[Security][Network] Exclude glob-only (*) Index Pattern from map layers (#69736)
* Exclude glob-only (*) index pattern from map layers This pattern is a special case that our map should ignore, as including it causes all indexes to be queried. * Ignore CCS glob pattern in our embedded map Users may have this pattern for cross-cluster search, and it should similarly be excluded when matching Security indexes.
This commit is contained in:
parent
16eaf82d5c
commit
b614dbc720
|
@ -475,3 +475,12 @@ export const mockGlobIndexPattern: IndexPatternSavedObject = {
|
|||
title: '*',
|
||||
},
|
||||
};
|
||||
|
||||
export const mockCCSGlobIndexPattern: IndexPatternSavedObject = {
|
||||
id: '*:*',
|
||||
type: 'index-pattern',
|
||||
_version: 'abc',
|
||||
attributes: {
|
||||
title: '*:*',
|
||||
},
|
||||
};
|
||||
|
|
|
@ -14,6 +14,7 @@ import {
|
|||
mockAuditbeatIndexPattern,
|
||||
mockFilebeatIndexPattern,
|
||||
mockGlobIndexPattern,
|
||||
mockCCSGlobIndexPattern,
|
||||
} from './__mocks__/mock';
|
||||
|
||||
const mockEmbeddable = embeddablePluginMock.createStartContract();
|
||||
|
@ -106,12 +107,20 @@ describe('embedded_map_helpers', () => {
|
|||
]);
|
||||
});
|
||||
|
||||
test('finds glob-only index patterns ', () => {
|
||||
test('excludes glob-only index patterns', () => {
|
||||
const matchingIndexPatterns = findMatchingIndexPatterns({
|
||||
kibanaIndexPatterns: [mockGlobIndexPattern, mockFilebeatIndexPattern],
|
||||
siemDefaultIndices,
|
||||
});
|
||||
expect(matchingIndexPatterns).toEqual([mockGlobIndexPattern, mockFilebeatIndexPattern]);
|
||||
expect(matchingIndexPatterns).toEqual([mockFilebeatIndexPattern]);
|
||||
});
|
||||
|
||||
test('excludes glob-only CCS index patterns', () => {
|
||||
const matchingIndexPatterns = findMatchingIndexPatterns({
|
||||
kibanaIndexPatterns: [mockCCSGlobIndexPattern, mockFilebeatIndexPattern],
|
||||
siemDefaultIndices,
|
||||
});
|
||||
expect(matchingIndexPatterns).toEqual([mockFilebeatIndexPattern]);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
@ -128,6 +128,9 @@ export const createEmbeddable = async (
|
|||
return embeddableObject;
|
||||
};
|
||||
|
||||
// These patterns are overly greedy and must be excluded when matching against Security indexes.
|
||||
const ignoredIndexPatterns = ['*', '*:*'];
|
||||
|
||||
/**
|
||||
* Returns kibanaIndexPatterns that wildcard match at least one of siemDefaultIndices
|
||||
*
|
||||
|
@ -142,9 +145,13 @@ export const findMatchingIndexPatterns = ({
|
|||
siemDefaultIndices: string[];
|
||||
}): IndexPatternSavedObject[] => {
|
||||
try {
|
||||
return kibanaIndexPatterns.filter((kip) =>
|
||||
siemDefaultIndices.some((sdi) => minimatch(sdi, kip.attributes.title))
|
||||
);
|
||||
return kibanaIndexPatterns.filter((kip) => {
|
||||
const pattern = kip.attributes.title;
|
||||
return (
|
||||
!ignoredIndexPatterns.includes(pattern) &&
|
||||
siemDefaultIndices.some((sdi) => minimatch(sdi, pattern))
|
||||
);
|
||||
});
|
||||
} catch {
|
||||
return [];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue