Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RAC][Timeline] - Add audit log to RBAC wrapped search strategy #112040

Merged
merged 29 commits into from
Nov 3, 2021
Merged

[RAC][Timeline] - Add audit log to RBAC wrapped search strategy #112040

merged 29 commits into from
Nov 3, 2021

Conversation

yctercero
Copy link
Contributor

@yctercero yctercero commented Sep 14, 2021
edited
Loading

Summary

Went back to add audit logging to the alerts table search strategy used to query RAC alerts. This PR also includes tests for the logging.

To Do

Checklist

@yctercero yctercero self-assigned this Sep 14, 2021
@yctercero yctercero added Feature:Cases-RAC-RBAC Feature:RAC label obsolete v7.16.0 v8.0.0 Team:Threat Hunting Security Solution Threat Hunting Team release_note:skip Skip the PR/issue when compiling release notes labels Sep 14, 2021
@yctercero
Copy link
Contributor Author

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

⏳ Build in-progress, with failures

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @yctercero

@yctercero yctercero added the bug Fixes for quality problems that affect the customer experience label Oct 20, 2021
@yctercero yctercero mentioned this pull request Oct 20, 2021
Closed
@yctercero yctercero marked this pull request as ready for review October 20, 2021 21:25
@yctercero yctercero requested a review from a team as a code owner October 20, 2021 21:25
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

yctercero
yctercero commented Oct 20, 2021
View reviewed changes
x-pack/test/timeline/security_and_spaces/tests/trial/events.ts
const logFilePath = Path.resolve(__dirname, '../../../common/fixtures/audit/audit.log');
const logFile = new FileWrapper(logFilePath);
const retry = getService('retry');

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dhurley14 @marshallmain @michaelolo24 - wasn't sure exactly who to ask, but as I've been away from RAC this cycle, wondering did anything change recently with giving users with minimal read access? These tests are now failing (they'd been removed sometime so weren't running for months now) but I know they were good back in August-ish about?

@yctercero yctercero requested a review from jportner October 20, 2021 21:34
jportner
jportner approved these changes Oct 20, 2021
View reviewed changes
Copy link
Contributor

@jportner jportner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auditing LGTM. Nice catch on the missing bits in the dev docs.

docs/user/security/audit-logging.asciidoc Outdated Show resolved Hide resolved
@weltenwort
Copy link
Member

This is not a code review, but I tested this PR a bit on the observability alerts table. I couldn't change the workflow status of an alert that I created with the same account even though it has the "logs" consumer:

image

image

@yctercero
Copy link
Contributor Author

yctercero commented Oct 28, 2021
edited
Loading

@elasticmachine merge upstream

@yctercero
Copy link
Contributor Author

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

expected head sha didn’t match current head ref.

@yctercero yctercero added the auto-backport Deprecated - use backport:version if exact versions are needed label Oct 28, 2021
@yctercero
Copy link
Contributor Author

@elasticmachine merge upstream

@yctercero
Copy link
Contributor Author

@elasticmachine merge upstream

@yctercero
Copy link
Contributor Author

@elasticmachine merge upstream

@yctercero
Copy link
Contributor Author

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
ruleRegistry 127 139 +12
Unknown metric groups

API count

id before after diff
ruleRegistry 153 165 +12

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @yctercero

@yctercero yctercero merged commit c2d7f33 into elastic:main Nov 3, 2021
@kibanamachine
Copy link
Contributor

The following labels were identified as gaps in your version labels and will be added automatically:

  • v8.1.0

If any of these should not be on your pull request, please manually remove them.

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Nov 3, 2021
@yctercero @kibanamachine
[RAC][Timeline] - Add audit log to RBAC wrapped search strategy (elas…
3c5db2e 
…tic#112040)

### Summary

Went back to add audit logging to the alerts table search strategy used to query RAC alerts. This PR also includes tests for the logging.
@kibanamachine kibanamachine mentioned this pull request Nov 3, 2021
Merged
@kibanamachine
Copy link
Contributor

💔 Backport failed

Status Branch Result
8.0
7.16 Commit could not be cherrypicked due to conflicts

Successful backport PRs will be merged automatically after passing CI.

To backport manually run:
node scripts/backport --pr 112040

@yctercero yctercero mentioned this pull request Nov 3, 2021
Merged
yctercero added a commit to yctercero/kibana that referenced this pull request Nov 3, 2021
@yctercero
[RAC][Timeline] - Add audit log to RBAC wrapped search strategy (elas…
4a004f6 
…tic#112040)

### Summary

Went back to add audit logging to the alerts table search strategy used to query RAC alerts. This PR also includes tests for the logging.
# Conflicts:
#	x-pack/test/timeline/common/config.ts
#	x-pack/test/timeline/security_and_spaces/tests/trial/events.ts
kibanamachine added a commit that referenced this pull request Nov 3, 2021
@kibanamachine @yctercero
[RAC][Timeline] - Add audit log to RBAC wrapped search strategy (#112040
e6f52d9 
) (#117427)

### Summary

Went back to add audit logging to the alerts table search strategy used to query RAC alerts. This PR also includes tests for the logging.

Co-authored-by: Yara Tercero <yctercero@users.noreply.github.com>
yctercero added a commit that referenced this pull request Nov 3, 2021
@yctercero
[RAC][Timeline] - Add audit log to RBAC wrapped search strategy (#112040
fcd5a23 
) (#117435)

### Summary

Went back to add audit logging to the alerts table search strategy used to query RAC alerts. This PR also includes tests for the logging.
# Conflicts:
#	x-pack/test/timeline/common/config.ts
#	x-pack/test/timeline/security_and_spaces/tests/trial/events.ts
@yctercero yctercero deleted the searchstrat_audit_log branch August 4, 2022 18:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jportner jportner jportner approved these changes

@XavierM XavierM XavierM approved these changes

Assignees

@yctercero yctercero

Labels
auto-backport Deprecated - use backport:version if exact versions are needed bug Fixes for quality problems that affect the customer experience Feature:RAC label obsolete release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting Security Solution Threat Hunting Team v7.16.0 v8.0.0 v8.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@yctercero @kibanamachine @elasticmachine @weltenwort @XavierM @jportner