maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[SECURITY SOLUTION] Add new exception list type and feature flag for event filtering (#96037)

Browse source 
* New exception list type for event filtering
* New feature flag for event filtering
This commit is contained in:
David Sánchez 2021-04-07 21:01:54 +02:00 committed by GitHub
parent 324c6c05a4
commit 21f38afd27
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
x-pack/plugins/lists/common/schemas/common/schemas.ts
View file

@ -212,13 +212,18 @@ export type Tags = t.TypeOf<typeof tags>;
export const tagsOrUndefined = t.union([tags, t.undefined]);
export type TagsOrUndefined = t.TypeOf<typeof tagsOrUndefined>;
export const exceptionListType = t.keyof({ detection: null, endpoint: null });
export const exceptionListType = t.keyof({
detection: null,
endpoint: null,
endpoint_events: null,
});
export const exceptionListTypeOrUndefined = t.union([exceptionListType, t.undefined]);
export type ExceptionListType = t.TypeOf<typeof exceptionListType>;
export type ExceptionListTypeOrUndefined = t.TypeOf<typeof exceptionListTypeOrUndefined>;
export enum ExceptionListTypeEnum {
DETECTION = 'detection',
ENDPOINT = 'endpoint',
ENDPOINT_EVENTS = 'endpoint_events',
}
export const exceptionListItemType = t.keyof({ simple: null });

6
x-pack/plugins/security_solution/common/detection_engine/schemas/types/lists.test.ts
View file

@ -94,7 +94,7 @@ describe('Lists', () => {
const message = pipe(decoded, foldLeftRight);
expect(getPaths(left(message.errors))).toEqual([
'Invalid value "1" supplied to "Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint", namespace_type: "agnostic" | "single" |}>"',
'Invalid value "1" supplied to "Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint" | "endpoint_events", namespace_type: "agnostic" | "single" |}>"',
]);
expect(message.schema).toEqual({});
});
@ -125,8 +125,8 @@ describe('Lists', () => {
const message = pipe(decoded, foldLeftRight);
expect(getPaths(left(message.errors))).toEqual([
'Invalid value "1" supplied to "(Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint", namespace_type: "agnostic" | "single" |}> | undefined)"',
'Invalid value "[1]" supplied to "(Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint", namespace_type: "agnostic" | "single" |}> | undefined)"',
'Invalid value "1" supplied to "(Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint" | "endpoint_events", namespace_type: "agnostic" | "single" |}> | undefined)"',
'Invalid value "[1]" supplied to "(Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint" | "endpoint_events", namespace_type: "agnostic" | "single" |}> | undefined)"',
]);
expect(message.schema).toEqual({});
});

1
x-pack/plugins/security_solution/common/experimental_features.ts
View file

@ -14,6 +14,7 @@ export type ExperimentalFeatures = typeof allowedExperimentalValues;
const allowedExperimentalValues = Object.freeze({
fleetServerEnabled: false,
trustedAppsByPolicyEnabled: false,
eventFilteringEnabled: false,
});
type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;