Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Give notice when endpoint policy is out of date #83469

Merged
merged 14 commits into from
Nov 20, 2020
Merged

[Security Solution] Give notice when endpoint policy is out of date #83469

merged 14 commits into from
Nov 20, 2020

Conversation

pzl
Copy link
Member

@pzl pzl commented Nov 16, 2020
edited
Loading

Summary

Give a visual indicator that an endpoint's current policy is out-of-date, and expecting to be updated.

2020-11-19-142011_scrot
2020-11-19-142022_scrot

changes to API response:

{
    "hosts": [
        {
            "host_status": "offline",
            "metadata": {
                 ... 
            },
            "policy_info": {
                "agent": {
                    "applied": {
                        "id": "632f4680-25d0-11eb-95f2-4d677aabe46b",
                        "revision": 5
                    },
                    "configured": {
                        "id": "632f4680-25d0-11eb-95f2-4d677aabe46b",
                        "revision": 5
                    }
                },
                "endpoint": {
                    "id": "77fcc567-fe1b-4e20-8add-045a41ab0e5d",
                    "revision": 1
                }
            },
            "query_strategy_version": "v2"
        }
    ],
    "query_strategy_version": "v2",
    "request_page_index": 0,
    "request_page_size": 10,
    "total": 1
}

the policy_info key, being enriched for each endpoint record

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@pzl pzl added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Feature:Endpoint Elastic Endpoint feature v7.11.0 Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution labels Nov 16, 2020
@pzl pzl marked this pull request as ready for review November 18, 2020 22:10
@pzl pzl requested a review from a team as a code owner November 18, 2020 22:10
@pzl pzl requested a review from a team November 18, 2020 22:10
@pzl pzl requested a review from a team as a code owner November 18, 2020 22:10
@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-app-team (Feature:Endpoint)

@pzl pzl force-pushed the endpoint-out-of-date branch from d20d4f3 to 94e0e69 Compare November 18, 2020 22:13
@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Nov 18, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/ingest-management (Team:Ingest Management)

@pzl pzl requested review from nchaulet and kevinlog November 18, 2020 22:29
@pzl pzl force-pushed the endpoint-out-of-date branch 2 times, most recently from 4f426cd to de1efb5 Compare November 19, 2020 14:17
nchaulet
nchaulet approved these changes Nov 19, 2020
View reviewed changes
Copy link
Member

@nchaulet nchaulet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fleet changes LGTM 🚀

@pzl pzl force-pushed the endpoint-out-of-date branch from 045c0ef to 28c39d3 Compare November 19, 2020 17:06
paul-tavares
paul-tavares reviewed Nov 19, 2020
View reviewed changes
x-pack/plugins/fleet/server/services/index.ts Outdated Show resolved Hide resolved
x-pack/plugins/fleet/server/plugin.ts Outdated Show resolved Hide resolved
x-pack/plugins/security_solution/common/endpoint/types/index.ts Show resolved Hide resolved
x-pack/plugins/security_solution/common/endpoint/types/index.ts Show resolved Hide resolved
x-pack/plugins/security_solution/common/endpoint/types/index.ts Show resolved Hide resolved
x-pack/plugins/security_solution/common/endpoint/types/index.ts Show resolved Hide resolved
...s/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details.tsx Show resolved Hide resolved
x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx Show resolved Hide resolved
x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx

outOfDates.forEach((item, index) => {
expect(item.textContent).toEqual('Out-of-date');
expect(item.querySelector(`[data-euiicon-type][color=warning]`)).not.toBeNull();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/utils.ts Show resolved Hide resolved
@pzl pzl requested review from nnamdifrankie and jfsiii November 19, 2020 22:10
nnamdifrankie
nnamdifrankie reviewed Nov 20, 2020
View reviewed changes
x-pack/plugins/security_solution/server/endpoint/routes/metadata/enrichment.test.ts
return {
getAgentStatusById: statusFn,
};
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have to do the casting, this is a suggested alternative. Here we set the mocks, this is just an example.

       endpointAppContextService.start({
         ...createMockEndpointAppContextServiceStartContract(),
        ...{ agentPolicyService: mockAgentPolicyService, agentService: mockAgentService },
       });

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the casting I had to do to get access to the jest properties. Since through the few levels of mocked interfaces, it's returning real types, though mocked objects.

But this was enough to allow me to just mock the things I need, e.g. on line 178:

      agentPolicyMock.mockImplementation(() => {
        return {
          id: policyID,
          revision: policyRev,
        };
      });

and differently on 198

      agentPolicyMock.mockImplementation(() => {
        return {
          package_policies: [
            {
              package: { name: 'endpoint' },
              id: policyID,
              revision: policyRev,
            },
          ],
        };
      });

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 2077 2079 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 7.9MB 7.9MB +2.9KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@pzl pzl merged commit 2cd2528 into elastic:master Nov 20, 2020
pzl added a commit to pzl/kibana that referenced this pull request Nov 20, 2020
@pzl
[Security Solution] Give notice when endpoint policy is out of date (e…
1d4f14e 
…lastic#83469)
@pzl pzl mentioned this pull request Nov 20, 2020
Merged
pzl added a commit that referenced this pull request Nov 20, 2020
@pzl
[Security Solution] Give notice when endpoint policy is out of date (#…
85bb65b 
…83469) (#83979)
gmmorris added a commit to rudolf/kibana that referenced this pull request Nov 23, 2020
@gmmorris
Merge branch 'master' into pr/83866
0745518 
* master: (67 commits)
  [Observability] Load hasData call asynchronously (elastic#80644)
  Implement AnonymousAuthenticationProvider. (elastic#79985)
  Deprecate `visualization:colorMapping` advanced setting (elastic#83372)
  [TSVB] [Rollup] Table tab not working with rollup indexes (elastic#83635)
  Revert "[Search] Search batching using bfetch (elastic#83418)" (elastic#84037)
  skip flaky suite (elastic#83772)
  skip flaky suite (elastic#69849)
  create kbn-legacy-logging package (elastic#77678)
  [Search] Search batching using bfetch (elastic#83418)
  [Security Solution] Refactor Timeline flyout to take a full page (elastic#82033)
  Drop use of console-stamp (elastic#83922)
  skip flaky suite (elastic#84011 , elastic#84012)
  Fixed usage of `isReady` for usage collection of alerts and actions (elastic#83760)
  [maps] support URL drilldowns (elastic#83732)
  Revert "Added default dedupKey value as an {{alertInstanceId}} to provide grouping functionality for PagerDuty incidents. (elastic#83226)"
  [code coverage] Update jest config to collect more data (elastic#83804)
  Added default dedupKey value as an {{alertInstanceId}} to provide grouping functionality for PagerDuty incidents. (elastic#83226)
  [Security Solution] Give notice when endpoint policy is out of date (elastic#83469)
  [Security Solution] Sync url state on any changes to query string (elastic#83314)
  [CI] Initial TeamCity implementation (elastic#81043)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paul-tavares paul-tavares paul-tavares left review comments

@nnamdifrankie nnamdifrankie nnamdifrankie approved these changes

@kevinlog kevinlog kevinlog approved these changes

@nchaulet nchaulet nchaulet approved these changes

@jfsiii jfsiii Awaiting requested review from jfsiii

Assignees
No one assigned
Labels
Feature:Endpoint Elastic Endpoint feature release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team:Fleet Team label for Observability Data Collection Fleet team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.11.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@pzl @elasticmachine @kibanamachine @nchaulet @kevinlog @nnamdifrankie @paul-tavares