maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[Cases] Add SIR connector in case connector schema (#94786)

Browse source
This commit is contained in:
Christos Nasikas 2021-03-17 17:01:43 +02:00 committed by GitHub
parent f62a3153cd
commit 78ac6f9713
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 79 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
x-pack/plugins/cases/server/connectors/case/index.test.ts
View file

@ -171,6 +171,34 @@ describe('case connector', () => {
},
},
},
{
test: 'servicenow-sir',
params: {
subAction: 'create',
subActionParams: {
title: 'Case from case connector!!',
tags: ['case', 'connector'],
description: 'Yo fields!!',
connector: {
id: 'servicenow-sir',
name: 'Servicenow SIR',
type: '.servicenow-sir',
fields: {
destIp: true,
sourceIp: true,
malwareHash: true,
malwareUrl: true,
category: 'ddos',
subcategory: '15',
priority: '1',
},
},
settings: {
syncAlerts: true,
},
},
},
},
{
test: 'none',
params: {
@ -474,7 +502,7 @@ describe('case connector', () => {
});
});
it('succeeds when servicenow fields are valid', () => {
it('succeeds when servicenow ITMSM fields are valid', () => {
const params: Record<string, unknown> = {
subAction: 'update',
subActionParams: {
@ -508,6 +536,42 @@ describe('case connector', () => {
});
});
it('succeeds when servicenow SIR fields are valid', () => {
const params: Record<string, unknown> = {
subAction: 'update',
subActionParams: {
id: 'case-id',
version: '123',
connector: {
id: 'servicenow-sir',
name: 'Servicenow SIR',
type: '.servicenow-sir',
fields: {
destIp: true,
sourceIp: true,
malwareHash: true,
malwareUrl: true,
category: 'ddos',
subcategory: '15',
priority: '1',
},
},
},
};
expect(validateParams(caseActionType, params)).toEqual({
...params,
subActionParams: {
description: null,
tags: null,
title: null,
status: null,
settings: null,
...(params.subActionParams as Record<string, unknown>),
},
});
});
it('set fields to null if they are missing', () => {
const params: Record<string, unknown> = {
subAction: 'update',

16
x-pack/plugins/cases/server/connectors/case/schema.ts
View file

@ -56,7 +56,7 @@ const ResilientFieldsSchema = schema.object({
severityCode: schema.nullable(schema.string()),
});
const ServiceNowFieldsSchema = schema.object({
const ServiceNowITSMFieldsSchema = schema.object({
impact: schema.nullable(schema.string()),
severity: schema.nullable(schema.string()),
urgency: schema.nullable(schema.string()),
@ -64,11 +64,22 @@ const ServiceNowFieldsSchema = schema.object({
subcategory: schema.nullable(schema.string()),
});
const ServiceNowSIRFieldsSchema = schema.object({
destIp: schema.nullable(schema.boolean()),
sourceIp: schema.nullable(schema.boolean()),
malwareHash: schema.nullable(schema.boolean()),
malwareUrl: schema.nullable(schema.boolean()),
priority: schema.nullable(schema.string()),
category: schema.nullable(schema.string()),
subcategory: schema.nullable(schema.string()),
});
const NoneFieldsSchema = schema.nullable(schema.object({}));
const ReducedConnectorFieldsSchema: { [x: string]: any } = {
'.jira': JiraFieldsSchema,
'.resilient': ResilientFieldsSchema,
'.servicenow-sir': ServiceNowSIRFieldsSchema,
};
export const ConnectorProps = {
@ -78,6 +89,7 @@ export const ConnectorProps = {
schema.literal('.servicenow'),
schema.literal('.jira'),
schema.literal('.resilient'),
schema.literal('.servicenow-sir'),
schema.literal('.none'),
]),
// Chain of conditional schemes
@ -92,7 +104,7 @@ export const ConnectorProps = {
schema.conditional(
schema.siblingRef('type'),
'.servicenow',
ServiceNowFieldsSchema,
ServiceNowITSMFieldsSchema,
NoneFieldsSchema
)
),