Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SIEMDPOINT] Move endpoint to siem #66907

Merged
merged 26 commits into from
May 19, 2020
Merged

Conversation

XavierM
Copy link
Contributor

@XavierM XavierM commented May 18, 2020

Summary

Move endpoint to siem

Add in kibana dev config

  • xpack.ingestManager.enabled: true
  • xpack.ingestManager.epm.enabled: true
  • xpack.ingestManager.fleet.enabled: true

New routes:

@XavierM XavierM requested review from a team as code owners May 18, 2020 16:10
@XavierM XavierM added release_note:skip Skip the PR/issue when compiling release notes v7.9.0 v8.0.0 labels May 18, 2020
@XavierM XavierM self-assigned this May 18, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-management (Team:Endpoint Management)

@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-data-visibility-team (Team:Endpoint Data Visibility)

@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-response (Team:Endpoint Response)

@XavierM XavierM changed the title [SIENDPOINT] Move endpoint to siem [SIEMDPOINT] Move endpoint to siem May 18, 2020
@oatkiller
Copy link
Contributor

oatkiller commented May 18, 2020

Action Items / Debrief

Here's some stuff from notes I took while working w/ @XavierM on this:

Action items:

Re-enable and fix tests

We kept as many tests enabled as we could. Unfortunately we did disable some. We should try and re-enable tests as soon as possible. In some cases, we may need to integrate a feature more before testing.

Consolidate ‘StartDeps’.

The dependencies that Endpoint needed from NP aren’t exactly the same as the ones SIEM needed. SIEM and Endpoint each had a type for these deps. We added the values that Endpoint needed to the SIEM type (and implementation.) But many places still refer to the Endpoint type. Should we have 1 type plugin-wide? Should each ‘supplugin’ define its own type? TBD

UI ‘links’ are implemented in a different way in SIEM vs Endpoint.

On the Endpoint side @paul-tavares implemented a way to link to places in Kibana / other routes. Let’s compare that w/ what SIEM has and consider consolidating approaches.

Consider formalizing (and finishing) the 'Subplugin' idea

@XavierM proposed the idea of ‘subplugins’ which divide functionality within a plugin. This was semi-implemented in the ‘public’ code, but its not there for the server side. We should define this pattern, and if we like it, argue for adopting it plugin-wide.

Come to agreement on eslint rules that aren’t part of the Kibana standard.

When development started on the endpoint plugin, we were advised not to deviate from the Kibana standard lint rules. The idea is that code that’s valid anywhere in Kibana should be valid everywhere. This should allow us to, for example, copy Endpoint code into SIEM w/o changing it. The SIEM team has some custom lint rules. When the Endpoint code was moved into SIEM, Xavier changed the code to meet SIEM eslint rules. Let’s discuss as a team (and perhaps w/ the Kibana arch group) these lint rules. If we deviate from Kibana in a way that affects all code in the plugin, then we should agree on those rules as a team.

Explain certain Endpoint code concepts to the SIEM team

The Endpoint code has some novel patterns. In some cases, these warrant an explanation to the SIEM team (and maybe some more docs.)

  1. 'RouteCapture'
  2. 'SubstateMiddlewareFactory'
  3. ? other stuff

Continue adding doc comments to exports.

This makes the code much easier to read and understand. IDEs can show these docs on hover. Let's make it easy to read and understand our code.

Document the technical roadmap for Resolver, specifically as it relates to 'Is it an Embeddable?'

The last time the broader team heard details about the technical roadmap of Resolver, 'embeddable' was said many times. Let's explain to the team what our current vision for resolver is.

@XavierM XavierM force-pushed the move-alerts-to-siem branch from 55d0615 to 1c628a1 Compare May 18, 2020 18:11
@XavierM XavierM force-pushed the move-alerts-to-siem branch from 3dd2d8f to 8f7f736 Compare May 18, 2020 20:46
@XavierM XavierM requested a review from a team as a code owner May 18, 2020 23:49
@XavierM XavierM force-pushed the move-alerts-to-siem branch from 3f532f5 to 61738b0 Compare May 19, 2020 01:46
@XavierM
Copy link
Contributor Author

XavierM commented May 19, 2020

@elasticmachine merge upstream

Copy link
Contributor

@jportner jportner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security integration test changes (x-pack/test/api_integration/apis/security/privileges.ts, x-pack/test/api_integration/apis/security/privileges_basic.ts) LGTM.

Comment on lines +19 to +31
/**
* Host Endpoint Configuration
*/
endpointResultListDefaultFirstPageIndex: schema.number({ defaultValue: 0 }),
endpointResultListDefaultPageSize: schema.number({ defaultValue: 10 }),

/**
* Alert Endpoint Configuration
*/
alertResultListDefaultDateRange: schema.object({
from: schema.string({ defaultValue: 'now-15m' }),
to: schema.string({ defaultValue: 'now' }),
}),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I happened to look for the docs for these settings, and discovered that there aren't any docs for these settings (or other existing siem plugin settings). If there's not already an open issue for it, perhaps one should be opened to ensure that docs are added for these settings.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @jportner, I think we are going to revisit some of that and see if we still need it and if so we will document it

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@XavierM @jportner Here's an existing github issue concerning the removal of these options: https://github.com/elastic/endpoint-app-team/issues/176

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@XavierM XavierM merged commit bcfc029 into elastic:master May 19, 2020
@tonymeehan
Copy link

WOOOOO

XavierM added a commit to XavierM/kibana that referenced this pull request May 19, 2020
* adds the stuff

* keeps moving stuff

* finishes moving the stuff

* moves tests

* fix type

* try moving it all at once. BROKEN

* move endpoint to siem

* fix package coming from endpoint

* missing scripts + change url

* fix eslint

* temporary disable functional testing for endpoint

* fix api integration types

* allow api integration test + comment functional test

* fix internationalization

* fix internationalization II

* fix jest test

* fix x-pack test

* fix i18n

* fix api integration

* fix circular dependency

* add new dependency to cypress test

Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co>
Co-authored-by: oatkiller <robert.austin@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
XavierM added a commit that referenced this pull request May 19, 2020
* [SIEMDPOINT] Move endpoint to siem (#66907)

* adds the stuff

* keeps moving stuff

* finishes moving the stuff

* moves tests

* fix type

* try moving it all at once. BROKEN

* move endpoint to siem

* fix package coming from endpoint

* missing scripts + change url

* fix eslint

* temporary disable functional testing for endpoint

* fix api integration types

* allow api integration test + comment functional test

* fix internationalization

* fix internationalization II

* fix jest test

* fix x-pack test

* fix i18n

* fix api integration

* fix circular dependency

* add new dependency to cypress test

Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co>
Co-authored-by: oatkiller <robert.austin@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

* miss import in cherry-pick

Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co>
Co-authored-by: oatkiller <robert.austin@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
gmmorris added a commit to gmmorris/kibana that referenced this pull request May 20, 2020
* master: (33 commits)
  [Saved Objects] adds support for including hidden types in saved objects client (elastic#66879)
  [Discover] Deangularize timechart header (elastic#66532)
  [Discover] Improve and unskip a11y context view test (elastic#66959)
  [SIEM] Refactor Timeline.timelineType draft to Timeline.status draft (elastic#66864)
  docs: update RUM documentation link (elastic#67042)
  [QA] fixup coverage ingestion tests. (elastic#66905)
  [Metrics UI] Add support for multiple groupings to Metrics Explorer (and Alerts) (elastic#66503)
  [Metrics UI] Add sorting for name and value to Inventory View (elastic#66644)
  [Metrics UI] Change Metric Threshold Alert charts to use bar charts (elastic#66672)
  [Uptime] Use React.lazy for alert type registration (elastic#66829)
  [Reporting] Consolidate API Integration Test configs (elastic#66637)
  Allow histogram fields in average and sum aggregations (elastic#66891)
  Fix saved object share link (elastic#66771)
  move role reset into the top level after clause (elastic#66971)
  Automate the labels for any PRs affecting files for the Ingest Management team (elastic#67022)
  [SIEMDPOINT] Move endpoint to siem (elastic#66907)
  server.uuid so is not used (elastic#66963)
  Revert "[ci/stats] fix git metadata collection (elastic#66840)"
  [Uptime] Unmount uptime app properly (elastic#66950)
  [Visualize] Bar chart: Show missing values on chart setting (elastic#66375)
  ...
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release_note:skip Skip the PR/issue when compiling release notes Team:Endpoint Data Visibility Team managing the endpoint resolver Team:Endpoint Response Endpoint Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants