[Security Solution][ML] Updates siem group name to security (#73218)

## Summary Resolves https://github.com/elastic/kibana/issues/69319 Updates `siem` grouping to `security`, and enables cloudtrail module, fixing mis-match between the newly updated modules (https://github.com/elastic/kibana/pull/71696). <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444121-b6b27480-cdd8-11ea-886a-9b4cadbaede8.png" /> </p> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444181-16108480-cdd9-11ea-9fba-aff1e4c38da3.png" /> </p> Also updates all module icons to be consistent: Auditbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592057-9a9e1580-d01a-11ea-97bb-d1096a4ae85f.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592020-8b1ecc80-d01a-11ea-8f2d-aa5cba94924e.png" /> </p> Packetbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592205-e18c0b00-d01a-11ea-9553-9c87527c600b.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592270-f8caf880-d01a-11ea-94a8-5428d2c6ddea.png" /> </p> Winlogbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592286-fff20680-d01a-11ea-87dd-4150debc988c.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592351-2021c580-d01b-11ea-863f-efd26d0105ab.png" /> </p> - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [X] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - Working w/ @benskelker on updated ML Jobs & nomenclature
2020-07-27 19:52:28 -06:00 · 2020-07-27 19:52:28 -06:00 · 765c2d1ad3
parent 8c52d39b9e
commit 765c2d1ad3
12 changed files with 19 additions and 16 deletions
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/logo.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat/logo.json
@ -1,3 +1,3 @@
 {
-	"icon": "securityAnalyticsApp"
+	"icon": "logoSecurity"
 }
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat_auth/logo.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_auditbeat_auth/logo.json
@ -1,3 +1,3 @@
 {
-	"icon": "securityAnalyticsApp"
-}
+	"icon": "logoSecurity"
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/logo.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_packetbeat/logo.json
@ -1,3 +1,3 @@
 {
-	"icon": "securityAnalyticsApp"
-}
+	"icon": "logoSecurity"
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_winlogbeat/logo.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_winlogbeat/logo.json
@ -1,3 +1,3 @@
 {
-	"icon": "securityAnalyticsApp"
+	"icon": "logoSecurity"
 }
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_winlogbeat_auth/logo.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/siem_winlogbeat_auth/logo.json
@ -1,3 +1,3 @@
 {
-	"icon": "securityAnalyticsApp"
-}
+	"icon": "logoSecurity"
+}
--- a/x-pack/plugins/security_solution/public/common/components/ml_popover/api.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/ml_popover/api.tsx
@ -71,7 +71,7 @@ export const setupMlJob = async ({
  configTemplate,
  indexPatternName = 'auditbeat-*',
  jobIdErrorFilter = [],
-  groups = ['siem'],
+  groups = ['security'],
  prefix = '',
 }: MlSetupArgs): Promise<SetupMlResponse> => {
  const response = await KibanaServices.get().http.fetch<SetupMlResponse>(
--- a/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/translations.ts
+++ b/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/translations.ts
@ -9,6 +9,6 @@ import { i18n } from '@kbn/i18n';
 export const SIEM_JOB_FETCH_FAILURE = i18n.translate(
  'xpack.securitySolution.components.mlPopup.hooks.errors.siemJobFetchFailureTitle',
  {
-    defaultMessage: 'SIEM job fetch failure',
+    defaultMessage: 'Security job fetch failure',
  }
 );
--- a/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_siem_jobs_helpers.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_siem_jobs_helpers.tsx
@ -104,7 +104,7 @@ export const getInstalledJobs = (
  compatibleModuleIds: string[]
 ): SiemJob[] =>
  jobSummaryData
-    .filter(({ groups }) => groups.includes('siem'))
+    .filter(({ groups }) => groups.includes('siem') || groups.includes('security'))
    .map<SiemJob>((jobSummary) => ({
      ...jobSummary,
      ...getAugmentedFields(jobSummary.id, moduleJobs, compatibleModuleIds),
--- a/x-pack/plugins/security_solution/public/common/components/ml_popover/jobs_table/filters/groups_filter_popover.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/ml_popover/jobs_table/filters/groups_filter_popover.tsx
@ -25,8 +25,8 @@ interface GroupsFilterPopoverProps {

 /**
 * Popover for selecting which SiemJob groups to filter on. Component extracts unique groups and
- * their counts from the provided SiemJobs. The 'siem' group is filtered out as all jobs will be
- * siem jobs
+ * their counts from the provided SiemJobs. The 'siem' & 'security' groups are filtered out as all jobs will be
+ * siem/security jobs
 *
 * @param siemJobs jobs to fetch groups from to display for filtering
 * @param onSelectedGroupsChanged change listener to be notified when group selection changes
@ -41,7 +41,7 @@ export const GroupsFilterPopoverComponent = ({
  const groups = siemJobs
    .map((j) => j.groups)
    .flat()
-    .filter((g) => g !== 'siem');
+    .filter((g) => g !== 'siem' && g !== 'security');
  const uniqueGroups = Array.from(new Set(groups));

  useEffect(() => {
--- a/x-pack/plugins/security_solution/public/common/components/ml_popover/ml_modules.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/ml_popover/ml_modules.tsx
@ -12,6 +12,7 @@
 export const mlModules: string[] = [
  'siem_auditbeat',
  'siem_auditbeat_auth',
+  'siem_cloudtrail',
  'siem_packetbeat',
  'siem_winlogbeat',
  'siem_winlogbeat_auth',
--- a/x-pack/plugins/security_solution/public/detections/components/rules/ml_job_select/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/ml_job_select/index.tsx
@ -41,7 +41,7 @@ const HelpText: React.FC<{ href: string; showEnableWarning: boolean }> = ({
  <>
    <FormattedMessage
      id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.machineLearningJobIdHelpText"
-      defaultMessage="We've provided a few common jobs to get you started. To add your own custom jobs, assign a group of “siem” to those jobs in the {machineLearning} application to make them appear here."
+      defaultMessage="We've provided a few common jobs to get you started. To add your own custom jobs, assign a group of “security” to those jobs in the {machineLearning} application to make them appear here."
      values={{
        machineLearning: (
          <EuiLink href={href} target="_blank">
--- a/x-pack/plugins/security_solution/server/usage/detections/detections_helpers.ts
+++ b/x-pack/plugins/security_solution/server/usage/detections/detections_helpers.ts
@ -176,7 +176,9 @@ export const getMlJobsUsage = async (ml: MlPluginSetup | undefined): Promise<MlJ
        .modulesProvider(internalMlClient, fakeRequest, fakeSOClient)
        .listModules();
      const moduleJobs = modules.flatMap((module) => module.jobs);
-      const jobs = await ml.jobServiceProvider(internalMlClient, fakeRequest).jobsSummary(['siem']);
+      const jobs = await ml
+        .jobServiceProvider(internalMlClient, fakeRequest)
+        .jobsSummary(['siem', 'security']);

      jobsUsage = jobs.reduce((usage, job) => {
        const isElastic = moduleJobs.some((moduleJob) => moduleJob.id === job.id);