-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Detection Engine] Adds threat matching to the rule creator #78955
Merged
FrankHassanabad
merged 18 commits into
elastic:master
from
FrankHassanabad:adds-threat-matching-ui
Oct 1, 2020
Merged
Changes from 11 commits
Commits
Show all changes
18 commits
Select commit
Hold shift + click to select a range
c957a2c
wip: initial threat_match ui and backend bug fixes
FrankHassanabad 2a2d769
Merge branch 'master' into adds-threat-matching-ui
FrankHassanabad 26789ee
Fixed deprecation warning when running tests
FrankHassanabad 993d8c1
Fixes i18n strings that were duplicates
FrankHassanabad 97b884e
Added plumbing for the language field for threats and other misc fixes
FrankHassanabad a8fbea5
Removes TODO that is not needed
FrankHassanabad 6f27124
Removed second TODO block that is not needed
FrankHassanabad a4fc2ad
Added threat field label to the UI
FrankHassanabad 7abaef7
Updates the icon on the threat match rule
FrankHassanabad e6ead56
Merge branch 'master' into adds-threat-matching-ui
FrankHassanabad ea66ac8
Set default for querying against the threat list to be *:*
FrankHassanabad 84f94db
Fixes validation issue with the threat matches
FrankHassanabad 409d2e7
Merge branch 'master' into adds-threat-matching-ui
FrankHassanabad e085b7a
Updated from PR feedback
FrankHassanabad 4dfeb4c
Merge branch 'master' into adds-threat-matching-ui
FrankHassanabad 65d8bc0
Merge branch 'master' into adds-threat-matching-ui
FrankHassanabad fbd9acf
Adds more suggestions from PR review
FrankHassanabad 32783a3
Fixes from code review
FrankHassanabad File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
x-pack/plugins/security_solution/public/common/components/threat_match/and_badge.test.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License; | ||
| * you may not use this file except in compliance with the Elastic License. | ||
| */ | ||
|
|
||
| import React from 'react'; | ||
| import { ThemeProvider } from 'styled-components'; | ||
| import { mount } from 'enzyme'; | ||
| import euiLightVars from '@elastic/eui/dist/eui_theme_light.json'; | ||
|
|
||
| import { AndBadgeComponent } from './and_badge'; | ||
|
|
||
| describe('AndBadgeComponent', () => { | ||
| test('it renders entryItemIndexItemEntryFirstRowAndBadge for very first item', () => { | ||
| const wrapper = mount( | ||
| <ThemeProvider theme={() => ({ eui: euiLightVars, darkMode: false })}> | ||
| <AndBadgeComponent entriesLength={2} entryItemIndex={0} /> | ||
| </ThemeProvider> | ||
| ); | ||
|
|
||
| expect(wrapper.find('[data-test-subj="entryItemEntryFirstRowAndBadge"]').exists()).toBeTruthy(); | ||
| }); | ||
|
|
||
| test('it renders entryItemEntryInvisibleAndBadge if "entriesLength" is 1 or less', () => { | ||
| const wrapper = mount( | ||
| <ThemeProvider theme={() => ({ eui: euiLightVars, darkMode: false })}> | ||
| <AndBadgeComponent entriesLength={1} entryItemIndex={0} /> | ||
| </ThemeProvider> | ||
| ); | ||
|
|
||
| expect( | ||
| wrapper.find('[data-test-subj="entryItemEntryInvisibleAndBadge"]').exists() | ||
| ).toBeTruthy(); | ||
| }); | ||
|
|
||
| test('it renders regular "and" badge if item is not the first one and includes more than one entry', () => { | ||
| const wrapper = mount( | ||
| <ThemeProvider theme={() => ({ eui: euiLightVars, darkMode: false })}> | ||
| <AndBadgeComponent entriesLength={2} entryItemIndex={1} /> | ||
| </ThemeProvider> | ||
| ); | ||
|
|
||
| expect(wrapper.find('[data-test-subj="entryItemEntryAndBadge"]').exists()).toBeTruthy(); | ||
| }); | ||
| }); |
50 changes: 50 additions & 0 deletions
50
x-pack/plugins/security_solution/public/common/components/threat_match/and_badge.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| /* | ||
yctercero marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License; | ||
| * you may not use this file except in compliance with the Elastic License. | ||
| */ | ||
|
|
||
| import React from 'react'; | ||
| import { EuiFlexItem } from '@elastic/eui'; | ||
| import styled from 'styled-components'; | ||
|
|
||
| import { AndOrBadge } from '../and_or_badge'; | ||
|
|
||
| const MyInvisibleAndBadge = styled(EuiFlexItem)` | ||
| visibility: hidden; | ||
| `; | ||
|
|
||
| const MyFirstRowContainer = styled(EuiFlexItem)` | ||
| padding-top: 20px; | ||
| `; | ||
|
|
||
| interface AndBadgeProps { | ||
| entriesLength: number; | ||
| entryItemIndex: number; | ||
| } | ||
|
|
||
| export const AndBadgeComponent = React.memo<AndBadgeProps>(({ entriesLength, entryItemIndex }) => { | ||
| const badge = <AndOrBadge includeAntennas type="and" />; | ||
|
|
||
| if (entriesLength > 1 && entryItemIndex === 0) { | ||
| return ( | ||
| <MyFirstRowContainer grow={false} data-test-subj="entryItemEntryFirstRowAndBadge"> | ||
| {badge} | ||
| </MyFirstRowContainer> | ||
| ); | ||
| } else if (entriesLength <= 1) { | ||
| return ( | ||
| <MyInvisibleAndBadge grow={false} data-test-subj="entryItemEntryInvisibleAndBadge"> | ||
| {badge} | ||
| </MyInvisibleAndBadge> | ||
| ); | ||
| } else { | ||
| return ( | ||
| <EuiFlexItem grow={false} data-test-subj="entryItemEntryAndBadge"> | ||
| {badge} | ||
| </EuiFlexItem> | ||
| ); | ||
| } | ||
| }); | ||
|
|
||
| AndBadgeComponent.displayName = 'AndBadge'; | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could this be made to be a non empty array? I just thought of that when I saw the
containsEmptyItemhelper. I remember having to do lots of checks like that with exceptions and finally just changed it so that it's required to not be empty since at the very least (in the UI) there's one item with empty values.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me add that to a potential follow up. I totally agree, just don't know about the time I have left with the other tasks but I will add it to my list as I will have to make one of those icky specific types and all the tests for it.