[Security][Network] Exclude glob-only (*) Index Pattern from map layers (#69736)

* Exclude glob-only (*) index pattern from map layers This pattern is a special case that our map should ignore, as including it causes all indexes to be queried. * Ignore CCS glob pattern in our embedded map Users may have this pattern for cross-cluster search, and it should similarly be excluded when matching Security indexes.
2020-06-24 11:16:09 -05:00 · 2020-06-24 11:16:09 -05:00 · b614dbc720
parent 16eaf82d5c
commit b614dbc720
3 changed files with 30 additions and 5 deletions
--- a/x-pack/plugins/security_solution/public/network/components/embeddables/mocks/mock.ts
+++ b/x-pack/plugins/security_solution/public/network/components/embeddables/mocks/mock.ts
@ -475,3 +475,12 @@ export const mockGlobIndexPattern: IndexPatternSavedObject = {
    title: '*',
  },
 };
+
+export const mockCCSGlobIndexPattern: IndexPatternSavedObject = {
+  id: '*:*',
+  type: 'index-pattern',
+  _version: 'abc',
+  attributes: {
+    title: '*:*',
+  },
+};
--- a/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx
+++ b/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.test.tsx
@ -14,6 +14,7 @@ import {
  mockAuditbeatIndexPattern,
  mockFilebeatIndexPattern,
  mockGlobIndexPattern,
+  mockCCSGlobIndexPattern,
 } from './__mocks__/mock';

 const mockEmbeddable = embeddablePluginMock.createStartContract();
@ -106,12 +107,20 @@ describe('embedded_map_helpers', () => {
      ]);
    });

-    test('finds glob-only index patterns ', () => {
+    test('excludes glob-only index patterns', () => {
      const matchingIndexPatterns = findMatchingIndexPatterns({
        kibanaIndexPatterns: [mockGlobIndexPattern, mockFilebeatIndexPattern],
        siemDefaultIndices,
      });
-      expect(matchingIndexPatterns).toEqual([mockGlobIndexPattern, mockFilebeatIndexPattern]);
+      expect(matchingIndexPatterns).toEqual([mockFilebeatIndexPattern]);
+    });
+
+    test('excludes glob-only CCS index patterns', () => {
+      const matchingIndexPatterns = findMatchingIndexPatterns({
+        kibanaIndexPatterns: [mockCCSGlobIndexPattern, mockFilebeatIndexPattern],
+        siemDefaultIndices,
+      });
+      expect(matchingIndexPatterns).toEqual([mockFilebeatIndexPattern]);
    });
  });
 });
--- a/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx
+++ b/x-pack/plugins/security_solution/public/network/components/embeddables/embedded_map_helpers.tsx
@ -128,6 +128,9 @@ export const createEmbeddable = async (
  return embeddableObject;
 };

+// These patterns are overly greedy and must be excluded when matching against Security indexes.
+const ignoredIndexPatterns = ['*', '*:*'];
+
 /**
 * Returns kibanaIndexPatterns that wildcard match at least one of siemDefaultIndices
 *
@ -142,9 +145,13 @@ export const findMatchingIndexPatterns = ({
  siemDefaultIndices: string[];
 }): IndexPatternSavedObject[] => {
  try {
-    return kibanaIndexPatterns.filter((kip) =>
-      siemDefaultIndices.some((sdi) => minimatch(sdi, kip.attributes.title))
-    );
+    return kibanaIndexPatterns.filter((kip) => {
+      const pattern = kip.attributes.title;
+      return (
+        !ignoredIndexPatterns.includes(pattern) &&
+        siemDefaultIndices.some((sdi) => minimatch(sdi, pattern))
+      );
+    });
  } catch {
    return [];
  }