[Security Solution][ML] Updates siem group name to security (#73218)
## Summary Resolves https://github.com/elastic/kibana/issues/69319 Updates `siem` grouping to `security`, and enables cloudtrail module, fixing mis-match between the newly updated modules (https://github.com/elastic/kibana/pull/71696). <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444121-b6b27480-cdd8-11ea-886a-9b4cadbaede8.png" /> </p> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/88444181-16108480-cdd9-11ea-9fba-aff1e4c38da3.png" /> </p> Also updates all module icons to be consistent: Auditbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592057-9a9e1580-d01a-11ea-97bb-d1096a4ae85f.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592020-8b1ecc80-d01a-11ea-8f2d-aa5cba94924e.png" /> </p> Packetbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592205-e18c0b00-d01a-11ea-9553-9c87527c600b.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592270-f8caf880-d01a-11ea-94a8-5428d2c6ddea.png" /> </p> Winlogbeat (Before/After): <p align="center"> <img width="260" src="https://user-images.githubusercontent.com/2946766/88592286-fff20680-d01a-11ea-87dd-4150debc988c.png" /><img width="300" src="https://user-images.githubusercontent.com/2946766/88592351-2021c580-d01b-11ea-863f-efd26d0105ab.png" /> </p> - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [X] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - Working w/ @benskelker on updated ML Jobs & nomenclature
This commit is contained in:
parent
8c52d39b9e
commit
765c2d1ad3
|
@ -1,3 +1,3 @@
|
||||||
{
|
{
|
||||||
"icon": "securityAnalyticsApp"
|
"icon": "logoSecurity"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
{
|
{
|
||||||
"icon": "securityAnalyticsApp"
|
"icon": "logoSecurity"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
{
|
{
|
||||||
"icon": "securityAnalyticsApp"
|
"icon": "logoSecurity"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
{
|
{
|
||||||
"icon": "securityAnalyticsApp"
|
"icon": "logoSecurity"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
{
|
{
|
||||||
"icon": "securityAnalyticsApp"
|
"icon": "logoSecurity"
|
||||||
}
|
}
|
||||||
|
|
|
@ -71,7 +71,7 @@ export const setupMlJob = async ({
|
||||||
configTemplate,
|
configTemplate,
|
||||||
indexPatternName = 'auditbeat-*',
|
indexPatternName = 'auditbeat-*',
|
||||||
jobIdErrorFilter = [],
|
jobIdErrorFilter = [],
|
||||||
groups = ['siem'],
|
groups = ['security'],
|
||||||
prefix = '',
|
prefix = '',
|
||||||
}: MlSetupArgs): Promise<SetupMlResponse> => {
|
}: MlSetupArgs): Promise<SetupMlResponse> => {
|
||||||
const response = await KibanaServices.get().http.fetch<SetupMlResponse>(
|
const response = await KibanaServices.get().http.fetch<SetupMlResponse>(
|
||||||
|
|
|
@ -9,6 +9,6 @@ import { i18n } from '@kbn/i18n';
|
||||||
export const SIEM_JOB_FETCH_FAILURE = i18n.translate(
|
export const SIEM_JOB_FETCH_FAILURE = i18n.translate(
|
||||||
'xpack.securitySolution.components.mlPopup.hooks.errors.siemJobFetchFailureTitle',
|
'xpack.securitySolution.components.mlPopup.hooks.errors.siemJobFetchFailureTitle',
|
||||||
{
|
{
|
||||||
defaultMessage: 'SIEM job fetch failure',
|
defaultMessage: 'Security job fetch failure',
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
|
@ -104,7 +104,7 @@ export const getInstalledJobs = (
|
||||||
compatibleModuleIds: string[]
|
compatibleModuleIds: string[]
|
||||||
): SiemJob[] =>
|
): SiemJob[] =>
|
||||||
jobSummaryData
|
jobSummaryData
|
||||||
.filter(({ groups }) => groups.includes('siem'))
|
.filter(({ groups }) => groups.includes('siem') || groups.includes('security'))
|
||||||
.map<SiemJob>((jobSummary) => ({
|
.map<SiemJob>((jobSummary) => ({
|
||||||
...jobSummary,
|
...jobSummary,
|
||||||
...getAugmentedFields(jobSummary.id, moduleJobs, compatibleModuleIds),
|
...getAugmentedFields(jobSummary.id, moduleJobs, compatibleModuleIds),
|
||||||
|
|
|
@ -25,8 +25,8 @@ interface GroupsFilterPopoverProps {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Popover for selecting which SiemJob groups to filter on. Component extracts unique groups and
|
* Popover for selecting which SiemJob groups to filter on. Component extracts unique groups and
|
||||||
* their counts from the provided SiemJobs. The 'siem' group is filtered out as all jobs will be
|
* their counts from the provided SiemJobs. The 'siem' & 'security' groups are filtered out as all jobs will be
|
||||||
* siem jobs
|
* siem/security jobs
|
||||||
*
|
*
|
||||||
* @param siemJobs jobs to fetch groups from to display for filtering
|
* @param siemJobs jobs to fetch groups from to display for filtering
|
||||||
* @param onSelectedGroupsChanged change listener to be notified when group selection changes
|
* @param onSelectedGroupsChanged change listener to be notified when group selection changes
|
||||||
|
@ -41,7 +41,7 @@ export const GroupsFilterPopoverComponent = ({
|
||||||
const groups = siemJobs
|
const groups = siemJobs
|
||||||
.map((j) => j.groups)
|
.map((j) => j.groups)
|
||||||
.flat()
|
.flat()
|
||||||
.filter((g) => g !== 'siem');
|
.filter((g) => g !== 'siem' && g !== 'security');
|
||||||
const uniqueGroups = Array.from(new Set(groups));
|
const uniqueGroups = Array.from(new Set(groups));
|
||||||
|
|
||||||
useEffect(() => {
|
useEffect(() => {
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
export const mlModules: string[] = [
|
export const mlModules: string[] = [
|
||||||
'siem_auditbeat',
|
'siem_auditbeat',
|
||||||
'siem_auditbeat_auth',
|
'siem_auditbeat_auth',
|
||||||
|
'siem_cloudtrail',
|
||||||
'siem_packetbeat',
|
'siem_packetbeat',
|
||||||
'siem_winlogbeat',
|
'siem_winlogbeat',
|
||||||
'siem_winlogbeat_auth',
|
'siem_winlogbeat_auth',
|
||||||
|
|
|
@ -41,7 +41,7 @@ const HelpText: React.FC<{ href: string; showEnableWarning: boolean }> = ({
|
||||||
<>
|
<>
|
||||||
<FormattedMessage
|
<FormattedMessage
|
||||||
id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.machineLearningJobIdHelpText"
|
id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.machineLearningJobIdHelpText"
|
||||||
defaultMessage="We've provided a few common jobs to get you started. To add your own custom jobs, assign a group of “siem” to those jobs in the {machineLearning} application to make them appear here."
|
defaultMessage="We've provided a few common jobs to get you started. To add your own custom jobs, assign a group of “security” to those jobs in the {machineLearning} application to make them appear here."
|
||||||
values={{
|
values={{
|
||||||
machineLearning: (
|
machineLearning: (
|
||||||
<EuiLink href={href} target="_blank">
|
<EuiLink href={href} target="_blank">
|
||||||
|
|
|
@ -176,7 +176,9 @@ export const getMlJobsUsage = async (ml: MlPluginSetup | undefined): Promise<MlJ
|
||||||
.modulesProvider(internalMlClient, fakeRequest, fakeSOClient)
|
.modulesProvider(internalMlClient, fakeRequest, fakeSOClient)
|
||||||
.listModules();
|
.listModules();
|
||||||
const moduleJobs = modules.flatMap((module) => module.jobs);
|
const moduleJobs = modules.flatMap((module) => module.jobs);
|
||||||
const jobs = await ml.jobServiceProvider(internalMlClient, fakeRequest).jobsSummary(['siem']);
|
const jobs = await ml
|
||||||
|
.jobServiceProvider(internalMlClient, fakeRequest)
|
||||||
|
.jobsSummary(['siem', 'security']);
|
||||||
|
|
||||||
jobsUsage = jobs.reduce((usage, job) => {
|
jobsUsage = jobs.reduce((usage, job) => {
|
||||||
const isElastic = moduleJobs.some((moduleJob) => moduleJob.id === job.id);
|
const isElastic = moduleJobs.some((moduleJob) => moduleJob.id === job.id);
|
||||||
|
|
Loading…
Reference in a new issue