[Security Solution][ML] Updates siem group name to security (#73218)
## Summary Resolves https://github.com/elastic/kibana/issues/69319 Updates `siem` grouping to `security`, and enables cloudtrail module, fixing mis-match between the newly updated modules (https://github.com/elastic/kibana/pull/71696). <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444121-b6b27480-cdd8-11ea-886a-9b4cadbaede8.png" /> </p> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444181-16108480-cdd9-11ea-9fba-aff1e4c38da3.png" /> </p> Also updates all module icons to be consistent: Auditbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592057-9a9e1580-d01a-11ea-97bb-d1096a4ae85f.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592020-8b1ecc80-d01a-11ea-8f2d-aa5cba94924e.png" /> </p> Packetbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592205-e18c0b00-d01a-11ea-9553-9c87527c600b.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592270-f8caf880-d01a-11ea-94a8-5428d2c6ddea.png" /> </p> Winlogbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592286-fff20680-d01a-11ea-87dd-4150debc988c.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592351-2021c580-d01b-11ea-863f-efd26d0105ab.png" /> </p> - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [X] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - Working w/ @benskelker on updated ML Jobs & nomenclature
This commit is contained in:
parent
8c52d39b9e
commit
765c2d1ad3
|
@ -1,3 +1,3 @@
|
|||
{
|
||||
"icon": "securityAnalyticsApp"
|
||||
"icon": "logoSecurity"
|
||||
}
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
{
|
||||
"icon": "securityAnalyticsApp"
|
||||
}
|
||||
"icon": "logoSecurity"
|
||||
}
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
{
|
||||
"icon": "securityAnalyticsApp"
|
||||
}
|
||||
"icon": "logoSecurity"
|
||||
}
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
{
|
||||
"icon": "securityAnalyticsApp"
|
||||
"icon": "logoSecurity"
|
||||
}
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
{
|
||||
"icon": "securityAnalyticsApp"
|
||||
}
|
||||
"icon": "logoSecurity"
|
||||
}
|
||||
|
|
|
@ -71,7 +71,7 @@ export const setupMlJob = async ({
|
|||
configTemplate,
|
||||
indexPatternName = 'auditbeat-*',
|
||||
jobIdErrorFilter = [],
|
||||
groups = ['siem'],
|
||||
groups = ['security'],
|
||||
prefix = '',
|
||||
}: MlSetupArgs): Promise<SetupMlResponse> => {
|
||||
const response = await KibanaServices.get().http.fetch<SetupMlResponse>(
|
||||
|
|
|
@ -9,6 +9,6 @@ import { i18n } from '@kbn/i18n';
|
|||
export const SIEM_JOB_FETCH_FAILURE = i18n.translate(
|
||||
'xpack.securitySolution.components.mlPopup.hooks.errors.siemJobFetchFailureTitle',
|
||||
{
|
||||
defaultMessage: 'SIEM job fetch failure',
|
||||
defaultMessage: 'Security job fetch failure',
|
||||
}
|
||||
);
|
||||
|
|
|
@ -104,7 +104,7 @@ export const getInstalledJobs = (
|
|||
compatibleModuleIds: string[]
|
||||
): SiemJob[] =>
|
||||
jobSummaryData
|
||||
.filter(({ groups }) => groups.includes('siem'))
|
||||
.filter(({ groups }) => groups.includes('siem') || groups.includes('security'))
|
||||
.map<SiemJob>((jobSummary) => ({
|
||||
...jobSummary,
|
||||
...getAugmentedFields(jobSummary.id, moduleJobs, compatibleModuleIds),
|
||||
|
|
|
@ -25,8 +25,8 @@ interface GroupsFilterPopoverProps {
|
|||
|
||||
/**
|
||||
* Popover for selecting which SiemJob groups to filter on. Component extracts unique groups and
|
||||
* their counts from the provided SiemJobs. The 'siem' group is filtered out as all jobs will be
|
||||
* siem jobs
|
||||
* their counts from the provided SiemJobs. The 'siem' & 'security' groups are filtered out as all jobs will be
|
||||
* siem/security jobs
|
||||
*
|
||||
* @param siemJobs jobs to fetch groups from to display for filtering
|
||||
* @param onSelectedGroupsChanged change listener to be notified when group selection changes
|
||||
|
@ -41,7 +41,7 @@ export const GroupsFilterPopoverComponent = ({
|
|||
const groups = siemJobs
|
||||
.map((j) => j.groups)
|
||||
.flat()
|
||||
.filter((g) => g !== 'siem');
|
||||
.filter((g) => g !== 'siem' && g !== 'security');
|
||||
const uniqueGroups = Array.from(new Set(groups));
|
||||
|
||||
useEffect(() => {
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
export const mlModules: string[] = [
|
||||
'siem_auditbeat',
|
||||
'siem_auditbeat_auth',
|
||||
'siem_cloudtrail',
|
||||
'siem_packetbeat',
|
||||
'siem_winlogbeat',
|
||||
'siem_winlogbeat_auth',
|
||||
|
|
|
@ -41,7 +41,7 @@ const HelpText: React.FC<{ href: string; showEnableWarning: boolean }> = ({
|
|||
<>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.machineLearningJobIdHelpText"
|
||||
defaultMessage="We've provided a few common jobs to get you started. To add your own custom jobs, assign a group of “siem” to those jobs in the {machineLearning} application to make them appear here."
|
||||
defaultMessage="We've provided a few common jobs to get you started. To add your own custom jobs, assign a group of “security” to those jobs in the {machineLearning} application to make them appear here."
|
||||
values={{
|
||||
machineLearning: (
|
||||
<EuiLink href={href} target="_blank">
|
||||
|
|
|
@ -176,7 +176,9 @@ export const getMlJobsUsage = async (ml: MlPluginSetup | undefined): Promise<MlJ
|
|||
.modulesProvider(internalMlClient, fakeRequest, fakeSOClient)
|
||||
.listModules();
|
||||
const moduleJobs = modules.flatMap((module) => module.jobs);
|
||||
const jobs = await ml.jobServiceProvider(internalMlClient, fakeRequest).jobsSummary(['siem']);
|
||||
const jobs = await ml
|
||||
.jobServiceProvider(internalMlClient, fakeRequest)
|
||||
.jobsSummary(['siem', 'security']);
|
||||
|
||||
jobsUsage = jobs.reduce((usage, job) => {
|
||||
const isElastic = moduleJobs.some((moduleJob) => moduleJob.id === job.id);
|
||||
|
|
Loading…
Reference in a new issue