Skip to content

Commit

Permalink
missing scripts + change url
Browse files Browse the repository at this point in the history
  • Loading branch information
XavierM committed May 18, 2020
1 parent 821a23a commit 8dc39fc
Show file tree
Hide file tree
Showing 9 changed files with 5,320 additions and 3 deletions.
2 changes: 1 addition & 1 deletion x-pack/plugins/siem/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"cypress:open": "cypress open --config-file ./cypress/cypress.json",
"cypress:run": "cypress run --browser chrome --headless --spec ./cypress/integration/**/*.spec.ts --config-file ./cypress/cypress.json --reporter ../../node_modules/cypress-multi-reporters --reporter-options configFile=./cypress/reporter_config.json; status=$?; ../../node_modules/.bin/mochawesome-merge --reportDir ../../../target/kibana-siem/cypress/results > ../../../target/kibana-siem/cypress/results/output.json; ../../../node_modules/.bin/marge ../../../target/kibana-siem/cypress/results/output.json --reportDir ../../../target/kibana-siem/cypress/results; mkdir -p ../../../target/junit && cp ../../../target/kibana-siem/cypress/results/*.xml ../../../target/junit/ && exit $status;",
"cypress:run-as-ci": "node ../../../scripts/functional_tests --config ../../test/siem_cypress/config.ts",
"test:generate": "ts-node --project scripts/cli_tsconfig.json scripts/resolver_generator.ts"
"test:generate": "ts-node --project scripts/endpoint/cli_tsconfig.json scripts/endpoint/resolver_generator.ts"
},
"devDependencies": {
"@types/lodash": "^4.14.110"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ export const alertListPagination = createStructuredSelector({
* Returns a boolean based on whether or not the user is on the alerts page
*/
export const isOnAlertPage = (state: Immutable<AlertListState>): boolean => {
return state.location ? state.location.pathname === '/alerts' : false;
return state.location ? state.location.pathname === '/endpoint-alerts' : false;
};

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ export const policyResponseLoading = (state: Immutable<HostState>): boolean =>
export const policyResponseError = (state: Immutable<HostState>) => state.policyResponseError;

export const isOnHostPage = (state: Immutable<HostState>) =>
state.location ? state.location.pathname === '/hosts' : false;
state.location ? state.location.pathname === '/endpoint-hosts' : false;

export const uiQueryParams: (
state: Immutable<HostState>
Expand Down
46 changes: 46 additions & 0 deletions x-pack/plugins/siem/scripts/endpoint/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
This script makes it easy to create the endpoint metadata, alert, and event documents needed to test Resolver in Kibana.
The default behavior is to create 1 endpoint with 1 alert and a moderate number of events (random, typically on the order of 20).
A seed value can be provided as a string for the random number generator for repeatable behavior, useful for demos etc.
Use the `-d` option if you want to delete and remake the indices, otherwise it will add documents to existing indices.

The sample data generator script depends on ts-node, install with npm:

```npm install -g ts-node```

Example command sequence to get ES and kibana running with sample data after installing ts-node:

```yarn es snapshot``` -> starts ES

```npx yarn start --xpack.endpoint.enabled=true --no-base-path``` -> starts kibana

```cd ~/path/to/kibana/x-pack/plugins/endpoint```

```yarn test:generate --auth elastic:changeme``` -> run the resolver_generator.ts script

Resolver generator CLI options:
```--help Show help [boolean]
--seed, -s random seed to use for document generator [string]
--node, -n elasticsearch node url
[string] [default: "http://localhost:9200"]
--eventIndex, --ei index to store events in
[string] [default: "events-endpoint-1"]
--metadataIndex, --mi index to store endpoint metadata in
[string] [default: "endpoint-agent-1"]
--auth elasticsearch username and password, separated by
a colon [string]
--ancestors, --anc number of ancestors of origin to create
[number] [default: 3]
--generations, --gen number of child generations to create
[number] [default: 3]
--children, --ch maximum number of children per node
[number] [default: 3]
--relatedEvents, --related number of related events to create for each
process event [number] [default: 5]
--percentWithRelated, --pr percent of process events to add related events to
[number] [default: 30]
--percentTerminated, --pt percent of process events to add termination event
for [number] [default: 30]
--numEndpoints, --ne number of different endpoints to generate alerts
for [number] [default: 1]
--alertsPerEndpoint, --ape number of resolver trees to make for each endpoint
[number] [default: 1]```
Loading

0 comments on commit 8dc39fc

Please sign in to comment.