[SIEM] bugfix data fetch error in Uncommon Processes table (#38706)

[SIEM] bugfix data fetch error in Uncommon Processes table
2019-06-12 10:25:20 -06:00 · 2019-06-12 10:25:20 -06:00 · 42480a3944
parent 5bc23b6468
commit 42480a3944
2 changed files with 52 additions and 5 deletions
--- a/x-pack/plugins/siem/server/lib/uncommon_processes/elasticsearch_adapter.test.ts
+++ b/x-pack/plugins/siem/server/lib/uncommon_processes/elasticsearch_adapter.test.ts
@ -114,6 +114,45 @@ describe('elasticsearch_adapter', () => {
        },
      },
    };
+    const bucket3: UncommonProcessBucket = {
+      key: '789',
+      hosts: {
+        buckets: [
+          {
+            key: '789',
+            host: {
+              hits: {
+                total: 0,
+                max_score: 0,
+                hits: [
+                  {
+                    _index: 'hit-9',
+                    _type: 'type-9',
+                    _id: 'id-9',
+                    _score: 0,
+                    _source: {
+                      // @ts-ignore ts doesn't like seeing the object written this way, but sometimes this is the data we get!
+                      'host.id': ['host-id-9'],
+                      'host.name': ['host-9'],
+                    },
+                  },
+                ],
+              },
+            },
+          },
+        ],
+      },
+      process: {
+        hits: {
+          total: {
+            value: 1,
+            relation: 'eq',
+          },
+          max_score: 5,
+          hits: [],
+        },
+      },
+    };

    test('will return a single host correctly', () => {
      const hosts = getHosts(bucket1.hosts.buckets);
@ -125,6 +164,11 @@ describe('elasticsearch_adapter', () => {
      expect(hosts).toEqual([{ id: ['123'], name: ['host-1'] }, { id: ['345'], name: ['host-2'] }]);
    });

+    test('will return a dot notation host', () => {
+      const hosts = getHosts(bucket3.hosts.buckets);
+      expect(hosts).toEqual([{ id: ['789'], name: ['host-9'] }]);
+    });
+
    test('will return no hosts when given an empty array', () => {
      const hosts = getHosts([]);
      expect(hosts).toEqual([]);
--- a/x-pack/plugins/siem/server/lib/uncommon_processes/elasticsearch_adapter.ts
+++ b/x-pack/plugins/siem/server/lib/uncommon_processes/elasticsearch_adapter.ts
@ -4,7 +4,7 @@
 * you may not use this file except in compliance with the Elastic License.
 */

-import { getOr } from 'lodash/fp';
+import { get, getOr } from 'lodash/fp';

 import { UncommonProcessesData, UncommonProcessesEdges } from '../../graphql/types';
 import { mergeFieldsWithHit } from '../../utils/build_query';
@ -73,10 +73,13 @@ export const getHits = (
  }));

 export const getHosts = (buckets: ReadonlyArray<{ key: string; host: HostHits }>) =>
-  buckets.map(bucket => ({
-    id: [bucket.key],
-    name: bucket.host.hits.hits[0]._source.host.name,
-  }));
+  buckets.map(bucket => {
+    const source = get('host.hits.hits[0]._source', bucket);
+    return {
+      id: [bucket.key],
+      name: get('host.name', source),
+    };
+  });

 export const formatUncommonProcessesData = (
  fields: ReadonlyArray<string>,