from 'typescript-fsa'; -import type { DataViewBase, Filter, Query } from '@kbn/es-query'; +import type { DataViewBase, Filter } from '@kbn/es-query'; import type { InputsModelId } from '../../../common/store/inputs/constants'; import type { UsersQueryProps } from '../types'; import type { NavTab } from '../../../common/components/navigation/types'; @@ -14,11 +14,6 @@ import type { NavTab } from '../../../common/components/navigation/types'; import type { UsersTableType } from '../../store/model'; import type { usersModel } from '../../store'; -interface UsersDetailsComponentReduxProps { - query: Query; - filters: Filter[]; -} - interface UserBodyComponentDispatchProps { setAbsoluteRangeDatePicker: ActionCreator<{ id: InputsModelId; @@ -29,19 +24,11 @@ interface UserBodyComponentDispatchProps { usersDetailsPagePath: string; } -interface UsersDetailsComponentDispatchProps extends UserBodyComponentDispatchProps { - setUsersDetailsTablesActivePageToZero: ActionCreator; -} - export interface UsersDetailsProps { detailName: string; usersDetailsPagePath: string; } -export type UsersDetailsComponentProps = UsersDetailsComponentReduxProps & - UsersDetailsComponentDispatchProps & - UsersQueryProps; - export type KeyUsersDetailsNavTabWithoutMlPermission = UsersTableType.events & UsersTableType.alerts; @@ -62,9 +49,3 @@ export type UsersDetailsTabsProps = UserBodyComponentDispatchProps & indexPattern: DataViewBase; type: usersModel.UsersType; }; - -export type SetAbsoluteRangeDatePicker = ActionCreator<{ - id: InputsModelId; - from: string; - to: string; -}>; diff --git a/x-pack/plugins/security_solution/public/users/store/helpers.ts b/x-pack/plugins/security_solution/public/users/store/helpers.ts index ee9139c4335ec..a5785e2c14f7e 100644 --- a/x-pack/plugins/security_solution/public/users/store/helpers.ts +++ b/x-pack/plugins/security_solution/public/users/store/helpers.ts @@ -6,7 +6,7 @@ */ import type { UsersModel, UsersQueries } from './model'; -import { UsersType, UsersTableType } from './model'; +import { UsersTableType } from './model'; import { DEFAULT_TABLE_ACTIVE_PAGE } from '../../common/store/constants'; export const setUsersPageQueriesActivePageToZero = (state: UsersModel): UsersQueries => ({ @@ -16,13 +16,3 @@ export const setUsersPageQueriesActivePageToZero = (state: UsersModel): UsersQue activePage: DEFAULT_TABLE_ACTIVE_PAGE, }, }); - -export const setUsersQueriesActivePageToZero = ( - state: UsersModel, - type: UsersType -): UsersQueries => { - if (type === UsersType.page) { - return setUsersPageQueriesActivePageToZero(state); - } - throw new Error(`UsersType ${type} is unknown`); -}; diff --git a/x-pack/plugins/security_solution/public/users/store/model.ts b/x-pack/plugins/security_solution/public/users/store/model.ts index 5ce996dc52623..a93ef5461609d 100644 --- a/x-pack/plugins/security_solution/public/users/store/model.ts +++ b/x-pack/plugins/security_solution/public/users/store/model.ts @@ -22,8 +22,6 @@ export enum UsersTableType { alerts = 'externalAlerts', } -export type AllUsersTables = UsersTableType; - export interface BasicQueryPaginated { activePage: number; limit: number; @@ -61,14 +59,6 @@ export interface UserDetailsPageModel { queries: UserDetailsQueries; } -export interface UsersDetailsQueries { - [UsersTableType.allUsers]: AllUsersQuery; -} - -export interface UsersDetailsModel { - queries: UsersDetailsQueries; -} - export interface UsersModel { [UsersType.page]: UsersPageModel; [UsersType.details]: UserDetailsPageModel; diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/endpoint_metadata_services.ts b/x-pack/plugins/security_solution/scripts/endpoint/common/endpoint_metadata_services.ts index 6d5059defe374..2a51c57de8bc4 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/endpoint_metadata_services.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/endpoint_metadata_services.ts @@ -6,30 +6,16 @@ */ import type { Client } from '@elastic/elasticsearch'; -import type { KbnClient } from '@kbn/test'; import type { WriteResponseBase } from '@elastic/elasticsearch/lib/api/types'; import { clone, merge } from 'lodash'; import type { DeepPartial } from 'utility-types'; -import { resolvePathVariables } from '../../../public/common/utils/resolve_path_variables'; -import { HOST_METADATA_GET_ROUTE, METADATA_DATASTREAM } from '../../../common/endpoint/constants'; -import type { HostInfo, HostMetadata } from '../../../common/endpoint/types'; +import { METADATA_DATASTREAM } from '../../../common/endpoint/constants'; +import type { HostMetadata } from '../../../common/endpoint/types'; import { EndpointDocGenerator } from '../../../common/endpoint/generate_data'; import { checkInFleetAgent } from './fleet_services'; const endpointGenerator = new EndpointDocGenerator(); -export const fetchEndpointMetadata = async ( - kbnClient: KbnClient, - agentId: string -): Promise => { - return ( - await kbnClient.request({ - method: 'GET', - path: resolvePathVariables(HOST_METADATA_GET_ROUTE, { id: agentId }), - }) - ).data; -}; - export const sendEndpointMetadataUpdate = async ( esClient: Client, agentId: string, diff --git a/x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts b/x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts index c66643df5b508..3571ffca63b07 100644 --- a/x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts +++ b/x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts @@ -16,7 +16,6 @@ import type { AgentService, FleetStartContract, AgentPolicyServiceInterface, - PackagePolicyServiceInterface, } from '@kbn/fleet-plugin/server'; import type { PluginStartContract as AlertsPluginStartContract } from '@kbn/alerting-plugin/server'; import { @@ -28,7 +27,6 @@ import type { ManifestManager } from './services/artifacts'; import type { ConfigType } from '../config'; import type { IRequestContextFactory } from '../request_context_factory'; import type { LicenseService } from '../../common/license'; -import type { ExperimentalFeatures } from '../../common/experimental_features'; import type { EndpointMetadataService } from './services/metadata'; import { EndpointAppContentServicesNotSetUpError, @@ -146,10 +144,6 @@ export class EndpointAppContextService { public stop() {} - public getExperimentalFeatures(): Readonly | undefined { - return this.startDependencies?.config.experimentalFeatures; - } - private getFleetAuthzService(): FleetStartContract['authz'] { if (!this.startDependencies?.fleetAuthzService) { throw new EndpointAppContentServicesNotStartedError(); @@ -193,14 +187,6 @@ export class EndpointAppContextService { return this.startDependencies?.agentService; } - /** @deprecated use `getScopedFleetServices()` instead */ - public getPackagePolicyService(): PackagePolicyServiceInterface { - if (!this.startDependencies?.packagePolicyService) { - throw new EndpointAppContentServicesNotStartedError(); - } - return this.startDependencies?.packagePolicyService; - } - /** @deprecated use `getScopedFleetServices()` instead */ public getAgentPolicyService(): AgentPolicyServiceInterface | undefined { return this.startDependencies?.agentPolicyService; @@ -224,13 +210,6 @@ export class EndpointAppContextService { return this.startDependencies.cases.getCasesClientWithRequest(req); } - public getExceptionListsClient(): ExceptionListClient { - if (!this.startDependencies?.exceptionListsClient) { - throw new EndpointAppContentServicesNotStartedError(); - } - return this.startDependencies.exceptionListsClient; - } - public getFeatureUsageService(): FeatureUsageService { if (this.startDependencies == null) { throw new EndpointAppContentServicesNotStartedError(); diff --git a/x-pack/plugins/security_solution/server/endpoint/errors.ts b/x-pack/plugins/security_solution/server/endpoint/errors.ts index 5929bc23059f1..126777ccca146 100644 --- a/x-pack/plugins/security_solution/server/endpoint/errors.ts +++ b/x-pack/plugins/security_solution/server/endpoint/errors.ts @@ -22,11 +22,6 @@ export class EndpointAppContentServicesNotStartedError extends EndpointError { super('EndpointAppContextService has not been started (EndpointAppContextService.start())'); } } -export class EndpointLicenseError extends EndpointError { - constructor() { - super('Your license level does not allow for this action.'); - } -} export class EndpointAuthorizationError extends EndpointError { constructor(meta?: unknown) { diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/common.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/common.ts index 23118028ead49..e8499284e880f 100644 --- a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/common.ts +++ b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/common.ts @@ -6,11 +6,7 @@ */ import type { Logger } from '@kbn/core/server'; -import type { - InternalArtifactSchema, - InternalArtifactCompleteSchema, -} from '../../schemas/artifacts'; -import { internalArtifactCompleteSchema } from '../../schemas/artifacts'; +import type { InternalArtifactSchema } from '../../schemas/artifacts'; export const ArtifactConstants = { GLOBAL_ALLOWLIST_NAME: 'endpoint-exceptionlist', @@ -41,12 +37,6 @@ export const getArtifactId = (artifact: InternalArtifactSchema) => { return `${artifact.identifier}-${artifact.decodedSha256}`; }; -export const isCompleteArtifact = ( - artifact: InternalArtifactSchema -): artifact is InternalArtifactCompleteSchema => { - return internalArtifactCompleteSchema.is(artifact); -}; - export const reportErrors = (logger: Logger, errors: Error[]) => { errors.forEach((err) => { logger.error(err); diff --git a/x-pack/plugins/security_solution/server/endpoint/mocks.ts b/x-pack/plugins/security_solution/server/endpoint/mocks.ts index 638a522616a31..7e9fd53749344 100644 --- a/x-pack/plugins/security_solution/server/endpoint/mocks.ts +++ b/x-pack/plugins/security_solution/server/endpoint/mocks.ts @@ -12,12 +12,11 @@ import type { SavedObjectsClientContract } from '@kbn/core/server'; import { listMock } from '@kbn/lists-plugin/server/mocks'; import { securityMock } from '@kbn/security-plugin/server/mocks'; import { alertsMock } from '@kbn/alerting-plugin/server/mocks'; -import type { FleetStartContract, ExternalCallback } from '@kbn/fleet-plugin/server'; +import type { FleetStartContract } from '@kbn/fleet-plugin/server'; import { createPackagePolicyServiceMock, createMockAgentPolicyService, createMockAgentService, - createArtifactsClientMock, createMockPackageService, } from '@kbn/fleet-plugin/server/mocks'; // A TS error (TS2403) is thrown when attempting to export the mock function below from Cases @@ -169,28 +168,6 @@ export const createFleetAuthzServiceMock = (): jest.Mocked { - return { - authz: createFleetAuthzServiceMock(), - fleetSetupCompleted: jest.fn().mockResolvedValue(undefined), - esIndexPatternService: { - getESIndexPattern: jest.fn().mockResolvedValue(indexPattern), - }, - agentService: createMockAgentService(), - packageService: createMockPackageService(), - agentPolicyService: createMockAgentPolicyService(), - registerExternalCallback: jest.fn((...args: ExternalCallback) => {}), - packagePolicyService: createPackagePolicyServiceMock(), - createArtifactsClient: jest.fn().mockReturnValue(createArtifactsClientMock()), - }; -}; - export const createMockMetadataRequestContext = () => { return { endpointAppContextService: createMockEndpointAppContextService(), diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.ts index 746e78c6adf2e..8cbfdc789d691 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.ts @@ -7,14 +7,12 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import { fromKueryExpression, toElasticsearchQuery } from '@kbn/es-query'; -import type { KibanaRequest } from '@kbn/core/server'; import { ENDPOINT_DEFAULT_PAGE, ENDPOINT_DEFAULT_PAGE_SIZE, metadataCurrentIndexPattern, METADATA_UNITED_INDEX, } from '../../../../common/endpoint/constants'; -import type { EndpointAppContext } from '../../types'; import { buildStatusesKuery } from './support/agent_status'; import type { GetMetadataListRequestQuery } from '../../../../common/endpoint/schema/metadata'; @@ -75,26 +73,6 @@ export async function kibanaRequestToMetadataListESQuery( }; } -export async function getPagingProperties( - // eslint-disable-next-line @typescript-eslint/no-explicit-any - request: KibanaRequest, - endpointAppContext: EndpointAppContext -) { - const pagingProperties: { page_size?: number; page_index?: number } = {}; - if (request?.body?.paging_properties) { - for (const property of request.body.paging_properties) { - Object.assign( - pagingProperties, - ...Object.keys(property).map((key) => ({ [key]: property[key] })) - ); - } - } - return { - pageSize: pagingProperties.page_size || ENDPOINT_DEFAULT_PAGE_SIZE, - pageIndex: pagingProperties.page_index || ENDPOINT_DEFAULT_PAGE, - }; -} - function buildQueryBody( kuery: string = '', unerolledAgentIds: string[] | undefined, diff --git a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts index 7703304e3ae5c..3abbbe1292885 100644 --- a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts +++ b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/lists.ts @@ -12,7 +12,6 @@ export const translatedEntryMatchAnyMatcher = t.keyof({ exact_cased_any: null, exact_caseless_any: null, }); -export type TranslatedEntryMatchAnyMatcher = t.TypeOf; export const translatedEntryMatchAny = t.exact( t.type({ @@ -22,13 +21,11 @@ export const translatedEntryMatchAny = t.exact( value: t.array(t.string), }) ); -export type TranslatedEntryMatchAny = t.TypeOf; export const translatedEntryMatchMatcher = t.keyof({ exact_cased: null, exact_caseless: null, }); -export type TranslatedEntryMatchMatcher = t.TypeOf; export const translatedEntryMatchWildcardMatcher = t.keyof({ wildcard_cased: null, @@ -52,9 +49,6 @@ export const translatedEntryMatchWildcardNameMatcher = t.keyof({ exact_cased: null, exact_caseless: null, }); -export type TranslatedEntryMatchWildcardNameMatcher = t.TypeOf< - typeof translatedEntryMatchWildcardNameMatcher ->; export const translatedEntryMatchWildcardName = t.exact( t.type({ @@ -64,8 +58,6 @@ export const translatedEntryMatchWildcardName = t.exact( value: t.string, }) ); -export type TranslatedEntryMatchWildcardName = t.TypeOf; - export const translatedEntryMatch = t.exact( t.type({ field: t.string, @@ -74,7 +66,6 @@ export const translatedEntryMatch = t.exact( value: t.string, }) ); -export type TranslatedEntryMatch = t.TypeOf; export const translatedEntryMatcher = t.union([ translatedEntryMatchMatcher, @@ -92,7 +83,6 @@ export const translatedEntryNested = t.exact( entries: t.array(translatedEntryNestedEntry), }) ); -export type TranslatedEntryNested = t.TypeOf; export const translatedEntry = t.union([ translatedEntryNested, diff --git a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.ts b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.ts index 0bb32cc10e571..d37016c83e4c9 100644 --- a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.ts +++ b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.ts @@ -30,7 +30,6 @@ export const internalArtifactRecordSchema = t.exact( encodedSize: size, }) ); -export type InternalArtifactRecordSchema = t.TypeOf; export const internalArtifactAdditionalFields = { body, @@ -48,16 +47,6 @@ export const internalArtifactCompleteSchema = t.intersection([ ]); export type InternalArtifactCompleteSchema = t.TypeOf; -export const internalArtifactCreateSchema = t.intersection([ - internalArtifactCompleteSchema, - t.exact( - t.type({ - created, - }) - ), -]); -export type InternalArtifactCreateSchema = t.TypeOf; - export const internalManifestEntrySchema = t.exact( t.type({ policyId: t.union([identifier, t.undefined]), diff --git a/x-pack/plugins/security_solution/server/features.ts b/x-pack/plugins/security_solution/server/features.ts index 4da85d9fe540a..337ed1455c4b9 100644 --- a/x-pack/plugins/security_solution/server/features.ts +++ b/x-pack/plugins/security_solution/server/features.ts @@ -7,7 +7,7 @@ import { i18n } from '@kbn/i18n'; -import type { KibanaFeatureConfig, SubFeatureConfig } from '@kbn/features-plugin/common'; +import type { KibanaFeatureConfig } from '@kbn/features-plugin/common'; import { DEFAULT_APP_CATEGORIES } from '@kbn/core/server'; import { DATA_VIEW_SAVED_OBJECT_TYPE } from '@kbn/data-views-plugin/common'; import { createUICapabilities } from '@kbn/cases-plugin/common'; @@ -94,53 +94,6 @@ export const getCasesKibanaFeature = (): KibanaFeatureConfig => { }; }; -export const getAlertsSubFeature = (ruleTypes: string[]): SubFeatureConfig => ({ - name: i18n.translate('xpack.securitySolution.featureRegistry.manageAlertsName', { - defaultMessage: 'Alerts', - }), - privilegeGroups: [ - { - groupType: 'mutually_exclusive', - privileges: [ - { - id: 'alerts_all', - name: i18n.translate('xpack.securitySolution.featureRegistry.subfeature.alertsAllName', { - defaultMessage: 'All', - }), - includeIn: 'all' as 'all', - alerting: { - alert: { - all: ruleTypes, - }, - }, - savedObject: { - all: [], - read: [], - }, - ui: ['crud_alerts', 'read_alerts'], - }, - { - id: 'alerts_read', - name: i18n.translate('xpack.securitySolution.featureRegistry.subfeature.alertsReadName', { - defaultMessage: 'Read', - }), - includeIn: 'read' as 'read', - alerting: { - alert: { - read: ruleTypes, - }, - }, - savedObject: { - all: [], - read: [], - }, - ui: ['read_alerts'], - }, - ], - }, - ], -}); - // Same as the plugin id defined by Cloud Security Posture const CLOUD_POSTURE_APP_ID = 'csp'; // Same as the saved-object type for rules defined by Cloud Security Posture diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/get_index_versions_by_index.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/get_index_versions_by_index.ts index 4757ba49cadbf..9f1066b44d830 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/get_index_versions_by_index.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/get_index_versions_by_index.ts @@ -7,10 +7,6 @@ import type { ElasticsearchClient } from '@kbn/core/server'; -export interface IndexMappingsResponse { - [indexName: string]: { mappings: { _meta: { version: number } } }; -} - export interface IndexVersionsByIndex { [indexName: string]: number | undefined; } diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/migration_service.mock.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/migration_service.mock.ts deleted file mode 100644 index 3f80302ab087c..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/migration_service.mock.ts +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { SignalsMigrationService } from './migration_service'; - -const create = () => - ({ - create: jest.fn(), - delete: jest.fn(), - finalize: jest.fn(), - } as jest.Mocked); - -export const migrationServiceMock = { create }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/saved_objects_client.mock.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/saved_objects_client.mock.ts deleted file mode 100644 index 3a9b8324b3f92..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/saved_objects_client.mock.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { SignalsMigrationSOClient } from './saved_objects_client'; - -const create = () => - ({ - bulkGet: jest.fn(), - create: jest.fn(), - delete: jest.fn(), - find: jest.fn(), - update: jest.fn(), - } as jest.Mocked); - -export const savedObjectClientMock = { create }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts index ae1dae64fa724..c8cfeee596500 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts @@ -11,7 +11,6 @@ import { ruleTypeMappings } from '@kbn/securitysolution-rules'; import type { SavedObjectsFindResponse, SavedObjectsFindResult } from '@kbn/core/server'; -import type { ActionResult } from '@kbn/actions-plugin/server'; import { DETECTION_ENGINE_RULES_URL, DETECTION_ENGINE_SIGNALS_STATUS_URL, @@ -33,7 +32,6 @@ import type { QuerySignalsSchemaDecoded } from '../../../../../common/detection_ import type { SetSignalsStatusSchemaDecoded } from '../../../../../common/detection_engine/schemas/request/set_signal_status_schema'; import { getCreateRulesSchemaMock } from '../../../../../common/detection_engine/schemas/request/rule_schemas.mock'; import { getFinalizeSignalsMigrationSchemaMock } from '../../../../../common/detection_engine/schemas/request/finalize_signals_migration_schema.mock'; -import type { EqlSearchResponse } from '../../../../../common/detection_engine/types'; import { getSignalsMigrationStatusSchemaMock } from '../../../../../common/detection_engine/schemas/request/get_signals_migration_status_schema.mock'; import type { RuleParams } from '../../schemas/rule_schemas'; import type { SanitizedRule, ResolvedSanitizedRule } from '@kbn/alerting-plugin/common'; @@ -42,10 +40,7 @@ import { getPerformBulkActionSchemaMock, getPerformBulkActionEditSchemaMock, } from '../../../../../common/detection_engine/schemas/request/perform_bulk_action_schema.mock'; -import type { - RuleExecutionEvent, - RuleExecutionSummary, -} from '../../../../../common/detection_engine/schemas/common'; +import type { RuleExecutionSummary } from '../../../../../common/detection_engine/schemas/common'; import { RuleExecutionStatus } from '../../../../../common/detection_engine/schemas/common'; // eslint-disable-next-line no-restricted-imports import type { LegacyRuleNotificationAlertType } from '../../notifications/legacy_types'; @@ -316,28 +311,6 @@ export const createBulkMlRuleRequest = () => { }); }; -// TODO: Replace this with a mocks file version -export const createRuleWithActionsRequest = () => { - const payload = getCreateRulesSchemaMock(); - - return requestMock.create({ - method: 'post', - path: DETECTION_ENGINE_RULES_URL, - body: { - ...payload, - throttle: '5m', - actions: [ - { - group: 'default', - id: '99403909-ca9b-49ba-9d7a-7e5320e68d05', - params: { message: 'Rule generated {{state.signals_count}} signals' }, - action_type_id: '.slack', - }, - ], - }, - }); -}; - export const getSetSignalStatusByIdsRequest = () => requestMock.create({ method: 'post', @@ -373,15 +346,6 @@ export const getSignalsAggsAndQueryRequest = () => body: { ...typicalSignalsQuery(), ...typicalSignalsQueryAggs() }, }); -export const createActionResult = (): ActionResult => ({ - id: 'result-1', - actionTypeId: 'action-id-1', - name: '', - config: {}, - isPreconfigured: false, - isDeprecated: false, -}); - export const nonRuleAlert = () => ({ // Defaulting to QueryRuleParams because ts doesn't like empty objects ...getRuleMock(getQueryRuleParams()), @@ -421,15 +385,6 @@ export const resolveRuleMock = (params: T): ResolvedSaniti ...getRuleMock(params), }); -export const updateActionResult = (): ActionResult => ({ - id: 'result-1', - actionTypeId: 'action-id-1', - name: '', - config: {}, - isPreconfigured: false, - isDeprecated: false, -}); - export const getMockPrivilegesResult = () => ({ username: 'test-space', has_all_requested: false, @@ -527,35 +482,6 @@ export const getRuleExecutionSummaries = (): RuleExecutionSummariesByRuleId => ( '1ea5a820-4da1-4e82-92a1-2b43a7bece08': getRuleExecutionSummaryFailed(), }); -// TODO: https://github.com/elastic/kibana/pull/121644 clean up -export const getLastFailures = (): RuleExecutionEvent[] => [ - { - date: '2021-12-28T10:30:00.806Z', - status: RuleExecutionStatus.failed, - message: 'Rule failed', - }, - { - date: '2021-12-28T10:25:00.806Z', - status: RuleExecutionStatus.failed, - message: 'Rule failed', - }, - { - date: '2021-12-28T10:20:00.806Z', - status: RuleExecutionStatus.failed, - message: 'Rule failed', - }, - { - date: '2021-12-28T10:15:00.806Z', - status: RuleExecutionStatus.failed, - message: 'Rule failed', - }, - { - date: '2021-12-28T10:10:00.806Z', - status: RuleExecutionStatus.failed, - message: 'Rule failed', - }, -]; - export const getAggregateExecutionEvents = (): GetAggregateRuleExecutionEventsResponse => ({ events: [ { @@ -641,22 +567,6 @@ export const getEmptySignalsResponse = (): estypes.SearchResponse => ({ }, }); -export const getEmptyEqlSearchResponse = (): EqlSearchResponse => ({ - hits: { total: { value: 0, relation: 'eq' }, events: [] }, - is_partial: false, - is_running: false, - took: 1, - timed_out: false, -}); - -export const getEmptyEqlSequencesResponse = (): EqlSearchResponse => ({ - hits: { total: { value: 0, relation: 'eq' }, sequences: [] }, - is_partial: false, - is_running: false, - took: 1, - timed_out: false, -}); - export const getSuccessfulSignalUpdateResponse = (): estypes.UpdateByQueryResponse => ({ took: 18, timed_out: false, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts index 642236f950308..87e8f06fd8cea 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts @@ -5,12 +5,6 @@ * 2.0. */ -import { - SPACE_IDS, - ALERT_RULE_CONSUMER, - ALERT_RULE_PRODUCER, - ALERT_RULE_TYPE_ID, -} from '@kbn/rule-data-utils'; import { merge } from 'lodash'; import signalsMapping from './signals_mapping.json'; import ecsMapping from './ecs_mapping.json'; @@ -56,7 +50,6 @@ export const SIGNALS_FIELD_ALIASES_VERSION = 3; rules to write signals correctly. If the write index has a `version` less than this value, the EQL rule will throw an error on execution. */ -export const MIN_EQL_RULE_INDEX_VERSION = 2; export const ALIAS_VERSION_FIELD = 'aliases_version'; export const getSignalsTemplate = (index: string, aadIndexAliasName: string) => { @@ -172,27 +165,3 @@ export const createBackwardsCompatibilityMapping = (version: number) => { return merge({ properties }, ...mappings, meta); }; - -export const getRbacRequiredFields = (spaceId: string) => { - return { - [SPACE_IDS]: { - type: 'constant_keyword', - value: spaceId, - }, - [ALERT_RULE_CONSUMER]: { - type: 'constant_keyword', - value: 'siem', - }, - [ALERT_RULE_PRODUCER]: { - type: 'constant_keyword', - value: 'siem', - }, - // TODO: discuss naming of this field and what the value will be for legacy signals. - // Can we leave it as 'siem.signals' or do we need a runtime field that will map signal.rule.type - // to the new ruleTypeId? - [ALERT_RULE_TYPE_ID]: { - type: 'constant_keyword', - value: 'siem.signals', - }, - }; -}; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/eql.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/eql.ts deleted file mode 100644 index dd465317c6cdc..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/eql.ts +++ /dev/null @@ -1,791 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { EqlSearchStrategyResponse } from '@kbn/data-plugin/common'; -import type { EqlSearchResponse } from '../../../../../common/detection_engine/types'; - -export const sequenceResponse = { - rawResponse: { - body: { - is_partial: false, - is_running: false, - took: 527, - timed_out: false, - hits: { - total: { - value: 10, - relation: 'eq', - }, - sequences: [ - { - join_keys: ['win2019-endpoint-mr-pedro'], - events: [ - { - _index: '.ds-logs-endpoint.events.security-default-2021.02.05-000005', - _id: 'qhymg3cBX5UUcOOYP3Ec', - _source: { - agent: { - id: '1d15cf9e-3dc7-5b97-f586-743f7c2518b2', - type: 'endpoint', - version: '7.10.0', - }, - process: { - Ext: { - ancestry: [ - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTIzODAtMTMyNTUwNzg2ODkuOTY1Nzg1NTAw', - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTU2OC0xMzI1NTA3ODY2Ny4zMjk3MDY2MDA=', - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTQ2OC0xMzI1NTA3ODY2NS42Mzg5MzY1MDA=', - ], - }, - name: 'C:\\Program Files\\OpenSSH-Win64\\sshd.exe', - entity_id: - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTUyODQtMTMyNTcyOTQ2MjMuOTk2NTkxMDAw', - executable: 'C:\\Program Files\\OpenSSH-Win64\\sshd.exe', - }, - message: 'Endpoint security event', - '@timestamp': '2021-02-08T21:50:28.3377092Z', - ecs: { - version: '1.5.0', - }, - data_stream: { - namespace: 'default', - type: 'logs', - dataset: 'endpoint.events.security', - }, - elastic: { - agent: { - id: 'f5dec71e-438c-424e-ac9b-0281f10412b9', - }, - }, - host: { - hostname: 'win2019-endpoint-mr-pedro', - os: { - Ext: { - variant: 'Windows Server 2019 Datacenter', - }, - kernel: '1809 (10.0.17763.1697)', - name: 'Windows', - family: 'windows', - version: '1809 (10.0.17763.1697)', - platform: 'windows', - full: 'Windows Server 2019 Datacenter 1809 (10.0.17763.1697)', - }, - ip: ['10.128.0.57', 'fe80::9ced:8f1c:880b:3e1f', '127.0.0.1', '::1'], - name: 'win2019-endpoint-mr-pedro', - id: 'd8ad572e-d224-4044-a57d-f5a84c0dfe5d', - mac: ['42:01:0a:80:00:39'], - architecture: 'x86_64', - }, - event: { - sequence: 3293866, - ingested: '2021-02-08T21:57:26.417559711Z', - created: '2021-02-08T21:50:28.3377092Z', - kind: 'event', - module: 'endpoint', - action: 'log_on', - id: 'LzzWB9jjGmCwGMvk++++FG/O', - category: ['authentication', 'session'], - type: ['start'], - dataset: 'endpoint.events.security', - outcome: 'success', - }, - user: { - domain: 'NT AUTHORITY', - name: 'SYSTEM', - }, - }, - }, - { - _index: '.ds-logs-endpoint.events.security-default-2021.02.05-000005', - _id: 'qxymg3cBX5UUcOOYP3Ec', - _source: { - agent: { - id: '1d15cf9e-3dc7-5b97-f586-743f7c2518b2', - type: 'endpoint', - version: '7.10.0', - }, - process: { - Ext: { - ancestry: [ - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTQ2OC0xMzI1NTA3ODY2NS42Mzg5MzY1MDA=', - ], - }, - entity_id: - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTU4MC0xMzI1NTA3ODY2Ny45MTg5Njc1MDA=', - executable: 'C:\\Windows\\System32\\lsass.exe', - }, - message: 'Endpoint security event', - '@timestamp': '2021-02-08T21:50:28.3377142Z', - ecs: { - version: '1.5.0', - }, - data_stream: { - namespace: 'default', - type: 'logs', - dataset: 'endpoint.events.security', - }, - elastic: { - agent: { - id: 'f5dec71e-438c-424e-ac9b-0281f10412b9', - }, - }, - host: { - hostname: 'win2019-endpoint-mr-pedro', - os: { - Ext: { - variant: 'Windows Server 2019 Datacenter', - }, - kernel: '1809 (10.0.17763.1697)', - name: 'Windows', - family: 'windows', - version: '1809 (10.0.17763.1697)', - platform: 'windows', - full: 'Windows Server 2019 Datacenter 1809 (10.0.17763.1697)', - }, - ip: ['10.128.0.57', 'fe80::9ced:8f1c:880b:3e1f', '127.0.0.1', '::1'], - name: 'win2019-endpoint-mr-pedro', - id: 'd8ad572e-d224-4044-a57d-f5a84c0dfe5d', - mac: ['42:01:0a:80:00:39'], - architecture: 'x86_64', - }, - event: { - sequence: 3293867, - ingested: '2021-02-08T21:57:26.417596906Z', - created: '2021-02-08T21:50:28.3377142Z', - kind: 'event', - module: 'endpoint', - action: 'log_on', - id: 'LzzWB9jjGmCwGMvk++++FG/P', - category: ['authentication', 'session'], - type: ['start'], - dataset: 'endpoint.events.security', - outcome: 'success', - }, - user: { - domain: 'NT AUTHORITY', - name: 'SYSTEM', - }, - }, - }, - { - _index: '.ds-logs-endpoint.events.security-default-2021.02.05-000005', - _id: 'rBymg3cBX5UUcOOYP3Ec', - _source: { - agent: { - id: '1d15cf9e-3dc7-5b97-f586-743f7c2518b2', - type: 'endpoint', - version: '7.10.0', - }, - process: { - Ext: { - ancestry: [ - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTQ2OC0xMzI1NTA3ODY2NS42Mzg5MzY1MDA=', - ], - }, - entity_id: - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTU4MC0xMzI1NTA3ODY2Ny45MTg5Njc1MDA=', - executable: 'C:\\Windows\\System32\\lsass.exe', - }, - message: 'Endpoint security event', - '@timestamp': '2021-02-08T21:50:28.3381013Z', - ecs: { - version: '1.5.0', - }, - data_stream: { - namespace: 'default', - type: 'logs', - dataset: 'endpoint.events.security', - }, - elastic: { - agent: { - id: 'f5dec71e-438c-424e-ac9b-0281f10412b9', - }, - }, - host: { - hostname: 'win2019-endpoint-mr-pedro', - os: { - Ext: { - variant: 'Windows Server 2019 Datacenter', - }, - kernel: '1809 (10.0.17763.1697)', - name: 'Windows', - family: 'windows', - version: '1809 (10.0.17763.1697)', - platform: 'windows', - full: 'Windows Server 2019 Datacenter 1809 (10.0.17763.1697)', - }, - ip: ['10.128.0.57', 'fe80::9ced:8f1c:880b:3e1f', '127.0.0.1', '::1'], - name: 'win2019-endpoint-mr-pedro', - id: 'd8ad572e-d224-4044-a57d-f5a84c0dfe5d', - mac: ['42:01:0a:80:00:39'], - architecture: 'x86_64', - }, - event: { - sequence: 3293868, - ingested: '2021-02-08T21:57:26.417632166Z', - created: '2021-02-08T21:50:28.3381013Z', - kind: 'event', - module: 'endpoint', - id: 'LzzWB9jjGmCwGMvk++++FG/Q', - category: [], - type: [], - dataset: 'endpoint.events.security', - }, - user: { - domain: 'NT AUTHORITY', - name: 'SYSTEM', - }, - }, - }, - ], - }, - { - join_keys: ['win2019-endpoint-mr-pedro'], - events: [ - { - _index: '.ds-logs-endpoint.events.security-default-2021.02.05-000005', - _id: 'qxymg3cBX5UUcOOYP3Ec', - _source: { - agent: { - id: '1d15cf9e-3dc7-5b97-f586-743f7c2518b2', - type: 'endpoint', - version: '7.10.0', - }, - process: { - Ext: { - ancestry: [ - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTQ2OC0xMzI1NTA3ODY2NS42Mzg5MzY1MDA=', - ], - }, - entity_id: - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTU4MC0xMzI1NTA3ODY2Ny45MTg5Njc1MDA=', - executable: 'C:\\Windows\\System32\\lsass.exe', - }, - message: 'Endpoint security event', - '@timestamp': '2021-02-08T21:50:28.3377142Z', - ecs: { - version: '1.5.0', - }, - data_stream: { - namespace: 'default', - type: 'logs', - dataset: 'endpoint.events.security', - }, - elastic: { - agent: { - id: 'f5dec71e-438c-424e-ac9b-0281f10412b9', - }, - }, - host: { - hostname: 'win2019-endpoint-mr-pedro', - os: { - Ext: { - variant: 'Windows Server 2019 Datacenter', - }, - kernel: '1809 (10.0.17763.1697)', - name: 'Windows', - family: 'windows', - version: '1809 (10.0.17763.1697)', - platform: 'windows', - full: 'Windows Server 2019 Datacenter 1809 (10.0.17763.1697)', - }, - ip: ['10.128.0.57', 'fe80::9ced:8f1c:880b:3e1f', '127.0.0.1', '::1'], - name: 'win2019-endpoint-mr-pedro', - id: 'd8ad572e-d224-4044-a57d-f5a84c0dfe5d', - mac: ['42:01:0a:80:00:39'], - architecture: 'x86_64', - }, - event: { - sequence: 3293867, - ingested: '2021-02-08T21:57:26.417596906Z', - created: '2021-02-08T21:50:28.3377142Z', - kind: 'event', - module: 'endpoint', - action: 'log_on', - id: 'LzzWB9jjGmCwGMvk++++FG/P', - category: ['authentication', 'session'], - type: ['start'], - dataset: 'endpoint.events.security', - outcome: 'success', - }, - user: { - domain: 'NT AUTHORITY', - name: 'SYSTEM', - }, - }, - }, - { - _index: '.ds-logs-endpoint.events.security-default-2021.02.05-000005', - _id: 'rBymg3cBX5UUcOOYP3Ec', - _source: { - agent: { - id: '1d15cf9e-3dc7-5b97-f586-743f7c2518b2', - type: 'endpoint', - version: '7.10.0', - }, - process: { - Ext: { - ancestry: [ - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTQ2OC0xMzI1NTA3ODY2NS42Mzg5MzY1MDA=', - ], - }, - entity_id: - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTU4MC0xMzI1NTA3ODY2Ny45MTg5Njc1MDA=', - executable: 'C:\\Windows\\System32\\lsass.exe', - }, - message: 'Endpoint security event', - '@timestamp': '2021-02-08T21:50:28.3381013Z', - ecs: { - version: '1.5.0', - }, - data_stream: { - namespace: 'default', - type: 'logs', - dataset: 'endpoint.events.security', - }, - elastic: { - agent: { - id: 'f5dec71e-438c-424e-ac9b-0281f10412b9', - }, - }, - host: { - hostname: 'win2019-endpoint-mr-pedro', - os: { - Ext: { - variant: 'Windows Server 2019 Datacenter', - }, - kernel: '1809 (10.0.17763.1697)', - name: 'Windows', - family: 'windows', - version: '1809 (10.0.17763.1697)', - platform: 'windows', - full: 'Windows Server 2019 Datacenter 1809 (10.0.17763.1697)', - }, - ip: ['10.128.0.57', 'fe80::9ced:8f1c:880b:3e1f', '127.0.0.1', '::1'], - name: 'win2019-endpoint-mr-pedro', - id: 'd8ad572e-d224-4044-a57d-f5a84c0dfe5d', - mac: ['42:01:0a:80:00:39'], - architecture: 'x86_64', - }, - event: { - sequence: 3293868, - ingested: '2021-02-08T21:57:26.417632166Z', - created: '2021-02-08T21:50:28.3381013Z', - kind: 'event', - module: 'endpoint', - id: 'LzzWB9jjGmCwGMvk++++FG/Q', - category: [], - type: [], - dataset: 'endpoint.events.security', - }, - user: { - domain: 'NT AUTHORITY', - name: 'SYSTEM', - }, - }, - }, - { - _index: '.ds-logs-endpoint.events.process-default-2021.02.02-000005', - _id: 'pxymg3cBX5UUcOOYP3Ec', - _source: { - agent: { - id: '1d15cf9e-3dc7-5b97-f586-743f7c2518b2', - type: 'endpoint', - version: '7.10.0', - }, - process: { - Ext: { - ancestry: [ - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTUyODQtMTMyNTcyOTQ2MjMuOTk2NTkxMDAw', - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTIzODAtMTMyNTUwNzg2ODkuOTY1Nzg1NTAw', - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTU2OC0xMzI1NTA3ODY2Ny4zMjk3MDY2MDA=', - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTQ2OC0xMzI1NTA3ODY2NS42Mzg5MzY1MDA=', - ], - code_signature: [ - { - trusted: true, - subject_name: 'Microsoft Corporation', - exists: true, - status: 'trusted', - }, - ], - token: { - integrity_level_name: 'high', - elevation_level: 'default', - }, - }, - args: ['C:\\Program Files\\OpenSSH-Win64\\sshd.exe', '-y'], - parent: { - args: ['C:\\Program Files\\OpenSSH-Win64\\sshd.exe', '-R'], - name: 'sshd.exe', - pid: 5284, - args_count: 2, - entity_id: - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTUyODQtMTMyNTcyOTQ2MjMuOTk2NTkxMDAw', - command_line: '"C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -R', - executable: 'C:\\Program Files\\OpenSSH-Win64\\sshd.exe', - }, - code_signature: { - trusted: true, - subject_name: 'Microsoft Corporation', - exists: true, - status: 'trusted', - }, - name: 'sshd.exe', - pid: 6368, - args_count: 2, - entity_id: - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTYzNjgtMTMyNTcyOTQ2MjguMzQ0NjM1NTAw', - command_line: '"C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -y', - executable: 'C:\\Program Files\\OpenSSH-Win64\\sshd.exe', - hash: { - sha1: '631244d731f406394c17c7dfd85203e317c74814', - sha256: 'e6a972f9db27de18be225095b3b3141b945be8aadc4014c8704ae5acafe3e8e0', - md5: '331ba0e529810ef718dd3efbd1242302', - }, - }, - message: 'Endpoint process event', - '@timestamp': '2021-02-08T21:50:28.3446355Z', - ecs: { - version: '1.5.0', - }, - data_stream: { - namespace: 'default', - type: 'logs', - dataset: 'endpoint.events.process', - }, - elastic: { - agent: { - id: 'f5dec71e-438c-424e-ac9b-0281f10412b9', - }, - }, - host: { - hostname: 'win2019-endpoint-mr-pedro', - os: { - Ext: { - variant: 'Windows Server 2019 Datacenter', - }, - kernel: '1809 (10.0.17763.1697)', - name: 'Windows', - family: 'windows', - version: '1809 (10.0.17763.1697)', - platform: 'windows', - full: 'Windows Server 2019 Datacenter 1809 (10.0.17763.1697)', - }, - ip: ['10.128.0.57', 'fe80::9ced:8f1c:880b:3e1f', '127.0.0.1', '::1'], - name: 'win2019-endpoint-mr-pedro', - id: 'd8ad572e-d224-4044-a57d-f5a84c0dfe5d', - mac: ['42:01:0a:80:00:39'], - architecture: 'x86_64', - }, - event: { - sequence: 3293863, - ingested: '2021-02-08T21:57:26.417387865Z', - created: '2021-02-08T21:50:28.3446355Z', - kind: 'event', - module: 'endpoint', - action: 'start', - id: 'LzzWB9jjGmCwGMvk++++FG/K', - category: ['process'], - type: ['start'], - dataset: 'endpoint.events.process', - }, - user: { - domain: '', - name: '', - }, - }, - }, - ], - }, - { - join_keys: ['win2019-endpoint-mr-pedro'], - events: [ - { - _index: '.ds-logs-endpoint.events.security-default-2021.02.05-000005', - _id: 'rBymg3cBX5UUcOOYP3Ec', - _source: { - agent: { - id: '1d15cf9e-3dc7-5b97-f586-743f7c2518b2', - type: 'endpoint', - version: '7.10.0', - }, - process: { - Ext: { - ancestry: [ - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTQ2OC0xMzI1NTA3ODY2NS42Mzg5MzY1MDA=', - ], - }, - entity_id: - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTU4MC0xMzI1NTA3ODY2Ny45MTg5Njc1MDA=', - executable: 'C:\\Windows\\System32\\lsass.exe', - }, - message: 'Endpoint security event', - '@timestamp': '2021-02-08T21:50:28.3381013Z', - ecs: { - version: '1.5.0', - }, - data_stream: { - namespace: 'default', - type: 'logs', - dataset: 'endpoint.events.security', - }, - elastic: { - agent: { - id: 'f5dec71e-438c-424e-ac9b-0281f10412b9', - }, - }, - host: { - hostname: 'win2019-endpoint-mr-pedro', - os: { - Ext: { - variant: 'Windows Server 2019 Datacenter', - }, - kernel: '1809 (10.0.17763.1697)', - name: 'Windows', - family: 'windows', - version: '1809 (10.0.17763.1697)', - platform: 'windows', - full: 'Windows Server 2019 Datacenter 1809 (10.0.17763.1697)', - }, - ip: ['10.128.0.57', 'fe80::9ced:8f1c:880b:3e1f', '127.0.0.1', '::1'], - name: 'win2019-endpoint-mr-pedro', - id: 'd8ad572e-d224-4044-a57d-f5a84c0dfe5d', - mac: ['42:01:0a:80:00:39'], - architecture: 'x86_64', - }, - event: { - sequence: 3293868, - ingested: '2021-02-08T21:57:26.417632166Z', - created: '2021-02-08T21:50:28.3381013Z', - kind: 'event', - module: 'endpoint', - id: 'LzzWB9jjGmCwGMvk++++FG/Q', - category: [], - type: [], - dataset: 'endpoint.events.security', - }, - user: { - domain: 'NT AUTHORITY', - name: 'SYSTEM', - }, - }, - }, - { - _index: '.ds-logs-endpoint.events.process-default-2021.02.02-000005', - _id: 'pxymg3cBX5UUcOOYP3Ec', - _source: { - agent: { - id: '1d15cf9e-3dc7-5b97-f586-743f7c2518b2', - type: 'endpoint', - version: '7.10.0', - }, - process: { - Ext: { - ancestry: [ - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTUyODQtMTMyNTcyOTQ2MjMuOTk2NTkxMDAw', - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTIzODAtMTMyNTUwNzg2ODkuOTY1Nzg1NTAw', - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTU2OC0xMzI1NTA3ODY2Ny4zMjk3MDY2MDA=', - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTQ2OC0xMzI1NTA3ODY2NS42Mzg5MzY1MDA=', - ], - code_signature: [ - { - trusted: true, - subject_name: 'Microsoft Corporation', - exists: true, - status: 'trusted', - }, - ], - token: { - integrity_level_name: 'high', - elevation_level: 'default', - }, - }, - args: ['C:\\Program Files\\OpenSSH-Win64\\sshd.exe', '-y'], - parent: { - args: ['C:\\Program Files\\OpenSSH-Win64\\sshd.exe', '-R'], - name: 'sshd.exe', - pid: 5284, - args_count: 2, - entity_id: - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTUyODQtMTMyNTcyOTQ2MjMuOTk2NTkxMDAw', - command_line: '"C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -R', - executable: 'C:\\Program Files\\OpenSSH-Win64\\sshd.exe', - }, - code_signature: { - trusted: true, - subject_name: 'Microsoft Corporation', - exists: true, - status: 'trusted', - }, - name: 'sshd.exe', - pid: 6368, - args_count: 2, - entity_id: - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTYzNjgtMTMyNTcyOTQ2MjguMzQ0NjM1NTAw', - command_line: '"C:\\Program Files\\OpenSSH-Win64\\sshd.exe" -y', - executable: 'C:\\Program Files\\OpenSSH-Win64\\sshd.exe', - hash: { - sha1: '631244d731f406394c17c7dfd85203e317c74814', - sha256: 'e6a972f9db27de18be225095b3b3141b945be8aadc4014c8704ae5acafe3e8e0', - md5: '331ba0e529810ef718dd3efbd1242302', - }, - }, - message: 'Endpoint process event', - '@timestamp': '2021-02-08T21:50:28.3446355Z', - ecs: { - version: '1.5.0', - }, - data_stream: { - namespace: 'default', - type: 'logs', - dataset: 'endpoint.events.process', - }, - elastic: { - agent: { - id: 'f5dec71e-438c-424e-ac9b-0281f10412b9', - }, - }, - host: { - hostname: 'win2019-endpoint-mr-pedro', - os: { - Ext: { - variant: 'Windows Server 2019 Datacenter', - }, - kernel: '1809 (10.0.17763.1697)', - name: 'Windows', - family: 'windows', - version: '1809 (10.0.17763.1697)', - platform: 'windows', - full: 'Windows Server 2019 Datacenter 1809 (10.0.17763.1697)', - }, - ip: ['10.128.0.57', 'fe80::9ced:8f1c:880b:3e1f', '127.0.0.1', '::1'], - name: 'win2019-endpoint-mr-pedro', - id: 'd8ad572e-d224-4044-a57d-f5a84c0dfe5d', - mac: ['42:01:0a:80:00:39'], - architecture: 'x86_64', - }, - event: { - sequence: 3293863, - ingested: '2021-02-08T21:57:26.417387865Z', - created: '2021-02-08T21:50:28.3446355Z', - kind: 'event', - module: 'endpoint', - action: 'start', - id: 'LzzWB9jjGmCwGMvk++++FG/K', - category: ['process'], - type: ['start'], - dataset: 'endpoint.events.process', - }, - user: { - domain: '', - name: '', - }, - }, - }, - { - _index: '.ds-logs-endpoint.events.network-default-2021.02.02-000005', - _id: 'qBymg3cBX5UUcOOYP3Ec', - _source: { - agent: { - id: '1d15cf9e-3dc7-5b97-f586-743f7c2518b2', - type: 'endpoint', - version: '7.10.0', - }, - process: { - Ext: { - ancestry: [ - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTU2OC0xMzI1NTA3ODY2Ny4zMjk3MDY2MDA=', - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTQ2OC0xMzI1NTA3ODY2NS42Mzg5MzY1MDA=', - ], - }, - name: 'svchost.exe', - pid: 968, - entity_id: - 'MWQxNWNmOWUtM2RjNy01Yjk3LWY1ODYtNzQzZjdjMjUxOGIyLTk2OC0xMzI1NTA3ODY3My4yNjQyNDcyMDA=', - executable: 'C:\\Windows\\System32\\svchost.exe', - }, - destination: { - address: '10.128.0.57', - port: 3389, - bytes: 1681, - ip: '10.128.0.57', - }, - source: { - address: '142.202.189.139', - port: 16151, - bytes: 1224, - ip: '142.202.189.139', - }, - message: 'Endpoint network event', - network: { - transport: 'tcp', - type: 'ipv4', - direction: 'incoming', - }, - '@timestamp': '2021-02-08T21:50:28.5553532Z', - ecs: { - version: '1.5.0', - }, - data_stream: { - namespace: 'default', - type: 'logs', - dataset: 'endpoint.events.network', - }, - elastic: { - agent: { - id: 'f5dec71e-438c-424e-ac9b-0281f10412b9', - }, - }, - host: { - hostname: 'win2019-endpoint-mr-pedro', - os: { - Ext: { - variant: 'Windows Server 2019 Datacenter', - }, - kernel: '1809 (10.0.17763.1697)', - name: 'Windows', - family: 'windows', - version: '1809 (10.0.17763.1697)', - platform: 'windows', - full: 'Windows Server 2019 Datacenter 1809 (10.0.17763.1697)', - }, - ip: ['10.128.0.57', 'fe80::9ced:8f1c:880b:3e1f', '127.0.0.1', '::1'], - name: 'win2019-endpoint-mr-pedro', - id: 'd8ad572e-d224-4044-a57d-f5a84c0dfe5d', - mac: ['42:01:0a:80:00:39'], - architecture: 'x86_64', - }, - event: { - sequence: 3293864, - ingested: '2021-02-08T21:57:26.417451347Z', - created: '2021-02-08T21:50:28.5553532Z', - kind: 'event', - module: 'endpoint', - action: 'disconnect_received', - id: 'LzzWB9jjGmCwGMvk++++FG/L', - category: ['network'], - type: ['end'], - dataset: 'endpoint.events.network', - }, - user: { - domain: 'NT AUTHORITY', - name: 'NETWORK SERVICE', - }, - }, - }, - ], - }, - ], - }, - }, - statusCode: 200, - headers: {}, - meta: {}, - hits: {}, - }, -} as unknown as EqlSearchStrategyResponse>; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/threshold.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/threshold.ts index 3785ccf812eb1..21107ba361645 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/threshold.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/threshold.ts @@ -36,48 +36,6 @@ import { ALERT_THRESHOLD_RESULT, } from '../../../../../common/field_maps/field_names'; -export const mockThresholdResults = { - rawResponse: { - body: { - is_partial: false, - is_running: false, - took: 527, - timed_out: false, - hits: { - total: { - value: 0, - relation: 'eq', - }, - hits: [], - }, - aggregations: { - 'threshold_0:source.ip': { - buckets: [ - { - key: '127.0.0.1', - doc_count: 5, - 'threshold_1:host.name': { - buckets: [ - { - key: 'tardigrade', - doc_count: 3, - max_timestamp: { - value_as_string: '2020-04-20T21:26:30.000Z', - }, - cardinality_count: { - value: 3, - }, - }, - ], - }, - }, - ], - }, - }, - }, - }, -}; - export const sampleThresholdAlert = { _id: 'b3ad77a4-65bd-4c4e-89cf-13c46f54bc4d', _index: 'some-index', diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts index ec898c9f3f220..569b253dd9089 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts @@ -10,7 +10,7 @@ import type { Readable } from 'stream'; import type { SavedObjectAttributes, SavedObjectsClientContract } from '@kbn/core/server'; import { ruleTypeMappings } from '@kbn/securitysolution-rules'; -import type { RulesClient, PartialRule, BulkEditOperation } from '@kbn/alerting-plugin/server'; +import type { RulesClient, PartialRule } from '@kbn/alerting-plugin/server'; import type { SanitizedRule } from '@kbn/alerting-plugin/common'; import type { UpdateRulesSchema } from '../../../../common/detection_engine/schemas/request'; import type { @@ -55,12 +55,6 @@ export interface Clients { rulesClient: RulesClient; } -export const isAlertTypes = ( - partialAlert: Array> -): partialAlert is RuleAlertType[] => { - return partialAlert.every((rule) => isAlertType(rule)); -}; - export const isAlertType = ( partialAlert: PartialRule ): partialAlert is RuleAlertType => { @@ -110,15 +104,6 @@ export interface FindRuleOptions { sortOrder: SortOrderOrUndefined; } -export interface BulkEditRulesOptions { - isRuleRegistryEnabled: boolean; - rulesClient: RulesClient; - operations: BulkEditOperation[]; - filter?: QueryFilterOrUndefined; - ids?: string[]; - paramsModifier?: (params: RuleParams) => Promise; -} - export interface LegacyMigrateParams { rulesClient: RulesClient; savedObjectsClient: SavedObjectsClientContract; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_schemas.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_schemas.ts index 2c1bf1fb86780..754f56d637e0b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_schemas.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/schemas/rule_schemas.ts @@ -71,10 +71,6 @@ import { saved_id, thresholdNormalized, anomaly_threshold, - createdByOrNull, - updatedByOrNull, - created_at, - updated_at, RelatedIntegrationArray, RequiredFieldArray, SetupGuide, @@ -248,7 +244,6 @@ export const allRuleTypes = t.union([ t.literal(SAVED_QUERY_RULE_TYPE_ID), t.literal(THRESHOLD_RULE_TYPE_ID), ]); -export type AllRuleTypes = t.TypeOf; export const internalRuleCreate = t.type({ name, @@ -278,15 +273,3 @@ export const internalRuleUpdate = t.type({ notifyWhen, }); export type InternalRuleUpdate = t.TypeOf; - -export const internalRuleResponse = t.intersection([ - internalRuleCreate, - t.type({ - id: t.string, - createdBy: createdByOrNull, - updatedBy: updatedByOrNull, - createdAt: created_at, - updatedAt: updated_at, - }), -]); -export type InternalRuleResponse = t.TypeOf; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/__mocks__/es_results.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/__mocks__/es_results.ts index 5a813d4ea2ea1..ebdf002986ffb 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/__mocks__/es_results.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/__mocks__/es_results.ts @@ -12,16 +12,10 @@ import type { BulkResponse, BulkItem, SignalHit, - WrappedSignalHit, - AlertAttributes, AlertSourceHit, } from '../types'; -import type { SavedObject } from '@kbn/core/server'; import { loggingSystemMock } from '@kbn/core/server/mocks'; import { getListArrayMock } from '../../../../../common/detection_engine/schemas/types/lists.mock'; -import type { RulesSchema } from '../../../../../common/detection_engine/schemas/response'; -import type { RuleParams } from '../../schemas/rule_schemas'; -import { getThreatMock } from '../../../../../common/detection_engine/schemas/types/threat.mock'; import { ALERT_BUILDING_BLOCK_TYPE, ALERT_REASON, @@ -82,88 +76,6 @@ import { } from '../../../../../common/field_maps/field_names'; import { SERVER_APP_ID } from '../../../../../common/constants'; -export const sampleRuleSO = (params: T): SavedObject> => { - return { - id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', - type: 'alert', - version: '1', - updated_at: '2020-03-27T22:55:59.577Z', - attributes: { - actions: [], - alertTypeId: 'siem.signals', - enabled: true, - name: 'rule-name', - tags: ['some fake tag 1', 'some fake tag 2'], - createdBy: 'sample user', - createdAt: '2020-03-27T22:55:59.577Z', - updatedBy: 'sample user', - schedule: { - interval: '5m', - }, - throttle: 'no_actions', - params, - }, - references: [], - }; -}; - -export const expectedRule = (): RulesSchema => { - return { - actions: [], - author: ['Elastic'], - building_block_type: 'default', - id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', - rule_id: 'rule-1', - false_positives: [], - max_signals: 10000, - risk_score: 50, - risk_score_mapping: [], - output_index: '.siem-signals', - description: 'Detecting root and admin users', - from: 'now-6m', - filters: [ - { - query: { - match_phrase: { - 'host.name': 'some-host', - }, - }, - }, - ], - immutable: false, - index: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'], - interval: '5m', - language: 'kuery', - license: 'Elastic License', - meta: { - someMeta: 'someField', - }, - name: 'rule-name', - query: 'user.name: root or user.name: admin', - references: ['http://example.com', 'https://example.com'], - severity: 'high', - severity_mapping: [], - tags: ['some fake tag 1', 'some fake tag 2'], - threat: getThreatMock(), - type: 'query', - to: 'now', - note: '# Investigative notes', - enabled: true, - created_by: 'sample user', - updated_by: 'sample user', - version: 1, - updated_at: '2020-03-27T22:55:59.577Z', - created_at: '2020-03-27T22:55:59.577Z', - throttle: 'no_actions', - timeline_id: 'some-timeline-id', - timeline_title: 'some-timeline-title', - exceptions_list: getListArrayMock(), - related_integrations: [], - required_fields: [], - setup: '', - }; -}; - export const sampleDocNoSortIdNoVersion = (someUuid: string = sampleIdGuid): SignalSourceHit => ({ _index: 'myFakeSignalIndex', _score: 100, @@ -517,58 +429,6 @@ export const sampleEmptyAggsSearchResults = (): SignalSearchResponse => ({ aggregations: {}, }); -export const sampleWrappedSignalHit = (): WrappedSignalHit => { - return { - _index: 'myFakeSignalIndex', - _id: sampleIdGuid, - _source: sampleSignalHit(), - }; -}; - -export const sampleDocWithAncestors = (): SignalSearchResponse & { - hits: { hits: Array> }; -} => { - const sampleDoc = sampleDocNoSortId(); - delete sampleDoc.sort; - delete sampleDoc._source.source; - sampleDoc._source.signal = { - parent: { - id: 'd5e8eb51-a6a0-456d-8a15-4b79bfec3d71', - type: 'event', - index: 'myFakeSignalIndex', - depth: 0, - }, - ancestors: [ - { - id: 'd5e8eb51-a6a0-456d-8a15-4b79bfec3d71', - type: 'event', - index: 'myFakeSignalIndex', - depth: 0, - }, - ], - rule: { - id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', - }, - depth: 1, - }; - - return { - took: 10, - timed_out: false, - _shards: { - total: 10, - successful: 10, - failed: 0, - skipped: 0, - }, - hits: { - total: 0, - max_score: 100, - hits: [sampleDoc], - }, - }; -}; - export const sampleSignalHit = (): SignalHit => ({ '@timestamp': '2020-04-20T21:27:45+0000', event: { @@ -642,222 +502,6 @@ export const sampleSignalHit = (): SignalHit => ({ }, }); -export const sampleThresholdSignalHit = (): SignalHit => ({ - '@timestamp': '2020-04-20T21:27:45+0000', - event: { - kind: 'signal', - }, - signal: { - parents: [], - ancestors: [], - original_time: '2021-02-16T17:37:34.275Z', - status: 'open', - threshold_result: { - count: 72, - terms: [{ field: 'host.name', value: 'a hostname' }], - cardinality: [{ field: 'process.name', value: 6 }], - from: '2021-02-16T17:31:34.275Z', - }, - rule: { - author: [], - id: '7a7065d7-6e8b-4aae-8d20-c93613dec9f9', - created_at: '2020-04-20T21:27:45+0000', - updated_at: '2020-04-20T21:27:45+0000', - created_by: 'elastic', - description: 'some description', - enabled: true, - false_positives: ['false positive 1', 'false positive 2'], - from: 'now-6m', - immutable: false, - name: 'Query with a rule id', - query: 'user.name: root or user.name: admin', - references: ['test 1', 'test 2'], - severity: 'high', - severity_mapping: [], - threshold: { - field: ['host.name'], - value: 5, - cardinality: [ - { - field: 'process.name', - value: 2, - }, - ], - }, - updated_by: 'elastic_kibana', - tags: ['some fake tag 1', 'some fake tag 2'], - to: 'now', - type: 'query', - threat: [], - version: 1, - output_index: '.siem-signals-default', - max_signals: 100, - risk_score: 55, - risk_score_mapping: [], - language: 'kuery', - rule_id: 'query-rule-id', - interval: '5m', - exceptions_list: getListArrayMock(), - related_integrations: [], - required_fields: [], - setup: '', - }, - depth: 1, - }, -}); - -const sampleThresholdHit = sampleThresholdSignalHit(); -export const sampleLegacyThresholdSignalHit = (): unknown => ({ - ...sampleThresholdHit, - signal: { - ...sampleThresholdHit.signal, - rule: { - ...sampleThresholdHit.signal.rule, - threshold: { - field: 'host.name', - value: 5, - }, - }, - threshold_result: { - count: 72, - value: 'a hostname', - }, - }, -}); - -export const sampleThresholdSignalHitWithMitigatedDupes = (): unknown => ({ - ...sampleThresholdHit, - signal: { - ...sampleThresholdHit.signal, - threshold_result: { - ...sampleThresholdHit.signal.threshold_result, - from: '2021-02-16T17:34:34.275Z', - }, - }, -}); - -export const sampleThresholdSignalHitWithEverything = (): unknown => ({ - ...sampleThresholdHit, - signal: { - ...sampleThresholdHit.signal, - rule: { - ...sampleThresholdHit.signal.rule, - threshold: { - field: ['host.name', 'event.category', 'source.ip'], - value: 5, - cardinality: [ - { - field: 'process.name', - value: 2, - }, - ], - }, - }, - threshold_result: { - count: 22, - terms: [ - { field: 'host.name', value: 'a hostname' }, - { field: 'event.category', value: 'network' }, - { field: 'source.ip', value: '192.168.0.1' }, - ], - cardinality: [{ field: 'process.name', value: 3 }], - from: '2021-02-16T17:34:34.275Z', - }, - }, -}); - -export const sampleWrappedThresholdSignalHit = (): WrappedSignalHit => { - return { - _index: 'myFakeSignalIndex', - _id: sampleIdGuid, - _source: sampleThresholdSignalHit(), - }; -}; - -export const sampleWrappedLegacyThresholdSignalHit = (): WrappedSignalHit => { - return { - _index: 'myFakeSignalIndex', - _id: 'adb9d636-fbbe-4962-ac1c-e282f3ec5879', - _source: sampleLegacyThresholdSignalHit() as SignalHit, - }; -}; - -export const sampleBulkCreateDuplicateResult = { - took: 60, - errors: true, - items: [ - { - create: { - _index: 'test', - _type: '_doc', - _id: '4', - _version: 1, - result: 'created', - _shards: { - total: 2, - successful: 1, - failed: 0, - }, - _seq_no: 1, - _primary_term: 1, - status: 201, - }, - }, - { - create: { - _index: 'test', - _type: '_doc', - _id: '4', - status: 409, - error: { - type: 'version_conflict_engine_exception', - reason: '[4]: version conflict, document already exists (current version [1])', - index_uuid: 'cXmq4Rt3RGGswDTTwZFzvA', - shard: '0', - index: 'test', - }, - }, - }, - { - create: { - _index: 'test', - _type: '_doc', - _id: '4', - status: 409, - error: { - type: 'version_conflict_engine_exception', - reason: '[4]: version conflict, document already exists (current version [1])', - index_uuid: 'cXmq4Rt3RGGswDTTwZFzvA', - shard: '0', - index: 'test', - }, - }, - }, - ], -}; - -export const sampleBulkCreateErrorResult = { - ...sampleBulkCreateDuplicateResult, - items: [ - ...sampleBulkCreateDuplicateResult.items, - { - create: { - _index: 'test', - _type: '_doc', - _id: '5', - status: 500, - error: { - type: 'internal_server_error', - reason: '[4]: internal server error', - index_uuid: 'cXmq4Rt3RGGswDTTwZFzvA', - shard: '0', - index: 'test', - }, - }, - }, - ], -}; - export const sampleDocSearchResultsNoSortId = ( someUuid: string = sampleIdGuid ): SignalSearchResponse & { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/preview/preview_rule_execution_logger.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/preview/preview_rule_execution_logger.ts index f7a05d618ee99..d1d5209328344 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/preview/preview_rule_execution_logger.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/preview/preview_rule_execution_logger.ts @@ -11,10 +11,6 @@ import type { StatusChangeArgs, } from '../../rule_execution_log'; -export interface IPreviewRuleExecutionLogger { - factory: RuleExecutionLogForExecutorsFactory; -} - export const createPreviewRuleExecutionLogger = ( loggedStatusChanges: Array ) => { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/enrich_signal_threat_matches.mock.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/enrich_signal_threat_matches.mock.ts index 8ace36a32873c..738eba89fe220 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/enrich_signal_threat_matches.mock.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/enrich_signal_threat_matches.mock.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { SignalSearchResponse, SignalSourceHit } from '../types'; +import type { SignalSourceHit } from '../types'; import type { ThreatMatchNamedQuery } from './types'; export const getNamedQueryMock = ( @@ -27,10 +27,3 @@ export const getSignalHitMock = (overrides: Partial = {}): Sign _score: 0, ...overrides, }); - -export const getSignalsResponseMock = (signals: SignalSourceHit[] = []): SignalSearchResponse => ({ - took: 1, - timed_out: false, - _shards: { total: 1, successful: 1, skipped: 0, failed: 0 }, - hits: { total: { value: signals.length, relation: 'eq' }, max_score: 0, hits: signals }, -}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts index 9b9a36232fcde..62f3e9fc7e69e 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts @@ -228,10 +228,6 @@ export interface ThreatEnrichment { matched: { id: string; index: string; field: string; atomic?: string; type: string }; } -export interface SortWithTieBreaker { - [key: string]: string; -} - export interface ThreatMatchNamedQuery { id: string; index: string; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts index 86a7e3ec5f9f8..2cd70bcb23cee 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts @@ -9,7 +9,6 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type moment from 'moment'; import type { ExceptionListItemSchema } from '@kbn/securitysolution-io-ts-list-types'; import type { - RuleType, RuleTypeState, AlertInstanceState, AlertInstanceContext, @@ -22,7 +21,6 @@ import type { EcsFieldMap } from '@kbn/rule-registry-plugin/common/assets/field_ import type { TypeOfFieldMap } from '@kbn/rule-registry-plugin/common/field_map'; import type { Status } from '../../../../common/detection_engine/schemas/common/schemas'; import type { RulesSchema } from '../../../../common/detection_engine/schemas/response/rules_schema'; -import type { TermAggregationBucket } from '../../types'; import type { BaseHit, RuleAlertAction, @@ -46,24 +44,6 @@ import type { WrappedFieldsLatest, } from '../../../../common/detection_engine/schemas/alerts'; -// used for gap detection code -// eslint-disable-next-line @typescript-eslint/naming-convention -export type unitType = 's' | 'm' | 'h'; -export const isValidUnit = (unitParam: string): unitParam is unitType => - ['s', 'm', 'h'].includes(unitParam); - -export interface SignalsParams { - signalIds: string[] | undefined | null; - query: object | undefined | null; - status: Status; -} - -export interface SignalsStatusParams { - signalIds: string[] | undefined | null; - query: object | undefined | null; - status: Status; -} - export interface ThresholdResult { terms?: Array<{ field: string; @@ -169,9 +149,6 @@ export interface BulkResponse { items: BulkItem[]; } -export interface MGetResponse { - docs: GetResponse[]; -} export interface GetResponse { _index: string; _type: string; @@ -204,30 +181,6 @@ export type RuleExecutorOptions = AlertingRuleExecutorOptions< AlertInstanceContext >; -// This returns true because by default a RuleAlertTypeDefinition is an AlertType -// since we are only increasing the strictness of params. -export const isAlertExecutor = ( - obj: SignalRuleAlertTypeDefinition -): obj is RuleType< - RuleParams, - RuleParams, // This type is used for useSavedObjectReferences, use an Omit here if you want to remove any values. - RuleTypeState, - AlertInstanceState, - AlertInstanceContext, - 'default' -> => { - return true; -}; - -export type SignalRuleAlertTypeDefinition = RuleType< - RuleParams, - RuleParams, // This type is used for useSavedObjectReferences, use an Omit here if you want to remove any values. - RuleTypeState, - AlertInstanceState, - AlertInstanceContext, - 'default' ->; - export interface Ancestor { rule?: string; id: string; @@ -346,15 +299,6 @@ export interface SearchAfterAndBulkCreateReturnType { warningMessages: string[]; } -export interface ThresholdAggregationBucket extends TermAggregationBucket { - max_timestamp: { - value_as_string: string; - }; - cardinality_count: { - value: number; - }; -} - export interface MultiAggBucket { cardinality?: Array<{ field: string; @@ -369,12 +313,6 @@ export interface MultiAggBucket { minTimestamp: string; } -export interface ThresholdQueryBucket extends TermAggregationBucket { - lastSignalTimestamp: { - value_as_string: string; - }; -} - export interface ThresholdAlertState extends RuleTypeState { initialized: boolean; signalHistory: ThresholdSignalHistory; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts index bfacc758e9730..c75c8f1a1c125 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts @@ -18,7 +18,6 @@ import type { ExceptionListItemSchema, FoundExceptionListItemSchema, } from '@kbn/securitysolution-io-ts-list-types'; -import { hasLargeValueList } from '@kbn/securitysolution-list-utils'; import type { ElasticsearchClient, @@ -58,7 +57,6 @@ import type { MachineLearningRuleParams, QueryRuleParams, RuleParams, - SavedQueryRuleParams, ThreatRuleParams, ThresholdRuleParams, } from '../schemas/rule_schemas'; @@ -68,28 +66,8 @@ import { withSecuritySpan } from '../../../utils/with_security_span'; import type { DetectionAlert } from '../../../../common/detection_engine/schemas/alerts'; import { ENABLE_CCS_READ_WARNING_SETTING } from '../../../../common/constants'; -interface SortExceptionsReturn { - exceptionsWithValueLists: ExceptionListItemSchema[]; - exceptionsWithoutValueLists: ExceptionListItemSchema[]; -} - export const MAX_RULE_GAP_RATIO = 4; -export const shorthandMap = { - s: { - momentString: 'seconds', - asFn: (duration: moment.Duration) => duration.asSeconds(), - }, - m: { - momentString: 'minutes', - asFn: (duration: moment.Duration) => duration.asMinutes(), - }, - h: { - momentString: 'hours', - asFn: (duration: moment.Duration) => duration.asHours(), - }, -}; - export const hasReadIndexPrivileges = async (args: { privileges: Privilege; logger: Logger; @@ -309,28 +287,6 @@ export const getExceptions = async ({ } }; -export const sortExceptionItems = (exceptions: ExceptionListItemSchema[]): SortExceptionsReturn => { - return exceptions.reduce( - (acc, exception) => { - const { entries } = exception; - const { exceptionsWithValueLists, exceptionsWithoutValueLists } = acc; - - if (hasLargeValueList(entries)) { - return { - exceptionsWithValueLists: [...exceptionsWithValueLists, { ...exception }], - exceptionsWithoutValueLists, - }; - } else { - return { - exceptionsWithValueLists, - exceptionsWithoutValueLists: [...exceptionsWithoutValueLists, { ...exception }], - }; - } - }, - { exceptionsWithValueLists: [], exceptionsWithoutValueLists: [] } - ); -}; - export const generateId = ( docIndex: string, docId: string, @@ -385,14 +341,6 @@ export const wrapBuildingBlocks = ( }); }; -export const wrapSignal = (signal: SignalHit, index: string): WrappedSignalHit => { - return { - _id: generateSignalId(signal.signal), - _index: index, - _source: signal, - }; -}; - export const parseInterval = (intervalString: string): moment.Duration | null => { try { return moment.duration(parseDuration(intervalString)); @@ -700,13 +648,6 @@ export interface PreviewReturnType { warningMessages?: string[] | undefined; } -export const createPreviewReturnType = (): PreviewReturnType => ({ - matrixHistogramData: [], - totalCount: 0, - errors: [], - warningMessages: [], -}); - export const createSearchAfterReturnType = < TAggregations = Record >({ @@ -913,8 +854,6 @@ export const isThresholdParams = (params: RuleParams): params is ThresholdRulePa params.type === 'threshold'; export const isQueryParams = (params: RuleParams): params is QueryRuleParams => params.type === 'query'; -export const isSavedQueryParams = (params: RuleParams): params is SavedQueryRuleParams => - params.type === 'saved_query'; export const isThreatParams = (params: RuleParams): params is ThreatRuleParams => params.type === 'threat_match'; export const isMachineLearningParams = (params: RuleParams): params is MachineLearningRuleParams => diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/types.ts b/x-pack/plugins/security_solution/server/lib/telemetry/types.ts index 859dbcbb7e58d..94356fff8742f 100644 --- a/x-pack/plugins/security_solution/server/lib/telemetry/types.ts +++ b/x-pack/plugins/security_solution/server/lib/telemetry/types.ts @@ -5,8 +5,6 @@ * 2.0. */ -import type { TypeOf } from '@kbn/config-schema'; -import { schema } from '@kbn/config-schema'; import type { AlertEvent, ResolverNode, SafeResolverEvent } from '../../../common/endpoint/types'; type BaseSearchTypes = string | number | boolean | object; @@ -292,18 +290,6 @@ export interface EndpointMetadataDocument { }; } -// List HTTP Types - -export const GetTrustedAppsRequestSchema = { - query: schema.object({ - page: schema.maybe(schema.number({ defaultValue: 1, min: 1 })), - per_page: schema.maybe(schema.number({ defaultValue: 20, min: 1 })), - kuery: schema.maybe(schema.string()), - }), -}; - -export type GetEndpointListRequest = TypeOf; - export interface GetEndpointListResponse { per_page: number; page: number; diff --git a/x-pack/plugins/security_solution/server/lib/timeline/__mocks__/request_responses.ts b/x-pack/plugins/security_solution/server/lib/timeline/__mocks__/request_responses.ts index 3865dd1aa0843..64bee51ae8965 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/__mocks__/request_responses.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/__mocks__/request_responses.ts @@ -96,15 +96,6 @@ export const createTimelineWithoutTimelineId = { timelineType: TimelineType.default, }; -export const createDraftTimelineWithoutTimelineId = { - templateTimelineId: null, - timeline: inputTimeline, - timelineId: null, - version: null, - timelineType: TimelineType.default, - status: TimelineStatus.draft, -}; - export const createTemplateTimelineWithoutTimelineId = { timeline: inputTemplateTimeline, timelineId: null, @@ -118,11 +109,6 @@ export const createTimelineWithTimelineId = { timelineId: '79deb4c0-6bc1-11ea-a90b-f5341fb7a189', }; -export const createDraftTimelineWithTimelineId = { - ...createDraftTimelineWithoutTimelineId, - timelineId: '79deb4c0-6bc1-11ea-a90b-f5341fb7a189', -}; - export const createTemplateTimelineWithTimelineId = { ...createTemplateTimelineWithoutTimelineId, timelineId: '79deb4c0-6bc1-11ea-a90b-f5341fb7a189', @@ -158,16 +144,6 @@ export const getUpdateTimelinesRequest = (mockBody: rt.TypeOf - requestMock.create({ - method: 'post', - path: TIMELINE_IMPORT_URL, - query: { overwrite: true }, - body: { - file: { hapi: { filename: filename ?? 'filename.ndjson' } }, - }, - }); - export const getDraftTimelinesRequest = (timelineType: TimelineType) => requestMock.create({ method: 'get', @@ -385,23 +361,6 @@ export const mockTimelines = () => ({ ], }); -export const mockNotesSavedObjects = () => ({ - saved_objects: [ - { - id: 'eb3f3930-61dc-11ea-8a49-e77254c5b742', - type: 'fakeType', - attributes: {}, - references: [], - }, - { - id: '706e7510-5d52-11ea-8f07-0392944939c1', - type: 'fakeType', - attributes: {}, - references: [], - }, - ], -}); - export const mockNotes = () => ({ saved_objects: [ { diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/types.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/types.ts index aba09f27e2442..6a9def239a9e0 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/types.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/types.ts @@ -7,7 +7,6 @@ import type { BulkError } from '../../../../detection_engine/routes/utils'; import type { SavedTimeline } from '../../../../../../common/types/timeline'; -import type { HapiReadableStream } from '../../../../detection_engine/rules/types'; import type { TimelineStatusActions } from '../../../utils/common'; import type { NoteResult } from '../../../../../../common/types/timeline/note'; @@ -29,6 +28,3 @@ export interface ImportRegular { } export type ImportTimelineResponse = ImportRegular | BulkError; -export interface ImportTimelinesRequestParams { - body: { file: HapiReadableStream }; -} diff --git a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts index 87b89b92766a2..34280fac17e5e 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/notes/saved_object.ts @@ -19,10 +19,7 @@ import { UNAUTHENTICATED_USER } from '../../../../../common/constants'; import type { SavedNote, NoteSavedObject, - PageInfoNote, - SortNote, NoteResult, - ResponseNotes, ResponseNote, NoteWithoutExternalRefs, } from '../../../../../common/types/timeline/note'; @@ -33,14 +30,6 @@ import { createTimeline } from '../timelines'; import { timelineSavedObjectType } from '../../saved_object_mappings'; import { noteFieldsMigrator } from './field_migrator'; -export const deleteNote = async (request: FrameworkRequest, noteIds: string[]) => { - const savedObjectsClient = (await request.context.core).savedObjects.client; - - await Promise.all( - noteIds.map((noteId) => savedObjectsClient.delete(noteSavedObjectType, noteId)) - ); -}; - export const deleteNoteByTimelineId = async (request: FrameworkRequest, timelineId: string) => { const options: SavedObjectsFindOptions = { type: noteSavedObjectType, @@ -63,19 +52,6 @@ export const getNote = async ( return getSavedNote(request, noteId); }; -export const getNotesByEventId = async ( - request: FrameworkRequest, - eventId: string -): Promise => { - const options: SavedObjectsFindOptions = { - type: noteSavedObjectType, - search: eventId, - searchFields: ['eventId'], - }; - const notesByEventId = await getAllSavedNote(request, options); - return notesByEventId.notes; -}; - export const getNotesByTimelineId = async ( request: FrameworkRequest, timelineId: string @@ -88,24 +64,6 @@ export const getNotesByTimelineId = async ( return notesByTimelineId.notes; }; -export const getAllNotes = async ( - request: FrameworkRequest, - pageInfo: PageInfoNote | null, - search: string | null, - sort: SortNote | null -): Promise => { - const options: SavedObjectsFindOptions = { - type: noteSavedObjectType, - perPage: pageInfo != null ? pageInfo.pageSize : undefined, - page: pageInfo != null ? pageInfo.pageIndex : undefined, - search: search != null ? search : undefined, - searchFields: ['note'], - sortField: sort != null ? sort.sortField : undefined, - sortOrder: sort != null ? sort.sortOrder : undefined, - }; - return getAllSavedNote(request, options); -}; - export const persistNote = async ({ request, noteId, diff --git a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/pinned_events/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/pinned_events/index.ts index 8b865c0a67a0d..ff6fd55bd5892 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/pinned_events/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/pinned_events/index.ts @@ -28,44 +28,6 @@ import { pinnedEventSavedObjectType } from '../../saved_object_mappings/pinned_e import { pinnedEventFieldsMigrator } from './field_migrator'; import { timelineSavedObjectType } from '../../saved_object_mappings'; -export interface PinnedEvent { - deletePinnedEventOnTimeline: ( - request: FrameworkRequest, - pinnedEventIds: string[] - ) => Promise; - - deleteAllPinnedEventsOnTimeline: (request: FrameworkRequest, timelineId: string) => Promise; - - getPinnedEvent: ( - request: FrameworkRequest, - pinnedEventId: string - ) => Promise; - - getAllPinnedEventsByTimelineId: ( - request: FrameworkRequest, - timelineId: string - ) => Promise; - - persistPinnedEventOnTimeline: ( - request: FrameworkRequest, - pinnedEventId: string | null, // pinned event saved object id - eventId: string, - timelineId: string | null - ) => Promise; - - convertSavedObjectToSavedPinnedEvent: ( - savedObject: unknown, - timelineVersion?: string | undefined | null - ) => PinnedEventSavedObject; - - pickSavedPinnedEvent: ( - pinnedEventId: string | null, - savedPinnedEvent: SavedPinnedEvent, - userInfo: AuthenticatedUser | null - ) => // eslint-disable-next-line @typescript-eslint/no-explicit-any - any; -} - export const deletePinnedEventOnTimeline = async ( request: FrameworkRequest, pinnedEventIds: string[] @@ -97,13 +59,6 @@ export const deleteAllPinnedEventsOnTimeline = async ( ); }; -export const getPinnedEvent = async ( - request: FrameworkRequest, - pinnedEventId: string -): Promise => { - return getSavedPinnedEvent(request, pinnedEventId); -}; - export const PINNED_EVENTS_PER_PAGE = 10000; // overrides the saved object client's FIND_DEFAULT_PER_PAGE (20) export const getAllPinnedEventsByTimelineId = async ( @@ -251,18 +206,6 @@ const createPinnedEvent = async ({ return convertSavedObjectToSavedPinnedEvent(repopulatedSavedObject, timelineVersion); }; -const getSavedPinnedEvent = async (request: FrameworkRequest, pinnedEventId: string) => { - const savedObjectsClient = (await request.context.core).savedObjects.client; - const savedObject = await savedObjectsClient.get( - pinnedEventSavedObjectType, - pinnedEventId - ); - - const populatedPinnedEvent = pinnedEventFieldsMigrator.populateFieldsFromReferences(savedObject); - - return convertSavedObjectToSavedPinnedEvent(populatedPinnedEvent); -}; - const getAllSavedPinnedEvents = async ( request: FrameworkRequest, options: SavedObjectsFindOptions diff --git a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/index.ts index a7c09062094e1..9c737264ed0c8 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/saved_object/timelines/index.ts @@ -36,19 +36,10 @@ import { convertSavedObjectToSavedTimeline } from './convert_saved_object_to_sav import { pickSavedTimeline } from './pick_saved_timeline'; import { timelineSavedObjectType } from '../../saved_object_mappings'; import { draftTimelineDefaults } from '../../utils/default_timeline'; -import type { Maybe } from '../../../../../common/search_strategy'; import { timelineFieldsMigrator } from './field_migrator'; export { pickSavedTimeline } from './pick_saved_timeline'; export { convertSavedObjectToSavedTimeline } from './convert_saved_object_to_savedtimeline'; -export interface ResponseTemplateTimeline { - code?: Maybe; - - message?: Maybe; - - templateTimeline: TimelineResult; -} - export const getTimeline = async ( request: FrameworkRequest, timelineId: string, diff --git a/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/create_timelines_schema.ts b/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/create_timelines_schema.ts index bc959e512a471..4cb21a27bacc8 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/create_timelines_schema.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/create_timelines_schema.ts @@ -27,5 +27,3 @@ export const createTimelineSchema = rt.intersection([ version: unionWithNullType(rt.string), }), ]); - -export type CreateTimelineSchema = rt.TypeOf; diff --git a/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/get_timelines_schema.ts b/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/get_timelines_schema.ts index 7353741128435..2476369fdd491 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/get_timelines_schema.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/get_timelines_schema.ts @@ -26,16 +26,3 @@ export const getTimelinesQuerySchema = rt.partial({ status: unionWithNullType(TimelineStatusLiteralRt), timeline_type: unionWithNullType(TimelineTypeLiteralRt), }); - -export const getTimelinesArgsSchema = rt.partial({ - onlyUserFavorite: unionWithNullType(BoolFromString), - pageIndex: unionWithNullType(rt.string), - pageSize: unionWithNullType(rt.string), - search: unionWithNullType(rt.string), - sortField: sortFieldTimeline, - sortOrder: direction, - status: unionWithNullType(TimelineStatusLiteralRt), - timelineType: unionWithNullType(TimelineTypeLiteralRt), -}); - -export type GetTimelinesArgs = rt.TypeOf; diff --git a/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/import_timelines_schema.ts b/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/import_timelines_schema.ts index c1742a3ac1d85..6ca45211b278a 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/import_timelines_schema.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/schemas/timelines/import_timelines_schema.ts @@ -56,5 +56,3 @@ export const ImportTimelinesPayloadSchemaRt = rt.intersection([ }), rt.partial({ isImmutable: booleanInString }), ]); - -export type ImportTimelinesPayloadSchema = rt.TypeOf; diff --git a/x-pack/plugins/security_solution/server/request_context_factory.mock.ts b/x-pack/plugins/security_solution/server/request_context_factory.mock.ts index 4d98d6a4f37bd..48f07c4349de5 100644 --- a/x-pack/plugins/security_solution/server/request_context_factory.mock.ts +++ b/x-pack/plugins/security_solution/server/request_context_factory.mock.ts @@ -17,7 +17,3 @@ export const requestContextFactoryMock = { }), }), }; - -export const RequestContextFactoryMock = jest - .fn, []>() - .mockImplementation(requestContextFactoryMock.create); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts index d22eb8bc692fe..cb469a1708334 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/events/__mocks__/index.ts @@ -272,64 +272,6 @@ export const expectedThresholdWithCardinalityDsl = { track_total_hits: true, }; -export const expectedThresholdWithGroupFieldsAndCardinalityDsl = { - index: [ - 'apm-*-transaction*', - 'traces-apm*', - 'auditbeat-*', - 'endgame-*', - 'filebeat-*', - 'logs-*', - 'packetbeat-*', - 'winlogbeat-*', - ], - allow_no_indices: true, - ignore_unavailable: true, - track_total_hits: true, - body: { - aggregations: { - eventActionGroup: { - terms: { - script: { - lang: 'painless', - source: "doc['host.name'].value + ':' + doc['agent.name'].value", - }, - order: { _count: 'desc' }, - size: 10, - }, - aggs: { - events: { - date_histogram: { - field: '@timestamp', - fixed_interval: '2700000ms', - min_doc_count: 200, - extended_bounds: { min: 1599581486215, max: 1599667886215 }, - }, - }, - }, - }, - }, - query: { - bool: { - filter: [ - { bool: { must: [], filter: [{ match_all: {} }], should: [], must_not: [] } }, - { - range: { - '@timestamp': { - gte: '2020-09-08T16:11:26.215Z', - lte: '2020-09-09T16:11:26.215Z', - format: 'strict_date_optional_time', - }, - }, - }, - ], - }, - }, - runtime_mappings: runtimeMappings, - size: 0, - }, -}; - export const expectedThresholdGroupWithCardinalityDsl = { allow_no_indices: true, body: { diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.ts index cb37d1f41dc1a..a389200c87795 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/index.ts @@ -73,42 +73,6 @@ export const matrixHistogram: SecuritySolutionFactory = { - buildDsl: (options: MatrixHistogramRequestOptions) => { - const myConfig = getOr(null, options.histogramType, matrixHistogramConfig); - if (myConfig == null) { - throw new Error(`This histogram type ${options.histogramType} is unknown to the server side`); - } - return myConfig.buildDsl(options); - }, - parse: async ( - options: MatrixHistogramRequestOptions, - response: IEsSearchResponse - ): Promise => { - const myConfig = getOr(null, options.histogramType, matrixHistogramConfig); - if (myConfig == null) { - throw new Error(`This histogram type ${options.histogramType} is unknown to the server side`); - } - const totalCount = response.rawResponse.hits.total || 0; - const matrixHistogramData = getOr([], myConfig.aggName, response.rawResponse); - const inspect = { - dsl: [inspectStringifyObject(myConfig.buildDsl(options))], - }; - const dataParser = myConfig.parser ?? getGenericData; - - return { - ...response, - inspect, - matrixHistogramData: dataParser( - matrixHistogramData, - myConfig.parseKey - ), - // @ts-expect-error code doesn't handle TotalHits - totalCount, - }; - }, -}; - export const matrixHistogramFactory: Record< typeof MatrixHistogramQuery, SecuritySolutionFactory diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/index.ts deleted file mode 100644 index bbaa2dfc6d620..0000000000000 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/kpi/index.ts +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { FactoryQueryTypes } from '../../../../../../common/search_strategy/security_solution'; -import { NetworkKpiQueries } from '../../../../../../common/search_strategy/security_solution'; - -import type { SecuritySolutionFactory } from '../../types'; -import { networkKpiDns } from './dns'; -import { networkKpiNetworkEvents } from './network_events'; -import { networkKpiTlsHandshakes } from './tls_handshakes'; -import { networkKpiUniqueFlows } from './unique_flows'; -import { networkKpiUniquePrivateIps } from './unique_private_ips'; - -export const networkKpiFactory: Record< - NetworkKpiQueries, - SecuritySolutionFactory -> = { - [NetworkKpiQueries.dns]: networkKpiDns, - [NetworkKpiQueries.networkEvents]: networkKpiNetworkEvents, - [NetworkKpiQueries.tlsHandshakes]: networkKpiTlsHandshakes, - [NetworkKpiQueries.uniqueFlows]: networkKpiUniqueFlows, - [NetworkKpiQueries.uniquePrivateIps]: networkKpiUniquePrivateIps, -}; diff --git a/x-pack/plugins/security_solution/server/usage/queries/utils/fetch_hits_with_pit.ts b/x-pack/plugins/security_solution/server/usage/queries/utils/fetch_hits_with_pit.ts deleted file mode 100644 index c74765ded94f7..0000000000000 --- a/x-pack/plugins/security_solution/server/usage/queries/utils/fetch_hits_with_pit.ts +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { - OpenPointInTimeResponse, - SearchHit, - SortResults, -} from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import type { SearchRequest } from '@elastic/elasticsearch/lib/api/types'; -import type { ElasticsearchClient, Logger } from '@kbn/core/server'; - -export interface FetchWithPitOptions { - esClient: ElasticsearchClient; - index: string; - maxSize: number; - maxPerPage: number; - searchRequest: SearchRequest; - logger: Logger; -} - -export const fetchHitsWithPit = async ({ - esClient, - index, - searchRequest, - maxSize, - maxPerPage, - logger, -}: FetchWithPitOptions): Promise>> => { - // default is from looking at Kibana saved objects and online documentation - const keepAlive = '5m'; - - // create and assign an initial point in time - let pitId: OpenPointInTimeResponse['id'] = ( - await esClient.openPointInTime({ - index, - keep_alive: '5m', - }) - ).id; - - let searchAfter: SortResults | undefined; - let hits: Array> = []; - let fetchMore = true; - while (fetchMore) { - const ruleSearchOptions: SearchRequest = { - ...searchRequest, - track_total_hits: false, - search_after: searchAfter, - sort: [{ _shard_doc: 'desc' }] as unknown as string[], // TODO: Remove this "unknown" once it is typed correctly https://github.com/elastic/elasticsearch-js/issues/1589 - pit: { id: pitId }, - size: Math.min(maxPerPage, maxSize - hits.length), - }; - logger.debug( - `Getting hits with point in time (PIT) query of: ${JSON.stringify(ruleSearchOptions)}` - ); - const body = await esClient.search(ruleSearchOptions); - hits = [...hits, ...body.hits.hits]; - searchAfter = - body.hits.hits.length !== 0 ? body.hits.hits[body.hits.hits.length - 1].sort : undefined; - - fetchMore = searchAfter != null && body.hits.hits.length > 0 && hits.length < maxSize; - if (body.pit_id != null) { - pitId = body.pit_id; - } - } - try { - await esClient.closePointInTime({ id: pitId }); - } catch (error) { - // Don't fail due to a bad point in time closure. We have seen failures in e2e tests during nominal operations. - logger.warn( - `Error trying to close point in time: "${pitId}", it will expire within "${keepAlive}". Error is: "${error}"` - ); - } - logger.debug(`Returning hits with point in time (PIT) length of: ${hits.length}`); - return hits; -}; diff --git a/x-pack/plugins/security_solution/server/utils/read_stream/create_stream_from_ndjson.ts b/x-pack/plugins/security_solution/server/utils/read_stream/create_stream_from_ndjson.ts index 67d583169f1b4..cd1914df38561 100644 --- a/x-pack/plugins/security_solution/server/utils/read_stream/create_stream_from_ndjson.ts +++ b/x-pack/plugins/security_solution/server/utils/read_stream/create_stream_from_ndjson.ts @@ -34,12 +34,6 @@ export const filterExportedCounts = (): Transform => { ); }; -export const filterExceptions = (): Transform => { - return createFilterStream( - (obj) => obj != null && !has('list_id', obj) - ); -}; - // Adaptation from: saved_objects/import/create_limit_stream.ts export const createLimitStream = (limit: number): Transform => { let counter = 0; diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index cf77cbf093f75..fb9668028f438 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -24059,20 +24059,14 @@ "xpack.security.users.editUserPage.createBreadcrumb": "Créer", "xpack.securitySolution.accessibility.tooltipWithKeyboardShortcut.pressTooltipLabel": "Appuyer", "xpack.securitySolution.actionsContextMenu.label": "Ouvrir", - "xpack.securitySolution.administration.list.beta": "Bêta", "xpack.securitySolution.administration.os.linux": "Linux", "xpack.securitySolution.administration.os.macos": "Mac", "xpack.securitySolution.administration.os.windows": "Windows", - "xpack.securitySolution.alertDetails.changeEnrichmentQueryLookback": "rechercher sur une plage temporelle différente", - "xpack.securitySolution.alertDetails.checkDocs": "veuillez consulter notre documentation", "xpack.securitySolution.alertDetails.enrichmentQueryEndDate": "Date de fin", "xpack.securitySolution.alertDetails.enrichmentQueryStartDate": "Date de début", "xpack.securitySolution.alertDetails.investigationTimeQueryTitle": "Enrichissement avec la Threat Intelligence", "xpack.securitySolution.alertDetails.noEnrichmentsFoundDescription": "Nous n'avons pas trouvé de Threat Intelligence correspondant à l'une de vos règles de correspondance d'indicateur ou à un enrichissement pour cette alerte.", - "xpack.securitySolution.alertDetails.noEnrichmentsFoundTitle": "Aucune correspondance d'indicateur ni aucun enrichissement de Threat Intelligence n'ont été trouvés", - "xpack.securitySolution.alertDetails.noIndicatorEnrichmentsDescription": "Nous n'avons trouvé d'indicateur de Threat Intelligence avec aucune règle de correspondance d'indicateur.", "xpack.securitySolution.alertDetails.noInvestigationEnrichmentsDescription": "Nous n'avons pas trouvé de valeur de champ comportant des informations supplémentaires disponibles depuis les sources de Threat Intelligence dans lesquelles nous avons lancé la recherche sur les 30 derniers jours par défaut.", - "xpack.securitySolution.alertDetails.noInvestigationEnrichmentsTitle": "Aucun enrichissement avec la Threat Intelligence n'a été trouvé", "xpack.securitySolution.alertDetails.noRiskDataDescription": "Aucune donnée de risque de l’hôte n’a été détectée pour cette alerte.", "xpack.securitySolution.alertDetails.overview": "Aperçu", "xpack.securitySolution.alertDetails.overview.enrichedDataTitle": "Données enrichies", @@ -24113,13 +24107,10 @@ "xpack.securitySolution.alerts.severityMapping.sourceValueTitle": "Valeur source", "xpack.securitySolution.alertsView.alertsDocumentType": "Alertes externes", "xpack.securitySolution.alertsView.alertsGraphTitle": "Tendance d'alerte externe", - "xpack.securitySolution.alertsView.alertsStackByOptions.module": "module", "xpack.securitySolution.alertsView.alertsTableTitle": "Alertes externes", "xpack.securitySolution.alertsView.categoryLabel": "catégorie", "xpack.securitySolution.alertsView.errorFetchingAlertsData": "Impossible d'interroger les données d'alertes", - "xpack.securitySolution.alertsView.moduleLabel": "module", "xpack.securitySolution.alertsView.osqueryAlertTitle": "Exécuter Osquery", - "xpack.securitySolution.alertsView.osqueryBackToAlertDetails": "Détails de l'alerte", "xpack.securitySolution.alertsView.showing": "Affichage", "xpack.securitySolution.alertsView.totalCountOfAlerts": "alertes externes", "xpack.securitySolution.alertsView.unit": "{totalCount, plural, =1 {alerte externe} other {alertes externes}}", @@ -24354,7 +24345,6 @@ "xpack.securitySolution.auditd.violatedSeLinuxPolicyDescription": "violation de la politique sélinux", "xpack.securitySolution.auditd.wasAuthorizedToUseDescription": "a été autorisé à utiliser", "xpack.securitySolution.auditd.withResultDescription": "avec le résultat", - "xpack.securitySolution.authentications.errorSearchDescription": "Une erreur s'est produite lors de la recherche d'authentifications", "xpack.securitySolution.authentications.failSearchDescription": "Impossible de lancer une recherche sur les authentifications", "xpack.securitySolution.authenticationsTable.authentications": "Authentifications", "xpack.securitySolution.authenticationsTable.failures": "Échecs", @@ -24421,8 +24411,6 @@ "xpack.securitySolution.blocklist.warnings.values.wildcardPresent": "L’utilisation d'un caractère générique dans le nom de fichier affectera les performances du point de terminaison.", "xpack.securitySolution.callouts.dismissButton": "Rejeter", "xpack.securitySolution.cases.caseTable.caseDetailsLinkAria": "cliquez pour visiter le cas portant le titre {detailName}", - "xpack.securitySolution.cases.caseView.breadcrumb": "Créer", - "xpack.securitySolution.cases.caseView.sendAlertToTimelineTooltip": "Investiguer dans la chronologie", "xpack.securitySolution.cases.pageTitle": "Cas", "xpack.securitySolution.certificate.fingerprint.clientCertLabel": "certification client", "xpack.securitySolution.certificate.fingerprint.serverCertLabel": "certification serveur", @@ -24440,7 +24428,6 @@ "xpack.securitySolution.components.embeddables.embeddedMap.embeddableHeaderHelp": "Aide sur la configuration de la carte", "xpack.securitySolution.components.embeddables.embeddedMap.embeddableHeaderTitle": "Carte du réseau", "xpack.securitySolution.components.embeddables.embeddedMap.embeddablePanelTitle": "Source -> Carte de destination point à point", - "xpack.securitySolution.components.embeddables.embeddedMap.errorConfiguringEmbeddableApiTitle": "Erreur lors de la configuration de l'API d'incorporation", "xpack.securitySolution.components.embeddables.embeddedMap.errorCreatingMapEmbeddableTitle": "Erreur lors de la création de l'incorporation de la carte", "xpack.securitySolution.components.embeddables.embeddedMap.lineLayerLabel": "Ligne", "xpack.securitySolution.components.embeddables.embeddedMap.serverLayerLabel": "Point serveur", @@ -24450,7 +24437,6 @@ "xpack.securitySolution.components.embeddables.indexPatternsMissingPrompt.errorDescription2": "Vous pouvez également configurer les modèles d'indexation manuellement dans Kibana.", "xpack.securitySolution.components.embeddables.indexPatternsMissingPrompt.errorTitle": "Modèles d'indexation requis non configurés", "xpack.securitySolution.components.embeddables.mapToolTip.errorTitle": "Erreur lors du chargement des fonctionnalités de carte", - "xpack.securitySolution.components.embeddables.mapToolTip.filterForValueHoverAction": "Filtre pour la valeur", "xpack.securitySolution.components.embeddables.mapToolTip.footerLabel": "{currentFeature} sur {totalFeatures} {totalFeatures, plural, =1 {fonctionnalité} other {fonctionnalités}}", "xpack.securitySolution.components.embeddables.mapToolTip.lineContent.clientLabel": "Client", "xpack.securitySolution.components.embeddables.mapToolTip.lineContent.destinationLabel": "Destination", @@ -24477,7 +24463,6 @@ "xpack.securitySolution.components.hooks.eql.partialResponse": "Erreur d'aperçu EQL", "xpack.securitySolution.components.hooks.errors.timeIntervalsNotDefined": "Les intervalles de temps ne sont pas définis.", "xpack.securitySolution.components.ml.anomaly.errors.anomaliesTableFetchFailureTitle": "Échec de la récupération du tableau d'anomalies", - "xpack.securitySolution.components.ml.api.errors.networkErrorFailureTitle": "Erreur réseau :", "xpack.securitySolution.components.ml.api.errors.statusCodeFailureTitle": "Code de statut :", "xpack.securitySolution.components.ml.permissions.errors.machineLearningPermissionsFailureTitle": "Échec des autorisations Machine Learning", "xpack.securitySolution.components.mlJobSelect.machineLearningLink": "Machine Learning", @@ -24527,7 +24512,6 @@ "xpack.securitySolution.containers.detectionEngine.addRuleFailDescription": "Impossible d'ajouter une règle", "xpack.securitySolution.containers.detectionEngine.alerts.createListsIndex.errorDescription": "Impossible de créer l'index de listes", "xpack.securitySolution.containers.detectionEngine.alerts.detectionEnginePrivileges.errorFetching": "Impossible de récupérer les privilèges du moteur de détection", - "xpack.securitySolution.containers.detectionEngine.alerts.errorFetchingAlertsDescription": "Impossible d'interroger les alertes", "xpack.securitySolution.containers.detectionEngine.alerts.errorGetAlertDescription": "Impossible d'obtenir le nom de l'index de signaux", "xpack.securitySolution.containers.detectionEngine.alerts.errorPostAlertDescription": "Impossible de créer l'index de signaux", "xpack.securitySolution.containers.detectionEngine.alerts.fetchListsIndex.errorDescription": "Impossible de récupérer l'index de listes", @@ -24537,7 +24521,6 @@ "xpack.securitySolution.containers.detectionEngine.createPrePackagedRuleSuccesDescription": "Installation effectuée des règles prépackagées à partir d'Elastic", "xpack.securitySolution.containers.detectionEngine.createPrePackagedTimelineSuccesDescription": "Installation effectuée des modèles de chronologies prépackagées à partir d'Elastic", "xpack.securitySolution.containers.detectionEngine.ruleExecutionEventsFetchFailDescription": "Impossible de récupérer les événements d'exécution de règle", - "xpack.securitySolution.containers.detectionEngine.ruleExecutionLogFailureDescription": "Impossible de récupérer les événements d'exécution de règle", "xpack.securitySolution.containers.detectionEngine.rulesAndTimelines": "Impossible de récupérer les règles et les chronologies", "xpack.securitySolution.containers.detectionEngine.tagFetchFailDescription": "Impossible de récupérer les balises", "xpack.securitySolution.containers.errors.stopJobFailureTitle": "Échec d'arrêt de la tâche", @@ -24552,11 +24535,8 @@ "xpack.securitySolution.dataProviders.and": "AND", "xpack.securitySolution.dataProviders.convertToFieldLabel": "Convertir en champ", "xpack.securitySolution.dataProviders.convertToTemplateFieldLabel": "Convertir en champ de modèle", - "xpack.securitySolution.dataProviders.copyToClipboardTooltip": "Copier dans le Presse-papiers", "xpack.securitySolution.dataProviders.deleteDataProvider": "Supprimer", "xpack.securitySolution.dataProviders.dropAnything": "Déposer quelque chose", - "xpack.securitySolution.dataProviders.dropHere": "Déposer ici", - "xpack.securitySolution.dataProviders.dropHereToAddAnLabel": "Déposer ici pour ajouter un", "xpack.securitySolution.dataProviders.edit": "Modifier", "xpack.securitySolution.dataProviders.editMenuItem": "Modifier le filtre", "xpack.securitySolution.dataProviders.editTitle": "MODIFIER LE FILTRE", @@ -24577,14 +24557,11 @@ "xpack.securitySolution.dataProviders.showOptionsDataProviderAriaLabel": "{field} {value} Appuyez sur Entrée pour accéder aux options ou sur la barre d'espace pour commencer le glisser-déposer", "xpack.securitySolution.dataProviders.templateFieldLabel": "Champ de modèle", "xpack.securitySolution.dataProviders.temporaryDisableDataProvider": "Désactiver temporairement", - "xpack.securitySolution.dataProviders.toBuildAn": "pour construire un", "xpack.securitySolution.dataProviders.toggle": "bascule", - "xpack.securitySolution.dataProviders.valueAriaLabel": "valeur", "xpack.securitySolution.dataProviders.valuePlaceholder": "valeur", "xpack.securitySolution.detectionEngine.alerts.acknowledgedAlertFailedToastMessage": "Impossible de marquer l'alerte ou les alertes comme reconnues", "xpack.securitySolution.detectionEngine.alerts.acknowledgedAlertsTitle": "Reconnue(s)", "xpack.securitySolution.detectionEngine.alerts.acknowledgedAlertSuccessToastMessage": "Marquage réussi de {totalAlerts} {totalAlerts, plural, =1 {alerte comme reconnue} other {alertes comme reconnues}}.", - "xpack.securitySolution.detectionEngine.alerts.actions.acknowledgedAlertTitle": "Marquer comme reconnue", "xpack.securitySolution.detectionEngine.alerts.actions.addEndpointException": "Ajouter une exception de point de terminaison", "xpack.securitySolution.detectionEngine.alerts.actions.addEventFilter": "Ajouter un filtre d'événement de point de terminaison", "xpack.securitySolution.detectionEngine.alerts.actions.addEventFilter.disabled.tooltip": "Les filtres d'événements de point de terminaison peuvent être créés dans la section Événements sur la page Hôtes.", @@ -24592,11 +24569,8 @@ "xpack.securitySolution.detectionEngine.alerts.actions.addToCase": "Ajouter à un cas existant", "xpack.securitySolution.detectionEngine.alerts.actions.addToCaseDisabled": "L'ajout au cas n'est pas pris en charge pour cette sélection", "xpack.securitySolution.detectionEngine.alerts.actions.addToNewCase": "Ajouter au nouveau cas", - "xpack.securitySolution.detectionEngine.alerts.actions.closeAlertTitle": "Fermer l'alerte", "xpack.securitySolution.detectionEngine.alerts.actions.investigateInTimelineAriaLabel": "Envoyer une alerte à la chronologie", "xpack.securitySolution.detectionEngine.alerts.actions.investigateInTimelineTitle": "Investiguer dans la chronologie", - "xpack.securitySolution.detectionEngine.alerts.actions.openAlertTitle": "Ouvrir l'alerte", - "xpack.securitySolution.detectionEngine.alerts.alertsUnit": "{totalCount, plural, =1 {alerte} other {alertes}}", "xpack.securitySolution.detectionEngine.alerts.closedAlertFailedToastMessage": "Impossible de fermer l'alerte ou les alertes.", "xpack.securitySolution.detectionEngine.alerts.closedAlertsTitle": "Fermée", "xpack.securitySolution.detectionEngine.alerts.closedAlertSuccessToastMessage": "Fermeture réussie de {totalAlerts} {totalAlerts, plural, =1 {alerte} other {alertes}}.", @@ -24627,10 +24601,6 @@ "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.acknowledgedSelectedTitle": "Marquer comme reconnue", "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.closeSelectedTitle": "Fermer la sélection", "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.openSelectedTitle": "Ouvrir la sélection", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInHostsTitle": "Afficher la sélection sur les hôtes", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInNetworkTitle": "Afficher la sélection sur le réseau", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInTimelineTitle": "Afficher la sélection dans la chronologie", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActionsTitle": "Actions par lots", "xpack.securitySolution.detectionEngine.alerts.utilityBar.clearSelectionTitle": "Effacer la sélection", "xpack.securitySolution.detectionEngine.alerts.utilityBar.selectAllAlertsTitle": "Sélectionner un total de {totalAlertsFormatted} {totalAlerts, plural, =1 {alerte} other {alertes}}", "xpack.securitySolution.detectionEngine.alerts.utilityBar.selectedAlertsTitle": "{selectedAlertsFormatted} {selectedAlerts, plural, =1 {alerte} other {alertes}} sélectionnée(s)", @@ -24662,9 +24632,6 @@ "xpack.securitySolution.detectionEngine.components.allRules.deleteConfirmationCancel": "Annuler", "xpack.securitySolution.detectionEngine.components.allRules.deleteConfirmationConfirm": "Confirmer", "xpack.securitySolution.detectionEngine.components.allRules.deleteConfirmationTitle": "Confirmer la suppression groupée", - "xpack.securitySolution.detectionEngine.components.allRules.refreshPromptBody": "L'auto-actualisation de la règle a été suspendue. Cliquez sur \"Continuer\" pour reprendre.", - "xpack.securitySolution.detectionEngine.components.allRules.refreshPromptConfirm": "Continuer", - "xpack.securitySolution.detectionEngine.components.allRules.refreshPromptTitle": "Êtes-vous toujours là ?", "xpack.securitySolution.detectionEngine.components.importRuleModal.cancelTitle": "Annuler", "xpack.securitySolution.detectionEngine.components.importRuleModal.exceptionsSuccessLabel": "Importation réussie pour {totalExceptions} {totalExceptions, plural, =1 {exception} other {exceptions}}.", "xpack.securitySolution.detectionEngine.components.importRuleModal.importExceptionsFailedLabel": "Impossible d'importer {totalExceptions} {totalExceptions, plural, =1 {exception} other {exceptions}}.", @@ -24771,7 +24738,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.threatMatchTitle": "Correspondance d'indicateur", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.thresholdTypeDescription": "Agrégez les résultats de recherche pour détecter à quel moment le nombre de correspondances dépasse le seuil.", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.thresholdTypeTitle": "Seuil", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchField.threatMatchFieldPlaceholderText": "Tous les résultats", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError": "Le modèle d'indexation ne peut pas être { forbiddenString }. Veuillez choisir un modèle d'indexation plus spécifique.", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchingIcesHelperDescription": "Sélectionner des index de menaces", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchoutputIndiceNameFieldRequiredError": "Au minimum un modèle d'indexation est requis.", @@ -24779,7 +24745,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.fieldThrottleHelpText": "Sélectionnez le moment auquel les actions automatiques doivent être effectuées si une règle est évaluée comme vraie.", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.fieldThrottleLabel": "Fréquence des actions", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage": "{key} n'est pas un modèle de moustache valide", - "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noConnectorSelectedErrorMessage": "Aucun connecteur sélectionné", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noReadActionsPrivileges": "Impossible de créer des actions de règle. Vous ne disposez pas des autorisations \"Lire\" pour le plug-in \"Actions\".", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithEnablingTitle": "Créer et activer la règle", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithoutEnablingTitle": "Créer la règle sans l’activer", @@ -24788,7 +24753,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldIntervalHelpText": "Les règles s'exécutent de façon régulière et détectent les alertes dans la période de temps spécifiée.", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldIntervalLabel": "S'exécute tou(te)s les", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.hoursOptionDescription": "Heures", - "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.invalidTimeMessageDescription": "Une heure est requise.", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.minutesOptionDescription": "Minutes", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.secondsOptionDescription": "Secondes", "xpack.securitySolution.detectionEngine.createRule.threatMatchRuleTypeDescription": "Correspondance d'indicateur", @@ -24799,7 +24763,6 @@ "xpack.securitySolution.detectionEngine.details.stepAboutRule.detailsLabel": "Détails", "xpack.securitySolution.detectionEngine.details.stepAboutRule.investigationGuideLabel": "Guide d'investigation", "xpack.securitySolution.detectionEngine.details.stepAboutRule.setupGuideLabel": "Guide de configuration", - "xpack.securitySolution.detectionEngine.detectionsBreadcrumbTitle": "Détections", "xpack.securitySolution.detectionEngine.detectionsPageTitle": "Alertes", "xpack.securitySolution.detectionEngine.dismissNoApiIntegrationKeyButton": "Rejeter", "xpack.securitySolution.detectionEngine.editRule.backToDescription": "Retour vers", @@ -24807,9 +24770,6 @@ "xpack.securitySolution.detectionEngine.editRule.errorMsgDescription": "Désolé", "xpack.securitySolution.detectionEngine.editRule.pageTitle": "Modifier les paramètres de règles", "xpack.securitySolution.detectionEngine.editRule.saveChangeTitle": "Enregistrer les modifications", - "xpack.securitySolution.detectionEngine.emptyActionBeats": "Voir les instructions de configuration", - "xpack.securitySolution.detectionEngine.emptyActionSecondary": "Accéder à la documentation", - "xpack.securitySolution.detectionEngine.emptyTitle": "Il semble que vous n'avez aucun index approprié pour le moteur de détection dans l'application Security", "xpack.securitySolution.detectionEngine.eqlOptionsEventCategoryField.label": "Champ de catégorie d'événement", "xpack.securitySolution.detectionEngine.eqlOptionsEventCategoryField.text": "Champ contenant la classification d'événement, telle que processus, fichier ou réseau. Ce champ est généralement mappé en tant que type de champ dans la famille de mots clés", "xpack.securitySolution.detectionEngine.eqlOptionsEventTiebreakerField.label": "Champ de départage", @@ -24819,13 +24779,11 @@ "xpack.securitySolution.detectionEngine.eqlOptionsSize.label": "Taille", "xpack.securitySolution.detectionEngine.eqlOptionsSize.text": "Pour les recherches de base, nombre maximal d'événements correspondants à renvoyer. Pour les recherches de séquences, nombre maximal de séquences correspondantes à renvoyer.", "xpack.securitySolution.detectionEngine.eqlOverViewLink.text": "Aperçu Event Query Language (EQL)", - "xpack.securitySolution.detectionEngine.eqlQueryBar.label": "Entrer une requête EQL", "xpack.securitySolution.detectionEngine.eqlSettings.title": "Paramètres EQL", "xpack.securitySolution.detectionEngine.eqlValidation.requestError": "Une erreur s'est produite lors de la validation de votre requête EQL", "xpack.securitySolution.detectionEngine.eqlValidation.showErrorsLabel": "Afficher les erreurs de validation EQL", "xpack.securitySolution.detectionEngine.eqlValidation.title": "Erreurs de validation EQL", "xpack.securitySolution.detectionEngine.goToDocumentationButton": "Afficher la documentation", - "xpack.securitySolution.detectionEngine.lastSignalTitle": "Dernière alerte", "xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditAlerts": "Sans ces privilèges, vous ne pouvez ni consulter ni modifier le statut des alertes.", "xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditLists": "Sans ces privilèges, vous ne pouvez ni créer ni modifier de listes de valeurs.", "xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditRules": "Sans ce privilège, vous ne pouvez ni créer ni modifier les règles du moteur de détection.", @@ -25456,26 +25414,18 @@ "xpack.securitySolution.detectionEngine.noPermissionsMessage": "Pour afficher les alertes, vous devez mettre à jour les privilèges. Pour en savoir plus, contactez votre administrateur Kibana.", "xpack.securitySolution.detectionEngine.noPermissionsTitle": "Privilèges requis", "xpack.securitySolution.detectionEngine.pageTitle": "Moteur de détection", - "xpack.securitySolution.detectionEngine.panelSubtitleShowing": "Affichage", "xpack.securitySolution.detectionEngine.queryPreview.actions": "Actions", "xpack.securitySolution.detectionEngine.queryPreview.histogramDisclaimer": "Remarque : Les alertes ayant plusieurs valeurs event.category seront comptées plusieurs fois.", "xpack.securitySolution.detectionEngine.queryPreview.mlHistogramDisclaimer": "Remarque : Les alertes ayant plusieurs valeurs host.name seront comptées plusieurs fois.", "xpack.securitySolution.detectionEngine.queryPreview.queryGraphCountLabel": "Décompte", "xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewError": "Erreur de récupération de l'aperçu", - "xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewInspectTitle": "aperçu de la recherche", "xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewNoiseWarning": "Avertissement de bruit : cette règle peut générer beaucoup de bruit. Envisagez d'affiner votre recherche. La base est une progression linéaire comportant 1 alerte par heure.", - "xpack.securitySolution.detectionEngine.queryPreview.queryNoHits": "Aucun résultat n'a été trouvé.", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewDisclaimer": "Remarque : cet aperçu exclut les effets d'exceptions aux règles et les remplacements d'horodatages.", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewEqlSequenceDescription": "Aucun histogramme n'est disponible pour le moment pour les requêtes de séquences EQL. Vous pouvez utiliser l'inspection dans le coin supérieur droit pour afficher les détails de la requête.", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewEqlSequenceTitle": "Aucun histogramme disponible", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewGraphThresholdWithFieldTitle": "{buckets} {buckets, plural, =1 {résultat unique} other {résultats uniques}}", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewGraphTitle": "{hits} {hits, plural, =1 {résultat} other {résultats}}", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewHelpText": "Sélectionnez une période de temps pour les données afin d'afficher l'aperçu des résultats de requête.", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewLabel": "Aperçu de la recherche rapide", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewSeeAllErrors": "Afficher toutes les erreurs", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewSeeAllWarnings": "Afficher tous les avertissements", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewTitle": "Aperçu de la règle", - "xpack.securitySolution.detectionEngine.queryPreview.queryThresholdGraphCountLabel": "Compte de seuil cumulé", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsAriaLabel": "Afficher les détails", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsForRowAriaLabel": "Afficher les détails pour l'alerte ou l'événement de la ligne {ariaRowindex}, avec les colonnes {columnValues}", "xpack.securitySolution.detectionEngine.rule.editRule.errorMsgDescription": "Une entrée est incorrecte dans {countError, plural, one {cet onglet} other {ces onglets}} : {tabHasError}", @@ -25490,7 +25440,6 @@ "xpack.securitySolution.detectionEngine.ruleDetails.deletedRule": "Règle supprimée", "xpack.securitySolution.detectionEngine.ruleDetails.enableRuleLabel": "Activer", "xpack.securitySolution.detectionEngine.ruleDetails.exceptionsTab": "Exceptions", - "xpack.securitySolution.detectionEngine.ruleDetails.experimentalDescription": "Version d’évaluation technique", "xpack.securitySolution.detectionEngine.ruleDetails.pageTitle": "Détails de la règle", "xpack.securitySolution.detectionEngine.ruleDetails.ruleCreationDescription": "Créé par : {by} le {date}", "xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.actionFieldNotFoundErrorDescription": "Impossible de trouver le champ \"kibana.alert.rule.execution.uuid\" dans l'index des alertes.", @@ -25525,7 +25474,6 @@ "xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.totalExecutionsLabel": "Affichage de {totalItems} {totalItems, plural, =1 {exécution de règle} other {exécutions de règle}}", "xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLogsTab": "Logs d'exécution de règle ", "xpack.securitySolution.detectionEngine.ruleDetails.ruleUpdateDescription": "Mis à jour par : {by} le {date}", - "xpack.securitySolution.detectionEngine.ruleDetails.statusFailedDescription": "Échoué", "xpack.securitySolution.detectionEngine.ruleDetails.unknownDescription": "Inconnu", "xpack.securitySolution.detectionEngine.rules.aboutRuleTitle": "À propos de la règle", "xpack.securitySolution.detectionEngine.rules.addNewRuleTitle": "Créer une nouvelle règle", @@ -25539,7 +25487,6 @@ "xpack.securitySolution.detectionEngine.rules.all.exceptions.exportSuccess": "Réussite de l'exportation de la liste d'exceptions", "xpack.securitySolution.detectionEngine.rules.all.exceptions.idTitle": "ID de liste", "xpack.securitySolution.detectionEngine.rules.all.exceptions.listName": "Nom", - "xpack.securitySolution.detectionEngine.rules.all.exceptions.numberRulesAssignedTitle": "Nombre de règles affectées à", "xpack.securitySolution.detectionEngine.rules.all.exceptions.rulesAssignedTitle": "Règles affectées à", "xpack.securitySolution.detectionEngine.rules.all.exceptions.rulesPopoverButton": "+ {rulesCount} {rulesCount, plural, =1 {règle} other {règles}}", "xpack.securitySolution.detectionEngine.rules.allExceptionLists.filters.noExceptionsTitle": "Aucune liste d'exceptions n'a été trouvée", @@ -25548,11 +25495,9 @@ "xpack.securitySolution.detectionEngine.rules.allExceptions.tableTitle": "Listes d'exceptions", "xpack.securitySolution.detectionEngine.rules.allRules.actions.deleteRuleDescription": "Supprimer la règle", "xpack.securitySolution.detectionEngine.rules.allRules.actions.duplicateRuleDescription": "Dupliquer la règle", - "xpack.securitySolution.detectionEngine.rules.allRules.actions.duplicateTitle": "Dupliquer", "xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsDescription": "Modifier les paramètres de règles", "xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsToolTip": "Vous ne disposez pas des privilèges d'actions Kibana", "xpack.securitySolution.detectionEngine.rules.allRules.actions.exportRuleDescription": "Exporter la règle", - "xpack.securitySolution.detectionEngine.rules.allRules.activeRuleDescription": "active", "xpack.securitySolution.detectionEngine.rules.allRules.batchActions.deleteSelectedImmutableTitle": "La sélection contient des règles immuables qui ne peuvent pas être supprimées", "xpack.securitySolution.detectionEngine.rules.allRules.batchActionsTitle": "Actions groupées", "xpack.securitySolution.detectionEngine.rules.allRules.bulkAction.enable.successToastDescription": "Activation réussie de {totalRules, plural, =1 {{totalRules} règle} other {{totalRules} règles}}", @@ -25615,7 +25560,6 @@ "xpack.securitySolution.detectionEngine.rules.allRules.columns.riskScoreTitle": "Score de risque", "xpack.securitySolution.detectionEngine.rules.allRules.columns.ruleTitle": "Règle", "xpack.securitySolution.detectionEngine.rules.allRules.columns.severityTitle": "Sévérité", - "xpack.securitySolution.detectionEngine.rules.allRules.columns.tagsPopoverTitle": "Tout voir", "xpack.securitySolution.detectionEngine.rules.allRules.columns.tagsTitle": "Balises", "xpack.securitySolution.detectionEngine.rules.allRules.columns.versionTitle": "Version", "xpack.securitySolution.detectionEngine.rules.allRules.exportFilenameTitle": "rules_export", @@ -25630,7 +25574,6 @@ "xpack.securitySolution.detectionEngine.rules.allRules.filters.noRulesTitle": "Aucune règle n'a été trouvée", "xpack.securitySolution.detectionEngine.rules.allRules.filters.noTagsAvailableDescription": "Aucune balise n'est disponible", "xpack.securitySolution.detectionEngine.rules.allRules.filters.tagsLabel": "Balises", - "xpack.securitySolution.detectionEngine.rules.allRules.inactiveRuleDescription": "inactive", "xpack.securitySolution.detectionEngine.rules.allRules.refreshTitle": "Actualiser", "xpack.securitySolution.detectionEngine.rules.allRules.searchAriaLabel": "Rechercher les règles", "xpack.securitySolution.detectionEngine.rules.allRules.searchPlaceholder": "Nom de règle, modèle d'indexation (par ex., \"filebeat-*\") ou tactique ou méthode MITRE ATT&CK™ (par ex., \"Évasion par la défense \" ou \"TA0005\")", @@ -25638,10 +25581,8 @@ "xpack.securitySolution.detectionEngine.rules.allRules.selectedRulesTitle": "Sélection de {selectedRules} {selectedRules, plural, =1 {règle} other {règles}} effectuée", "xpack.securitySolution.detectionEngine.rules.allRules.showingExceptionLists": "Affichage de {totalLists} {totalLists, plural, =1 {liste} other {listes}}", "xpack.securitySolution.detectionEngine.rules.allRules.showingRulesTitle": "Affichage de {totalRules} {totalRules, plural, =1 {règle} other {règles}}", - "xpack.securitySolution.detectionEngine.rules.allRules.tabs.exceptions": "Listes d'exceptions", "xpack.securitySolution.detectionEngine.rules.allRules.tabs.monitoring": "Monitoring des règles", "xpack.securitySolution.detectionEngine.rules.allRules.tabs.rules": "Règles", - "xpack.securitySolution.detectionEngine.rules.backOptionsHeader": "Retour aux détections", "xpack.securitySolution.detectionEngine.rules.cloneRule.duplicateTitle": "Dupliquer", "xpack.securitySolution.detectionEngine.rules.components.ruleActionsOverflow.allActionsTitle": "Toutes les actions", "xpack.securitySolution.detectionEngine.rules.continueButtonTitle": "Continuer", @@ -25691,8 +25632,6 @@ "xpack.securitySolution.detectionEngine.ruleStatus.statusDescription": "Dernière réponse", "xpack.securitySolution.detectionEngine.signalRuleAlert.actionGroups.default": "Par défaut", "xpack.securitySolution.detectionEngine.signals.alertReasonDescription": "{eventCategory, select, null {} other {{eventCategory}{whitespace}}}événement{hasFieldOfInterest, select, false {} other {{whitespace}avec}}{processName, select, null {} other {{whitespace}processus {processName},} }{processParentName, select, null {} other {{whitespace}processus parent {processParentName},} }{fileName, select, null {} other {{whitespace}fichier {fileName},} }{sourceAddress, select, null {} other {{whitespace}source {sourceAddress}}}{sourcePort, select, null {} other {:{sourcePort},}}{destinationAddress, select, null {} other {{whitespace}destination {destinationAddress}}}{destinationPort, select, null {} other {:{destinationPort},}}{userName, select, null {} other {{whitespace}par {userName}} }{hostName, select, null {} other {{whitespace}sur {hostName}} } alerte {alertSeverity} {alertName} créée.", - "xpack.securitySolution.detectionEngine.signalTitle": "Alertes détectées", - "xpack.securitySolution.detectionEngine.totalSignalTitle": "Total", "xpack.securitySolution.detectionEngine.userUnauthenticatedMsgBody": "Vous ne disposez pas des autorisations requises pour visualiser le moteur de détection. Pour une aide supplémentaire, contactez votre administrateur.", "xpack.securitySolution.detectionEngine.userUnauthenticatedTitle": "Autorisations de moteur de détection requises", "xpack.securitySolution.detectionEngine.validations.thresholdCardinalityFieldFieldData.thresholdCardinalityFieldNotSuppliedMessage": "Un champ Cardinalité est requis.", @@ -25722,7 +25661,6 @@ "xpack.securitySolution.detectionResponse.noRecentCases": "Aucun cas à afficher", "xpack.securitySolution.detectionResponse.noRuleAlerts": "Aucune alerte à afficher", "xpack.securitySolution.detectionResponse.openAllAlertsButton": "Afficher toutes les alertes ouvertes", - "xpack.securitySolution.detectionResponse.openRuleAlertsTooltip": "Ouvrir les alertes de la règle", "xpack.securitySolution.detectionResponse.openRuleDetailTooltip": "Ouvrir les détails de la règle", "xpack.securitySolution.detectionResponse.pageTitle": "Détection et réponse", "xpack.securitySolution.detectionResponse.ruleAlertsColumnAlertCount": "Nombre d'alertes", @@ -25738,8 +25676,6 @@ "xpack.securitySolution.detectionResponse.userAlertsSectionTitle": "Utilisateurs par sévérité d'alerte", "xpack.securitySolution.detectionResponse.userAlertsUserName": "Nom d'utilisateur", "xpack.securitySolution.detectionResponse.userSectionTooltip": "Maximum de 100 utilisateurs. Veuillez consulter la page Alertes pour plus d'informations.", - "xpack.securitySolution.detectionResponse.viewAllHostAlerts": "Afficher tous les hôtes", - "xpack.securitySolution.detectionResponse.viewAllUserAlerts": "Afficher tous les utilisateurs", "xpack.securitySolution.detectionResponse.viewCases": "Afficher les cas", "xpack.securitySolution.detectionResponse.viewRecentCases": "Afficher les cas récents", "xpack.securitySolution.detections.alerts.agentStatus": "Statut de l'agent", @@ -25750,18 +25686,14 @@ "xpack.securitySolution.documentationLinks.detectionsRequirements.text": "Prérequis et exigences des détections", "xpack.securitySolution.documentationLinks.mlJobCompatibility.text": "Compatibilité des tâches de ML", "xpack.securitySolution.documentationLinks.solutionRequirements.text": "Exigences système d'Elastic Security", - "xpack.securitySolution.dragAndDrop.addToTimeline": "Ajouter à la chronologie d'investigation", "xpack.securitySolution.dragAndDrop.closeButtonLabel": "Fermer", "xpack.securitySolution.dragAndDrop.copyToClipboardTooltip": "Copier dans le Presse-papiers", "xpack.securitySolution.dragAndDrop.draggableKeyboardInstructionsNotDraggingScreenReaderOnly": "Appuyez sur Entrée pour accéder aux options ou sur la barre d'espace pour commencer le glisser-déposer.", "xpack.securitySolution.dragAndDrop.fieldLabel": "Champ", - "xpack.securitySolution.dragAndDrop.filterForValueHoverAction": "Filtre pour la valeur", - "xpack.securitySolution.dragAndDrop.filterOutValueHoverAction": "Filtrer la valeur", "xpack.securitySolution.dragAndDrop.youAreInADialogContainingOptionsScreenReaderOnly": "Vous êtes dans une boîte de dialogue contenant des options pour le champ {fieldName}. Appuyez sur Tab pour naviguer entre les options. Appuyez sur Échap pour quitter.", "xpack.securitySolution.draggables.field.categoryLabel": "Catégorie", "xpack.securitySolution.draggables.field.fieldLabel": "Champ", "xpack.securitySolution.draggables.field.typeLabel": "Type", - "xpack.securitySolution.draggables.field.viewCategoryTooltip": "Afficher la catégorie", "xpack.securitySolution.editDataProvider.doesNotExistLabel": "n'existe pas", "xpack.securitySolution.editDataProvider.existsLabel": "existe", "xpack.securitySolution.editDataProvider.fieldLabel": "Champ", @@ -25874,14 +25806,12 @@ "xpack.securitySolution.endpoint.hostIsolation.comment.placeholder": "Vous pouvez déposer un commentaire facultatif ici.", "xpack.securitySolution.endpoint.hostIsolation.confirm": "Confirmer", "xpack.securitySolution.endpoint.hostIsolation.failedToIsolate.title": "Impossible d'isoler l'hôte", - "xpack.securitySolution.endpoint.hostisolation.isolate": "isoler", "xpack.securitySolution.endpoint.hostIsolation.isolated": "isolé", "xpack.securitySolution.endpoint.hostIsolation.isolateHost": "Isoler l'hôte", "xpack.securitySolution.endpoint.hostIsolation.isolateHost.casesAssociatedWithAlert": "{caseCount} {caseCount, plural, one {cas associé} other {cas associés}} à cet hôte", "xpack.securitySolution.endpoint.hostIsolation.isolateThisHost": "Isoler l'hôte {hostName} du réseau.", "xpack.securitySolution.endpoint.hostIsolation.isolateThisHostAbout": "L'isolation d'un hôte le déconnectera du réseau. L'hôte ne pourra communiquer qu'avec la plateforme Kibana.", "xpack.securitySolution.endpoint.hostIsolation.isolation.successfulMessage": "L'isolation sur l'hôte {hostName} a été soumise avec succès", - "xpack.securitySolution.endpoint.hostIsolation.notIsolated": "non isolé", "xpack.securitySolution.endpoint.hostIsolation.placeholderCase": "{caseName}", "xpack.securitySolution.endpoint.hostIsolation.returnToAlertDetails": "Retour aux détails de l'alerte", "xpack.securitySolution.endpoint.hostIsolation.successfulIsolation.cases": "Cette action a été attachée {caseCount, plural, one {au cas suivant} other {aux cas suivants}} :", @@ -26284,14 +26214,11 @@ "xpack.securitySolution.endpoint.resolver.panel.table.row.timestampTitle": "Horodatage", "xpack.securitySolution.endpoint.resolver.panel.table.row.valueMissingDescription": "La valeur est manquante", "xpack.securitySolution.endpoint.resolver.processDescription": "{isEventBeingAnalyzed, select, true {Événement analysé · {descriptionText}} false {{descriptionText}}}", - "xpack.securitySolution.endpoint.resolver.relatedEventLimitExceeded": "{numberOfEventsMissing} événements {category} n'ont pas pu être affichés, car la limite de données a été atteinte.", "xpack.securitySolution.endpoint.resolver.relatedEventLimitTitle": "Cette liste inclut {numberOfEntries} événements de processus.", - "xpack.securitySolution.endpoint.resolver.relatedLimitsExceededTitle": "Cette liste inclut {numberOfEventsDisplayed} événements {category}.", "xpack.securitySolution.endpoint.resolver.runningProcess": "Processus en cours d'exécution", "xpack.securitySolution.endpoint.resolver.runningTrigger": "Déclenchement en cours d'exécution", "xpack.securitySolution.endpoint.resolver.terminatedProcess": "Processus arrêté", "xpack.securitySolution.endpoint.resolver.terminatedTrigger": "Déclenchement arrêté", - "xpack.securitySolution.endpoint.takeAction.changeAlertStatus": "Modifier le statut de l'alerte", "xpack.securitySolution.endpoint.trustedApps.fleetIntegration.title": "Applications de confiance", "xpack.securitySolution.endpointConsoleCommands.isolate.about": "Isoler l'hôte", "xpack.securitySolution.endpointConsoleCommands.status.about": "Afficher les toutes dernières informations de statut pour le point de terminaison", @@ -26312,7 +26239,6 @@ "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationCompletedAndUnsuccessful": "Requête de libération effectuée par Endpoint avec des erreurs", "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationFailed": "Requête de libération de l'hôte reçue par Endpoint avec des erreurs", "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationSuccessful": "Requête de libération de l'hôte reçue par Endpoint", - "xpack.securitySolution.endpointDetails.activityLog.search": "Rechercher dans le log d'activité", "xpack.securitySolution.endpointDetails.overview": "Aperçu", "xpack.securitySolution.endpointManagement.noPermissionsSubText": "Vous devez disposer du rôle de superutilisateur pour utiliser cette fonctionnalité. Si vous ne disposez pas de ce rôle, ni d'autorisations pour modifier les rôles d'utilisateur, contactez votre administrateur Kibana.", "xpack.securitySolution.endpointManagemnet.noPermissionsText": "Vous ne disposez pas des autorisations Kibana requises pour utiliser Elastic Security Administration", @@ -26326,9 +26252,6 @@ "xpack.securitySolution.enpdoint.resolver.panelutils.noTimestampRetrieved": "Aucun horodatage récupéré", "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "Ouvrir dans Endpoint Security", "xpack.securitySolution.event.reason.reasonRendererTitle": "Outil de rendu d'événement : {eventRendererName} ", - "xpack.securitySolution.eventDetails.blank": " ", - "xpack.securitySolution.eventDetails.copyToClipboard": "Copier dans le Presse-papiers", - "xpack.securitySolution.eventDetails.copyToClipboardTooltip": "Copier dans le Presse-papiers", "xpack.securitySolution.eventDetails.ctiSummary.feedNamePreposition": "de", "xpack.securitySolution.eventDetails.ctiSummary.indicatorEnrichmentTitle": "Correspondance de menace détectée", "xpack.securitySolution.eventDetails.ctiSummary.indicatorEnrichmentTooltipContent": "Cette valeur de champ correspond à un indicateur de Threat Intelligence avec une règle que vous avez créée.", @@ -26349,7 +26272,6 @@ "xpack.securitySolution.eventDetails.value": "Valeur", "xpack.securitySolution.eventDetails.viewAllFields": "Afficher tous les champs dans le tableau", "xpack.securitySolution.eventDetails.viewColumnCheckboxAriaLabel": "Afficher la colonne {field}", - "xpack.securitySolution.eventDetails.viewRuleDetailPage": "Afficher la page Détails de la règle", "xpack.securitySolution.eventFilter.flyoutForm.creationSuccessToastTitle": "\"{name}\" a été ajouté à la liste de filtres d'événements.", "xpack.securitySolution.eventFilter.form.description.placeholder": "Description", "xpack.securitySolution.eventFilter.form.name.error": "Le nom doit être renseigné", @@ -26431,7 +26353,6 @@ "xpack.securitySolution.eventRenderers.zeekName": "Zeek (anciennement Bro)", "xpack.securitySolution.eventsViewer.actionsColumnLabel": "Actions", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.alertDurationTitle": "Durée de l'alerte", - "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.methodTitle": "Méthode", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.reasonTitle": "Raison", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.riskScoreTitle": "Score de risque", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.ruleDescriptionTitle": "Description de la règle", @@ -26443,11 +26364,9 @@ "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.thresholdCount": "Compte de seuil", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.thresholdTerms": "Termes de seuil", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.triggeredTitle": "Déclenché", - "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.versionTitle": "Version", "xpack.securitySolution.eventsViewer.alerts.overview.changeAlertStatus": "Modifier le statut de l'alerte", "xpack.securitySolution.eventsViewer.alerts.overview.clickToChangeAlertStatus": "Cliquer pour modifier le statut de l'alerte", "xpack.securitySolution.eventsViewer.alerts.overviewTable.signalStatusTitle": "Statut", - "xpack.securitySolution.eventsViewer.errorFetchingEventsData": "Impossible d'interroger les données d'événements", "xpack.securitySolution.eventsViewer.eventsLabel": "Événements", "xpack.securitySolution.eventsViewer.showingLabel": "Affichant", "xpack.securitySolution.eventsViewer.unit": "{totalCount, plural, =1 {événement} other {événements}}", @@ -26458,8 +26377,6 @@ "xpack.securitySolution.exceptions.addException.cancel": "Annuler", "xpack.securitySolution.exceptions.addException.endpointQuarantineText": "Sur tous les hôtes Endpoint, les fichiers en quarantaine qui correspondent à l'exception sont automatiquement restaurés à leur emplacement d'origine. Cette exception s'applique à toutes les règles utilisant les exceptions Endpoint.", "xpack.securitySolution.exceptions.addException.error": "Impossible d'ajouter l'exception", - "xpack.securitySolution.exceptions.addException.fetchError": "Erreur lors de la récupération de la liste d'exceptions", - "xpack.securitySolution.exceptions.addException.fetchError.title": "Erreur", "xpack.securitySolution.exceptions.addException.infoLabel": "Les alertes sont générées lorsque les conditions de la règle sont remplies, sauf quand :", "xpack.securitySolution.exceptions.addException.operatingSystemPlaceHolder": "Sélectionner un système d'exploitation", "xpack.securitySolution.exceptions.addException.sequenceWarning": "La requête de cette règle contient une instruction de séquence EQL. L'exception créée s'appliquera à tous les événements de la séquence.", @@ -26470,9 +26387,6 @@ "xpack.securitySolution.exceptions.clearExceptionsLabel": "Retirer la liste d'exceptions", "xpack.securitySolution.exceptions.commentEventLabel": "a ajouté un commentaire", "xpack.securitySolution.exceptions.commentLabel": "Commentaire", - "xpack.securitySolution.exceptions.createdByLabel": "Créé par", - "xpack.securitySolution.exceptions.dateCreatedLabel": "Date de création", - "xpack.securitySolution.exceptions.dateModifiedLabel": "Date de modification", "xpack.securitySolution.exceptions.descriptionLabel": "Description", "xpack.securitySolution.exceptions.detectionListLabel": "Liste de détection", "xpack.securitySolution.exceptions.dissasociateExceptionListError": "Impossible de retirer la liste d'exceptions", @@ -26485,7 +26399,6 @@ "xpack.securitySolution.exceptions.editException.editExceptionSaveButton": "Enregistrer", "xpack.securitySolution.exceptions.editException.editExceptionTitle": "Modifier une exception à une règle", "xpack.securitySolution.exceptions.editException.endpointQuarantineText": "Sur tous les hôtes Endpoint, les fichiers en quarantaine qui correspondent à l'exception sont automatiquement restaurés à leur emplacement d'origine. Cette exception s'applique à toutes les règles utilisant les exceptions Endpoint.", - "xpack.securitySolution.exceptions.editException.error": "Impossible de mettre à jour l'exception", "xpack.securitySolution.exceptions.editException.infoLabel": "Les alertes sont générées lorsque les conditions de la règle sont remplies, sauf quand :", "xpack.securitySolution.exceptions.editException.sequenceWarning": "La requête de cette règle contient une instruction de séquence EQL. L'exception modifiée s'appliquera à tous les événements de la séquence.", "xpack.securitySolution.exceptions.editException.success": "L'exception a été mise à jour avec succès", @@ -26500,10 +26413,8 @@ "xpack.securitySolution.exceptions.fieldDescription": "Champ", "xpack.securitySolution.exceptions.hideCommentsLabel": "Masquer ({comments}) {comments, plural, =1 {commentaire} other {commentaires}}", "xpack.securitySolution.exceptions.modalErrorAccordionText": "Afficher les informations de référence de la règle :", - "xpack.securitySolution.exceptions.modifiedByLabel": "Modifié par", "xpack.securitySolution.exceptions.nameLabel": "Nom", "xpack.securitySolution.exceptions.operatingSystemFullLabel": "Système d'exploitation", - "xpack.securitySolution.exceptions.operatingSystemLabel": "Système d'exploitation", "xpack.securitySolution.exceptions.operatingSystemLinux": "Linux", "xpack.securitySolution.exceptions.operatingSystemMac": "macOS", "xpack.securitySolution.exceptions.operatingSystemWindows": "Windows", @@ -26552,9 +26463,6 @@ "xpack.securitySolution.featureCatalogueDescription": "Prévenez, collectez, détectez et traitez les menaces pour une protection unifiée dans toute votre infrastructure.", "xpack.securitySolution.featureRegistry.linkSecuritySolutionCaseTitle": "Cas", "xpack.securitySolution.featureRegistry.linkSecuritySolutionTitle": "Sécurité", - "xpack.securitySolution.featureRegistry.manageAlertsName": "Alertes", - "xpack.securitySolution.featureRegistry.subfeature.alertsAllName": "Tous", - "xpack.securitySolution.featureRegistry.subfeature.alertsReadName": "Lire", "xpack.securitySolution.fieldBrowser.actionsLabel": "Actions", "xpack.securitySolution.fieldBrowser.categoryLabel": "Catégorie", "xpack.securitySolution.fieldBrowser.createFieldButton": "Créer un champ", @@ -26584,17 +26492,14 @@ "xpack.securitySolution.firstLastSeenHost.failSearchDescription": "Impossible d'exécuter une recherche sur l'hôte vu en premier/dernier", "xpack.securitySolution.fleetIntegration.assets.description": "Afficher les points de terminaison dans l'application Security", "xpack.securitySolution.fleetIntegration.assets.name": "Hôtes", - "xpack.securitySolution.flyout.button.text": "Chronologie", "xpack.securitySolution.flyout.button.timeline": "chronologie", "xpack.securitySolution.footer.autoRefreshActiveDescription": "Actualisation automatique active", "xpack.securitySolution.footer.autoRefreshActiveTooltip": "Lorsque l'actualisation automatique est activée, la chronologie vous montrera les {numberOfItems} derniers événements correspondant à votre recherche.", "xpack.securitySolution.footer.cancel": "Annuler", "xpack.securitySolution.footer.data": "données", "xpack.securitySolution.footer.events": "Événements", - "xpack.securitySolution.footer.live": "Live", "xpack.securitySolution.footer.loadingEventsDataLabel": "Chargement des événements", "xpack.securitySolution.footer.loadingLabel": "Chargement", - "xpack.securitySolution.footer.loadingTimelineData": "Chargement des données de la chronologie", "xpack.securitySolution.footer.of": "sur", "xpack.securitySolution.footer.rows": "lignes", "xpack.securitySolution.footer.totalCountOfEvents": "événements", @@ -26660,14 +26565,9 @@ "xpack.securitySolution.hostIsolationExceptions.flyoutEditTitle": "Modifier l'exception d'isolation de l'hôte", "xpack.securitySolution.hostIsolationExceptions.form.conditions.subtitle": "Les exceptions d'isolation de l'hôte s'appliqueront à tous les systèmes d'exploitation.", "xpack.securitySolution.hostIsolationExceptions.form.conditions.title": "Conditions", - "xpack.securitySolution.hostIsolationExceptions.form.creationSuccessToastTitle": "\"{name}\" a été ajouté à la liste d'exceptions d'isolation de l'hôte.", "xpack.securitySolution.hostIsolationExceptions.form.description": "Permet aux hôtes isolés de se connecter à ces adresses IP. Accepte uniquement IPv4 avec CIDR facultatif.", "xpack.securitySolution.hostIsolationExceptions.form.description.label": "Description", "xpack.securitySolution.hostIsolationExceptions.form.description.placeholder": "Décrire votre exception d'isolation de l'hôte", - "xpack.securitySolution.hostIsolationExceptions.form.editingSuccessToastTitle": "\"{name}\" a été mis à jour.", - "xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.create": "Une erreur est survenue lors de la création de l'exception : \"{error}\"", - "xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.get": "Impossible de modifier l'exception : \"{error}\"", - "xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.update": "Une erreur est survenue lors de la mise à jour de l'exception : \"{error}\"", "xpack.securitySolution.hostIsolationExceptions.form.ip.error": "L'IP n'est pas valide. Seul IPv4 avec CIDR facultatif est pris en charge", "xpack.securitySolution.hostIsolationExceptions.form.ip.label": "Entrer l'adresse IP", "xpack.securitySolution.hostIsolationExceptions.form.ip.placeholder": "Ex 0.0.0.0/24", @@ -26675,15 +26575,11 @@ "xpack.securitySolution.hostIsolationExceptions.form.name.label": "Nommer vos exceptions d'isolation de l'hôte", "xpack.securitySolution.hostIsolationExceptions.form.name.placeholder": "Nom de l'exception d'isolation de l'hôte", "xpack.securitySolution.hostIsolationExceptions.form.title": "Détails", - "xpack.securitySolution.hostIsolationExceptions.list.action.delete": "Supprimer l'exception", - "xpack.securitySolution.hostIsolationExceptions.list.action.edit": "Modifier l'exception", "xpack.securitySolution.hostIsolationExceptions.pageAboutInfo": "Ajoutez une exception d'isolation de l'hôte pour permettre aux hôtes isolés de communiquer avec des IP spécifiques.", "xpack.securitySolution.hostIsolationExceptions.pageAddButtonTitle": "Ajouter l'exception d'isolation de l'hôte", "xpack.securitySolution.hostIsolationExceptions.pageTitle": "Exceptions d'isolation de l'hôte", "xpack.securitySolution.hostIsolationExceptions.searchPlaceholderInfo": "Rechercher sur les champs ci-dessous : nom, description, IP", "xpack.securitySolution.hostIsolationExceptions.showingTotal": "Affichage de {total} {total, plural, one {exception d'isolation de l'hôte} other {exceptions d'isolation de l'hôte}}", - "xpack.securitySolution.hostOverview.errorSearchDescription": "Une erreur s'est produite sur la recherche de l'aperçu de l'hôte", - "xpack.securitySolution.hostOverview.failSearchDescription": "Impossible de lancer une recherche sur l'aperçu de l'hôte", "xpack.securitySolution.hosts.hostRiskInformation.buttonLabel": "Comment le score de risque est-il calculé ?", "xpack.securitySolution.hosts.hostRiskInformation.classificationHeader": "Classification", "xpack.securitySolution.hosts.hostRiskInformation.closeBtn": "Fermer", @@ -26699,7 +26595,6 @@ "xpack.securitySolution.hosts.hostScoreOverTime.riskScore": "Score de risque", "xpack.securitySolution.hosts.hostScoreOverTime.riskyLabel": "À risque", "xpack.securitySolution.hosts.hostScoreOverTime.riskyThresholdHeader": "Seuil du niveau À risque", - "xpack.securitySolution.hosts.kqlPlaceholder": "par ex. hôte.nom : \"foo\"", "xpack.securitySolution.hosts.navigation.alertsTitle": "Alertes externes", "xpack.securitySolution.hosts.navigation.allHostsTitle": "Tous les hôtes", "xpack.securitySolution.hosts.navigation.anomaliesTitle": "Anomalies", @@ -26757,7 +26652,6 @@ "xpack.securitySolution.indexPatterns.continue": "Continuer sans ajouter", "xpack.securitySolution.indexPatterns.dataViewLabel": "Vue de données", "xpack.securitySolution.indexPatterns.descriptionsLabel": "Il s'agit des modèles d'indexation actuellement sélectionnés. Le filtrage des modèles d'indexation à partir de votre vue de données peut améliorer les performances globales.", - "xpack.securitySolution.indexPatterns.disabled": "Des modèles d'indexation désactivés sont recommandés sur cette page, mais ils doivent d'abord être configurés dans vos paramètres de modèle d'indexation Kibana", "xpack.securitySolution.indexPatterns.failureToastText": "Une erreur inattendue s'est produite lors de la mise à jour. Si vous souhaitez modifier vos données, vous pouvez sélectionner manuellement une vue de données {link}.", "xpack.securitySolution.indexPatterns.failureToastTitle": "Impossible de mettre à jour la vue de données", "xpack.securitySolution.indexPatterns.inactive": "Modèles d'indexation inactifs", @@ -26790,7 +26684,6 @@ "xpack.securitySolution.indexPatterns.updateAvailableBadgeTitle": "Mise à jour disponible", "xpack.securitySolution.indexPatterns.updateDataView": "Souhaitez-vous ajouter ce modèle d'indexation à la vue de données Security ? Sinon, nous pouvons recréer la vue de données sans les modèles d'indexation manquants.", "xpack.securitySolution.indexPatterns.updateSecurityDataView": "Mettre à jour la vue de données Security", - "xpack.securitySolution.insert.timeline.insertTimelineButton": "Insérer un lien de chronologie", "xpack.securitySolution.inspect.modal.closeTitle": "Fermer", "xpack.securitySolution.inspect.modal.indexPatternDescription": "Modèle d'indexation qui se connecte aux index Elasticsearch. Ces index peuvent être configurés dans Kibana > Paramètres avancés.", "xpack.securitySolution.inspect.modal.indexPatternLabel": "Modèle d'indexation", @@ -26862,9 +26755,7 @@ "xpack.securitySolution.lists.valueListsTable.actionsColumn": "Actions", "xpack.securitySolution.lists.valueListsTable.createdByColumn": "Créé par", "xpack.securitySolution.lists.valueListsTable.deleteActionDescription": "Retirer la liste de valeurs", - "xpack.securitySolution.lists.valueListsTable.deleteActionName": "Retirer", "xpack.securitySolution.lists.valueListsTable.exportActionDescription": "Exporter la liste de valeurs", - "xpack.securitySolution.lists.valueListsTable.exportActionName": "Exporter", "xpack.securitySolution.lists.valueListsTable.fileNameColumn": "Nom de fichier", "xpack.securitySolution.lists.valueListsTable.title": "Listes de valeurs", "xpack.securitySolution.lists.valueListsTable.typeColumn": "Type", @@ -26873,7 +26764,6 @@ "xpack.securitySolution.management.policiesSelector.label": "Politiques", "xpack.securitySolution.management.policiesSelector.unassignedEntries": "Entrées non affectées", "xpack.securitySolution.management.search.button": "Actualiser", - "xpack.securitySolution.markdownEditor.markdownInputHelp": "Aide pour la syntaxe Markdown", "xpack.securitySolution.markdownEditor.plugins.timeline.failedRetrieveTimelineErrorMsg": "Impossible de récupérer l'ID de chronologie : { timelineId }", "xpack.securitySolution.markdownEditor.plugins.timeline.insertTimelineButtonLabel": "Insérer un lien de chronologie", "xpack.securitySolution.markdownEditor.plugins.timeline.noParenthesesErrorMsg": "Parenthèses gauches attendues", @@ -26882,7 +26772,6 @@ "xpack.securitySolution.markdownEditor.plugins.timeline.timelineErrorTitle": "Erreur de chronologie", "xpack.securitySolution.markdownEditor.plugins.timeline.toolTip.timelineId": "ID de chronologie : { timelineId }", "xpack.securitySolution.markdownEditor.plugins.timeline.toolTip.timelineUrlIsNotValidErrorMsg": "L'URL de chronologie n'est pas valide => {timelineUrl}", - "xpack.securitySolution.markdownEditor.preview": "Aperçu", "xpack.securitySolution.matrixHistogram.errorSearchDescription": "Une erreur s'est produite sur la recherche de l'histogramme de matrice", "xpack.securitySolution.matrixHistogram.failSearchDescription": "Impossible de lancer une recherche sur l'histogramme de matrice", "xpack.securitySolution.ml.score.anomalousEntityTitle": "Entité anormale", @@ -26956,7 +26845,6 @@ "xpack.securitySolution.network.ipDetails.usersTable.rows": "{numRows} {numRows, plural, =0 {ligne} =1 {ligne} other {lignes}}", "xpack.securitySolution.network.ipDetails.usersTable.unit": "{totalCount, plural, =1 {utilisateur} other {utilisateurs}}", "xpack.securitySolution.network.ipDetails.usersTable.usersTitle": "Utilisateurs", - "xpack.securitySolution.network.kqlPlaceholder": "par ex. source.ip : \"foo\"", "xpack.securitySolution.network.navigation.alertsTitle": "Alertes externes", "xpack.securitySolution.network.navigation.anomaliesTitle": "Anomalies", "xpack.securitySolution.network.navigation.dnsTitle": "DNS", @@ -26967,7 +26855,6 @@ "xpack.securitySolution.networkDetails.errorSearchDescription": "Une erreur s'est produite sur la recherche de détails réseau", "xpack.securitySolution.networkDetails.failSearchDescription": "Impossible de lancer la recherche sur les détails réseau", "xpack.securitySolution.networkDns.errorSearchDescription": "Une erreur s'est produite sur la recherche de DNS réseau", - "xpack.securitySolution.networkDns.failSearchDescription": "Impossible de lancer la recherche sur le DNS réseau", "xpack.securitySolution.networkDnsTable.column.bytesInTitle": "Octets DNS en entrée", "xpack.securitySolution.networkDnsTable.column.bytesOutTitle": "Octets DNS en sortie", "xpack.securitySolution.networkDnsTable.column.registeredDomain": "Domaine enregistré", @@ -26978,7 +26865,6 @@ "xpack.securitySolution.networkDnsTable.select.includePtrRecords": "Inclure les enregistrements PTR", "xpack.securitySolution.networkDnsTable.title": "Premiers domaines DNS", "xpack.securitySolution.networkDnsTable.unit": "{totalCount, plural, =1 {domaine} other {domaines}}", - "xpack.securitySolution.networkHttp.errorSearchDescription": "Une erreur s'est produite sur la recherche de HTTP réseau", "xpack.securitySolution.networkHttp.failSearchDescription": "Impossible de lancer la recherche sur le HTTP réseau", "xpack.securitySolution.networkHttpTable.column.domainTitle": "Domaine", "xpack.securitySolution.networkHttpTable.column.lastHostTitle": "Dernier hôte", @@ -27002,7 +26888,6 @@ "xpack.securitySolution.networkKpiUniquePrivateIps.failSearchDescription": "Impossible de lancer la recherche sur les IP privées uniques de KPI réseau", "xpack.securitySolution.networkTls.errorSearchDescription": "Une erreur s'est produite sur la recherche de TLS réseau", "xpack.securitySolution.networkTls.failSearchDescription": "Impossible de lancer la recherche sur le TLS réseau", - "xpack.securitySolution.networkTopCountries.errorSearchDescription": "Une erreur s'est produite sur la recherche des premiers pays du réseau", "xpack.securitySolution.networkTopCountries.failSearchDescription": "Impossible de lancer la recherche sur les premiers pays du réseau", "xpack.securitySolution.networkTopCountriesTable.column.bytesInTitle": "Octets en entrée", "xpack.securitySolution.networkTopCountriesTable.column.bytesOutTitle": "Octets en sortie", @@ -27014,7 +26899,6 @@ "xpack.securitySolution.networkTopCountriesTable.heading.sourceCountries": "Pays source", "xpack.securitySolution.networkTopCountriesTable.heading.unit": "{totalCount, plural, other {pays}}", "xpack.securitySolution.networkTopCountriesTable.rows": "{numRows} {numRows, plural, =0 {ligne} =1 {ligne} other {lignes}}", - "xpack.securitySolution.networkTopNFlow.errorSearchDescription": "Une erreur s'est produite sur la recherche des n premiers flux réseau", "xpack.securitySolution.networkTopNFlow.failSearchDescription": "Impossible de lancer la recherche sur les n premiers flux réseau", "xpack.securitySolution.networkTopNFlowTable.column.asTitle": "Système autonome", "xpack.securitySolution.networkTopNFlowTable.column.bytesInTitle": "Octets en entrée", @@ -27035,15 +26919,11 @@ "xpack.securitySolution.newsFeed.noNewsMessageForAdmin": "Votre URL de fil d'actualités en cours n'a renvoyé aucune nouvelle récente. Vous pouvez mettre à jour l'URL ou désactiver les nouvelles de sécurité via", "xpack.securitySolution.noPermissionsMessage": "Pour afficher {subPluginKey}, vous devez mettre à jour les privilèges. Pour en savoir plus, contactez votre administrateur Kibana.", "xpack.securitySolution.noPermissionsTitle": "Privilèges requis", - "xpack.securitySolution.notes.addANotePlaceholder": "Ajouter une note", - "xpack.securitySolution.notes.addedANoteLabel": "Note ajoutée", "xpack.securitySolution.notes.addNoteButtonLabel": "Ajouter la note", "xpack.securitySolution.notes.cancelButtonLabel": "Annuler", - "xpack.securitySolution.notes.copyToClipboardButtonLabel": "Copier dans le Presse-papiers", "xpack.securitySolution.notes.createdByLabel": "Créé par", "xpack.securitySolution.notes.noteLabel": "Note", "xpack.securitySolution.notes.notesTitle": "Notes", - "xpack.securitySolution.notes.previewMarkdownTitle": "Aperçu (Markdown)", "xpack.securitySolution.notes.search.FilterByUserOrNotePlaceholder": "Filtre par utilisateur ou note", "xpack.securitySolution.notes.youAreEditingANoteScreenReaderOnly": "Vous modifiez une note. Cliquez sur Ajouter la note lorsque vous aurez terminé, ou appuyez sur Échap pour annuler.", "xpack.securitySolution.notes.youAreViewingNotesScreenReaderOnly": "Vous visualisez des notes pour l'événement de la ligne {row}. Appuyez sur la touche fléchée vers le haut lorsque vous aurez terminé pour revenir à l'événement.", @@ -27074,9 +26954,6 @@ "xpack.securitySolution.open.timeline.openTimelineButton": "Ouvrir la chronologie…", "xpack.securitySolution.open.timeline.openTimelineTitle": "Ouvrir", "xpack.securitySolution.open.timeline.pinnedEventsTooltip": "Événements épinglés", - "xpack.securitySolution.open.timeline.pluralTemplatesLabel": "modèles", - "xpack.securitySolution.open.timeline.pluralTimelinesLabel": "chronologies", - "xpack.securitySolution.open.timeline.postedLabel": "Publié :", "xpack.securitySolution.open.timeline.refreshTitle": "Actualiser", "xpack.securitySolution.open.timeline.searchPlaceholder": "par ex. nom ou description de la chronologie", "xpack.securitySolution.open.timeline.searchTemplatePlaceholder": "par ex. nom ou description du modèle", @@ -27085,8 +26962,6 @@ "xpack.securitySolution.open.timeline.showingLabel": "Affichage de :", "xpack.securitySolution.open.timeline.showingNTemplatesLabel": "{totalSearchResultsCount} {totalSearchResultsCount, plural, one {modèle} other {modèles}} {with}", "xpack.securitySolution.open.timeline.showingNTimelinesLabel": "{totalSearchResultsCount} {totalSearchResultsCount, plural, one {chronologie} other {chronologies}} {with}", - "xpack.securitySolution.open.timeline.singleTemplateLabel": "modèle", - "xpack.securitySolution.open.timeline.singleTimelineLabel": "chronologie", "xpack.securitySolution.open.timeline.successfullyDeletedTimelinesTitle": "Suppression réussie de {totalTimelines, plural, =0 {toutes les chronologies} =1 {{totalTimelines} chronologie} other {{totalTimelines} chronologies}}", "xpack.securitySolution.open.timeline.successfullyDeletedTimelineTemplatesTitle": "Suppression réussie de {totalTimelineTemplates, plural, =0 {toutes les chronologies} =1 {{totalTimelineTemplates} modèle de chronologie} other {{totalTimelineTemplates} modèles de chronologie}}", "xpack.securitySolution.open.timeline.successfullyExportedTimelinesTitle": "Exportation réussie de {totalTimelines, plural, =0 {toutes les chronologies} =1 {{totalTimelines} chronologie} other {{totalTimelines} chronologies}}", @@ -27108,14 +26983,9 @@ "xpack.securitySolution.overview.ctiDashboardDangerButton": "Activer les sources", "xpack.securitySolution.overview.ctiDashboardDangerPanelTitle": "Aucune donnée de Threat Intelligence disponible à afficher", "xpack.securitySolution.overview.ctiDashboardEnableThreatIntel": "Vous devez activer les sources de Threat Intelligence pour afficher les données.", - "xpack.securitySolution.overview.ctiDashboardInfoPanelBody": "Suivez ces conseils pour activer votre tableau de bord pour pouvoir afficher vos sources dans les visualisations.", - "xpack.securitySolution.overview.ctiDashboardInfoPanelButton": "Comment charger les tableaux de bord Kibana", - "xpack.securitySolution.overview.ctiDashboardInfoPanelTitle": "Activer le tableau de bord Kibana pour visualiser les sources", "xpack.securitySolution.overview.ctiDashboardOtherDatasourceTitle": "Autres", "xpack.securitySolution.overview.ctiDashboardSubtitle": "Affichage : {totalCount} {totalCount, plural, one {indicateur} other {indicateurs}}", "xpack.securitySolution.overview.ctiDashboardTitle": "Threat Intelligence", - "xpack.securitySolution.overview.ctiDashboardWarningPanelBody": "Nous n'avons détecté aucune donnée de la plage temporelle sélectionnée, veuillez réessayer avec une autre plage temporelle.", - "xpack.securitySolution.overview.ctiDashboardWarningPanelTitle": "Aucune donnée de Threat Intelligence disponible à afficher", "xpack.securitySolution.overview.ctiViewDasboard": "Afficher le tableau de bord", "xpack.securitySolution.overview.endgameDnsTitle": "DNS", "xpack.securitySolution.overview.endgameFileTitle": "Fichier", @@ -27163,8 +27033,6 @@ "xpack.securitySolution.overview.packetBeatDnsTitle": "DNS", "xpack.securitySolution.overview.packetBeatFlowTitle": "Flux", "xpack.securitySolution.overview.packetbeatTLSTitle": "TLS", - "xpack.securitySolution.overview.pageSubtitle": "Gestion des informations de sécurité et des événements avec Elastic Stack", - "xpack.securitySolution.overview.recentCasesSidebarTitle": "Cas récents", "xpack.securitySolution.overview.recentTimelinesSidebarTitle": "Chronologies récentes", "xpack.securitySolution.overview.riskyHostsDashboardDangerPanelButton": "Activer le score de risque", "xpack.securitySolution.overview.riskyHostsDashboardDangerPanelTitle": "Aucune donnée de score de risque de l'hôte à afficher", @@ -27174,7 +27042,6 @@ "xpack.securitySolution.overview.riskyHostsDashboardWarningPanelBody": "Nous n'avons détecté aucune donnée de score de risque de l'hôte provenant des hôtes de votre environnement pour la plage temporelle sélectionnée.", "xpack.securitySolution.overview.riskyHostsDashboardWarningPanelTitle": "Aucune donnée de score de risque de l'hôte disponible pour l'affichage", "xpack.securitySolution.overview.riskyHostsSource": "Source", - "xpack.securitySolution.overview.showTopTooltip": "Afficher les premiers {fieldName}", "xpack.securitySolution.overview.signalCountTitle": "Tendance de l'alerte de détection", "xpack.securitySolution.overview.topNLabel": "Premiers {fieldName}", "xpack.securitySolution.overview.viewAlertsButtonLabel": "Afficher les alertes", @@ -27184,13 +27051,6 @@ "xpack.securitySolution.overviewHost.errorSearchDescription": "Une erreur s'est produite sur la recherche de l'aperçu de l'hôte", "xpack.securitySolution.overviewHost.failSearchDescription": "Impossible de lancer une recherche sur l'aperçu de l'hôte", "xpack.securitySolution.pages.common.beta": "Bêta", - "xpack.securitySolution.pages.common.emptyActionBeats": "Ajouter des données avec Beats", - "xpack.securitySolution.pages.common.emptyActionBeatsDescription": "Les agents légers Beats peuvent envoyer des données à partir de centaines ou de milliers de machines et systèmes", - "xpack.securitySolution.pages.common.emptyActionElasticAgent": "Ajouter des données avec Elastic Agent", - "xpack.securitySolution.pages.common.emptyActionElasticAgentDescription": "Elastic Agent fournit une façon simple et unifiée d'ajouter un monitoring à vos hôtes.", - "xpack.securitySolution.pages.common.emptyActionEndpoint": "Ajouter Endpoint Security", - "xpack.securitySolution.pages.common.emptyActionEndpointDescription": "Protégez vos hôtes grâce à la prévention des menaces, la détection et la visibilité des données en profondeur en toute sécurité.", - "xpack.securitySolution.pages.common.emptyActionSecondary": "guide de premiers pas.", "xpack.securitySolution.pages.common.solutionName": "Sécurité", "xpack.securitySolution.pages.common.updateAlertStatusFailed": "Impossible de mettre à jour { conflicts } {conflicts, plural, =1 {alerte} other {alertes}}.", "xpack.securitySolution.pages.common.updateAlertStatusFailedDetailed": "{ updated } {updated, plural, =1 {alerte a été mise à jour} other {alertes ont été mises à jour}} correctement, mais { conflicts } n'ont pas pu être mis à jour\n car { conflicts, plural, =1 {elle était} other {elles étaient}} déjà en cours de modification.", @@ -27219,7 +27079,6 @@ "xpack.securitySolution.policyStatusText.success": "Succès", "xpack.securitySolution.policyStatusText.unsupported": "Non pris en charge", "xpack.securitySolution.policyStatusText.warning": "Avertissement", - "xpack.securitySolution.recentTimelines.errorRetrievingUserDetailsMessage": "Chronologies récentes : Une erreur s'est produite lors de la récupération des détails utilisateur", "xpack.securitySolution.recentTimelines.favoritesButtonLabel": "Favoris", "xpack.securitySolution.recentTimelines.filterControlLegend": "Filtre des chronologies", "xpack.securitySolution.recentTimelines.lastUpdatedButtonLabel": "Dernière mise à jour", @@ -27381,7 +27240,6 @@ "xpack.securitySolution.system.processStoppedDescription": "a arrêté le processus", "xpack.securitySolution.system.socketClosedDescription": "a fermé un socket avec", "xpack.securitySolution.system.socketOpenedDescription": "a ouvert un socket avec", - "xpack.securitySolution.system.systemDescription": "Système", "xpack.securitySolution.system.terminatedProcessDescription": "processus arrêté", "xpack.securitySolution.system.userAddedDescription": "l'utilisateur a été ajouté", "xpack.securitySolution.system.userChangedDescription": "l'utilisateur a changé", @@ -27389,7 +27247,6 @@ "xpack.securitySolution.system.usingDescription": "à l'aide de", "xpack.securitySolution.system.viaDescription": "via", "xpack.securitySolution.system.viaParentProcessDescription": "via un processus parent", - "xpack.securitySolution.system.wasAuthorizedToUseDescription": "a été autorisé à utiliser", "xpack.securitySolution.system.withExitCodeDescription": "avec le code de sortie", "xpack.securitySolution.system.withResultDescription": "avec le résultat", "xpack.securitySolution.tables.rowItemHelper.moreDescription": "plus non affiché", @@ -27409,19 +27266,13 @@ "xpack.securitySolution.timeline.body.actions.addNotesForRowAriaLabel": "Ajouter des notes pour l'événement de la ligne {ariaRowindex} à la chronologie, avec les colonnes {columnValues}", "xpack.securitySolution.timeline.body.actions.attachAlertToCaseForRowAriaLabel": "Attacher l'alerte ou l'événement de la ligne {ariaRowindex} à un cas, avec les colonnes {columnValues}", "xpack.securitySolution.timeline.body.actions.checkboxForRowAriaLabel": "Case {checked, select, false {non cochée} true {cochée}} pour l'alerte ou l'événement de la ligne {ariaRowindex}, avec les colonnes {columnValues}", - "xpack.securitySolution.timeline.body.actions.collapseAriaLabel": "Réduire", - "xpack.securitySolution.timeline.body.actions.expandEventTooltip": "Afficher les détails", - "xpack.securitySolution.timeline.body.actions.investigateInResolverDisabledTooltip": "Cet événement ne peut pas être analysé, car il a des mappings de champs incompatibles", "xpack.securitySolution.timeline.body.actions.investigateInResolverForRowAriaLabel": "Analyser l'alerte ou l'événement de la ligne {ariaRowindex}, avec les colonnes {columnValues}", "xpack.securitySolution.timeline.body.actions.investigateInResolverTooltip": "Analyser l'événement", - "xpack.securitySolution.timeline.body.actions.investigateLabel": "Investiguer", "xpack.securitySolution.timeline.body.actions.moreActionsForRowAriaLabel": "Sélectionner davantage d'actions pour l'alerte ou l'événement de la ligne {ariaRowindex}, avec les colonnes {columnValues}", "xpack.securitySolution.timeline.body.actions.pinEventForRowAriaLabel": "{isEventPinned, select, false {Épingler} true {Désépingler}} l'événement de la ligne {ariaRowindex} {isEventPinned, select, false{dans} true {de}} la chronologie, avec les colonnes {columnValues}", "xpack.securitySolution.timeline.body.actions.sendAlertToTimelineForRowAriaLabel": "Envoyer l'alerte de la ligne {ariaRowindex} à la chronologie, avec les colonnes {columnValues}", "xpack.securitySolution.timeline.body.actions.viewDetailsAriaLabel": "Afficher les détails", "xpack.securitySolution.timeline.body.actions.viewDetailsForRowAriaLabel": "Afficher les détails pour l'alerte ou l'événement de la ligne {ariaRowindex}, avec les colonnes {columnValues}", - "xpack.securitySolution.timeline.body.actions.viewSummaryLabel": "Afficher le résumé", - "xpack.securitySolution.timeline.body.copyToClipboardButtonLabel": "Copier dans le Presse-papiers", "xpack.securitySolution.timeline.body.notes.addNoteTooltip": "Ajouter la note", "xpack.securitySolution.timeline.body.notes.disableEventTooltip": "Les notes ne peuvent pas être ajoutées ici lors de la modification d'une chronologie de modèle", "xpack.securitySolution.timeline.body.openSessionViewLabel": "Ouvrir la vue de session", @@ -27506,18 +27357,14 @@ "xpack.securitySolution.timeline.participantsTitle": "Participants", "xpack.securitySolution.timeline.properties.addTimelineButtonLabel": "Ajouter une nouvelle chronologie ou un nouveau modèle", "xpack.securitySolution.timeline.properties.addToFavoriteButtonLabel": "Ajouter aux favoris", - "xpack.securitySolution.timeline.properties.attachTimelineToCaseTooltip": "Veuillez fournir un titre pour votre chronologie afin de l'attacher à un cas", "xpack.securitySolution.timeline.properties.attachToCaseButtonLabel": "Attacher à un cas", "xpack.securitySolution.timeline.properties.attachToExistingCaseButtonLabel": "Attacher à un cas existant...", "xpack.securitySolution.timeline.properties.attachToNewCaseButtonLabel": "Attacher au nouveau cas", "xpack.securitySolution.timeline.properties.autosavedLabel": "Enregistré automatiquement", "xpack.securitySolution.timeline.properties.descriptionPlaceholder": "Ajouter une description", - "xpack.securitySolution.timeline.properties.existingCaseButtonLabel": "Attacher une chronologie à un cas existant...", "xpack.securitySolution.timeline.properties.inspectTimelineTitle": "Chronologie", "xpack.securitySolution.timeline.properties.lockDatePickerDescription": "Verrouiller le sélecteur de date global sur le sélecteur de date de chronologie", "xpack.securitySolution.timeline.properties.lockDatePickerTooltip": "Désactiver la synchronisation de la plage de date/heure entre la page actuellement consultée et votre chronologie", - "xpack.securitySolution.timeline.properties.lockedDatePickerLabel": "Le sélecteur de date global est verrouillé sur le sélecteur de date de chronologie", - "xpack.securitySolution.timeline.properties.newCaseButtonLabel": "Attacher une chronologie à un nouveau cas", "xpack.securitySolution.timeline.properties.newTemplateTimelineButtonLabel": "Créer un nouveau modèle de chronologie", "xpack.securitySolution.timeline.properties.newTimelineButtonLabel": "Créer une nouvelle chronologie", "xpack.securitySolution.timeline.properties.notesButtonLabel": "Notes", @@ -27527,11 +27374,9 @@ "xpack.securitySolution.timeline.properties.timelineToggleButtonAriaLabel": "{isOpen, select, false {Ouvrir} true {Fermer} other {Basculer}} la chronologie {title}", "xpack.securitySolution.timeline.properties.unlockDatePickerDescription": "Annuler le verrouillage du sélecteur de date global sur le sélecteur de date de chronologie", "xpack.securitySolution.timeline.properties.unlockDatePickerTooltip": "Activer la synchronisation de la plage de date/heure entre la page actuellement consultée et votre chronologie", - "xpack.securitySolution.timeline.properties.unlockedDatePickerLabel": "Le sélecteur de date global n'est PAS verrouillé sur le sélecteur de date de chronologie", "xpack.securitySolution.timeline.properties.unsavedLabel": "Non enregistré", "xpack.securitySolution.timeline.properties.untitledTemplatePlaceholder": "Modèle sans titre", "xpack.securitySolution.timeline.properties.untitledTimelinePlaceholder": "Chronologie sans titre", - "xpack.securitySolution.timeline.protocol": "Protocole", "xpack.securitySolution.timeline.rangePicker.oneDay": "1 jour", "xpack.securitySolution.timeline.rangePicker.oneMonth": "1 mois", "xpack.securitySolution.timeline.rangePicker.oneWeek": "1 semaine", @@ -27548,22 +27393,11 @@ "xpack.securitySolution.timeline.saveTimelineTemplate.modal.discard.title": "Abandonner le modèle de chronologie", "xpack.securitySolution.timeline.saveTimelineTemplate.modal.header": "Enregistrer le modèle de chronologie", "xpack.securitySolution.timeline.searchBoxPlaceholder": "par ex. nom ou description de {timeline}", - "xpack.securitySolution.timeline.searchOrFilter.customeIndexNames": "Personnalisé", - "xpack.securitySolution.timeline.searchOrFilter.eventTypeAllEvent": "Toutes les sources de données", - "xpack.securitySolution.timeline.searchOrFilter.eventTypeDetectionAlertsEvent": "Alertes de détection", - "xpack.securitySolution.timeline.searchOrFilter.eventTypeRawEvent": "Événements", "xpack.securitySolution.timeline.searchOrFilter.filterDescription": "Les événements des fournisseurs de données ci-dessus sont filtrés par le KQL adjacent", "xpack.securitySolution.timeline.searchOrFilter.filterKqlPlaceholder": "Filtrer les événements", "xpack.securitySolution.timeline.searchOrFilter.filterKqlSelectedText": "Filtrer", "xpack.securitySolution.timeline.searchOrFilter.filterKqlTooltip": "Les événements des fournisseurs de données ci-dessus sont filtrés par ce KQL", "xpack.securitySolution.timeline.searchOrFilter.filterOrSearchWithKql": "Filtrer ou rechercher avec KQL", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.configure": "Afficher les sources de données associées à chacune des sélections ci-dessus", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.help": "Sélection de sources de données", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.hideAdvancedSettings": "Masquer Avancé", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.pickIndexPatternsCombo": "Choisir les modèles d'indexation", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.resetSettings": "Réinitialiser", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.save": "Enregistrer", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.showAdvancedSettings": "Afficher Avancé", "xpack.securitySolution.timeline.searchOrFilter.searchDescription": "Les événements des fournisseurs de données ci-dessus sont combinés avec les résultats du KQL adjacent", "xpack.securitySolution.timeline.searchOrFilter.searchKqlPlaceholder": "Rechercher des événements", "xpack.securitySolution.timeline.searchOrFilter.searchKqlSelectedText": "Rechercher", @@ -27618,7 +27452,6 @@ "xpack.securitySolution.topN.allEventsSelectLabel": "Tous les événements", "xpack.securitySolution.topN.closeButtonLabel": "Fermer", "xpack.securitySolution.topN.rawEventsSelectLabel": "Événements bruts", - "xpack.securitySolution.trustedapps.aboutInfo": "Ajoutez une application de confiance pour améliorer les performances ou réduire les conflits avec d'autres applications en cours d'exécution sur vos hôtes.", "xpack.securitySolution.trustedApps.assignmentSectionDescription": "Affectez cette application de confiance globalement à toutes les politiques, ou de façon spécifique à certaines politiques.", "xpack.securitySolution.trustedapps.card.operator.is": "est", "xpack.securitySolution.trustedapps.card.operator.matches": "correspond à", @@ -27693,7 +27526,6 @@ "xpack.securitySolution.uiSettings.newsFeedUrlDescription": "

Le contenu du fil d'actualités sera récupéré à partir de cette URL

", "xpack.securitySolution.uiSettings.rulesTableRefresh": "Actualisation automatique des règles", "xpack.securitySolution.uiSettings.rulesTableRefreshDescription": "

Active l'actualisation automatique sur tous les tableaux de règles et de monitorings, en millisecondes

", - "xpack.securitySolution.uncommonProcesses.errorSearchDescription": "Une erreur s'est produite sur une recherche de processus inhabituels", "xpack.securitySolution.uncommonProcesses.failSearchDescription": "Impossible de lancer la recherche sur les processus inhabituels", "xpack.securitySolution.uncommonProcessTable.hostsTitle": "Noms d'hôtes", "xpack.securitySolution.uncommonProcessTable.lastCommandTitle": "Dernière commande", @@ -27713,7 +27545,6 @@ "xpack.securitySolution.user.details.overview.userRiskClassification": "Classification de risque de l'utilisateur", "xpack.securitySolution.user.details.overview.userRiskScoreTitle": "Score de risque de l'utilisateur", "xpack.securitySolution.user.ipDetails.ipOverview.lastSeenTitle": "Vu en dernier", - "xpack.securitySolution.userDetails.errorSearchDescription": "Une erreur s'est produite lors de la recherche des détails de l'utilisateur", "xpack.securitySolution.userDetails.failSearchDescription": "Impossible de lancer la recherche sur les détails de l'utilisateur", "xpack.securitySolution.users.navigation.alertsTitle": "Alertes externes", "xpack.securitySolution.users.navigation.allUsersTitle": "Tous les utilisateurs", @@ -27728,7 +27559,6 @@ "xpack.securitySolution.users.userRiskInformation.closeBtn": "Fermer", "xpack.securitySolution.users.userRiskInformation.criticalRiskDescription": "90 et supérieur", "xpack.securitySolution.users.userRiskInformation.explanation": "Cette fonctionnalité utilise une transformation, avec une agrégation d'indicateurs scriptée pour calculer les scores de risque de l'utilisateur en fonction des alertes de règle de détection ayant le statut \"ouvert\", sur une fenêtre temporelle de 5 jours. La transformation s'exécute toutes les heures afin que le score reste à jour au moment où de nouvelles alertes de règles de détection sont transmises.", - "xpack.securitySolution.users.userRiskInformation.informationAriaLabel": "Informations", "xpack.securitySolution.users.userRiskInformation.introduction": "La fonctionnalité de score de risque de l'utilisateur détecte les utilisateurs à risque depuis l'intérieur de votre environnement.", "xpack.securitySolution.users.userRiskInformation.learnMore": "Pour en savoir plus sur le risque de l'utilisateur, cliquez {usersRiskScoreDocumentationLink}", "xpack.securitySolution.users.userRiskInformation.link": "ici", @@ -27756,9 +27586,7 @@ "xpack.securitySolution.visualizationActions.uniqueIps.destinationChartLabel": "Dest.", "xpack.securitySolution.visualizationActions.uniqueIps.sourceChartLabel": "Src.", "xpack.securitySolution.visualizationActions.userAuthentications.failChartLabel": "Échec", - "xpack.securitySolution.visualizationActions.userAuthentications.failUnitLabel": "échec", "xpack.securitySolution.visualizationActions.userAuthentications.successChartLabel": "Succ.", - "xpack.securitySolution.visualizationActions.userAuthentications.successUnitLabel": "réussite", "xpack.securitySolution.zeek.othDescription": "Pas de SYN vu, juste le trafic à mi-chemin", "xpack.securitySolution.zeek.rejDescription": "Tentative de connexion rejetée", "xpack.securitySolution.zeek.rstoODescription": "Connexion établie, abandon de l'initiateur (envoi d'un RST)", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 156d7d0257fde..adeb14a51c2cf 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -24139,20 +24139,14 @@ "xpack.security.users.editUserPage.createBreadcrumb": "作成", "xpack.securitySolution.accessibility.tooltipWithKeyboardShortcut.pressTooltipLabel": "プレス", "xpack.securitySolution.actionsContextMenu.label": "開く", - "xpack.securitySolution.administration.list.beta": "ベータ", "xpack.securitySolution.administration.os.linux": "Linux", "xpack.securitySolution.administration.os.macos": "Mac", "xpack.securitySolution.administration.os.windows": "Windows", - "xpack.securitySolution.alertDetails.changeEnrichmentQueryLookback": "別の時間範囲を検索", - "xpack.securitySolution.alertDetails.checkDocs": "マニュアルをご確認ください", "xpack.securitySolution.alertDetails.enrichmentQueryEndDate": "終了日", "xpack.securitySolution.alertDetails.enrichmentQueryStartDate": "開始日", "xpack.securitySolution.alertDetails.investigationTimeQueryTitle": "Threat Intelligenceで拡張", "xpack.securitySolution.alertDetails.noEnrichmentsFoundDescription": "指標一致ルールのいずれかまたはこのアラートの拡張と一致する脅威インテリジェンスが見つかりませんでした。", - "xpack.securitySolution.alertDetails.noEnrichmentsFoundTitle": "指標の一致またはThreat Intel Enrichmentが見つかりません", - "xpack.securitySolution.alertDetails.noIndicatorEnrichmentsDescription": "指標一致ルールに適合する脅威インテリジェンス指標が見つかりませんでした。", "xpack.securitySolution.alertDetails.noInvestigationEnrichmentsDescription": "デフォルトで過去30日間に検索した脅威インテリジェンスソースから使用可能な追加情報がフィールド値にはないことがわかりました。", - "xpack.securitySolution.alertDetails.noInvestigationEnrichmentsTitle": "Threat Intel Enrichmentが見つかりません", "xpack.securitySolution.alertDetails.noRiskDataDescription": "このアラートのホストリスクデータが見つかりません", "xpack.securitySolution.alertDetails.overview": "概要", "xpack.securitySolution.alertDetails.overview.enrichedDataTitle": "強化されたデータ", @@ -24193,13 +24187,10 @@ "xpack.securitySolution.alerts.severityMapping.sourceValueTitle": "ソース値", "xpack.securitySolution.alertsView.alertsDocumentType": "外部アラート", "xpack.securitySolution.alertsView.alertsGraphTitle": "外部アラート傾向", - "xpack.securitySolution.alertsView.alertsStackByOptions.module": "モジュール", "xpack.securitySolution.alertsView.alertsTableTitle": "外部アラート", "xpack.securitySolution.alertsView.categoryLabel": "カテゴリー", "xpack.securitySolution.alertsView.errorFetchingAlertsData": "アラートデータをクエリできませんでした", - "xpack.securitySolution.alertsView.moduleLabel": "モジュール", "xpack.securitySolution.alertsView.osqueryAlertTitle": "Osqueryの実行", - "xpack.securitySolution.alertsView.osqueryBackToAlertDetails": "アラートの詳細", "xpack.securitySolution.alertsView.showing": "表示中", "xpack.securitySolution.alertsView.totalCountOfAlerts": "外部アラート", "xpack.securitySolution.alertsView.unit": "外部{totalCount, plural, other {アラート}}", @@ -24434,7 +24425,6 @@ "xpack.securitySolution.auditd.violatedSeLinuxPolicyDescription": "selinuxポリシーに違反しました", "xpack.securitySolution.auditd.wasAuthorizedToUseDescription": "が以下の使用を承認されました。", "xpack.securitySolution.auditd.withResultDescription": "結果付き", - "xpack.securitySolution.authentications.errorSearchDescription": "認証検索でエラーが発生しました", "xpack.securitySolution.authentications.failSearchDescription": "認証で検索を実行できませんでした", "xpack.securitySolution.authenticationsTable.authentications": "認証", "xpack.securitySolution.authenticationsTable.failures": "失敗", @@ -24501,8 +24491,6 @@ "xpack.securitySolution.blocklist.warnings.values.wildcardPresent": "ファイル名のワイルドカードはエンドポイントのパフォーマンスに影響します", "xpack.securitySolution.callouts.dismissButton": "閉じる", "xpack.securitySolution.cases.caseTable.caseDetailsLinkAria": "クリックすると、タイトル{detailName}のケースを表示します", - "xpack.securitySolution.cases.caseView.breadcrumb": "作成", - "xpack.securitySolution.cases.caseView.sendAlertToTimelineTooltip": "タイムラインで調査", "xpack.securitySolution.cases.pageTitle": "ケース", "xpack.securitySolution.certificate.fingerprint.clientCertLabel": "クライアント証明書", "xpack.securitySolution.certificate.fingerprint.serverCertLabel": "サーバー証明書", @@ -24520,7 +24508,6 @@ "xpack.securitySolution.components.embeddables.embeddedMap.embeddableHeaderHelp": "マップ構成ヘルプ", "xpack.securitySolution.components.embeddables.embeddedMap.embeddableHeaderTitle": "ネットワーク マップ", "xpack.securitySolution.components.embeddables.embeddedMap.embeddablePanelTitle": "ソース -> デスティネーション ポイントツーポイントマップ", - "xpack.securitySolution.components.embeddables.embeddedMap.errorConfiguringEmbeddableApiTitle": "埋め込み可能なAPIの構成中にエラーが発生", "xpack.securitySolution.components.embeddables.embeddedMap.errorCreatingMapEmbeddableTitle": "マップに’埋め込み可能なアイテムの作成中にエラーが発生", "xpack.securitySolution.components.embeddables.embeddedMap.lineLayerLabel": "折れ線", "xpack.securitySolution.components.embeddables.embeddedMap.serverLayerLabel": "サーバーポイント", @@ -24530,7 +24517,6 @@ "xpack.securitySolution.components.embeddables.indexPatternsMissingPrompt.errorDescription2": "Kibanaで手動でインデックスパターンを構成することもできます。", "xpack.securitySolution.components.embeddables.indexPatternsMissingPrompt.errorTitle": "必要なインデックスパターンが構成されていません", "xpack.securitySolution.components.embeddables.mapToolTip.errorTitle": "マップ機能の読み込み中にエラーが発生", - "xpack.securitySolution.components.embeddables.mapToolTip.filterForValueHoverAction": "値でフィルター", "xpack.securitySolution.components.embeddables.mapToolTip.footerLabel": "{currentFeature}/{totalFeatures} {totalFeatures, plural, other {機能}}", "xpack.securitySolution.components.embeddables.mapToolTip.lineContent.clientLabel": "クライアント", "xpack.securitySolution.components.embeddables.mapToolTip.lineContent.destinationLabel": "送信先", @@ -24557,7 +24543,6 @@ "xpack.securitySolution.components.hooks.eql.partialResponse": "EQL プレビューエラー", "xpack.securitySolution.components.hooks.errors.timeIntervalsNotDefined": "時間間隔が定義されていません。", "xpack.securitySolution.components.ml.anomaly.errors.anomaliesTableFetchFailureTitle": "異常表の取得に失敗", - "xpack.securitySolution.components.ml.api.errors.networkErrorFailureTitle": "ネットワークエラー:", "xpack.securitySolution.components.ml.api.errors.statusCodeFailureTitle": "ステータスコード:", "xpack.securitySolution.components.ml.permissions.errors.machineLearningPermissionsFailureTitle": "機械学習パーミッションエラー", "xpack.securitySolution.components.mlJobSelect.machineLearningLink": "機械学習", @@ -24607,7 +24592,6 @@ "xpack.securitySolution.containers.detectionEngine.addRuleFailDescription": "ルールを追加できませんでした", "xpack.securitySolution.containers.detectionEngine.alerts.createListsIndex.errorDescription": "リストインデックスを作成できませんでした", "xpack.securitySolution.containers.detectionEngine.alerts.detectionEnginePrivileges.errorFetching": "検出エンジン権限を取得できませんでした", - "xpack.securitySolution.containers.detectionEngine.alerts.errorFetchingAlertsDescription": "アラートをクエリできませんでした", "xpack.securitySolution.containers.detectionEngine.alerts.errorGetAlertDescription": "シグナルインデックス名を取得できませんでした", "xpack.securitySolution.containers.detectionEngine.alerts.errorPostAlertDescription": "シグナルインデックスを作成できませんでした", "xpack.securitySolution.containers.detectionEngine.alerts.fetchListsIndex.errorDescription": "リストインデックスを取得できませんでした", @@ -24617,7 +24601,6 @@ "xpack.securitySolution.containers.detectionEngine.createPrePackagedRuleSuccesDescription": "Elastic から事前にパッケージ化されているルールをインストールしました", "xpack.securitySolution.containers.detectionEngine.createPrePackagedTimelineSuccesDescription": "Elasticから事前にパッケージ化されているタイムラインテンプレートをインストールしました", "xpack.securitySolution.containers.detectionEngine.ruleExecutionEventsFetchFailDescription": "ルール実行イベントを取得できませんでした", - "xpack.securitySolution.containers.detectionEngine.ruleExecutionLogFailureDescription": "ルール実行イベントを取得できませんでした", "xpack.securitySolution.containers.detectionEngine.rulesAndTimelines": "ルールとタイムラインを取得できませんでした", "xpack.securitySolution.containers.detectionEngine.tagFetchFailDescription": "タグを取得できませんでした", "xpack.securitySolution.containers.errors.stopJobFailureTitle": "ジョブ停止エラー", @@ -24632,11 +24615,8 @@ "xpack.securitySolution.dataProviders.and": "AND", "xpack.securitySolution.dataProviders.convertToFieldLabel": "フィールドに変換", "xpack.securitySolution.dataProviders.convertToTemplateFieldLabel": "テンプレートフィールドに変換", - "xpack.securitySolution.dataProviders.copyToClipboardTooltip": "クリップボードにコピー", "xpack.securitySolution.dataProviders.deleteDataProvider": "削除", "xpack.securitySolution.dataProviders.dropAnything": "何でもドロップできます", - "xpack.securitySolution.dataProviders.dropHere": "ここにドロップしてください", - "xpack.securitySolution.dataProviders.dropHereToAddAnLabel": "ここにドロップして追加します", "xpack.securitySolution.dataProviders.edit": "編集", "xpack.securitySolution.dataProviders.editMenuItem": "フィルターを編集", "xpack.securitySolution.dataProviders.editTitle": "フィルターの編集", @@ -24657,14 +24637,11 @@ "xpack.securitySolution.dataProviders.showOptionsDataProviderAriaLabel": "{field} {value} オプションは Enter キーを押します。ドラッグを開始するには、スペースを押します", "xpack.securitySolution.dataProviders.templateFieldLabel": "テンプレートフィールド", "xpack.securitySolution.dataProviders.temporaryDisableDataProvider": "一時的に無効にする", - "xpack.securitySolution.dataProviders.toBuildAn": "して開発", "xpack.securitySolution.dataProviders.toggle": "切り替え", - "xpack.securitySolution.dataProviders.valueAriaLabel": "値", "xpack.securitySolution.dataProviders.valuePlaceholder": "値", "xpack.securitySolution.detectionEngine.alerts.acknowledgedAlertFailedToastMessage": "アラートを確認済みに設定できませんでした", "xpack.securitySolution.detectionEngine.alerts.acknowledgedAlertsTitle": "認識", "xpack.securitySolution.detectionEngine.alerts.acknowledgedAlertSuccessToastMessage": "{totalAlerts} {totalAlerts, plural, other {件のアラート}}を確認済みに設定しました。", - "xpack.securitySolution.detectionEngine.alerts.actions.acknowledgedAlertTitle": "確認済みに設定", "xpack.securitySolution.detectionEngine.alerts.actions.addEndpointException": "エンドポイント例外の追加", "xpack.securitySolution.detectionEngine.alerts.actions.addEventFilter": "エンドポイントイベントフィルターを追加", "xpack.securitySolution.detectionEngine.alerts.actions.addEventFilter.disabled.tooltip": "エンドポイントイベントフィルターは、[ホスト]ページの[イベント]セクションから作成できます。", @@ -24672,11 +24649,8 @@ "xpack.securitySolution.detectionEngine.alerts.actions.addToCase": "既存のケースに追加", "xpack.securitySolution.detectionEngine.alerts.actions.addToCaseDisabled": "この選択では、[ケースに追加]を使用できません", "xpack.securitySolution.detectionEngine.alerts.actions.addToNewCase": "新しいケースに追加", - "xpack.securitySolution.detectionEngine.alerts.actions.closeAlertTitle": "アラートを閉じる", "xpack.securitySolution.detectionEngine.alerts.actions.investigateInTimelineAriaLabel": "アラートをタイムラインに送信", "xpack.securitySolution.detectionEngine.alerts.actions.investigateInTimelineTitle": "タイムラインで調査", - "xpack.securitySolution.detectionEngine.alerts.actions.openAlertTitle": "アラートを開く", - "xpack.securitySolution.detectionEngine.alerts.alertsUnit": "{totalCount, plural, other {アラート}}", "xpack.securitySolution.detectionEngine.alerts.closedAlertFailedToastMessage": "アラートをクローズできませんでした。", "xpack.securitySolution.detectionEngine.alerts.closedAlertsTitle": "終了", "xpack.securitySolution.detectionEngine.alerts.closedAlertSuccessToastMessage": "{totalAlerts} {totalAlerts, plural, other {件のアラート}}を正常にクローズしました。", @@ -24707,10 +24681,6 @@ "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.acknowledgedSelectedTitle": "確認済みに設定", "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.closeSelectedTitle": "選択した項目を閉じる", "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.openSelectedTitle": "選択した項目を開く", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInHostsTitle": "ホストで選択した項目を表示", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInNetworkTitle": "ネットワークで選択した項目を表示", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInTimelineTitle": "タイムラインで選択した項目を表示", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActionsTitle": "バッチ処理", "xpack.securitySolution.detectionEngine.alerts.utilityBar.clearSelectionTitle": "選択した項目をクリア", "xpack.securitySolution.detectionEngine.alerts.utilityBar.selectAllAlertsTitle": "すべての{totalAlertsFormatted} {totalAlerts, plural, other {件のアラート}}を選択", "xpack.securitySolution.detectionEngine.alerts.utilityBar.selectedAlertsTitle": "Selected {selectedAlertsFormatted} {selectedAlerts, plural, other {件のアラート}}", @@ -24742,9 +24712,6 @@ "xpack.securitySolution.detectionEngine.components.allRules.deleteConfirmationCancel": "キャンセル", "xpack.securitySolution.detectionEngine.components.allRules.deleteConfirmationConfirm": "確認", "xpack.securitySolution.detectionEngine.components.allRules.deleteConfirmationTitle": "一括削除の確認", - "xpack.securitySolution.detectionEngine.components.allRules.refreshPromptBody": "ルール自動更新が一時停止しました。[続行]をクリックすると再開します。", - "xpack.securitySolution.detectionEngine.components.allRules.refreshPromptConfirm": "続行", - "xpack.securitySolution.detectionEngine.components.allRules.refreshPromptTitle": "応答してください。", "xpack.securitySolution.detectionEngine.components.importRuleModal.cancelTitle": "キャンセル", "xpack.securitySolution.detectionEngine.components.importRuleModal.exceptionsSuccessLabel": "{totalExceptions} {totalExceptions, plural, other {個の例外}}が正常にインポートされました。", "xpack.securitySolution.detectionEngine.components.importRuleModal.importExceptionsFailedLabel": "{totalExceptions} {totalExceptions, plural, other {個の例外}}をインポートできませんでした", @@ -24851,7 +24818,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.threatMatchTitle": "インジケーター一致", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.thresholdTypeDescription": "クエリ結果を集約し、いつ一致数がしきい値を超えるのかを検出します。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.thresholdTypeTitle": "しきい値", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchField.threatMatchFieldPlaceholderText": "すべての結果", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError": "インデックスパターンを{ forbiddenString }にすることはできません。特定のインデックスパターンを選択してください。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchingIcesHelperDescription": "脅威インデックスを選択", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchoutputIndiceNameFieldRequiredError": "インデックスパターンが最低1つ必要です。", @@ -24859,7 +24825,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.fieldThrottleHelpText": "ルールが true であると評価された場合に自動アクションを実行するタイミングを選択します。", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.fieldThrottleLabel": "アクション頻度", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage": "{key}は有効なmustacheテンプレートではありません", - "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noConnectorSelectedErrorMessage": "コネクターを選択していません", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noReadActionsPrivileges": "ルールアクションを作成できません。「Actions」プラグインの「読み取り」アクセス権がありません。", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithEnablingTitle": "ルールを作成して有効にする", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithoutEnablingTitle": "有効にせずにルールを作成", @@ -24868,7 +24833,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldIntervalHelpText": "ルールを定期的に実行し、指定の時間枠内でアラートを検出します。", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldIntervalLabel": "次の間隔で実行", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.hoursOptionDescription": "時間", - "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.invalidTimeMessageDescription": "時間が必要です。", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.minutesOptionDescription": "分", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.secondsOptionDescription": "秒", "xpack.securitySolution.detectionEngine.createRule.threatMatchRuleTypeDescription": "インジケーター一致", @@ -24879,7 +24843,6 @@ "xpack.securitySolution.detectionEngine.details.stepAboutRule.detailsLabel": "詳細", "xpack.securitySolution.detectionEngine.details.stepAboutRule.investigationGuideLabel": "調査ガイド", "xpack.securitySolution.detectionEngine.details.stepAboutRule.setupGuideLabel": "セットアップガイド", - "xpack.securitySolution.detectionEngine.detectionsBreadcrumbTitle": "検出", "xpack.securitySolution.detectionEngine.detectionsPageTitle": "アラート", "xpack.securitySolution.detectionEngine.dismissNoApiIntegrationKeyButton": "閉じる", "xpack.securitySolution.detectionEngine.editRule.backToDescription": "戻る", @@ -24887,9 +24850,6 @@ "xpack.securitySolution.detectionEngine.editRule.errorMsgDescription": "申し訳ありません", "xpack.securitySolution.detectionEngine.editRule.pageTitle": "ルール設定の編集", "xpack.securitySolution.detectionEngine.editRule.saveChangeTitle": "変更を保存", - "xpack.securitySolution.detectionEngine.emptyActionBeats": "セットアップの手順を表示", - "xpack.securitySolution.detectionEngine.emptyActionSecondary": "ドキュメントに移動", - "xpack.securitySolution.detectionEngine.emptyTitle": "セキュリティアプリケーションの検出エンジンに関連したインデックスがないようです", "xpack.securitySolution.detectionEngine.eqlOptionsEventCategoryField.label": "イベントカテゴリーフィールド", "xpack.securitySolution.detectionEngine.eqlOptionsEventCategoryField.text": "プロセス、ファイル、ネットワークなどのイベント分類を含むフィールド。一般的に、このフィールドは、キーワードファミリーのフィールド型にマッピングされます", "xpack.securitySolution.detectionEngine.eqlOptionsEventTiebreakerField.label": "タイブレーカーフィールド", @@ -24899,13 +24859,11 @@ "xpack.securitySolution.detectionEngine.eqlOptionsSize.label": "サイズ", "xpack.securitySolution.detectionEngine.eqlOptionsSize.text": "基本クエリの場合、返される一致するイベントの最大数。シーケンスクエリの場合、返される一致するシーケンスの最大数。", "xpack.securitySolution.detectionEngine.eqlOverViewLink.text": "イベントクエリ言語(EQL)の概要", - "xpack.securitySolution.detectionEngine.eqlQueryBar.label": "EQLクエリを入力", "xpack.securitySolution.detectionEngine.eqlSettings.title": "EQL設定", "xpack.securitySolution.detectionEngine.eqlValidation.requestError": "EQLクエリの確認中にエラーが発生しました", "xpack.securitySolution.detectionEngine.eqlValidation.showErrorsLabel": "EQL確認エラーを表示", "xpack.securitySolution.detectionEngine.eqlValidation.title": "EQL確認エラー", "xpack.securitySolution.detectionEngine.goToDocumentationButton": "ドキュメンテーションを表示", - "xpack.securitySolution.detectionEngine.lastSignalTitle": "前回のアラート", "xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditAlerts": "これらの権限がないと、アラートのステータスを表示または変更できません。", "xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditLists": "これらの権限がない場合は、値リストを作成したり編集したりできません。", "xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditRules": "その権限がない場合、検出エンジンルールを作製したり編集したりできません。", @@ -25536,26 +25494,18 @@ "xpack.securitySolution.detectionEngine.noPermissionsMessage": "アラートを表示するには、権限を更新する必要があります。詳細については、Kibana管理者に連絡してください。", "xpack.securitySolution.detectionEngine.noPermissionsTitle": "権限が必要です", "xpack.securitySolution.detectionEngine.pageTitle": "検出エンジン", - "xpack.securitySolution.detectionEngine.panelSubtitleShowing": "表示中", "xpack.securitySolution.detectionEngine.queryPreview.actions": "アクション", "xpack.securitySolution.detectionEngine.queryPreview.histogramDisclaimer": "注:複数のevent.category値のアラートは2回以上カウントされます。", "xpack.securitySolution.detectionEngine.queryPreview.mlHistogramDisclaimer": "注:複数のhost.name値のアラートは2回以上カウントされます。", "xpack.securitySolution.detectionEngine.queryPreview.queryGraphCountLabel": "カウント", "xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewError": "プレビュー取得エラー", - "xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewInspectTitle": "クエリプレビュー", "xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewNoiseWarning": "ノイズ警告:このルールではノイズが多く生じる可能性があります。クエリを絞り込むことを検討してください。これは1時間ごとに1アラートという線形進行に基づいています。", - "xpack.securitySolution.detectionEngine.queryPreview.queryNoHits": "ヒットが見つかりませんでした。", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewDisclaimer": "注:このプレビューは、ルール例外とタイムスタンプオーバーライドの効果を除外します。", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewEqlSequenceDescription": "現在 EQL シーケンスクエリではヒストグラムを使用できません。右上の調査を使用して、クエリ詳細を表示できます。", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewEqlSequenceTitle": "ヒストグラムがありません", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewGraphThresholdWithFieldTitle": "{buckets} {buckets, plural, other {固有のヒット}}", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewGraphTitle": "{hits} {hits, plural, other {ヒット}}", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewHelpText": "クエリ結果をプレビューするデータのタイムフレームを選択します。", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewLabel": "クイッククエリプレビュー", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewSeeAllErrors": "すべてのエラーを表示", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewSeeAllWarnings": "すべての警告を表示", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewTitle": "ルールプレビュー", - "xpack.securitySolution.detectionEngine.queryPreview.queryThresholdGraphCountLabel": "累積しきい値数", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsAriaLabel": "詳細を表示", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsForRowAriaLabel": "行 {ariaRowindex}、列 {columnValues} のアラートまたはイベントの詳細を表示", "xpack.securitySolution.detectionEngine.rule.editRule.errorMsgDescription": "{countError, plural, one {このタブ} other {これらのタブ}}に無効な入力があります:{tabHasError}", @@ -25570,7 +25520,6 @@ "xpack.securitySolution.detectionEngine.ruleDetails.deletedRule": "削除されたルール", "xpack.securitySolution.detectionEngine.ruleDetails.enableRuleLabel": "有効にする", "xpack.securitySolution.detectionEngine.ruleDetails.exceptionsTab": "例外", - "xpack.securitySolution.detectionEngine.ruleDetails.experimentalDescription": "テクニカルプレビュー", "xpack.securitySolution.detectionEngine.ruleDetails.pageTitle": "ルール詳細", "xpack.securitySolution.detectionEngine.ruleDetails.ruleCreationDescription": "作成者:{by} 日付:{date}", "xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.actionFieldNotFoundErrorDescription": "アラートインデックスにフィールド'kibana.alert.rule.execution.uuid'が見つかりません。", @@ -25605,7 +25554,6 @@ "xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.totalExecutionsLabel": "{totalItems} {totalItems, plural, other {個のルール例外}}を表示しています", "xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLogsTab": "ルール実行ログ ", "xpack.securitySolution.detectionEngine.ruleDetails.ruleUpdateDescription": "更新者:{by} 日付:{date}", - "xpack.securitySolution.detectionEngine.ruleDetails.statusFailedDescription": "失敗", "xpack.securitySolution.detectionEngine.ruleDetails.unknownDescription": "不明", "xpack.securitySolution.detectionEngine.rules.aboutRuleTitle": "ルールについて", "xpack.securitySolution.detectionEngine.rules.addNewRuleTitle": "新規ルールを作成", @@ -25619,7 +25567,6 @@ "xpack.securitySolution.detectionEngine.rules.all.exceptions.exportSuccess": "例外リストエクスポート成功", "xpack.securitySolution.detectionEngine.rules.all.exceptions.idTitle": "リスト ID", "xpack.securitySolution.detectionEngine.rules.all.exceptions.listName": "名前", - "xpack.securitySolution.detectionEngine.rules.all.exceptions.numberRulesAssignedTitle": "割り当てられたルール数", "xpack.securitySolution.detectionEngine.rules.all.exceptions.rulesAssignedTitle": "割り当てられたルール", "xpack.securitySolution.detectionEngine.rules.all.exceptions.rulesPopoverButton": "+{rulesCount} {rulesCount, plural, other {ルール}}", "xpack.securitySolution.detectionEngine.rules.allExceptionLists.filters.noExceptionsTitle": "例外リストが見つかりません", @@ -25628,11 +25575,9 @@ "xpack.securitySolution.detectionEngine.rules.allExceptions.tableTitle": "例外リスト", "xpack.securitySolution.detectionEngine.rules.allRules.actions.deleteRuleDescription": "ルールの削除", "xpack.securitySolution.detectionEngine.rules.allRules.actions.duplicateRuleDescription": "ルールの複製", - "xpack.securitySolution.detectionEngine.rules.allRules.actions.duplicateTitle": "複製", "xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsDescription": "ルール設定の編集", "xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsToolTip": "Kibana アクション特権がありません", "xpack.securitySolution.detectionEngine.rules.allRules.actions.exportRuleDescription": "ルールのエクスポート", - "xpack.securitySolution.detectionEngine.rules.allRules.activeRuleDescription": "アクティブ", "xpack.securitySolution.detectionEngine.rules.allRules.batchActions.deleteSelectedImmutableTitle": "選択には削除できないイミュータブルルールがあります", "xpack.securitySolution.detectionEngine.rules.allRules.batchActionsTitle": "一斉アクション", "xpack.securitySolution.detectionEngine.rules.allRules.bulkAction.enable.successToastDescription": "{totalRules, plural, other {{totalRules}個のルール}}が正常に有効にされました", @@ -25695,7 +25640,6 @@ "xpack.securitySolution.detectionEngine.rules.allRules.columns.riskScoreTitle": "リスクスコア", "xpack.securitySolution.detectionEngine.rules.allRules.columns.ruleTitle": "ルール", "xpack.securitySolution.detectionEngine.rules.allRules.columns.severityTitle": "深刻度", - "xpack.securitySolution.detectionEngine.rules.allRules.columns.tagsPopoverTitle": "すべて表示", "xpack.securitySolution.detectionEngine.rules.allRules.columns.tagsTitle": "タグ", "xpack.securitySolution.detectionEngine.rules.allRules.columns.versionTitle": "バージョン", "xpack.securitySolution.detectionEngine.rules.allRules.exportFilenameTitle": "rules_export", @@ -25710,7 +25654,6 @@ "xpack.securitySolution.detectionEngine.rules.allRules.filters.noRulesTitle": "ルールが見つかりませんでした", "xpack.securitySolution.detectionEngine.rules.allRules.filters.noTagsAvailableDescription": "利用可能なタグがありません", "xpack.securitySolution.detectionEngine.rules.allRules.filters.tagsLabel": "タグ", - "xpack.securitySolution.detectionEngine.rules.allRules.inactiveRuleDescription": "非アクティブ", "xpack.securitySolution.detectionEngine.rules.allRules.refreshTitle": "更新", "xpack.securitySolution.detectionEngine.rules.allRules.searchAriaLabel": "ルールの検索", "xpack.securitySolution.detectionEngine.rules.allRules.searchPlaceholder": "ルール名、インデックスパターン(例:「filebeat-*」)、またはMITRE ATT&CK™方式や手法(例:「Defense Evasion」や「TA0005」)", @@ -25718,10 +25661,8 @@ "xpack.securitySolution.detectionEngine.rules.allRules.selectedRulesTitle": "{selectedRules} {selectedRules, plural, other {ルール}}を選択しました", "xpack.securitySolution.detectionEngine.rules.allRules.showingExceptionLists": "{totalLists} {totalLists, plural, other {件のリスト}}を表示しています。", "xpack.securitySolution.detectionEngine.rules.allRules.showingRulesTitle": "{totalRules} {totalRules, plural, other {ルール}}を表示中", - "xpack.securitySolution.detectionEngine.rules.allRules.tabs.exceptions": "例外リスト", "xpack.securitySolution.detectionEngine.rules.allRules.tabs.monitoring": "ルール監視", "xpack.securitySolution.detectionEngine.rules.allRules.tabs.rules": "ルール", - "xpack.securitySolution.detectionEngine.rules.backOptionsHeader": "検出に戻る", "xpack.securitySolution.detectionEngine.rules.cloneRule.duplicateTitle": "複製", "xpack.securitySolution.detectionEngine.rules.components.ruleActionsOverflow.allActionsTitle": "すべてのアクション", "xpack.securitySolution.detectionEngine.rules.continueButtonTitle": "続行", @@ -25771,8 +25712,6 @@ "xpack.securitySolution.detectionEngine.ruleStatus.statusDescription": "前回の応答", "xpack.securitySolution.detectionEngine.signalRuleAlert.actionGroups.default": "デフォルト", "xpack.securitySolution.detectionEngine.signals.alertReasonDescription": "{eventCategory, select, null {} other {{eventCategory}{whitespace}}}イベント{hasFieldOfInterest, select, false {} other {{whitespace}with}}{processName, select, null {} other {{whitespace}プロセス{processName},} }{processParentName, select, null {} other {{whitespace}親プロセス{processParentName},} }{fileName, select, null {} other {{whitespace}ファイル{fileName},} }{sourceAddress, select, null {} other {{whitespace}ソース{sourceAddress}}}{sourcePort, select, null {} other {:{sourcePort},}}{destinationAddress, select, null {} other {{whitespace}宛先{destinationAddress}}}{destinationPort, select, null {} other {:{destinationPort},}}{userName, select, null {} other {{whitespace}{userName}によって} }{hostName, select, null {} other {{whitespace}on {hostName}} }作成された{alertSeverity}アラート{alertName}。", - "xpack.securitySolution.detectionEngine.signalTitle": "検出されたアラート", - "xpack.securitySolution.detectionEngine.totalSignalTitle": "合計", "xpack.securitySolution.detectionEngine.userUnauthenticatedMsgBody": "検出エンジンを表示するための必要なアクセス権がありません。ヘルプについては、管理者にお問い合わせください。", "xpack.securitySolution.detectionEngine.userUnauthenticatedTitle": "検出エンジンアクセス権が必要です", "xpack.securitySolution.detectionEngine.validations.thresholdCardinalityFieldFieldData.thresholdCardinalityFieldNotSuppliedMessage": "カーディナリティフィールドは必須です。", @@ -25803,7 +25742,6 @@ "xpack.securitySolution.detectionResponse.noRecentCases": "表示するケースがありません。", "xpack.securitySolution.detectionResponse.noRuleAlerts": "表示するアラートがありません", "xpack.securitySolution.detectionResponse.openAllAlertsButton": "すべての未解決のアラートを表示", - "xpack.securitySolution.detectionResponse.openRuleAlertsTooltip": "未解決のルールアラート", "xpack.securitySolution.detectionResponse.openRuleDetailTooltip": "ルール詳細を開く", "xpack.securitySolution.detectionResponse.pageTitle": "検出と対応", "xpack.securitySolution.detectionResponse.ruleAlertsColumnAlertCount": "アラート件数", @@ -25819,8 +25757,6 @@ "xpack.securitySolution.detectionResponse.userAlertsSectionTitle": "アラート重要度別ユーザー", "xpack.securitySolution.detectionResponse.userAlertsUserName": "ユーザー名", "xpack.securitySolution.detectionResponse.userSectionTooltip": "最大100ユーザー。詳細については、「アラート」ページを参照してください。", - "xpack.securitySolution.detectionResponse.viewAllHostAlerts": "すべてのホストを表示", - "xpack.securitySolution.detectionResponse.viewAllUserAlerts": "すべてのユーザーを表示", "xpack.securitySolution.detectionResponse.viewCases": "ケースの表示", "xpack.securitySolution.detectionResponse.viewRecentCases": "最近のケースを表示", "xpack.securitySolution.detections.alerts.agentStatus": "エージェントステータス", @@ -25831,18 +25767,14 @@ "xpack.securitySolution.documentationLinks.detectionsRequirements.text": "検出の前提条件と要件", "xpack.securitySolution.documentationLinks.mlJobCompatibility.text": "MLジョブの互換性", "xpack.securitySolution.documentationLinks.solutionRequirements.text": "Elasticセキュリティシステム要件", - "xpack.securitySolution.dragAndDrop.addToTimeline": "タイムライン調査に追加", "xpack.securitySolution.dragAndDrop.closeButtonLabel": "閉じる", "xpack.securitySolution.dragAndDrop.copyToClipboardTooltip": "クリップボードにコピー", "xpack.securitySolution.dragAndDrop.draggableKeyboardInstructionsNotDraggingScreenReaderOnly": "オプションは Enter キーを押します。ドラッグを開始するには、スペースを押します。", "xpack.securitySolution.dragAndDrop.fieldLabel": "フィールド", - "xpack.securitySolution.dragAndDrop.filterForValueHoverAction": "値でフィルター", - "xpack.securitySolution.dragAndDrop.filterOutValueHoverAction": "値を除外", "xpack.securitySolution.dragAndDrop.youAreInADialogContainingOptionsScreenReaderOnly": "フィールド {fieldName} のオプションを含む、ダイアログを表示しています。Tab を押すと、オプションを操作します。Escape を押すと、終了します。", "xpack.securitySolution.draggables.field.categoryLabel": "カテゴリー", "xpack.securitySolution.draggables.field.fieldLabel": "フィールド", "xpack.securitySolution.draggables.field.typeLabel": "型", - "xpack.securitySolution.draggables.field.viewCategoryTooltip": "カテゴリーを表示します", "xpack.securitySolution.editDataProvider.doesNotExistLabel": "存在しない", "xpack.securitySolution.editDataProvider.existsLabel": "存在する", "xpack.securitySolution.editDataProvider.fieldLabel": "フィールド", @@ -25955,14 +25887,12 @@ "xpack.securitySolution.endpoint.hostIsolation.comment.placeholder": "ここに任意のメモを残すことができます。", "xpack.securitySolution.endpoint.hostIsolation.confirm": "確認", "xpack.securitySolution.endpoint.hostIsolation.failedToIsolate.title": "ホストの分離が失敗しました", - "xpack.securitySolution.endpoint.hostisolation.isolate": "分離", "xpack.securitySolution.endpoint.hostIsolation.isolated": "分離済み", "xpack.securitySolution.endpoint.hostIsolation.isolateHost": "ホストの分離", "xpack.securitySolution.endpoint.hostIsolation.isolateHost.casesAssociatedWithAlert": "{caseCount} {caseCount, plural, other {個のケース}}がこのホストに関連付けられています", "xpack.securitySolution.endpoint.hostIsolation.isolateThisHost": "ホスト{hostName}をネットワークから分離します。", "xpack.securitySolution.endpoint.hostIsolation.isolateThisHostAbout": "ホストの分離により、ホストがネットワークから切断されます。ホストはKibanaプラットフォームとのみ通信できます。", "xpack.securitySolution.endpoint.hostIsolation.isolation.successfulMessage": "ホスト{hostName}での分離は正常に送信されました", - "xpack.securitySolution.endpoint.hostIsolation.notIsolated": "分離されていない", "xpack.securitySolution.endpoint.hostIsolation.placeholderCase": "{caseName}", "xpack.securitySolution.endpoint.hostIsolation.returnToAlertDetails": "アラート詳細に戻る", "xpack.securitySolution.endpoint.hostIsolation.successfulIsolation.cases": "このアクションは次の{caseCount, plural, other {個のケース}}に関連付けられました。", @@ -26364,14 +26294,11 @@ "xpack.securitySolution.endpoint.resolver.panel.table.row.timestampTitle": "タイムスタンプ", "xpack.securitySolution.endpoint.resolver.panel.table.row.valueMissingDescription": "値が見つかりません", "xpack.securitySolution.endpoint.resolver.processDescription": "{isEventBeingAnalyzed, select, true {分析されたイベント· {descriptionText}} false {{descriptionText}}}", - "xpack.securitySolution.endpoint.resolver.relatedEventLimitExceeded": "{numberOfEventsMissing} {category}件のイベントを表示できませんでした。データの上限に達しました。", "xpack.securitySolution.endpoint.resolver.relatedEventLimitTitle": "このリストには、{numberOfEntries} 件のプロセスイベントが含まれています。", - "xpack.securitySolution.endpoint.resolver.relatedLimitsExceededTitle": "このリストには、{numberOfEventsDisplayed} {category} 件のイベントが含まれます。", "xpack.securitySolution.endpoint.resolver.runningProcess": "プロセスの実行中", "xpack.securitySolution.endpoint.resolver.runningTrigger": "トリガーの実行中", "xpack.securitySolution.endpoint.resolver.terminatedProcess": "プロセスを中断しました", "xpack.securitySolution.endpoint.resolver.terminatedTrigger": "トリガーを中断しました", - "xpack.securitySolution.endpoint.takeAction.changeAlertStatus": "アラートステータスを変更", "xpack.securitySolution.endpoint.trustedApps.fleetIntegration.title": "信頼できるアプリケーション", "xpack.securitySolution.endpointConsoleCommands.isolate.about": "ホストの分離", "xpack.securitySolution.endpointConsoleCommands.status.about": "エンドポイントの最新のステータス情報が表示されます", @@ -26392,7 +26319,6 @@ "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationCompletedAndUnsuccessful": "エンドポイントが完了し、エラーが発生しているリリース要求", "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationFailed": "エンドポイントが受信したエラーが発生しているホストリリースリクエスト", "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationSuccessful": "エンドポイントが受信したホストリリースリクエスト", - "xpack.securitySolution.endpointDetails.activityLog.search": "アクティビティログを検索", "xpack.securitySolution.endpointDetails.overview": "概要", "xpack.securitySolution.endpointManagement.noPermissionsSubText": "この機能を使用するには、スーパーユーザーロールが必要です。スーパーユーザーロールがなく、ユーザーロールを編集する権限もない場合は、Kibana管理者に問い合わせてください。", "xpack.securitySolution.endpointManagemnet.noPermissionsText": "Elastic Security Administrationを使用するために必要なKibana権限がありません。", @@ -26406,9 +26332,6 @@ "xpack.securitySolution.enpdoint.resolver.panelutils.noTimestampRetrieved": "タイムスタンプが取得されていません", "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "Endpoint Securityで開く", "xpack.securitySolution.event.reason.reasonRendererTitle": "イベントレンダラー:{eventRendererName} ", - "xpack.securitySolution.eventDetails.blank": " ", - "xpack.securitySolution.eventDetails.copyToClipboard": "クリップボードにコピー", - "xpack.securitySolution.eventDetails.copyToClipboardTooltip": "クリップボードにコピー", "xpack.securitySolution.eventDetails.ctiSummary.feedNamePreposition": "開始", "xpack.securitySolution.eventDetails.ctiSummary.indicatorEnrichmentTitle": "脅威一致が検出されました", "xpack.securitySolution.eventDetails.ctiSummary.indicatorEnrichmentTooltipContent": "このフィールド値は、作成したルールの脅威インテリジェンス指標と一致しました。", @@ -26429,7 +26352,6 @@ "xpack.securitySolution.eventDetails.value": "値", "xpack.securitySolution.eventDetails.viewAllFields": "テーブルのすべてのフィールドを表示", "xpack.securitySolution.eventDetails.viewColumnCheckboxAriaLabel": "{field} 列を表示", - "xpack.securitySolution.eventDetails.viewRuleDetailPage": "ルール詳細ページを表示", "xpack.securitySolution.eventFilter.flyoutForm.creationSuccessToastTitle": "\"{name}\"がイベントフィルターリストに追加されました。", "xpack.securitySolution.eventFilter.form.description.placeholder": "説明", "xpack.securitySolution.eventFilter.form.name.error": "名前を空にすることはできません", @@ -26511,7 +26433,6 @@ "xpack.securitySolution.eventRenderers.zeekName": "Zeek(旧Bro)", "xpack.securitySolution.eventsViewer.actionsColumnLabel": "アクション", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.alertDurationTitle": "アラート期間", - "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.methodTitle": "メソド", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.reasonTitle": "理由", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.riskScoreTitle": "リスクスコア", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.ruleDescriptionTitle": "ルールの説明", @@ -26523,11 +26444,9 @@ "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.thresholdCount": "しきい値数", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.thresholdTerms": "しきい値条件", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.triggeredTitle": "実行済み", - "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.versionTitle": "バージョン", "xpack.securitySolution.eventsViewer.alerts.overview.changeAlertStatus": "アラートステータスを変更", "xpack.securitySolution.eventsViewer.alerts.overview.clickToChangeAlertStatus": "クリックすると、アラートステータスを変更します", "xpack.securitySolution.eventsViewer.alerts.overviewTable.signalStatusTitle": "ステータス", - "xpack.securitySolution.eventsViewer.errorFetchingEventsData": "イベントデータをクエリできませんでした", "xpack.securitySolution.eventsViewer.eventsLabel": "イベント", "xpack.securitySolution.eventsViewer.showingLabel": "表示中", "xpack.securitySolution.eventsViewer.unit": "{totalCount, plural, other {イベント}}", @@ -26538,8 +26457,6 @@ "xpack.securitySolution.exceptions.addException.cancel": "キャンセル", "xpack.securitySolution.exceptions.addException.endpointQuarantineText": "すべてのエンドポイントホストで、例外と一致する隔離されたファイルは、自動的に元の場所に復元されます。この例外はエンドポイント例外を使用するすべてのルールに適用されます。", "xpack.securitySolution.exceptions.addException.error": "例外を追加できませんでした", - "xpack.securitySolution.exceptions.addException.fetchError": "例外リストの取得エラー", - "xpack.securitySolution.exceptions.addException.fetchError.title": "エラー", "xpack.securitySolution.exceptions.addException.infoLabel": "ルールの条件が満たされるときにアラートが生成されます。例外:", "xpack.securitySolution.exceptions.addException.operatingSystemPlaceHolder": "オペレーティングシステムを選択", "xpack.securitySolution.exceptions.addException.sequenceWarning": "このルールのクエリにはEQLシーケンス文があります。作成された例外は、シーケンスのすべてのイベントに適用されます。", @@ -26550,9 +26467,6 @@ "xpack.securitySolution.exceptions.clearExceptionsLabel": "例外リストを削除", "xpack.securitySolution.exceptions.commentEventLabel": "コメントを追加しました", "xpack.securitySolution.exceptions.commentLabel": "コメント", - "xpack.securitySolution.exceptions.createdByLabel": "作成者", - "xpack.securitySolution.exceptions.dateCreatedLabel": "日付が作成されました", - "xpack.securitySolution.exceptions.dateModifiedLabel": "変更日", "xpack.securitySolution.exceptions.descriptionLabel": "説明", "xpack.securitySolution.exceptions.detectionListLabel": "検出リスト", "xpack.securitySolution.exceptions.dissasociateExceptionListError": "例外リストを削除できませんでした", @@ -26565,7 +26479,6 @@ "xpack.securitySolution.exceptions.editException.editExceptionSaveButton": "保存", "xpack.securitySolution.exceptions.editException.editExceptionTitle": "ルール例外を編集", "xpack.securitySolution.exceptions.editException.endpointQuarantineText": "すべてのエンドポイントホストで、例外と一致する隔離されたファイルは、自動的に元の場所に復元されます。この例外はエンドポイント例外を使用するすべてのルールに適用されます。", - "xpack.securitySolution.exceptions.editException.error": "例外を更新できませんでした", "xpack.securitySolution.exceptions.editException.infoLabel": "ルールの条件が満たされるときにアラートが生成されます。例外:", "xpack.securitySolution.exceptions.editException.sequenceWarning": "このルールのクエリにはEQLシーケンス文があります。修正された例外は、シーケンスのすべてのイベントに適用されます。", "xpack.securitySolution.exceptions.editException.success": "正常に例外を更新しました", @@ -26580,10 +26493,8 @@ "xpack.securitySolution.exceptions.fieldDescription": "フィールド", "xpack.securitySolution.exceptions.hideCommentsLabel": "({comments}){comments, plural, other {件のコメント}}を非表示", "xpack.securitySolution.exceptions.modalErrorAccordionText": "ルール参照情報を表示:", - "xpack.securitySolution.exceptions.modifiedByLabel": "変更者:", "xpack.securitySolution.exceptions.nameLabel": "名前", "xpack.securitySolution.exceptions.operatingSystemFullLabel": "オペレーティングシステム", - "xpack.securitySolution.exceptions.operatingSystemLabel": "OS", "xpack.securitySolution.exceptions.operatingSystemLinux": "Linux", "xpack.securitySolution.exceptions.operatingSystemMac": "macOS", "xpack.securitySolution.exceptions.operatingSystemWindows": "Windows", @@ -26632,9 +26543,6 @@ "xpack.securitySolution.featureCatalogueDescription": "インフラストラクチャ全体の統合保護のため、脅威を防止、収集、検出し、それに対応します。", "xpack.securitySolution.featureRegistry.linkSecuritySolutionCaseTitle": "ケース", "xpack.securitySolution.featureRegistry.linkSecuritySolutionTitle": "セキュリティ", - "xpack.securitySolution.featureRegistry.manageAlertsName": "アラート", - "xpack.securitySolution.featureRegistry.subfeature.alertsAllName": "すべて", - "xpack.securitySolution.featureRegistry.subfeature.alertsReadName": "読み取り", "xpack.securitySolution.fieldBrowser.actionsLabel": "アクション", "xpack.securitySolution.fieldBrowser.categoryLabel": "カテゴリー", "xpack.securitySolution.fieldBrowser.createFieldButton": "フィールドを作成", @@ -26664,17 +26572,14 @@ "xpack.securitySolution.firstLastSeenHost.failSearchDescription": "最初の前回確認されたホストで検索を実行できませんでした", "xpack.securitySolution.fleetIntegration.assets.description": "セキュリティアプリでエンドポイントを表示", "xpack.securitySolution.fleetIntegration.assets.name": "ホスト", - "xpack.securitySolution.flyout.button.text": "Timeline", "xpack.securitySolution.flyout.button.timeline": "タイムライン", "xpack.securitySolution.footer.autoRefreshActiveDescription": "自動更新アクション", "xpack.securitySolution.footer.autoRefreshActiveTooltip": "自動更新が有効な間、タイムラインはクエリに一致する最新の {numberOfItems} 件のイベントを表示します。", "xpack.securitySolution.footer.cancel": "キャンセル", "xpack.securitySolution.footer.data": "データ", "xpack.securitySolution.footer.events": "イベント", - "xpack.securitySolution.footer.live": "ライブ", "xpack.securitySolution.footer.loadingEventsDataLabel": "イベントを読み込み中", "xpack.securitySolution.footer.loadingLabel": "読み込み中", - "xpack.securitySolution.footer.loadingTimelineData": "タイムラインデータを読み込み中", "xpack.securitySolution.footer.of": "/", "xpack.securitySolution.footer.rows": "行", "xpack.securitySolution.footer.totalCountOfEvents": "イベント", @@ -26740,14 +26645,9 @@ "xpack.securitySolution.hostIsolationExceptions.flyoutEditTitle": "ホスト分離例外を編集", "xpack.securitySolution.hostIsolationExceptions.form.conditions.subtitle": "ホスト分離例外はすべてのオペレーティングシステムに適用されます。", "xpack.securitySolution.hostIsolationExceptions.form.conditions.title": "条件", - "xpack.securitySolution.hostIsolationExceptions.form.creationSuccessToastTitle": "\"{name}\"はホスト分離例外リストに追加されました。", "xpack.securitySolution.hostIsolationExceptions.form.description": "分離されたホストがこれらのIPアドレスに接続することを許可します。任意のCIDRのIPv4のみが許可されます。", "xpack.securitySolution.hostIsolationExceptions.form.description.label": "説明", "xpack.securitySolution.hostIsolationExceptions.form.description.placeholder": "ホスト分離例外を説明", - "xpack.securitySolution.hostIsolationExceptions.form.editingSuccessToastTitle": "\"{name}\"が更新されました。", - "xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.create": "例外の作成中にエラーが発生しました:\"{error}\"", - "xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.get": "例外を編集できません:\"{error}\"", - "xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.update": "例外の更新中にエラーが発生しました:\"{error}\"", "xpack.securitySolution.hostIsolationExceptions.form.ip.error": "IPが無効です。任意のCIDRのIPv4のみがサポートされます", "xpack.securitySolution.hostIsolationExceptions.form.ip.label": "IPアドレスを入力", "xpack.securitySolution.hostIsolationExceptions.form.ip.placeholder": "例 0.0.0.0/24", @@ -26755,15 +26655,11 @@ "xpack.securitySolution.hostIsolationExceptions.form.name.label": "ホスト分離例外の名前を指定", "xpack.securitySolution.hostIsolationExceptions.form.name.placeholder": "ホスト分離例外名", "xpack.securitySolution.hostIsolationExceptions.form.title": "詳細", - "xpack.securitySolution.hostIsolationExceptions.list.action.delete": "例外を削除", - "xpack.securitySolution.hostIsolationExceptions.list.action.edit": "例外の編集", "xpack.securitySolution.hostIsolationExceptions.pageAboutInfo": "ホスト分離例外を追加して、分離されたホストが特定のIPと通信することを許可します。", "xpack.securitySolution.hostIsolationExceptions.pageAddButtonTitle": "ホスト分離例外を追加", "xpack.securitySolution.hostIsolationExceptions.pageTitle": "ホスト分離例外", "xpack.securitySolution.hostIsolationExceptions.searchPlaceholderInfo": "次のフィールドで検索:名前、説明、IP", "xpack.securitySolution.hostIsolationExceptions.showingTotal": "{total} {total, plural, other {個のホスト分離例外}}", - "xpack.securitySolution.hostOverview.errorSearchDescription": "ホスト概要検索でエラーが発生しました", - "xpack.securitySolution.hostOverview.failSearchDescription": "ホスト概要で検索を実行できませんでした", "xpack.securitySolution.hosts.hostRiskInformation.buttonLabel": "リスクスコアを計算する方法", "xpack.securitySolution.hosts.hostRiskInformation.classificationHeader": "分類", "xpack.securitySolution.hosts.hostRiskInformation.closeBtn": "閉じる", @@ -26779,7 +26675,6 @@ "xpack.securitySolution.hosts.hostScoreOverTime.riskScore": "リスクスコア", "xpack.securitySolution.hosts.hostScoreOverTime.riskyLabel": "高リスク", "xpack.securitySolution.hosts.hostScoreOverTime.riskyThresholdHeader": "高リスクしきい値", - "xpack.securitySolution.hosts.kqlPlaceholder": "例:host.name:\"foo\"", "xpack.securitySolution.hosts.navigation.alertsTitle": "外部アラート", "xpack.securitySolution.hosts.navigation.allHostsTitle": "すべてのホスト", "xpack.securitySolution.hosts.navigation.anomaliesTitle": "異常", @@ -26837,7 +26732,6 @@ "xpack.securitySolution.indexPatterns.continue": "追加せずに続行", "xpack.securitySolution.indexPatterns.dataViewLabel": "データビュー", "xpack.securitySolution.indexPatterns.descriptionsLabel": "これらは現在選択されているインデックスパターンです。データビューからインデックスパターンを除外すると、全体的なパフォーマンスを改善できます。", - "xpack.securitySolution.indexPatterns.disabled": "このページでは無効なインデックスパターンが推奨されますが、最初にKibanaインデックスパターン設定で構成する必要があります。", "xpack.securitySolution.indexPatterns.failureToastText": "更新時に予期しないエラーが発生しました。データを変更する場合は、手動でデータビュー{link}を選択できます。", "xpack.securitySolution.indexPatterns.failureToastTitle": "データビューを更新できません", "xpack.securitySolution.indexPatterns.inactive": "非アクティブなインデックスパターン", @@ -26870,7 +26764,6 @@ "xpack.securitySolution.indexPatterns.updateAvailableBadgeTitle": "更新が利用可能です", "xpack.securitySolution.indexPatterns.updateDataView": "このインデックスパターンをセキュリティデータビューに追加しますか?そうでない場合は、見つからないインデックスパターンなしで、データビューを再作成できます。", "xpack.securitySolution.indexPatterns.updateSecurityDataView": "セキュリティデータビューを更新", - "xpack.securitySolution.insert.timeline.insertTimelineButton": "タイムラインリンクの挿入", "xpack.securitySolution.inspect.modal.closeTitle": "閉じる", "xpack.securitySolution.inspect.modal.indexPatternDescription": "Elasticsearchインデックスに接続したインデックスパターンです。これらのインデックスは Kibana > 高度な設定で構成できます。", "xpack.securitySolution.inspect.modal.indexPatternLabel": "インデックスパターン", @@ -26942,9 +26835,7 @@ "xpack.securitySolution.lists.valueListsTable.actionsColumn": "アクション", "xpack.securitySolution.lists.valueListsTable.createdByColumn": "作成者", "xpack.securitySolution.lists.valueListsTable.deleteActionDescription": "値リストの削除", - "xpack.securitySolution.lists.valueListsTable.deleteActionName": "削除", "xpack.securitySolution.lists.valueListsTable.exportActionDescription": "値リストのエクスポート", - "xpack.securitySolution.lists.valueListsTable.exportActionName": "エクスポート", "xpack.securitySolution.lists.valueListsTable.fileNameColumn": "ファイル名", "xpack.securitySolution.lists.valueListsTable.title": "値リスト", "xpack.securitySolution.lists.valueListsTable.typeColumn": "型", @@ -26953,7 +26844,6 @@ "xpack.securitySolution.management.policiesSelector.label": "ポリシー", "xpack.securitySolution.management.policiesSelector.unassignedEntries": "割り当てられていないエントリ", "xpack.securitySolution.management.search.button": "更新", - "xpack.securitySolution.markdownEditor.markdownInputHelp": "Markdown 構文ヘルプ", "xpack.securitySolution.markdownEditor.plugins.timeline.failedRetrieveTimelineErrorMsg": "タイムラインIDを取得できませんでした:{ timelineId }", "xpack.securitySolution.markdownEditor.plugins.timeline.insertTimelineButtonLabel": "タイムラインリンクの挿入", "xpack.securitySolution.markdownEditor.plugins.timeline.noParenthesesErrorMsg": "想定される左括弧", @@ -26962,7 +26852,6 @@ "xpack.securitySolution.markdownEditor.plugins.timeline.timelineErrorTitle": "タイムラインエラー", "xpack.securitySolution.markdownEditor.plugins.timeline.toolTip.timelineId": "タイムラインID:{ timelineId }", "xpack.securitySolution.markdownEditor.plugins.timeline.toolTip.timelineUrlIsNotValidErrorMsg": "タイムラインURLが無効です => {timelineUrl}", - "xpack.securitySolution.markdownEditor.preview": "プレビュー", "xpack.securitySolution.matrixHistogram.errorSearchDescription": "行列ヒストグラム検索でエラーが発生しました", "xpack.securitySolution.matrixHistogram.failSearchDescription": "行列ヒストグラムで検索を実行できませんでした", "xpack.securitySolution.ml.score.anomalousEntityTitle": "異常エンティティ", @@ -27036,7 +26925,6 @@ "xpack.securitySolution.network.ipDetails.usersTable.rows": "{numRows} {numRows, plural, other {行}}", "xpack.securitySolution.network.ipDetails.usersTable.unit": "{totalCount, plural, other {ユーザー}}", "xpack.securitySolution.network.ipDetails.usersTable.usersTitle": "ユーザー", - "xpack.securitySolution.network.kqlPlaceholder": "例:source.ip:\"foo\"", "xpack.securitySolution.network.navigation.alertsTitle": "外部アラート", "xpack.securitySolution.network.navigation.anomaliesTitle": "異常", "xpack.securitySolution.network.navigation.dnsTitle": "DNS", @@ -27047,7 +26935,6 @@ "xpack.securitySolution.networkDetails.errorSearchDescription": "ネットワーク詳細検索でエラーが発生しました", "xpack.securitySolution.networkDetails.failSearchDescription": "ネットワーク詳細で検索を実行できませんでした", "xpack.securitySolution.networkDns.errorSearchDescription": "ネットワークDNS検索でエラーが発生しました", - "xpack.securitySolution.networkDns.failSearchDescription": "ネットワークDNSで検索を実行できませんでした", "xpack.securitySolution.networkDnsTable.column.bytesInTitle": "受信 DNS バイト", "xpack.securitySolution.networkDnsTable.column.bytesOutTitle": "送信 DNS バイト", "xpack.securitySolution.networkDnsTable.column.registeredDomain": "登録ドメイン", @@ -27058,7 +26945,6 @@ "xpack.securitySolution.networkDnsTable.select.includePtrRecords": "PTR 記録を含める", "xpack.securitySolution.networkDnsTable.title": "トップ DNS ドメイン", "xpack.securitySolution.networkDnsTable.unit": "{totalCount, plural, other {ドメイン}}", - "xpack.securitySolution.networkHttp.errorSearchDescription": "ネットワークHTTP検索でエラーが発生しました", "xpack.securitySolution.networkHttp.failSearchDescription": "ネットワークHTTPで検索を実行できませんでした", "xpack.securitySolution.networkHttpTable.column.domainTitle": "ドメイン", "xpack.securitySolution.networkHttpTable.column.lastHostTitle": "最後のホスト", @@ -27082,7 +26968,6 @@ "xpack.securitySolution.networkKpiUniquePrivateIps.failSearchDescription": "ネットワークKPI一意のプライベートIPで検索を実行できませんでした", "xpack.securitySolution.networkTls.errorSearchDescription": "ネットワークTLS検索でエラーが発生しました", "xpack.securitySolution.networkTls.failSearchDescription": "ネットワークTLSで検索を実行できませんでした", - "xpack.securitySolution.networkTopCountries.errorSearchDescription": "ネットワーク上位の国検索でエラーが発生しました", "xpack.securitySolution.networkTopCountries.failSearchDescription": "ネットワーク上位の国で検索を実行できませんでした", "xpack.securitySolution.networkTopCountriesTable.column.bytesInTitle": "受信バイト", "xpack.securitySolution.networkTopCountriesTable.column.bytesOutTitle": "送信バイト", @@ -27094,7 +26979,6 @@ "xpack.securitySolution.networkTopCountriesTable.heading.sourceCountries": "ソースの国", "xpack.securitySolution.networkTopCountriesTable.heading.unit": "{totalCount, plural, other {国}}", "xpack.securitySolution.networkTopCountriesTable.rows": "{numRows} {numRows, plural, other {行}}", - "xpack.securitySolution.networkTopNFlow.errorSearchDescription": "ネットワーク上位nフロー検索でエラーが発生しました", "xpack.securitySolution.networkTopNFlow.failSearchDescription": "ネットワーク上位nフローで検索を実行できませんでした", "xpack.securitySolution.networkTopNFlowTable.column.asTitle": "自動システム", "xpack.securitySolution.networkTopNFlowTable.column.bytesInTitle": "受信バイト", @@ -27115,15 +26999,11 @@ "xpack.securitySolution.newsFeed.noNewsMessageForAdmin": "現在のニュースフィードURLは最新のニュースを返しませんでした。URLを更新するか、セキュリティニュースを無効にすることができます", "xpack.securitySolution.noPermissionsMessage": "{subPluginKey}を表示するには、権限を更新する必要があります。詳細については、Kibana管理者に連絡してください。", "xpack.securitySolution.noPermissionsTitle": "権限が必要です", - "xpack.securitySolution.notes.addANotePlaceholder": "メモを追加", - "xpack.securitySolution.notes.addedANoteLabel": "メモを追加しました", "xpack.securitySolution.notes.addNoteButtonLabel": "メモを追加", "xpack.securitySolution.notes.cancelButtonLabel": "キャンセル", - "xpack.securitySolution.notes.copyToClipboardButtonLabel": "クリップボードにコピー", "xpack.securitySolution.notes.createdByLabel": "作成者", "xpack.securitySolution.notes.noteLabel": "注", "xpack.securitySolution.notes.notesTitle": "メモ", - "xpack.securitySolution.notes.previewMarkdownTitle": "プレビュー(マークダウン)", "xpack.securitySolution.notes.search.FilterByUserOrNotePlaceholder": "ユーザーまたはメモでフィルター", "xpack.securitySolution.notes.youAreEditingANoteScreenReaderOnly": "メモを編集しています。完了したら[メモの追加]をクリックするか、Esc を押してキャンセルします。", "xpack.securitySolution.notes.youAreViewingNotesScreenReaderOnly": "行 {row} のイベントのメモを表示しています。完了したら上矢印キーを押して、イベントに戻ります。", @@ -27154,9 +27034,6 @@ "xpack.securitySolution.open.timeline.openTimelineButton": "タイムラインを開く…", "xpack.securitySolution.open.timeline.openTimelineTitle": "開く", "xpack.securitySolution.open.timeline.pinnedEventsTooltip": "ピン付けされたイベント", - "xpack.securitySolution.open.timeline.pluralTemplatesLabel": "テンプレート", - "xpack.securitySolution.open.timeline.pluralTimelinesLabel": "タイムライン", - "xpack.securitySolution.open.timeline.postedLabel": "投稿:", "xpack.securitySolution.open.timeline.refreshTitle": "更新", "xpack.securitySolution.open.timeline.searchPlaceholder": "例:タイムライン名、または説明", "xpack.securitySolution.open.timeline.searchTemplatePlaceholder": "例:テンプレート名または説明", @@ -27165,8 +27042,6 @@ "xpack.securitySolution.open.timeline.showingLabel": "表示中:", "xpack.securitySolution.open.timeline.showingNTemplatesLabel": "{totalSearchResultsCount}件の{totalSearchResultsCount, plural, other {個のテンプレート}} {with}", "xpack.securitySolution.open.timeline.showingNTimelinesLabel": "{totalSearchResultsCount}件の {totalSearchResultsCount, plural, other {タイムライン}} {with}", - "xpack.securitySolution.open.timeline.singleTemplateLabel": "テンプレート", - "xpack.securitySolution.open.timeline.singleTimelineLabel": "タイムライン", "xpack.securitySolution.open.timeline.successfullyDeletedTimelinesTitle": "{totalTimelines, plural, =0 {すべてのタイムライン} other {{totalTimelines} 個のタイムライン}}の削除が正常に完了しました", "xpack.securitySolution.open.timeline.successfullyDeletedTimelineTemplatesTitle": "{totalTimelineTemplates, plural, =0 {すべてのタイムライン} other {{totalTimelineTemplates}個のタイムラインテンプレート}}が正常に削除されました", "xpack.securitySolution.open.timeline.successfullyExportedTimelinesTitle": "{totalTimelines, plural, =0 {すべてのタイムライン} other {{totalTimelines} 個のタイムライン}}のエクスポートが正常に完了しました", @@ -27188,14 +27063,9 @@ "xpack.securitySolution.overview.ctiDashboardDangerButton": "ソースを有効にする", "xpack.securitySolution.overview.ctiDashboardDangerPanelTitle": "表示する脅威インテリジェンスデータがありません", "xpack.securitySolution.overview.ctiDashboardEnableThreatIntel": "データを表示するには、脅威インテリジェンスソースを有効にする必要があります。", - "xpack.securitySolution.overview.ctiDashboardInfoPanelBody": "このガイドに従い、ダッシュボードを有効にして、ビジュアライゼーションにソースを表示できるようにしてください。", - "xpack.securitySolution.overview.ctiDashboardInfoPanelButton": "Kibanaダッシュボードを読み込む方法", - "xpack.securitySolution.overview.ctiDashboardInfoPanelTitle": "ソースを表示するには、Kibanaダッシュボードを有効にします", "xpack.securitySolution.overview.ctiDashboardOtherDatasourceTitle": "その他", "xpack.securitySolution.overview.ctiDashboardSubtitle": "{totalCount} {totalCount, plural, other {個の指標}}を表示しています", "xpack.securitySolution.overview.ctiDashboardTitle": "脅威インテリジェンス", - "xpack.securitySolution.overview.ctiDashboardWarningPanelBody": "選択した時間範囲からデータが検出されませんでした。別の時間範囲の検索を試してください。", - "xpack.securitySolution.overview.ctiDashboardWarningPanelTitle": "表示する脅威インテリジェンスデータがありません", "xpack.securitySolution.overview.ctiViewDasboard": "ダッシュボードを表示", "xpack.securitySolution.overview.endgameDnsTitle": "DNS", "xpack.securitySolution.overview.endgameFileTitle": "ファイル", @@ -27243,8 +27113,6 @@ "xpack.securitySolution.overview.packetBeatDnsTitle": "DNS", "xpack.securitySolution.overview.packetBeatFlowTitle": "フロー", "xpack.securitySolution.overview.packetbeatTLSTitle": "TLS", - "xpack.securitySolution.overview.pageSubtitle": "Elastic Stackによるセキュリティ情報とイベント管理", - "xpack.securitySolution.overview.recentCasesSidebarTitle": "最近のケース", "xpack.securitySolution.overview.recentTimelinesSidebarTitle": "最近のタイムライン", "xpack.securitySolution.overview.riskyHostsDashboardDangerPanelButton": "リスクスコアを有効にする", "xpack.securitySolution.overview.riskyHostsDashboardDangerPanelTitle": "表示するホストリスクスコアデータがありません", @@ -27254,7 +27122,6 @@ "xpack.securitySolution.overview.riskyHostsDashboardWarningPanelBody": "選択した期間では、ご使用の環境のホストからホストリスクスコアデータが検出されませんでした。", "xpack.securitySolution.overview.riskyHostsDashboardWarningPanelTitle": "表示するホストリスクスコアデータがありません", "xpack.securitySolution.overview.riskyHostsSource": "送信元", - "xpack.securitySolution.overview.showTopTooltip": "上位の{fieldName}を表示", "xpack.securitySolution.overview.signalCountTitle": "検出アラート傾向", "xpack.securitySolution.overview.topNLabel": "トップ{fieldName}", "xpack.securitySolution.overview.viewAlertsButtonLabel": "アラートを表示", @@ -27264,13 +27131,6 @@ "xpack.securitySolution.overviewHost.errorSearchDescription": "ホスト概要検索でエラーが発生しました", "xpack.securitySolution.overviewHost.failSearchDescription": "ホスト概要で検索を実行できませんでした", "xpack.securitySolution.pages.common.beta": "ベータ", - "xpack.securitySolution.pages.common.emptyActionBeats": "Beatsでデータを追加", - "xpack.securitySolution.pages.common.emptyActionBeatsDescription": "Lightweight Beatsは数百または数千台のコンピューターとシステムからデータを送信できます", - "xpack.securitySolution.pages.common.emptyActionElasticAgent": "Elasticエージェントでデータを追加", - "xpack.securitySolution.pages.common.emptyActionElasticAgentDescription": "Elasticエージェントでは、シンプルかつ統合された方法で、監視をホストに追加することができます。", - "xpack.securitySolution.pages.common.emptyActionEndpoint": "Endpoint Securityを追加", - "xpack.securitySolution.pages.common.emptyActionEndpointDescription": "脅威防御、検出、深いセキュリティデータの可視化を実現し、ホストを保護します。", - "xpack.securitySolution.pages.common.emptyActionSecondary": "入門ガイドを表示します。", "xpack.securitySolution.pages.common.solutionName": "セキュリティ", "xpack.securitySolution.pages.common.updateAlertStatusFailed": "{ conflicts } {conflicts, plural, other {アラート}}を更新できませんでした。", "xpack.securitySolution.pages.common.updateAlertStatusFailedDetailed": "{ updated } {updated, plural, other {アラート}}が正常に更新されましたが、{ conflicts }は更新できませんでした。\n { conflicts, plural, other {}}すでに修正されています。", @@ -27299,7 +27159,6 @@ "xpack.securitySolution.policyStatusText.success": "成功", "xpack.securitySolution.policyStatusText.unsupported": "サポートされていない", "xpack.securitySolution.policyStatusText.warning": "警告", - "xpack.securitySolution.recentTimelines.errorRetrievingUserDetailsMessage": "最近のタイムライン:ユーザー詳細の取得中にエラーが発生しました", "xpack.securitySolution.recentTimelines.favoritesButtonLabel": "お気に入り", "xpack.securitySolution.recentTimelines.filterControlLegend": "タイムラインフィルター", "xpack.securitySolution.recentTimelines.lastUpdatedButtonLabel": "最終更新", @@ -27461,7 +27320,6 @@ "xpack.securitySolution.system.processStoppedDescription": "プロセスを停止しました", "xpack.securitySolution.system.socketClosedDescription": "以下とのソケットをクローズしました。", "xpack.securitySolution.system.socketOpenedDescription": "以下とソケットを開きました。", - "xpack.securitySolution.system.systemDescription": "システム", "xpack.securitySolution.system.terminatedProcessDescription": "プロセスを中断しました", "xpack.securitySolution.system.userAddedDescription": "ユーザーが追加されました", "xpack.securitySolution.system.userChangedDescription": "ユーザーが変更されました", @@ -27469,7 +27327,6 @@ "xpack.securitySolution.system.usingDescription": "using", "xpack.securitySolution.system.viaDescription": "経由", "xpack.securitySolution.system.viaParentProcessDescription": "親プロセスで", - "xpack.securitySolution.system.wasAuthorizedToUseDescription": "が以下の使用を承認されました。", "xpack.securitySolution.system.withExitCodeDescription": "終了コードで", "xpack.securitySolution.system.withResultDescription": "結果付き", "xpack.securitySolution.tables.rowItemHelper.moreDescription": "行は表示されていません", @@ -27489,19 +27346,13 @@ "xpack.securitySolution.timeline.body.actions.addNotesForRowAriaLabel": "行 {ariaRowindex}、列 {columnValues} のイベントのメモをタイムラインに追加", "xpack.securitySolution.timeline.body.actions.attachAlertToCaseForRowAriaLabel": "行 {ariaRowindex}、列 {columnValues} のアラートまたはイベントをケースに追加", "xpack.securitySolution.timeline.body.actions.checkboxForRowAriaLabel": "行 {ariaRowindex}、列 {columnValues} のアラートまたはイベントのチェックボックスを{checked, select, false {オフ} true {オン}}", - "xpack.securitySolution.timeline.body.actions.collapseAriaLabel": "縮小", - "xpack.securitySolution.timeline.body.actions.expandEventTooltip": "詳細を表示", - "xpack.securitySolution.timeline.body.actions.investigateInResolverDisabledTooltip": "このイベントを分析できません。フィールドマッピングの互換性がありません", "xpack.securitySolution.timeline.body.actions.investigateInResolverForRowAriaLabel": "行 {ariaRowindex}、列 {columnValues} のアラートまたはイベントを分析", "xpack.securitySolution.timeline.body.actions.investigateInResolverTooltip": "イベントを分析します", - "xpack.securitySolution.timeline.body.actions.investigateLabel": "調査", "xpack.securitySolution.timeline.body.actions.moreActionsForRowAriaLabel": "行 {ariaRowindex}、列 {columnValues} のアラートまたはイベントのその他のアクションを選択", "xpack.securitySolution.timeline.body.actions.pinEventForRowAriaLabel": "行 {ariaRowindex}、列 {columnValues} のイベントを{isEventPinned, select, false {固定} true {固定解除}}", "xpack.securitySolution.timeline.body.actions.sendAlertToTimelineForRowAriaLabel": "行 {ariaRowindex}、列 {columnValues} のイベントのアラートを送信", "xpack.securitySolution.timeline.body.actions.viewDetailsAriaLabel": "詳細を表示", "xpack.securitySolution.timeline.body.actions.viewDetailsForRowAriaLabel": "行 {ariaRowindex}、列 {columnValues} のアラートまたはイベントの詳細を表示", - "xpack.securitySolution.timeline.body.actions.viewSummaryLabel": "概要を表示", - "xpack.securitySolution.timeline.body.copyToClipboardButtonLabel": "クリップボードにコピー", "xpack.securitySolution.timeline.body.notes.addNoteTooltip": "メモを追加", "xpack.securitySolution.timeline.body.notes.disableEventTooltip": "テンプレートタイムラインの編集中には、メモが追加されない場合があります", "xpack.securitySolution.timeline.body.openSessionViewLabel": "セッションビューを開く", @@ -27586,18 +27437,14 @@ "xpack.securitySolution.timeline.participantsTitle": "参加者", "xpack.securitySolution.timeline.properties.addTimelineButtonLabel": "新しいタイムラインまたはテンプレートの追加", "xpack.securitySolution.timeline.properties.addToFavoriteButtonLabel": "お気に入りに追加", - "xpack.securitySolution.timeline.properties.attachTimelineToCaseTooltip": "ケースに関連付けるには、タイムラインのタイトルを入力してください", "xpack.securitySolution.timeline.properties.attachToCaseButtonLabel": "ケースに関連付ける", "xpack.securitySolution.timeline.properties.attachToExistingCaseButtonLabel": "既存のケースに添付...", "xpack.securitySolution.timeline.properties.attachToNewCaseButtonLabel": "新しいケースに添付", "xpack.securitySolution.timeline.properties.autosavedLabel": "自動保存済み", "xpack.securitySolution.timeline.properties.descriptionPlaceholder": "説明を追加", - "xpack.securitySolution.timeline.properties.existingCaseButtonLabel": "タイムラインを既存のケースに添付...", "xpack.securitySolution.timeline.properties.inspectTimelineTitle": "Timeline", "xpack.securitySolution.timeline.properties.lockDatePickerDescription": "グローバル日付ピッカーをタイムライン日付ピッカーにロック", "xpack.securitySolution.timeline.properties.lockDatePickerTooltip": "現在表示中のページとタイムラインの間の日付/時刻範囲の同期を無効にします", - "xpack.securitySolution.timeline.properties.lockedDatePickerLabel": "グローバル日付ピッカーはタイムライン日付ピッカーにロックされています", - "xpack.securitySolution.timeline.properties.newCaseButtonLabel": "タイムラインを新しいケースに接続する", "xpack.securitySolution.timeline.properties.newTemplateTimelineButtonLabel": "新規タイムラインテンプレートを作成", "xpack.securitySolution.timeline.properties.newTimelineButtonLabel": "新規タイムラインを作成", "xpack.securitySolution.timeline.properties.notesButtonLabel": "メモ", @@ -27607,11 +27454,9 @@ "xpack.securitySolution.timeline.properties.timelineToggleButtonAriaLabel": "タイムライン {title} を{isOpen, select, false {開く} true {閉じる} other {切り替える}}", "xpack.securitySolution.timeline.properties.unlockDatePickerDescription": "グローバル日付ピッカーをタイムライン日付ピッカーからロック解除", "xpack.securitySolution.timeline.properties.unlockDatePickerTooltip": "現在表示中のページとタイムラインの間の日付/時刻範囲の同期を有効にします", - "xpack.securitySolution.timeline.properties.unlockedDatePickerLabel": "グローバル日付ピッカーはタイムライン日付ピッカーにロックされていません", "xpack.securitySolution.timeline.properties.unsavedLabel": "未保存", "xpack.securitySolution.timeline.properties.untitledTemplatePlaceholder": "無題のテンプレート", "xpack.securitySolution.timeline.properties.untitledTimelinePlaceholder": "無題のタイムライン", - "xpack.securitySolution.timeline.protocol": "プロトコル", "xpack.securitySolution.timeline.rangePicker.oneDay": "1日", "xpack.securitySolution.timeline.rangePicker.oneMonth": "1 か月", "xpack.securitySolution.timeline.rangePicker.oneWeek": "1 週間", @@ -27628,22 +27473,11 @@ "xpack.securitySolution.timeline.saveTimelineTemplate.modal.discard.title": "タイムラインテンプレートを破棄", "xpack.securitySolution.timeline.saveTimelineTemplate.modal.header": "タイムラインテンプレートを保存", "xpack.securitySolution.timeline.searchBoxPlaceholder": "例:{timeline}名、または説明", - "xpack.securitySolution.timeline.searchOrFilter.customeIndexNames": "カスタム", - "xpack.securitySolution.timeline.searchOrFilter.eventTypeAllEvent": "すべてのデータソース", - "xpack.securitySolution.timeline.searchOrFilter.eventTypeDetectionAlertsEvent": "検出アラート", - "xpack.securitySolution.timeline.searchOrFilter.eventTypeRawEvent": "イベント", "xpack.securitySolution.timeline.searchOrFilter.filterDescription": "上のデータプロバイダーからのイベントは、隣接の KQL でフィルターされます", "xpack.securitySolution.timeline.searchOrFilter.filterKqlPlaceholder": "イベントをフィルター", "xpack.securitySolution.timeline.searchOrFilter.filterKqlSelectedText": "フィルター", "xpack.securitySolution.timeline.searchOrFilter.filterKqlTooltip": "上のデータプロバイダーからのイベントは、この KQL でフィルターされます", "xpack.securitySolution.timeline.searchOrFilter.filterOrSearchWithKql": "KQLでフィルターまたは検索", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.configure": "上記の選択のそれぞれに関連付けられたデータソースを表示", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.help": "データソース選択", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.hideAdvancedSettings": "詳細設定を表示しない", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.pickIndexPatternsCombo": "インデックスパターンを選択", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.resetSettings": "リセット", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.save": "保存", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.showAdvancedSettings": "詳細設定を表示", "xpack.securitySolution.timeline.searchOrFilter.searchDescription": "上のデータプロバイダーからのイベントは、隣接のKQLからの結果と組み合わされます。", "xpack.securitySolution.timeline.searchOrFilter.searchKqlPlaceholder": "イベントを検索", "xpack.securitySolution.timeline.searchOrFilter.searchKqlSelectedText": "検索", @@ -27698,7 +27532,6 @@ "xpack.securitySolution.topN.allEventsSelectLabel": "すべてのイベント", "xpack.securitySolution.topN.closeButtonLabel": "閉じる", "xpack.securitySolution.topN.rawEventsSelectLabel": "未加工イベント", - "xpack.securitySolution.trustedapps.aboutInfo": "パフォーマンスを改善したり、ホストで実行されている他のアプリケーションとの競合を解消したりするには、信頼できるアプリケーションを追加します。", "xpack.securitySolution.trustedApps.assignmentSectionDescription": "すべてのポリシーでグローバルにこの信頼できるアプリケーションを割り当てるか、特定のポリシーに割り当てます。", "xpack.securitySolution.trustedapps.card.operator.is": "is", "xpack.securitySolution.trustedapps.card.operator.matches": "一致", @@ -27773,7 +27606,6 @@ "xpack.securitySolution.uiSettings.newsFeedUrlDescription": "

ニュースフィードコンテンツはこの URL から取得されます

", "xpack.securitySolution.uiSettings.rulesTableRefresh": "ルール自動更新", "xpack.securitySolution.uiSettings.rulesTableRefreshDescription": "

すべてのルールと監視テーブルの自動更新を有効にします(ミリ秒)

", - "xpack.securitySolution.uncommonProcesses.errorSearchDescription": "一般的ではないプロセス検索でエラーが発生しました", "xpack.securitySolution.uncommonProcesses.failSearchDescription": "一般的ではないプロセスで検索を実行できませんでした", "xpack.securitySolution.uncommonProcessTable.hostsTitle": "ホスト名", "xpack.securitySolution.uncommonProcessTable.lastCommandTitle": "前回のコマンド", @@ -27793,7 +27625,6 @@ "xpack.securitySolution.user.details.overview.userRiskClassification": "ユーザーリスク分類", "xpack.securitySolution.user.details.overview.userRiskScoreTitle": "ユーザーリスクスコア", "xpack.securitySolution.user.ipDetails.ipOverview.lastSeenTitle": "前回の認識", - "xpack.securitySolution.userDetails.errorSearchDescription": "ユーザー詳細検索でエラーが発生しました", "xpack.securitySolution.userDetails.failSearchDescription": "ユーザー詳細で検索を実行できませんでした", "xpack.securitySolution.users.navigation.alertsTitle": "外部アラート", "xpack.securitySolution.users.navigation.allUsersTitle": "すべてのユーザー", @@ -27808,7 +27639,6 @@ "xpack.securitySolution.users.userRiskInformation.closeBtn": "閉じる", "xpack.securitySolution.users.userRiskInformation.criticalRiskDescription": "90以上", "xpack.securitySolution.users.userRiskInformation.explanation": "この機能は変換を利用します。また、5日間の範囲で、スクリプトメトリックアグリゲーションを使用して、「オープン」ステータスの検知ルールアラートに基づいてユーザーリスクスコアを計算します。変換は毎時実行され、新しい検知ルールアラートを受信するとスコアが常に更新されます。", - "xpack.securitySolution.users.userRiskInformation.informationAriaLabel": "情報", "xpack.securitySolution.users.userRiskInformation.introduction": "ユーザーリスクスコア機能は、環境内のリスクが高いユーザーを明らかにします。", "xpack.securitySolution.users.userRiskInformation.learnMore": "ユーザーリスクの詳細をご覧ください。{usersRiskScoreDocumentationLink}", "xpack.securitySolution.users.userRiskInformation.link": "こちら", @@ -27836,9 +27666,7 @@ "xpack.securitySolution.visualizationActions.uniqueIps.destinationChartLabel": "Dest.", "xpack.securitySolution.visualizationActions.uniqueIps.sourceChartLabel": "Src.", "xpack.securitySolution.visualizationActions.userAuthentications.failChartLabel": "失敗", - "xpack.securitySolution.visualizationActions.userAuthentications.failUnitLabel": "失敗", "xpack.securitySolution.visualizationActions.userAuthentications.successChartLabel": "成功", - "xpack.securitySolution.visualizationActions.userAuthentications.successUnitLabel": "成功", "xpack.securitySolution.zeek.othDescription": "SYNが検出されません。ミッドストリームトラフィックのみです", "xpack.securitySolution.zeek.rejDescription": "接続試行が拒否されました", "xpack.securitySolution.zeek.rstoODescription": "接続が確立され、接続元が中断しました(RSTを送信)", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 95b75424dd6ff..96a3cc1e629de 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -24165,20 +24165,14 @@ "xpack.security.users.editUserPage.createBreadcrumb": "创建", "xpack.securitySolution.accessibility.tooltipWithKeyboardShortcut.pressTooltipLabel": "按", "xpack.securitySolution.actionsContextMenu.label": "打开", - "xpack.securitySolution.administration.list.beta": "公测版", "xpack.securitySolution.administration.os.linux": "Linux", "xpack.securitySolution.administration.os.macos": "Mac", "xpack.securitySolution.administration.os.windows": "Windows", - "xpack.securitySolution.alertDetails.changeEnrichmentQueryLookback": "搜索不同的时间范围", - "xpack.securitySolution.alertDetails.checkDocs": "请查看我们的文档", "xpack.securitySolution.alertDetails.enrichmentQueryEndDate": "结束日期", "xpack.securitySolution.alertDetails.enrichmentQueryStartDate": "开始日期", "xpack.securitySolution.alertDetails.investigationTimeQueryTitle": "使用威胁情报扩充", "xpack.securitySolution.alertDetails.noEnrichmentsFoundDescription": "我们未找到匹配任何指标匹配规则的威胁情报或此告警的任何扩充。", - "xpack.securitySolution.alertDetails.noEnrichmentsFoundTitle": "未找到指标匹配或威胁情报扩充", - "xpack.securitySolution.alertDetails.noIndicatorEnrichmentsDescription": "使用任何指标匹配规则都未找到威胁情报指标。", "xpack.securitySolution.alertDetails.noInvestigationEnrichmentsDescription": "我们未发现字段值具有在过去 30 天中我们默认搜索的威胁情报源提供的其他信息。", - "xpack.securitySolution.alertDetails.noInvestigationEnrichmentsTitle": "未找到威胁情报扩充", "xpack.securitySolution.alertDetails.noRiskDataDescription": "未找到此告警的主机风险数据", "xpack.securitySolution.alertDetails.overview": "概览", "xpack.securitySolution.alertDetails.overview.enrichedDataTitle": "扩充数据", @@ -24219,13 +24213,10 @@ "xpack.securitySolution.alerts.severityMapping.sourceValueTitle": "源值", "xpack.securitySolution.alertsView.alertsDocumentType": "外部告警", "xpack.securitySolution.alertsView.alertsGraphTitle": "外部告警趋势", - "xpack.securitySolution.alertsView.alertsStackByOptions.module": "模块", "xpack.securitySolution.alertsView.alertsTableTitle": "外部告警", "xpack.securitySolution.alertsView.categoryLabel": "类别", "xpack.securitySolution.alertsView.errorFetchingAlertsData": "无法查询告警数据", - "xpack.securitySolution.alertsView.moduleLabel": "模块", "xpack.securitySolution.alertsView.osqueryAlertTitle": "运行 Osquery", - "xpack.securitySolution.alertsView.osqueryBackToAlertDetails": "告警详情", "xpack.securitySolution.alertsView.showing": "正在显示", "xpack.securitySolution.alertsView.totalCountOfAlerts": "个外部告警", "xpack.securitySolution.alertsView.unit": "个外部{totalCount, plural, other {告警}}", @@ -24460,7 +24451,6 @@ "xpack.securitySolution.auditd.violatedSeLinuxPolicyDescription": "已违反 selinux 策略", "xpack.securitySolution.auditd.wasAuthorizedToUseDescription": "有权使用", "xpack.securitySolution.auditd.withResultDescription": ",结果为", - "xpack.securitySolution.authentications.errorSearchDescription": "搜索身份验证时发生错误", "xpack.securitySolution.authentications.failSearchDescription": "无法对身份验证执行搜索", "xpack.securitySolution.authenticationsTable.authentications": "身份验证", "xpack.securitySolution.authenticationsTable.failures": "错误", @@ -24527,8 +24517,6 @@ "xpack.securitySolution.blocklist.warnings.values.wildcardPresent": "文件名中存在通配符将影响终端性能", "xpack.securitySolution.callouts.dismissButton": "关闭", "xpack.securitySolution.cases.caseTable.caseDetailsLinkAria": "单击以访问标题为 {detailName} 的案例", - "xpack.securitySolution.cases.caseView.breadcrumb": "创建", - "xpack.securitySolution.cases.caseView.sendAlertToTimelineTooltip": "在时间线中调查", "xpack.securitySolution.cases.pageTitle": "案例", "xpack.securitySolution.certificate.fingerprint.clientCertLabel": "客户端证书", "xpack.securitySolution.certificate.fingerprint.serverCertLabel": "服务器证书", @@ -24546,7 +24534,6 @@ "xpack.securitySolution.components.embeddables.embeddedMap.embeddableHeaderHelp": "地图配置帮助", "xpack.securitySolution.components.embeddables.embeddedMap.embeddableHeaderTitle": "网络地图", "xpack.securitySolution.components.embeddables.embeddedMap.embeddablePanelTitle": "源 -> 目标点对点地图", - "xpack.securitySolution.components.embeddables.embeddedMap.errorConfiguringEmbeddableApiTitle": "配置可嵌入 API 时出错", "xpack.securitySolution.components.embeddables.embeddedMap.errorCreatingMapEmbeddableTitle": "创建地图可嵌入对象时出错", "xpack.securitySolution.components.embeddables.embeddedMap.lineLayerLabel": "折线图", "xpack.securitySolution.components.embeddables.embeddedMap.serverLayerLabel": "服务器点", @@ -24556,7 +24543,6 @@ "xpack.securitySolution.components.embeddables.indexPatternsMissingPrompt.errorDescription2": "还可以在 Kibana 中手动配置索引模式。", "xpack.securitySolution.components.embeddables.indexPatternsMissingPrompt.errorTitle": "未配置所需的索引模式", "xpack.securitySolution.components.embeddables.mapToolTip.errorTitle": "加载地图特征时出错", - "xpack.securitySolution.components.embeddables.mapToolTip.filterForValueHoverAction": "筛留值", "xpack.securitySolution.components.embeddables.mapToolTip.footerLabel": "{currentFeature} 个{totalFeatures, plural, other {特征}},总计 {totalFeatures} 个", "xpack.securitySolution.components.embeddables.mapToolTip.lineContent.clientLabel": "客户端", "xpack.securitySolution.components.embeddables.mapToolTip.lineContent.destinationLabel": "目标", @@ -24583,7 +24569,6 @@ "xpack.securitySolution.components.hooks.eql.partialResponse": "EQL 预览错误", "xpack.securitySolution.components.hooks.errors.timeIntervalsNotDefined": "时间间隔未定义。", "xpack.securitySolution.components.ml.anomaly.errors.anomaliesTableFetchFailureTitle": "异常表提取失败", - "xpack.securitySolution.components.ml.api.errors.networkErrorFailureTitle": "网络错误:", "xpack.securitySolution.components.ml.api.errors.statusCodeFailureTitle": "状态代码:", "xpack.securitySolution.components.ml.permissions.errors.machineLearningPermissionsFailureTitle": "Machine Learning 权限错误", "xpack.securitySolution.components.mlJobSelect.machineLearningLink": "Machine Learning", @@ -24633,7 +24618,6 @@ "xpack.securitySolution.containers.detectionEngine.addRuleFailDescription": "无法添加规则", "xpack.securitySolution.containers.detectionEngine.alerts.createListsIndex.errorDescription": "无法创建列表索引", "xpack.securitySolution.containers.detectionEngine.alerts.detectionEnginePrivileges.errorFetching": "无法检索检测引擎权限", - "xpack.securitySolution.containers.detectionEngine.alerts.errorFetchingAlertsDescription": "无法查询告警", "xpack.securitySolution.containers.detectionEngine.alerts.errorGetAlertDescription": "无法获取信号索引名称", "xpack.securitySolution.containers.detectionEngine.alerts.errorPostAlertDescription": "无法创建信号索引", "xpack.securitySolution.containers.detectionEngine.alerts.fetchListsIndex.errorDescription": "无法检索列表索引", @@ -24643,7 +24627,6 @@ "xpack.securitySolution.containers.detectionEngine.createPrePackagedRuleSuccesDescription": "已安装 Elastic 的预打包规则", "xpack.securitySolution.containers.detectionEngine.createPrePackagedTimelineSuccesDescription": "安装 Elastic 预先打包的时间线模板", "xpack.securitySolution.containers.detectionEngine.ruleExecutionEventsFetchFailDescription": "无法提取规则执行事件", - "xpack.securitySolution.containers.detectionEngine.ruleExecutionLogFailureDescription": "无法提取规则执行事件", "xpack.securitySolution.containers.detectionEngine.rulesAndTimelines": "无法提取规则和时间线", "xpack.securitySolution.containers.detectionEngine.tagFetchFailDescription": "无法提取标签", "xpack.securitySolution.containers.errors.stopJobFailureTitle": "停止作业失败", @@ -24658,11 +24641,8 @@ "xpack.securitySolution.dataProviders.and": "且", "xpack.securitySolution.dataProviders.convertToFieldLabel": "转换为字段", "xpack.securitySolution.dataProviders.convertToTemplateFieldLabel": "转换为模板字段", - "xpack.securitySolution.dataProviders.copyToClipboardTooltip": "复制到剪贴板", "xpack.securitySolution.dataProviders.deleteDataProvider": "删除", "xpack.securitySolution.dataProviders.dropAnything": "放置任何内容", - "xpack.securitySolution.dataProviders.dropHere": "放在此处", - "xpack.securitySolution.dataProviders.dropHereToAddAnLabel": "放在此处以添加", "xpack.securitySolution.dataProviders.edit": "编辑", "xpack.securitySolution.dataProviders.editMenuItem": "编辑筛选", "xpack.securitySolution.dataProviders.editTitle": "编辑筛选", @@ -24683,14 +24663,11 @@ "xpack.securitySolution.dataProviders.showOptionsDataProviderAriaLabel": "{field} {value}按 enter 键可显示选项,或按空格键开始拖动", "xpack.securitySolution.dataProviders.templateFieldLabel": "模板字段", "xpack.securitySolution.dataProviders.temporaryDisableDataProvider": "暂时禁用", - "xpack.securitySolution.dataProviders.toBuildAn": "以构建", "xpack.securitySolution.dataProviders.toggle": "切换", - "xpack.securitySolution.dataProviders.valueAriaLabel": "值", "xpack.securitySolution.dataProviders.valuePlaceholder": "值", "xpack.securitySolution.detectionEngine.alerts.acknowledgedAlertFailedToastMessage": "无法将告警标记为已确认", "xpack.securitySolution.detectionEngine.alerts.acknowledgedAlertsTitle": "已确认", "xpack.securitySolution.detectionEngine.alerts.acknowledgedAlertSuccessToastMessage": "已成功将 {totalAlerts} 个{totalAlerts, plural, other {告警}}标记为已确认。", - "xpack.securitySolution.detectionEngine.alerts.actions.acknowledgedAlertTitle": "标记为已确认", "xpack.securitySolution.detectionEngine.alerts.actions.addEndpointException": "添加终端例外", "xpack.securitySolution.detectionEngine.alerts.actions.addEventFilter": "添加终端事件筛选", "xpack.securitySolution.detectionEngine.alerts.actions.addEventFilter.disabled.tooltip": "可以从主机页面的“事件”部分创建终端事件筛选。", @@ -24698,11 +24675,8 @@ "xpack.securitySolution.detectionEngine.alerts.actions.addToCase": "添加到现有案例", "xpack.securitySolution.detectionEngine.alerts.actions.addToCaseDisabled": "此选择不支持添加到案例", "xpack.securitySolution.detectionEngine.alerts.actions.addToNewCase": "添加到新案例", - "xpack.securitySolution.detectionEngine.alerts.actions.closeAlertTitle": "关闭告警", "xpack.securitySolution.detectionEngine.alerts.actions.investigateInTimelineAriaLabel": "将告警发送到时间线", "xpack.securitySolution.detectionEngine.alerts.actions.investigateInTimelineTitle": "在时间线中调查", - "xpack.securitySolution.detectionEngine.alerts.actions.openAlertTitle": "打开告警", - "xpack.securitySolution.detectionEngine.alerts.alertsUnit": "{totalCount, plural, other {告警}}", "xpack.securitySolution.detectionEngine.alerts.closedAlertFailedToastMessage": "无法关闭告警。", "xpack.securitySolution.detectionEngine.alerts.closedAlertsTitle": "已关闭", "xpack.securitySolution.detectionEngine.alerts.closedAlertSuccessToastMessage": "已成功关闭 {totalAlerts} 个{totalAlerts, plural, other {告警}}。", @@ -24733,10 +24707,6 @@ "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.acknowledgedSelectedTitle": "标记为已确认", "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.closeSelectedTitle": "关闭所选", "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.openSelectedTitle": "打开选定", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInHostsTitle": "查看主机中所选", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInNetworkTitle": "查看网络中所选", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActions.viewSelectedInTimelineTitle": "查看时间线中所选", - "xpack.securitySolution.detectionEngine.alerts.utilityBar.batchActionsTitle": "批量操作", "xpack.securitySolution.detectionEngine.alerts.utilityBar.clearSelectionTitle": "清除所选内容", "xpack.securitySolution.detectionEngine.alerts.utilityBar.selectAllAlertsTitle": "选择全部 {totalAlertsFormatted} 个{totalAlerts, plural, other {告警}}", "xpack.securitySolution.detectionEngine.alerts.utilityBar.selectedAlertsTitle": "已选择 {selectedAlertsFormatted} 个{selectedAlerts, plural, other {告警}}", @@ -24768,9 +24738,6 @@ "xpack.securitySolution.detectionEngine.components.allRules.deleteConfirmationCancel": "取消", "xpack.securitySolution.detectionEngine.components.allRules.deleteConfirmationConfirm": "确认", "xpack.securitySolution.detectionEngine.components.allRules.deleteConfirmationTitle": "确认批量删除", - "xpack.securitySolution.detectionEngine.components.allRules.refreshPromptBody": "规则自动刷新已暂停。单击“继续”即可恢复。", - "xpack.securitySolution.detectionEngine.components.allRules.refreshPromptConfirm": "继续", - "xpack.securitySolution.detectionEngine.components.allRules.refreshPromptTitle": "您还在吗?", "xpack.securitySolution.detectionEngine.components.importRuleModal.cancelTitle": "取消", "xpack.securitySolution.detectionEngine.components.importRuleModal.exceptionsSuccessLabel": "已成功导入 {totalExceptions} 个{totalExceptions, plural, other {例外}}。", "xpack.securitySolution.detectionEngine.components.importRuleModal.importExceptionsFailedLabel": "未能导入 {totalExceptions} 个{totalExceptions, plural, other {例外}}", @@ -24877,7 +24844,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.threatMatchTitle": "指标匹配", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.thresholdTypeDescription": "聚合查询结果以检测匹配数目何时超过阈值。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ruleTypeField.thresholdTypeTitle": "阈值", - "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchField.threatMatchFieldPlaceholderText": "所有结果", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError": "索引模式不能是{ forbiddenString }。请选择更具体的索引模式。", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchingIcesHelperDescription": "选择威胁索引", "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchoutputIndiceNameFieldRequiredError": "至少需要一种索引模式。", @@ -24885,7 +24851,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.fieldThrottleHelpText": "选择在规则评估为 true 时应执行自动操作的时间。", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.fieldThrottleLabel": "操作频率", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage": "{key} 不是有效的 Mustache 模板", - "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noConnectorSelectedErrorMessage": "未选择任何连接器", "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noReadActionsPrivileges": "无法创建规则操作。您对“操作”插件没有“读”权限。", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithEnablingTitle": "创建并启用规则", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithoutEnablingTitle": "创建规则但不启用", @@ -24894,7 +24859,6 @@ "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldIntervalHelpText": "规则定期运行并检测指定时间范围内的告警。", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldIntervalLabel": "运行间隔", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.hoursOptionDescription": "小时", - "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.invalidTimeMessageDescription": "时间必填。", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.minutesOptionDescription": "分钟", "xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.secondsOptionDescription": "秒", "xpack.securitySolution.detectionEngine.createRule.threatMatchRuleTypeDescription": "指标匹配", @@ -24905,7 +24869,6 @@ "xpack.securitySolution.detectionEngine.details.stepAboutRule.detailsLabel": "详情", "xpack.securitySolution.detectionEngine.details.stepAboutRule.investigationGuideLabel": "调查指南", "xpack.securitySolution.detectionEngine.details.stepAboutRule.setupGuideLabel": "设置指南", - "xpack.securitySolution.detectionEngine.detectionsBreadcrumbTitle": "检测", "xpack.securitySolution.detectionEngine.detectionsPageTitle": "告警", "xpack.securitySolution.detectionEngine.dismissNoApiIntegrationKeyButton": "关闭", "xpack.securitySolution.detectionEngine.editRule.backToDescription": "返回到", @@ -24913,9 +24876,6 @@ "xpack.securitySolution.detectionEngine.editRule.errorMsgDescription": "抱歉", "xpack.securitySolution.detectionEngine.editRule.pageTitle": "编辑规则设置", "xpack.securitySolution.detectionEngine.editRule.saveChangeTitle": "保存更改", - "xpack.securitySolution.detectionEngine.emptyActionBeats": "查看设置说明", - "xpack.securitySolution.detectionEngine.emptyActionSecondary": "前往文档", - "xpack.securitySolution.detectionEngine.emptyTitle": "似乎在 Security 应用程序中没有与检测引擎相关的索引", "xpack.securitySolution.detectionEngine.eqlOptionsEventCategoryField.label": "事件类别字段", "xpack.securitySolution.detectionEngine.eqlOptionsEventCategoryField.text": "包含事件分类(如进程、文件或网络)的字段。此字段通常在关键字家族中映射为字段类型", "xpack.securitySolution.detectionEngine.eqlOptionsEventTiebreakerField.label": "决胜字段", @@ -24925,13 +24885,11 @@ "xpack.securitySolution.detectionEngine.eqlOptionsSize.label": "大小", "xpack.securitySolution.detectionEngine.eqlOptionsSize.text": "对于基本查询,要返回的最大匹配事件数目。对于序列查询,要返回的最大匹配序列数目。", "xpack.securitySolution.detectionEngine.eqlOverViewLink.text": "事件查询语言 (EQL) 概述", - "xpack.securitySolution.detectionEngine.eqlQueryBar.label": "输入 EQL 查询", "xpack.securitySolution.detectionEngine.eqlSettings.title": "EQL 设置", "xpack.securitySolution.detectionEngine.eqlValidation.requestError": "验证 EQL 查询时发生错误", "xpack.securitySolution.detectionEngine.eqlValidation.showErrorsLabel": "显示 EQL 验证错误", "xpack.securitySolution.detectionEngine.eqlValidation.title": "EQL 验证错误", "xpack.securitySolution.detectionEngine.goToDocumentationButton": "查看文档", - "xpack.securitySolution.detectionEngine.lastSignalTitle": "上一告警", "xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditAlerts": "没有这些权限,将无法查看或更改告警的状态。", "xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditLists": "没有这些权限,将无法创建或编辑值列表。", "xpack.securitySolution.detectionEngine.missingPrivilegesCallOut.cannotEditRules": "没有该权限,将无法创建或编辑检测引擎规则。", @@ -25562,26 +25520,18 @@ "xpack.securitySolution.detectionEngine.noPermissionsMessage": "要查看告警,必须更新权限。有关详细信息,请联系您的 Kibana 管理员。", "xpack.securitySolution.detectionEngine.noPermissionsTitle": "需要权限", "xpack.securitySolution.detectionEngine.pageTitle": "检测引擎", - "xpack.securitySolution.detectionEngine.panelSubtitleShowing": "正在显示", "xpack.securitySolution.detectionEngine.queryPreview.actions": "操作", "xpack.securitySolution.detectionEngine.queryPreview.histogramDisclaimer": "注意:具有多个 event.category 值的告警会计算多次。", "xpack.securitySolution.detectionEngine.queryPreview.mlHistogramDisclaimer": "注意:具有多个 host.name 值的告警会计算多次。", "xpack.securitySolution.detectionEngine.queryPreview.queryGraphCountLabel": "计数", "xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewError": "提取预览时出错", - "xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewInspectTitle": "查询预览", "xpack.securitySolution.detectionEngine.queryPreview.queryGraphPreviewNoiseWarning": "噪音警告:此规则可能会导致大量噪音。考虑缩小您的查询范围。这基于每小时 1 条告警的线性级数。", - "xpack.securitySolution.detectionEngine.queryPreview.queryNoHits": "找不到任何命中。", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewDisclaimer": "注意:此预览不包括规则例外和时间戳覆盖的影响。", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewEqlSequenceDescription": "目前没有直方图可用于 EQL 序列查询。您可以通过右上角的检查按钮来查看查询详情。", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewEqlSequenceTitle": "无直方图可用", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewGraphThresholdWithFieldTitle": "{buckets} 个{buckets, plural, other {唯一命中}}", - "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewGraphTitle": "{hits} 个{hits, plural, other {命中}}", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewHelpText": "选择数据的时间范围以预览查询结果。", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewLabel": "快速查询预览", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewSeeAllErrors": "查看所有错误", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewSeeAllWarnings": "查看所有警告", "xpack.securitySolution.detectionEngine.queryPreview.queryPreviewTitle": "规则预览", - "xpack.securitySolution.detectionEngine.queryPreview.queryThresholdGraphCountLabel": "累计阈值计数", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsAriaLabel": "查看详情", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsForRowAriaLabel": "查看第 {ariaRowindex} 行的告警或事件的详细信息,其中列为 {columnValues}", "xpack.securitySolution.detectionEngine.rule.editRule.errorMsgDescription": "您在{countError, plural, other {以下选项卡}}中的输入无效:{tabHasError}", @@ -25596,7 +25546,6 @@ "xpack.securitySolution.detectionEngine.ruleDetails.deletedRule": "已删除规则", "xpack.securitySolution.detectionEngine.ruleDetails.enableRuleLabel": "启用", "xpack.securitySolution.detectionEngine.ruleDetails.exceptionsTab": "例外", - "xpack.securitySolution.detectionEngine.ruleDetails.experimentalDescription": "技术预览", "xpack.securitySolution.detectionEngine.ruleDetails.pageTitle": "规则详情", "xpack.securitySolution.detectionEngine.ruleDetails.ruleCreationDescription": "由 {by} 于 {date}创建", "xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.actionFieldNotFoundErrorDescription": "在告警索引中找不到字段“kibana.alert.rule.execution.uuid”。", @@ -25631,7 +25580,6 @@ "xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.totalExecutionsLabel": "正在显示 {totalItems} 个{totalItems, plural, other {规则执行}}", "xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLogsTab": "规则执行日志 ", "xpack.securitySolution.detectionEngine.ruleDetails.ruleUpdateDescription": "由 {by} 于 {date}更新", - "xpack.securitySolution.detectionEngine.ruleDetails.statusFailedDescription": "失败", "xpack.securitySolution.detectionEngine.ruleDetails.unknownDescription": "未知", "xpack.securitySolution.detectionEngine.rules.aboutRuleTitle": "关于规则", "xpack.securitySolution.detectionEngine.rules.addNewRuleTitle": "创建新规则", @@ -25645,7 +25593,6 @@ "xpack.securitySolution.detectionEngine.rules.all.exceptions.exportSuccess": "例外列表导出成功", "xpack.securitySolution.detectionEngine.rules.all.exceptions.idTitle": "列表 ID", "xpack.securitySolution.detectionEngine.rules.all.exceptions.listName": "名称", - "xpack.securitySolution.detectionEngine.rules.all.exceptions.numberRulesAssignedTitle": "分配至以下检测引擎的规则数:", "xpack.securitySolution.detectionEngine.rules.all.exceptions.rulesAssignedTitle": "分配至以下检测引擎的规则:", "xpack.securitySolution.detectionEngine.rules.all.exceptions.rulesPopoverButton": "+{rulesCount} 个{rulesCount, plural, other {规则}}", "xpack.securitySolution.detectionEngine.rules.allExceptionLists.filters.noExceptionsTitle": "未找到例外列表", @@ -25654,11 +25601,9 @@ "xpack.securitySolution.detectionEngine.rules.allExceptions.tableTitle": "例外列表", "xpack.securitySolution.detectionEngine.rules.allRules.actions.deleteRuleDescription": "删除规则", "xpack.securitySolution.detectionEngine.rules.allRules.actions.duplicateRuleDescription": "复制规则", - "xpack.securitySolution.detectionEngine.rules.allRules.actions.duplicateTitle": "复制", "xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsDescription": "编辑规则设置", "xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsToolTip": "您没有 Kibana 操作权限", "xpack.securitySolution.detectionEngine.rules.allRules.actions.exportRuleDescription": "导出规则", - "xpack.securitySolution.detectionEngine.rules.allRules.activeRuleDescription": "活动", "xpack.securitySolution.detectionEngine.rules.allRules.batchActions.deleteSelectedImmutableTitle": "选择内容包含无法删除的不可变规则", "xpack.securitySolution.detectionEngine.rules.allRules.batchActionsTitle": "批处理操作", "xpack.securitySolution.detectionEngine.rules.allRules.bulkAction.enable.successToastDescription": "已成功启用 {totalRules, plural, other {{totalRules} 个规则}}", @@ -25721,7 +25666,6 @@ "xpack.securitySolution.detectionEngine.rules.allRules.columns.riskScoreTitle": "风险分数", "xpack.securitySolution.detectionEngine.rules.allRules.columns.ruleTitle": "规则", "xpack.securitySolution.detectionEngine.rules.allRules.columns.severityTitle": "严重性", - "xpack.securitySolution.detectionEngine.rules.allRules.columns.tagsPopoverTitle": "查看全部", "xpack.securitySolution.detectionEngine.rules.allRules.columns.tagsTitle": "标签", "xpack.securitySolution.detectionEngine.rules.allRules.columns.versionTitle": "版本", "xpack.securitySolution.detectionEngine.rules.allRules.exportFilenameTitle": "rules_export", @@ -25736,7 +25680,6 @@ "xpack.securitySolution.detectionEngine.rules.allRules.filters.noRulesTitle": "未找到任何规则", "xpack.securitySolution.detectionEngine.rules.allRules.filters.noTagsAvailableDescription": "没有可用标签", "xpack.securitySolution.detectionEngine.rules.allRules.filters.tagsLabel": "标签", - "xpack.securitySolution.detectionEngine.rules.allRules.inactiveRuleDescription": "非活动", "xpack.securitySolution.detectionEngine.rules.allRules.refreshTitle": "刷新", "xpack.securitySolution.detectionEngine.rules.allRules.searchAriaLabel": "搜索规则", "xpack.securitySolution.detectionEngine.rules.allRules.searchPlaceholder": "规则名称、搜索模式(如“filebeat-*”) 或者 MITRE ATT&CK™ 策略或技术(如“Defense Evasion”或“TA0005”)", @@ -25744,10 +25687,8 @@ "xpack.securitySolution.detectionEngine.rules.allRules.selectedRulesTitle": "已选择 {selectedRules} 个{selectedRules, plural, other {规则}}", "xpack.securitySolution.detectionEngine.rules.allRules.showingExceptionLists": "正在显示 {totalLists} 个{totalLists, plural, other {列表}}", "xpack.securitySolution.detectionEngine.rules.allRules.showingRulesTitle": "正在显示 {totalRules} 个{totalRules, plural, other {规则}}", - "xpack.securitySolution.detectionEngine.rules.allRules.tabs.exceptions": "例外列表", "xpack.securitySolution.detectionEngine.rules.allRules.tabs.monitoring": "规则监测", "xpack.securitySolution.detectionEngine.rules.allRules.tabs.rules": "规则", - "xpack.securitySolution.detectionEngine.rules.backOptionsHeader": "返回到检测", "xpack.securitySolution.detectionEngine.rules.cloneRule.duplicateTitle": "复制", "xpack.securitySolution.detectionEngine.rules.components.ruleActionsOverflow.allActionsTitle": "所有操作", "xpack.securitySolution.detectionEngine.rules.continueButtonTitle": "继续", @@ -25797,8 +25738,6 @@ "xpack.securitySolution.detectionEngine.ruleStatus.statusDescription": "上次响应", "xpack.securitySolution.detectionEngine.signalRuleAlert.actionGroups.default": "默认", "xpack.securitySolution.detectionEngine.signals.alertReasonDescription": "{eventCategory, select, null {} other {{eventCategory}{whitespace}}}事件{hasFieldOfInterest, select, false {} other {{whitespace}具有}}{processName, select, null {} other {{whitespace}进程 {processName},} }{processParentName, select, null {} other {{whitespace}父进程 {processParentName},} }{fileName, select, null {} other {{whitespace}文件 {fileName},} }{sourceAddress, select, null {} other {{whitespace}源 {sourceAddress}}}{sourcePort, select, null {} other {:{sourcePort},}}{destinationAddress, select, null {} other {{whitespace}目标 {destinationAddress}}}{destinationPort, select, null {} other {:{destinationPort},}}{userName, select, null {} other {{whitespace}由 {userName}} }{hostName, select, null {} other {{whitespace}于 {hostName}} } 创建了 {alertSeverity} 告警 {alertName}。", - "xpack.securitySolution.detectionEngine.signalTitle": "检测到的告警", - "xpack.securitySolution.detectionEngine.totalSignalTitle": "合计", "xpack.securitySolution.detectionEngine.userUnauthenticatedMsgBody": "您没有所需的权限,无法查看检测引擎。若需要更多帮助,请联系您的管理员。", "xpack.securitySolution.detectionEngine.userUnauthenticatedTitle": "需要检测引擎权限", "xpack.securitySolution.detectionEngine.validations.thresholdCardinalityFieldFieldData.thresholdCardinalityFieldNotSuppliedMessage": "基数字段必填。", @@ -25829,7 +25768,6 @@ "xpack.securitySolution.detectionResponse.noRecentCases": "没有可显示的案例", "xpack.securitySolution.detectionResponse.noRuleAlerts": "没有可显示的告警", "xpack.securitySolution.detectionResponse.openAllAlertsButton": "查看所有打开的告警", - "xpack.securitySolution.detectionResponse.openRuleAlertsTooltip": "打开规则告警", "xpack.securitySolution.detectionResponse.openRuleDetailTooltip": "打开规则详情", "xpack.securitySolution.detectionResponse.pageTitle": "检测和响应", "xpack.securitySolution.detectionResponse.ruleAlertsColumnAlertCount": "告警计数", @@ -25845,8 +25783,6 @@ "xpack.securitySolution.detectionResponse.userAlertsSectionTitle": "用户(按告警严重性排列)", "xpack.securitySolution.detectionResponse.userAlertsUserName": "用户名", "xpack.securitySolution.detectionResponse.userSectionTooltip": "最多 100 个用户。请访问“告警”页面获取更多信息。", - "xpack.securitySolution.detectionResponse.viewAllHostAlerts": "查看所有主机", - "xpack.securitySolution.detectionResponse.viewAllUserAlerts": "查看所有用户", "xpack.securitySolution.detectionResponse.viewCases": "查看案例", "xpack.securitySolution.detectionResponse.viewRecentCases": "查看最近案例", "xpack.securitySolution.detections.alerts.agentStatus": "代理状态", @@ -25857,18 +25793,14 @@ "xpack.securitySolution.documentationLinks.detectionsRequirements.text": "检测先决条件和要求", "xpack.securitySolution.documentationLinks.mlJobCompatibility.text": "ML 作业兼容性", "xpack.securitySolution.documentationLinks.solutionRequirements.text": "Elastic Security 系统要求", - "xpack.securitySolution.dragAndDrop.addToTimeline": "添加到时间线调查", "xpack.securitySolution.dragAndDrop.closeButtonLabel": "关闭", "xpack.securitySolution.dragAndDrop.copyToClipboardTooltip": "复制到剪贴板", "xpack.securitySolution.dragAndDrop.draggableKeyboardInstructionsNotDraggingScreenReaderOnly": "按 enter 键可显示选项,或按空格键开始拖动。", "xpack.securitySolution.dragAndDrop.fieldLabel": "字段", - "xpack.securitySolution.dragAndDrop.filterForValueHoverAction": "筛留值", - "xpack.securitySolution.dragAndDrop.filterOutValueHoverAction": "筛除值", "xpack.securitySolution.dragAndDrop.youAreInADialogContainingOptionsScreenReaderOnly": "您在对话框中,其中包含 {fieldName} 字段的选项。按 tab 键导航选项。按 escape 退出。", "xpack.securitySolution.draggables.field.categoryLabel": "类别", "xpack.securitySolution.draggables.field.fieldLabel": "字段", "xpack.securitySolution.draggables.field.typeLabel": "类型", - "xpack.securitySolution.draggables.field.viewCategoryTooltip": "查看类别", "xpack.securitySolution.editDataProvider.doesNotExistLabel": "不存在", "xpack.securitySolution.editDataProvider.existsLabel": "存在", "xpack.securitySolution.editDataProvider.fieldLabel": "字段", @@ -25981,14 +25913,12 @@ "xpack.securitySolution.endpoint.hostIsolation.comment.placeholder": "可以根据需要在此处写下备注。", "xpack.securitySolution.endpoint.hostIsolation.confirm": "确认", "xpack.securitySolution.endpoint.hostIsolation.failedToIsolate.title": "无法隔离主机", - "xpack.securitySolution.endpoint.hostisolation.isolate": "隔离", "xpack.securitySolution.endpoint.hostIsolation.isolated": "已隔离", "xpack.securitySolution.endpoint.hostIsolation.isolateHost": "隔离主机", "xpack.securitySolution.endpoint.hostIsolation.isolateHost.casesAssociatedWithAlert": "与此主机关联的 {caseCount} 个{caseCount, plural, other {案例}}", "xpack.securitySolution.endpoint.hostIsolation.isolateThisHost": "从网络中隔离主机 {hostName}。", "xpack.securitySolution.endpoint.hostIsolation.isolateThisHostAbout": "隔离主机将使其断开网络。主机将只能与 Kibana 平台通信。", "xpack.securitySolution.endpoint.hostIsolation.isolation.successfulMessage": "已成功提交主机 {hostName} 的隔离", - "xpack.securitySolution.endpoint.hostIsolation.notIsolated": "未隔离", "xpack.securitySolution.endpoint.hostIsolation.placeholderCase": "{caseName}", "xpack.securitySolution.endpoint.hostIsolation.returnToAlertDetails": "返回到告警详情", "xpack.securitySolution.endpoint.hostIsolation.successfulIsolation.cases": "此操作已附加到以下{caseCount, plural, other {案例}}:", @@ -26391,14 +26321,11 @@ "xpack.securitySolution.endpoint.resolver.panel.table.row.timestampTitle": "时间戳", "xpack.securitySolution.endpoint.resolver.panel.table.row.valueMissingDescription": "值缺失", "xpack.securitySolution.endpoint.resolver.processDescription": "{isEventBeingAnalyzed, select, true {已分析的事件 · {descriptionText}} false {{descriptionText}}}", - "xpack.securitySolution.endpoint.resolver.relatedEventLimitExceeded": "{numberOfEventsMissing} 个{category}事件无法显示,因为已达到数据限制。", "xpack.securitySolution.endpoint.resolver.relatedEventLimitTitle": "此列表包括 {numberOfEntries} 个进程事件。", - "xpack.securitySolution.endpoint.resolver.relatedLimitsExceededTitle": "此列表包括 {numberOfEventsDisplayed} 个{category}事件。", "xpack.securitySolution.endpoint.resolver.runningProcess": "正在运行的进程", "xpack.securitySolution.endpoint.resolver.runningTrigger": "正在运行的触发器", "xpack.securitySolution.endpoint.resolver.terminatedProcess": "已终止进程", "xpack.securitySolution.endpoint.resolver.terminatedTrigger": "已终止触发器", - "xpack.securitySolution.endpoint.takeAction.changeAlertStatus": "更改告警状态", "xpack.securitySolution.endpoint.trustedApps.fleetIntegration.title": "受信任的应用程序", "xpack.securitySolution.endpointConsoleCommands.isolate.about": "隔离主机", "xpack.securitySolution.endpointConsoleCommands.status.about": "显示终端的最新状态信息", @@ -26419,7 +26346,6 @@ "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationCompletedAndUnsuccessful": "终端完成释放请求,但有错误", "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationFailed": "终端收到释放主机请求,但有错误", "xpack.securitySolution.endpointDetails.activityLog.logEntry.response.unisolationSuccessful": "终端收到释放主机请求", - "xpack.securitySolution.endpointDetails.activityLog.search": "搜索活动日志", "xpack.securitySolution.endpointDetails.overview": "概览", "xpack.securitySolution.endpointManagement.noPermissionsSubText": "您必须具有超级用户角色才能使用此功能。如果您不具有超级用户角色,且无权编辑用户角色,请与 Kibana 管理员联系。", "xpack.securitySolution.endpointManagemnet.noPermissionsText": "您没有所需的 Kibana 权限,无法使用 Elastic Security 管理", @@ -26433,9 +26359,6 @@ "xpack.securitySolution.enpdoint.resolver.panelutils.noTimestampRetrieved": "未检索时间戳", "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "在 Endpoint Security 中打开", "xpack.securitySolution.event.reason.reasonRendererTitle": "事件渲染器:{eventRendererName} ", - "xpack.securitySolution.eventDetails.blank": " ", - "xpack.securitySolution.eventDetails.copyToClipboard": "复制到剪贴板", - "xpack.securitySolution.eventDetails.copyToClipboardTooltip": "复制到剪贴板", "xpack.securitySolution.eventDetails.ctiSummary.feedNamePreposition": "来自", "xpack.securitySolution.eventDetails.ctiSummary.indicatorEnrichmentTitle": "检测到威胁匹配", "xpack.securitySolution.eventDetails.ctiSummary.indicatorEnrichmentTooltipContent": "此字段值使用您创建的规则匹配威胁情报指标。", @@ -26456,7 +26379,6 @@ "xpack.securitySolution.eventDetails.value": "值", "xpack.securitySolution.eventDetails.viewAllFields": "查看表中的所有字段", "xpack.securitySolution.eventDetails.viewColumnCheckboxAriaLabel": "查看 {field} 列", - "xpack.securitySolution.eventDetails.viewRuleDetailPage": "查看规则详情页面", "xpack.securitySolution.eventFilter.flyoutForm.creationSuccessToastTitle": "“{name}”已添加到事件筛选列表。", "xpack.securitySolution.eventFilter.form.description.placeholder": "描述", "xpack.securitySolution.eventFilter.form.name.error": "名称不能为空", @@ -26538,7 +26460,6 @@ "xpack.securitySolution.eventRenderers.zeekName": "Zeek(之前的 Bro)", "xpack.securitySolution.eventsViewer.actionsColumnLabel": "操作", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.alertDurationTitle": "告警持续时间", - "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.methodTitle": "方法", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.reasonTitle": "原因", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.riskScoreTitle": "风险分数", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.ruleDescriptionTitle": "规则描述", @@ -26550,11 +26471,9 @@ "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.thresholdCount": "阈值计数", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.thresholdTerms": "阈值词", "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.triggeredTitle": "已触发", - "xpack.securitySolution.eventsViewer.alerts.defaultHeaders.versionTitle": "版本", "xpack.securitySolution.eventsViewer.alerts.overview.changeAlertStatus": "更改告警状态", "xpack.securitySolution.eventsViewer.alerts.overview.clickToChangeAlertStatus": "单击以更改告警状态", "xpack.securitySolution.eventsViewer.alerts.overviewTable.signalStatusTitle": "状态", - "xpack.securitySolution.eventsViewer.errorFetchingEventsData": "无法查询事件数据", "xpack.securitySolution.eventsViewer.eventsLabel": "事件", "xpack.securitySolution.eventsViewer.showingLabel": "正在显示", "xpack.securitySolution.eventsViewer.unit": "{totalCount, plural, other {个事件}}", @@ -26565,8 +26484,6 @@ "xpack.securitySolution.exceptions.addException.cancel": "取消", "xpack.securitySolution.exceptions.addException.endpointQuarantineText": "在所有终端主机上,与该例外匹配的已隔离文件会自动还原到其原始位置。此例外适用于使用终端例外的所有规则。", "xpack.securitySolution.exceptions.addException.error": "添加例外失败", - "xpack.securitySolution.exceptions.addException.fetchError": "提取例外列表时出错", - "xpack.securitySolution.exceptions.addException.fetchError.title": "错误", "xpack.securitySolution.exceptions.addException.infoLabel": "满足规则的条件时生成告警,但以下情况除外:", "xpack.securitySolution.exceptions.addException.operatingSystemPlaceHolder": "选择操作系统", "xpack.securitySolution.exceptions.addException.sequenceWarning": "此规则的查询包含 EQL 序列语句。创建的例外将应用于序列中的所有事件。", @@ -26577,9 +26494,6 @@ "xpack.securitySolution.exceptions.clearExceptionsLabel": "移除例外列表", "xpack.securitySolution.exceptions.commentEventLabel": "已添加注释", "xpack.securitySolution.exceptions.commentLabel": "注释", - "xpack.securitySolution.exceptions.createdByLabel": "创建者", - "xpack.securitySolution.exceptions.dateCreatedLabel": "创建日期", - "xpack.securitySolution.exceptions.dateModifiedLabel": "修改日期", "xpack.securitySolution.exceptions.descriptionLabel": "描述", "xpack.securitySolution.exceptions.detectionListLabel": "检测列表", "xpack.securitySolution.exceptions.dissasociateExceptionListError": "无法移除例外列表", @@ -26592,7 +26506,6 @@ "xpack.securitySolution.exceptions.editException.editExceptionSaveButton": "保存", "xpack.securitySolution.exceptions.editException.editExceptionTitle": "编辑规则例外", "xpack.securitySolution.exceptions.editException.endpointQuarantineText": "在所有终端主机上,与该例外匹配的已隔离文件会自动还原到其原始位置。此例外适用于使用终端例外的所有规则。", - "xpack.securitySolution.exceptions.editException.error": "更新例外失败", "xpack.securitySolution.exceptions.editException.infoLabel": "满足规则的条件时生成告警,但以下情况除外:", "xpack.securitySolution.exceptions.editException.sequenceWarning": "此规则的查询包含 EQL 序列语句。修改的例外将应用于序列中的所有事件。", "xpack.securitySolution.exceptions.editException.success": "已成功更新例外", @@ -26607,10 +26520,8 @@ "xpack.securitySolution.exceptions.fieldDescription": "字段", "xpack.securitySolution.exceptions.hideCommentsLabel": "隐藏 ({comments}) 个{comments, plural, other {注释}}", "xpack.securitySolution.exceptions.modalErrorAccordionText": "显示规则引用信息:", - "xpack.securitySolution.exceptions.modifiedByLabel": "修改者", "xpack.securitySolution.exceptions.nameLabel": "名称", "xpack.securitySolution.exceptions.operatingSystemFullLabel": "操作系统", - "xpack.securitySolution.exceptions.operatingSystemLabel": "OS", "xpack.securitySolution.exceptions.operatingSystemLinux": "Linux", "xpack.securitySolution.exceptions.operatingSystemMac": "macOS", "xpack.securitySolution.exceptions.operatingSystemWindows": "Windows", @@ -26659,9 +26570,6 @@ "xpack.securitySolution.featureCatalogueDescription": "预防、收集、检测和响应威胁,以对整个基础架构提供统一的保护。", "xpack.securitySolution.featureRegistry.linkSecuritySolutionCaseTitle": "案例", "xpack.securitySolution.featureRegistry.linkSecuritySolutionTitle": "安全", - "xpack.securitySolution.featureRegistry.manageAlertsName": "告警", - "xpack.securitySolution.featureRegistry.subfeature.alertsAllName": "全部", - "xpack.securitySolution.featureRegistry.subfeature.alertsReadName": "读取", "xpack.securitySolution.fieldBrowser.actionsLabel": "操作", "xpack.securitySolution.fieldBrowser.categoryLabel": "类别", "xpack.securitySolution.fieldBrowser.createFieldButton": "创建字段", @@ -26691,17 +26599,14 @@ "xpack.securitySolution.firstLastSeenHost.failSearchDescription": "无法对上次看到的首个主机执行搜索", "xpack.securitySolution.fleetIntegration.assets.description": "在 Security 应用中查看终端", "xpack.securitySolution.fleetIntegration.assets.name": "主机", - "xpack.securitySolution.flyout.button.text": "时间线", "xpack.securitySolution.flyout.button.timeline": "时间线", "xpack.securitySolution.footer.autoRefreshActiveDescription": "自动刷新已启用", "xpack.securitySolution.footer.autoRefreshActiveTooltip": "自动刷新已启用时,时间线将显示匹配查询的最近 {numberOfItems} 个事件。", "xpack.securitySolution.footer.cancel": "取消", "xpack.securitySolution.footer.data": "数据", "xpack.securitySolution.footer.events": "事件", - "xpack.securitySolution.footer.live": "实时", "xpack.securitySolution.footer.loadingEventsDataLabel": "正在加载事件", "xpack.securitySolution.footer.loadingLabel": "正在加载", - "xpack.securitySolution.footer.loadingTimelineData": "正在加载时间线数据", "xpack.securitySolution.footer.of": "/", "xpack.securitySolution.footer.rows": "行", "xpack.securitySolution.footer.totalCountOfEvents": "事件", @@ -26767,14 +26672,9 @@ "xpack.securitySolution.hostIsolationExceptions.flyoutEditTitle": "编辑主机隔离例外", "xpack.securitySolution.hostIsolationExceptions.form.conditions.subtitle": "主机隔离例外将应用于所有操作系统。", "xpack.securitySolution.hostIsolationExceptions.form.conditions.title": "条件", - "xpack.securitySolution.hostIsolationExceptions.form.creationSuccessToastTitle": "已将“{name}”添加到主机隔离例外列表。", "xpack.securitySolution.hostIsolationExceptions.form.description": "允许已隔离主机连接到这些 IP 地址。仅接受具有可选 CIDR 的 IPv4。", "xpack.securitySolution.hostIsolationExceptions.form.description.label": "描述", "xpack.securitySolution.hostIsolationExceptions.form.description.placeholder": "描述主机隔离例外", - "xpack.securitySolution.hostIsolationExceptions.form.editingSuccessToastTitle": "“{name}”已更新。", - "xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.create": "创建例外时出错:“{error}”", - "xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.get": "无法编辑例外:“{error}”", - "xpack.securitySolution.hostIsolationExceptions.form.failedToastTitle.update": "更新例外时出错:“{error}”", "xpack.securitySolution.hostIsolationExceptions.form.ip.error": "此 IP 无效。仅支持具有可选 CIDR 的 IPv4", "xpack.securitySolution.hostIsolationExceptions.form.ip.label": "输入 IP 地址", "xpack.securitySolution.hostIsolationExceptions.form.ip.placeholder": "例如,0.0.0.0/24", @@ -26782,15 +26682,11 @@ "xpack.securitySolution.hostIsolationExceptions.form.name.label": "命名主机隔离例外", "xpack.securitySolution.hostIsolationExceptions.form.name.placeholder": "主机隔离例外名称", "xpack.securitySolution.hostIsolationExceptions.form.title": "详情", - "xpack.securitySolution.hostIsolationExceptions.list.action.delete": "删除例外", - "xpack.securitySolution.hostIsolationExceptions.list.action.edit": "编辑例外", "xpack.securitySolution.hostIsolationExceptions.pageAboutInfo": "添加主机隔离例外以允许隔离的主机与特定 IP 通信。", "xpack.securitySolution.hostIsolationExceptions.pageAddButtonTitle": "添加主机隔离例外", "xpack.securitySolution.hostIsolationExceptions.pageTitle": "主机隔离例外", "xpack.securitySolution.hostIsolationExceptions.searchPlaceholderInfo": "搜索下面的字段:name、description、IP", "xpack.securitySolution.hostIsolationExceptions.showingTotal": "正在显示 {total} 个{total, plural, other {主机隔离例外}}", - "xpack.securitySolution.hostOverview.errorSearchDescription": "搜索主机概览时发生错误", - "xpack.securitySolution.hostOverview.failSearchDescription": "无法对主机概览执行搜索", "xpack.securitySolution.hosts.hostRiskInformation.buttonLabel": "如何计算风险分数?", "xpack.securitySolution.hosts.hostRiskInformation.classificationHeader": "分类", "xpack.securitySolution.hosts.hostRiskInformation.closeBtn": "关闭", @@ -26806,7 +26702,6 @@ "xpack.securitySolution.hosts.hostScoreOverTime.riskScore": "风险分数", "xpack.securitySolution.hosts.hostScoreOverTime.riskyLabel": "有风险", "xpack.securitySolution.hosts.hostScoreOverTime.riskyThresholdHeader": "有风险的阈值", - "xpack.securitySolution.hosts.kqlPlaceholder": "例如 host.name:“foo”", "xpack.securitySolution.hosts.navigation.alertsTitle": "外部告警", "xpack.securitySolution.hosts.navigation.allHostsTitle": "所有主机", "xpack.securitySolution.hosts.navigation.anomaliesTitle": "异常", @@ -26864,7 +26759,6 @@ "xpack.securitySolution.indexPatterns.continue": "继续,而不添加", "xpack.securitySolution.indexPatterns.dataViewLabel": "数据视图", "xpack.securitySolution.indexPatterns.descriptionsLabel": "这些是当前选择的索引模式。从您的数据视图中筛除索引模式可帮助提高整体性能。", - "xpack.securitySolution.indexPatterns.disabled": "在此页面上建议使用已禁用的索引模式,但是首先需要在 Kibana 索引模式设置中配置这些模式", "xpack.securitySolution.indexPatterns.failureToastText": "更新时发生意外错误。如果要修改数据,您可以手动选择数据视图 {link}。", "xpack.securitySolution.indexPatterns.failureToastTitle": "无法更新数据视图", "xpack.securitySolution.indexPatterns.inactive": "非活动索引模式", @@ -26897,7 +26791,6 @@ "xpack.securitySolution.indexPatterns.updateAvailableBadgeTitle": "有可用更新", "xpack.securitySolution.indexPatterns.updateDataView": "是否要将此索引模式添加到安全数据视图?否则,我们可以不使用缺失的索引模式来重新创建数据视图。", "xpack.securitySolution.indexPatterns.updateSecurityDataView": "更新安全数据视图", - "xpack.securitySolution.insert.timeline.insertTimelineButton": "插入时间线链接", "xpack.securitySolution.inspect.modal.closeTitle": "关闭", "xpack.securitySolution.inspect.modal.indexPatternDescription": "连接到 Elasticsearch 索引的索引模式。可以在“Kibana”>“高级设置”中配置这些索引。", "xpack.securitySolution.inspect.modal.indexPatternLabel": "索引模式", @@ -26969,9 +26862,7 @@ "xpack.securitySolution.lists.valueListsTable.actionsColumn": "操作", "xpack.securitySolution.lists.valueListsTable.createdByColumn": "创建者", "xpack.securitySolution.lists.valueListsTable.deleteActionDescription": "删除值列表", - "xpack.securitySolution.lists.valueListsTable.deleteActionName": "移除", "xpack.securitySolution.lists.valueListsTable.exportActionDescription": "导出值列表", - "xpack.securitySolution.lists.valueListsTable.exportActionName": "导出", "xpack.securitySolution.lists.valueListsTable.fileNameColumn": "文件名", "xpack.securitySolution.lists.valueListsTable.title": "值列表", "xpack.securitySolution.lists.valueListsTable.typeColumn": "类型", @@ -26980,7 +26871,6 @@ "xpack.securitySolution.management.policiesSelector.label": "策略", "xpack.securitySolution.management.policiesSelector.unassignedEntries": "未分配的条目", "xpack.securitySolution.management.search.button": "刷新", - "xpack.securitySolution.markdownEditor.markdownInputHelp": "Markdown 语法帮助", "xpack.securitySolution.markdownEditor.plugins.timeline.failedRetrieveTimelineErrorMsg": "无法检索时间线 ID:{ timelineId }", "xpack.securitySolution.markdownEditor.plugins.timeline.insertTimelineButtonLabel": "插入时间线链接", "xpack.securitySolution.markdownEditor.plugins.timeline.noParenthesesErrorMsg": "应为左括号", @@ -26989,7 +26879,6 @@ "xpack.securitySolution.markdownEditor.plugins.timeline.timelineErrorTitle": "时间线错误", "xpack.securitySolution.markdownEditor.plugins.timeline.toolTip.timelineId": "时间线 ID:{ timelineId }", "xpack.securitySolution.markdownEditor.plugins.timeline.toolTip.timelineUrlIsNotValidErrorMsg": "时间线 URL 无效 => {timelineUrl}", - "xpack.securitySolution.markdownEditor.preview": "预览", "xpack.securitySolution.matrixHistogram.errorSearchDescription": "搜索矩阵直方图时发生错误", "xpack.securitySolution.matrixHistogram.failSearchDescription": "无法对矩阵直方图执行搜索", "xpack.securitySolution.ml.score.anomalousEntityTitle": "异常实体", @@ -27063,7 +26952,6 @@ "xpack.securitySolution.network.ipDetails.usersTable.rows": "{numRows} {numRows, plural, other {行}}", "xpack.securitySolution.network.ipDetails.usersTable.unit": "{totalCount, plural, other {个用户}}", "xpack.securitySolution.network.ipDetails.usersTable.usersTitle": "用户", - "xpack.securitySolution.network.kqlPlaceholder": "例如 source.ip:“foo”", "xpack.securitySolution.network.navigation.alertsTitle": "外部告警", "xpack.securitySolution.network.navigation.anomaliesTitle": "异常", "xpack.securitySolution.network.navigation.dnsTitle": "DNS", @@ -27074,7 +26962,6 @@ "xpack.securitySolution.networkDetails.errorSearchDescription": "搜索网络详情时发生错误", "xpack.securitySolution.networkDetails.failSearchDescription": "无法对网络详情执行搜索", "xpack.securitySolution.networkDns.errorSearchDescription": "搜索网络 DNS 时发生错误", - "xpack.securitySolution.networkDns.failSearchDescription": "无法对网络 DNS 执行搜索", "xpack.securitySolution.networkDnsTable.column.bytesInTitle": "DNS 传入字节", "xpack.securitySolution.networkDnsTable.column.bytesOutTitle": "DNS 传出字节", "xpack.securitySolution.networkDnsTable.column.registeredDomain": "已注册域", @@ -27085,7 +26972,6 @@ "xpack.securitySolution.networkDnsTable.select.includePtrRecords": "包括 PTR 记录", "xpack.securitySolution.networkDnsTable.title": "排名靠前的 DNS 域", "xpack.securitySolution.networkDnsTable.unit": "{totalCount, plural, other {个域}}", - "xpack.securitySolution.networkHttp.errorSearchDescription": "搜索网络 HTTP 时发生错误", "xpack.securitySolution.networkHttp.failSearchDescription": "无法对网络 HTTP 执行搜索", "xpack.securitySolution.networkHttpTable.column.domainTitle": "域", "xpack.securitySolution.networkHttpTable.column.lastHostTitle": "上一主机", @@ -27109,7 +26995,6 @@ "xpack.securitySolution.networkKpiUniquePrivateIps.failSearchDescription": "无法对网络 KPI 唯一专用 IP 执行搜索", "xpack.securitySolution.networkTls.errorSearchDescription": "搜索网络 TLS 时发生错误", "xpack.securitySolution.networkTls.failSearchDescription": "无法对网络 TLS 执行搜索", - "xpack.securitySolution.networkTopCountries.errorSearchDescription": "搜索网络热门国家/地区时发生错误", "xpack.securitySolution.networkTopCountries.failSearchDescription": "无法对网络热门国家/地区执行搜索", "xpack.securitySolution.networkTopCountriesTable.column.bytesInTitle": "传入字节", "xpack.securitySolution.networkTopCountriesTable.column.bytesOutTitle": "传出字节", @@ -27121,7 +27006,6 @@ "xpack.securitySolution.networkTopCountriesTable.heading.sourceCountries": "源国家/地区", "xpack.securitySolution.networkTopCountriesTable.heading.unit": "{totalCount, plural, other {个国家或地区}}", "xpack.securitySolution.networkTopCountriesTable.rows": "{numRows} {numRows, plural, other {行}}", - "xpack.securitySolution.networkTopNFlow.errorSearchDescription": "搜索网络排名前 n 个流时发生错误", "xpack.securitySolution.networkTopNFlow.failSearchDescription": "无法对网络排名前 n 个流执行搜索", "xpack.securitySolution.networkTopNFlowTable.column.asTitle": "自治系统", "xpack.securitySolution.networkTopNFlowTable.column.bytesInTitle": "传入字节", @@ -27142,15 +27026,11 @@ "xpack.securitySolution.newsFeed.noNewsMessageForAdmin": "您当前的新闻源 URL 未返回最近的新闻。要更新 URL 或禁用安全新闻,您可以通过", "xpack.securitySolution.noPermissionsMessage": "要查看 {subPluginKey},必须更新权限。有关详细信息,请联系您的 Kibana 管理员。", "xpack.securitySolution.noPermissionsTitle": "需要权限", - "xpack.securitySolution.notes.addANotePlaceholder": "添加备注", - "xpack.securitySolution.notes.addedANoteLabel": "已添加备注", "xpack.securitySolution.notes.addNoteButtonLabel": "添加备注", "xpack.securitySolution.notes.cancelButtonLabel": "取消", - "xpack.securitySolution.notes.copyToClipboardButtonLabel": "复制到剪贴板", "xpack.securitySolution.notes.createdByLabel": "创建者", "xpack.securitySolution.notes.noteLabel": "备注", "xpack.securitySolution.notes.notesTitle": "备注", - "xpack.securitySolution.notes.previewMarkdownTitle": "预览 (Markdown)", "xpack.securitySolution.notes.search.FilterByUserOrNotePlaceholder": "按用户或备注筛选", "xpack.securitySolution.notes.youAreEditingANoteScreenReaderOnly": "您正在编辑备注。完成后单击“添加备注”,或按 esc 键取消。", "xpack.securitySolution.notes.youAreViewingNotesScreenReaderOnly": "您正在查看事件在第 {row} 行的备注。完成后,按向上箭头键可返回到事件。", @@ -27181,9 +27061,6 @@ "xpack.securitySolution.open.timeline.openTimelineButton": "打开时间线......", "xpack.securitySolution.open.timeline.openTimelineTitle": "打开", "xpack.securitySolution.open.timeline.pinnedEventsTooltip": "置顶事件", - "xpack.securitySolution.open.timeline.pluralTemplatesLabel": "模板", - "xpack.securitySolution.open.timeline.pluralTimelinesLabel": "时间线", - "xpack.securitySolution.open.timeline.postedLabel": "已发表:", "xpack.securitySolution.open.timeline.refreshTitle": "刷新", "xpack.securitySolution.open.timeline.searchPlaceholder": "例如时间线名称或描述", "xpack.securitySolution.open.timeline.searchTemplatePlaceholder": "例如模板名称或描述", @@ -27192,8 +27069,6 @@ "xpack.securitySolution.open.timeline.showingLabel": "正在显示:", "xpack.securitySolution.open.timeline.showingNTemplatesLabel": "{totalSearchResultsCount} 个{totalSearchResultsCount, plural, other {模板}} {with}", "xpack.securitySolution.open.timeline.showingNTimelinesLabel": "{totalSearchResultsCount} 条{totalSearchResultsCount, plural, other {时间线}} {with}", - "xpack.securitySolution.open.timeline.singleTemplateLabel": "模板", - "xpack.securitySolution.open.timeline.singleTimelineLabel": "时间线", "xpack.securitySolution.open.timeline.successfullyDeletedTimelinesTitle": "已成功删除{totalTimelines, plural, =0 {所有时间线} other { {totalTimelines} 条时间线}}", "xpack.securitySolution.open.timeline.successfullyDeletedTimelineTemplatesTitle": "已成功删除{totalTimelineTemplates, plural, =0 {所有时间线模板} other { {totalTimelineTemplates} 个时间线模板}}", "xpack.securitySolution.open.timeline.successfullyExportedTimelinesTitle": "已成功导出{totalTimelines, plural, =0 {所有时间线} other { {totalTimelines} 条时间线}}", @@ -27215,14 +27090,9 @@ "xpack.securitySolution.overview.ctiDashboardDangerButton": "启用源", "xpack.securitySolution.overview.ctiDashboardDangerPanelTitle": "没有可显示的威胁情报数据", "xpack.securitySolution.overview.ctiDashboardEnableThreatIntel": "您需要启用威胁情报源才能查看数据。", - "xpack.securitySolution.overview.ctiDashboardInfoPanelBody": "按照此指南启用您的仪表板,以便可以在可视化中查看您的源。", - "xpack.securitySolution.overview.ctiDashboardInfoPanelButton": "如何加载 Kibana 仪表板", - "xpack.securitySolution.overview.ctiDashboardInfoPanelTitle": "启用 Kibana 仪表板以查看源", "xpack.securitySolution.overview.ctiDashboardOtherDatasourceTitle": "其他", "xpack.securitySolution.overview.ctiDashboardSubtitle": "正在显示:{totalCount} 个{totalCount, plural, other {指标}}", "xpack.securitySolution.overview.ctiDashboardTitle": "威胁情报", - "xpack.securitySolution.overview.ctiDashboardWarningPanelBody": "我们尚未从选定时间范围检测到任何数据,请尝试搜索其他时间范围。", - "xpack.securitySolution.overview.ctiDashboardWarningPanelTitle": "没有可显示的威胁情报数据", "xpack.securitySolution.overview.ctiViewDasboard": "查看仪表板", "xpack.securitySolution.overview.endgameDnsTitle": "DNS", "xpack.securitySolution.overview.endgameFileTitle": "文件", @@ -27270,8 +27140,6 @@ "xpack.securitySolution.overview.packetBeatDnsTitle": "DNS", "xpack.securitySolution.overview.packetBeatFlowTitle": "流", "xpack.securitySolution.overview.packetbeatTLSTitle": "TLS", - "xpack.securitySolution.overview.pageSubtitle": "Elastic Stack 的安全信息和事件管理功能", - "xpack.securitySolution.overview.recentCasesSidebarTitle": "最近案例", "xpack.securitySolution.overview.recentTimelinesSidebarTitle": "最近的时间线", "xpack.securitySolution.overview.riskyHostsDashboardDangerPanelButton": "启用风险分数", "xpack.securitySolution.overview.riskyHostsDashboardDangerPanelTitle": "没有要显示的主机风险分数数据", @@ -27281,7 +27149,6 @@ "xpack.securitySolution.overview.riskyHostsDashboardWarningPanelBody": "对于选定时间范围,我们尚未从您环境中的主机中检测到任何主机风险分数数据。", "xpack.securitySolution.overview.riskyHostsDashboardWarningPanelTitle": "没有可显示的主机风险分数数据", "xpack.securitySolution.overview.riskyHostsSource": "源", - "xpack.securitySolution.overview.showTopTooltip": "显示排名靠前的{fieldName}", "xpack.securitySolution.overview.signalCountTitle": "检测告警趋势", "xpack.securitySolution.overview.topNLabel": "排名靠前的{fieldName}", "xpack.securitySolution.overview.viewAlertsButtonLabel": "查看告警", @@ -27291,13 +27158,6 @@ "xpack.securitySolution.overviewHost.errorSearchDescription": "搜索主机概览时发生错误", "xpack.securitySolution.overviewHost.failSearchDescription": "无法对主机概览执行搜索", "xpack.securitySolution.pages.common.beta": "公测版", - "xpack.securitySolution.pages.common.emptyActionBeats": "使用 Beats 添加数据", - "xpack.securitySolution.pages.common.emptyActionBeatsDescription": "轻量型 Beats 可以发送来自成百上千的机器和系统中的数据", - "xpack.securitySolution.pages.common.emptyActionElasticAgent": "使用 Elastic 代理添加数据", - "xpack.securitySolution.pages.common.emptyActionElasticAgentDescription": "通过 Elastic 代理,可以简单统一的方式将监测添加到主机。", - "xpack.securitySolution.pages.common.emptyActionEndpoint": "添加 Endpoint Security", - "xpack.securitySolution.pages.common.emptyActionEndpointDescription": "使用威胁防御、检测和深度安全数据可见性功能保护您的主机。", - "xpack.securitySolution.pages.common.emptyActionSecondary": "入门指南。", "xpack.securitySolution.pages.common.solutionName": "安全", "xpack.securitySolution.pages.common.updateAlertStatusFailed": "无法更新{ conflicts } 个{conflicts, plural, other {告警}}。", "xpack.securitySolution.pages.common.updateAlertStatusFailedDetailed": "{ updated } 个{updated, plural, other {告警}}已成功更新,但是 { conflicts } 个无法更新,\n 因为{ conflicts, plural, other {其}}已被修改。", @@ -27326,7 +27186,6 @@ "xpack.securitySolution.policyStatusText.success": "成功", "xpack.securitySolution.policyStatusText.unsupported": "不支持", "xpack.securitySolution.policyStatusText.warning": "警告", - "xpack.securitySolution.recentTimelines.errorRetrievingUserDetailsMessage": "最近的时间线:检索用户详情时发生错误", "xpack.securitySolution.recentTimelines.favoritesButtonLabel": "收藏夹", "xpack.securitySolution.recentTimelines.filterControlLegend": "时间线筛选", "xpack.securitySolution.recentTimelines.lastUpdatedButtonLabel": "上次更新时间", @@ -27488,7 +27347,6 @@ "xpack.securitySolution.system.processStoppedDescription": "已停止进程", "xpack.securitySolution.system.socketClosedDescription": "已关闭套接字 -", "xpack.securitySolution.system.socketOpenedDescription": "已打开套接字 -", - "xpack.securitySolution.system.systemDescription": "系统", "xpack.securitySolution.system.terminatedProcessDescription": "已终止进程", "xpack.securitySolution.system.userAddedDescription": "用户已添加", "xpack.securitySolution.system.userChangedDescription": "用户已更改", @@ -27496,7 +27354,6 @@ "xpack.securitySolution.system.usingDescription": "正在使用", "xpack.securitySolution.system.viaDescription": "通过", "xpack.securitySolution.system.viaParentProcessDescription": "通过父进程", - "xpack.securitySolution.system.wasAuthorizedToUseDescription": "有权使用", "xpack.securitySolution.system.withExitCodeDescription": "退出代码为", "xpack.securitySolution.system.withResultDescription": ",结果为", "xpack.securitySolution.tables.rowItemHelper.moreDescription": "未显示", @@ -27516,19 +27373,13 @@ "xpack.securitySolution.timeline.body.actions.addNotesForRowAriaLabel": "将事件第 {ariaRowindex} 行的备注添加到时间线,其中列为 {columnValues}", "xpack.securitySolution.timeline.body.actions.attachAlertToCaseForRowAriaLabel": "将第 {ariaRowindex} 行的告警或事件附加到案例,其中列为 {columnValues}", "xpack.securitySolution.timeline.body.actions.checkboxForRowAriaLabel": "告警或事件第 {ariaRowindex} 行的{checked, select, false {已取消选中} true {已选中}}复选框,其中列为 {columnValues}", - "xpack.securitySolution.timeline.body.actions.collapseAriaLabel": "折叠", - "xpack.securitySolution.timeline.body.actions.expandEventTooltip": "查看详情", - "xpack.securitySolution.timeline.body.actions.investigateInResolverDisabledTooltip": "无法分析此事件,因为其包含不兼容的字段映射", "xpack.securitySolution.timeline.body.actions.investigateInResolverForRowAriaLabel": "分析第 {ariaRowindex} 行的告警或事件,其中列为 {columnValues}", "xpack.securitySolution.timeline.body.actions.investigateInResolverTooltip": "分析事件", - "xpack.securitySolution.timeline.body.actions.investigateLabel": "调查", "xpack.securitySolution.timeline.body.actions.moreActionsForRowAriaLabel": "为第 {ariaRowindex} 行中的告警或事件选择更多操作,其中列为 {columnValues}", "xpack.securitySolution.timeline.body.actions.pinEventForRowAriaLabel": "将第 {ariaRowindex} 行的事件{isEventPinned, select, false {固定} true {取消固定}}到时间线,其中列为 {columnValues}", "xpack.securitySolution.timeline.body.actions.sendAlertToTimelineForRowAriaLabel": "将第 {ariaRowindex} 行的告警发送到时间线,其中列为 {columnValues}", "xpack.securitySolution.timeline.body.actions.viewDetailsAriaLabel": "查看详情", "xpack.securitySolution.timeline.body.actions.viewDetailsForRowAriaLabel": "查看第 {ariaRowindex} 行的告警或事件的详细信息,其中列为 {columnValues}", - "xpack.securitySolution.timeline.body.actions.viewSummaryLabel": "查看摘要", - "xpack.securitySolution.timeline.body.copyToClipboardButtonLabel": "复制到剪贴板", "xpack.securitySolution.timeline.body.notes.addNoteTooltip": "添加备注", "xpack.securitySolution.timeline.body.notes.disableEventTooltip": "编辑模板时间线时无法在此处添加备注", "xpack.securitySolution.timeline.body.openSessionViewLabel": "打开会话视图", @@ -27613,18 +27464,14 @@ "xpack.securitySolution.timeline.participantsTitle": "参与者", "xpack.securitySolution.timeline.properties.addTimelineButtonLabel": "添加新时间线或模板", "xpack.securitySolution.timeline.properties.addToFavoriteButtonLabel": "添加到收藏夹", - "xpack.securitySolution.timeline.properties.attachTimelineToCaseTooltip": "请为您的时间线提供标题,以便将其附加到案例", "xpack.securitySolution.timeline.properties.attachToCaseButtonLabel": "附加到案例", "xpack.securitySolution.timeline.properties.attachToExistingCaseButtonLabel": "附加到现有案例......", "xpack.securitySolution.timeline.properties.attachToNewCaseButtonLabel": "附加到新案例", "xpack.securitySolution.timeline.properties.autosavedLabel": "已自动保存", "xpack.securitySolution.timeline.properties.descriptionPlaceholder": "添加描述", - "xpack.securitySolution.timeline.properties.existingCaseButtonLabel": "将时间线附加到现有案例......", "xpack.securitySolution.timeline.properties.inspectTimelineTitle": "时间线", "xpack.securitySolution.timeline.properties.lockDatePickerDescription": "将全局日期选取器锁定到时间线日期选取器", "xpack.securitySolution.timeline.properties.lockDatePickerTooltip": "禁用当前查看的页面与您的时间线之间的日期/时间范围同步", - "xpack.securitySolution.timeline.properties.lockedDatePickerLabel": "全局日期选取器已锁定到时间线日期选取器", - "xpack.securitySolution.timeline.properties.newCaseButtonLabel": "将时间线附加到新案例", "xpack.securitySolution.timeline.properties.newTemplateTimelineButtonLabel": "创建新时间线模板", "xpack.securitySolution.timeline.properties.newTimelineButtonLabel": "创建新时间线", "xpack.securitySolution.timeline.properties.notesButtonLabel": "备注", @@ -27634,11 +27481,9 @@ "xpack.securitySolution.timeline.properties.timelineToggleButtonAriaLabel": "{isOpen, select, false {打开} true {关闭} other {切换}}时间线 {title}", "xpack.securitySolution.timeline.properties.unlockDatePickerDescription": "从时间线日期选取器解锁全局日期选取器", "xpack.securitySolution.timeline.properties.unlockDatePickerTooltip": "启用当前查看的页面与您的时间线之间的日期/时间范围同步", - "xpack.securitySolution.timeline.properties.unlockedDatePickerLabel": "全局日期选取器未锁定到时间线日期选取器", "xpack.securitySolution.timeline.properties.unsavedLabel": "未保存", "xpack.securitySolution.timeline.properties.untitledTemplatePlaceholder": "未命名模板", "xpack.securitySolution.timeline.properties.untitledTimelinePlaceholder": "未命名时间线", - "xpack.securitySolution.timeline.protocol": "协议", "xpack.securitySolution.timeline.rangePicker.oneDay": "1 天", "xpack.securitySolution.timeline.rangePicker.oneMonth": "1 个月", "xpack.securitySolution.timeline.rangePicker.oneWeek": "1 周", @@ -27655,22 +27500,11 @@ "xpack.securitySolution.timeline.saveTimelineTemplate.modal.discard.title": "丢弃时间线模板", "xpack.securitySolution.timeline.saveTimelineTemplate.modal.header": "保存时间线模板", "xpack.securitySolution.timeline.searchBoxPlaceholder": "例如 {timeline} 名称或描述", - "xpack.securitySolution.timeline.searchOrFilter.customeIndexNames": "定制", - "xpack.securitySolution.timeline.searchOrFilter.eventTypeAllEvent": "所有数据源", - "xpack.securitySolution.timeline.searchOrFilter.eventTypeDetectionAlertsEvent": "检测告警", - "xpack.securitySolution.timeline.searchOrFilter.eventTypeRawEvent": "事件", "xpack.securitySolution.timeline.searchOrFilter.filterDescription": "上述数据提供程序的事件按相邻 KQL 进行筛选", "xpack.securitySolution.timeline.searchOrFilter.filterKqlPlaceholder": "筛选事件", "xpack.securitySolution.timeline.searchOrFilter.filterKqlSelectedText": "筛选", "xpack.securitySolution.timeline.searchOrFilter.filterKqlTooltip": "上述数据提供程序的事件按此 KQL 进行筛选", "xpack.securitySolution.timeline.searchOrFilter.filterOrSearchWithKql": "使用 KQL 筛选或搜索", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.configure": "查看与以上每项所选内容关联的数据源", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.help": "数据源的选择", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.hideAdvancedSettings": "隐藏“高级”", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.pickIndexPatternsCombo": "选取索引模式", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.resetSettings": "重置", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.save": "保存", - "xpack.securitySolution.timeline.searchOrFilter.indexPatterns.showAdvancedSettings": "显示“高级”", "xpack.securitySolution.timeline.searchOrFilter.searchDescription": "上述数据提供程序的事件与相邻 KQL 的结果进行组合", "xpack.securitySolution.timeline.searchOrFilter.searchKqlPlaceholder": "搜索事件", "xpack.securitySolution.timeline.searchOrFilter.searchKqlSelectedText": "搜索", @@ -27725,7 +27559,6 @@ "xpack.securitySolution.topN.allEventsSelectLabel": "所有事件", "xpack.securitySolution.topN.closeButtonLabel": "关闭", "xpack.securitySolution.topN.rawEventsSelectLabel": "原始事件", - "xpack.securitySolution.trustedapps.aboutInfo": "添加受信任的应用程序,以提高性能或缓解与主机上运行的其他应用程序的冲突。", "xpack.securitySolution.trustedApps.assignmentSectionDescription": "跨所有策略全局分配此受信任的应用程序,或将其分配给特定策略。", "xpack.securitySolution.trustedapps.card.operator.is": "是", "xpack.securitySolution.trustedapps.card.operator.matches": "匹配", @@ -27800,7 +27633,6 @@ "xpack.securitySolution.uiSettings.newsFeedUrlDescription": "

将从此 URL 检索新闻源内容

", "xpack.securitySolution.uiSettings.rulesTableRefresh": "规则自动刷新", "xpack.securitySolution.uiSettings.rulesTableRefreshDescription": "

对所有规则和监测表启用自动刷新(毫秒)

", - "xpack.securitySolution.uncommonProcesses.errorSearchDescription": "搜索不常见进程时发生错误", "xpack.securitySolution.uncommonProcesses.failSearchDescription": "无法对不常见进程执行搜索", "xpack.securitySolution.uncommonProcessTable.hostsTitle": "主机名", "xpack.securitySolution.uncommonProcessTable.lastCommandTitle": "上一命令", @@ -27820,7 +27652,6 @@ "xpack.securitySolution.user.details.overview.userRiskClassification": "用户风险分类", "xpack.securitySolution.user.details.overview.userRiskScoreTitle": "用户风险分数", "xpack.securitySolution.user.ipDetails.ipOverview.lastSeenTitle": "最后看到时间", - "xpack.securitySolution.userDetails.errorSearchDescription": "搜索用户详情时发生错误", "xpack.securitySolution.userDetails.failSearchDescription": "无法对用户详情执行搜索", "xpack.securitySolution.users.navigation.alertsTitle": "外部告警", "xpack.securitySolution.users.navigation.allUsersTitle": "所有用户", @@ -27835,7 +27666,6 @@ "xpack.securitySolution.users.userRiskInformation.closeBtn": "关闭", "xpack.securitySolution.users.userRiskInformation.criticalRiskDescription": "90 及以上", "xpack.securitySolution.users.userRiskInformation.explanation": "此功能利用转换,通过脚本指标聚合基于“开放”状态的检测规则告警来计算 5 天时间窗口内的用户风险分数。该转换每小时运行一次,以根据流入的新检测规则告警更新分数。", - "xpack.securitySolution.users.userRiskInformation.informationAriaLabel": "信息", "xpack.securitySolution.users.userRiskInformation.introduction": "用户风险分数功能将显示您环境中存在风险的用户。", "xpack.securitySolution.users.userRiskInformation.learnMore": "您可以详细了解用户风险{usersRiskScoreDocumentationLink}", "xpack.securitySolution.users.userRiskInformation.link": "此处", @@ -27863,9 +27693,7 @@ "xpack.securitySolution.visualizationActions.uniqueIps.destinationChartLabel": "目标", "xpack.securitySolution.visualizationActions.uniqueIps.sourceChartLabel": "源", "xpack.securitySolution.visualizationActions.userAuthentications.failChartLabel": "失败", - "xpack.securitySolution.visualizationActions.userAuthentications.failUnitLabel": "失败", "xpack.securitySolution.visualizationActions.userAuthentications.successChartLabel": "成功", - "xpack.securitySolution.visualizationActions.userAuthentications.successUnitLabel": "成功", "xpack.securitySolution.zeek.othDescription": "未看到 SYN,仅中游流量", "xpack.securitySolution.zeek.rejDescription": "已拒绝连接尝试", "xpack.securitySolution.zeek.rstoODescription": "连接已建立,发起方已中止(已发送 RST)",