maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/x-pack/plugins/security_solution
History
Apoorva Joshi 35f9625265
[ML] Adds Authentication module with six ML jobs for ECS data (Auditbeat, Winlogbeat, Filebeat and Logs) (#101840) 
* Adding Security Authentication jobs in 7.14

* Renamed some jobs

* Changing memory limits and linting change

* Linting fix

* Changed the order

* Adding module to ml_modules.tsx

* Update recognize_module.ts

this test modules uses older Auditbeat data which predates the event.category field so the test has to be skipped per https://elastic.zoom.us/j/93000943632?pwd=TmpvNWhtYUNzMUc0c0N6Tlc2QlVPZz09

* Update recognize_module.ts

needs to be a single line

* Update recognize_module.ts

Some linters want spaces and some linters want no spaces. This linter wants spaces.

* descriptions

added description text

* Update auth_rare_hour_for_a_user.json

removed a wayward newline char

* Minor nitpicking

* memory limits

raised memory limits to 128mb which is larger than the highest observed peak model bytes for the most memory hungry jobs in this event class.

Co-authored-by: Craig <mailredirector36@gmail.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2021-06-14 12:36:08 -07:00
..
.storybook
common [Security Solution][Endpoint] Actions Log API (#101032) 2021-06-14 15:39:11 +02:00
cypress Implement "select all" rules feature (#100554) 2021-06-09 11:32:45 +02:00
public [ML] Adds Authentication module with six ML jobs for ECS data (Auditbeat, Winlogbeat, Filebeat and Logs) (#101840) 2021-06-14 12:36:08 -07:00
scripts
server [Security Solution] Refactor rules for modularization by updating bulkCreate and wrapHits methods (#101544) 2021-06-14 13:31:20 -04:00
jest.config.js
kibana.json [RAC][Security Solution] Register Security Detection Rules with Rule Registry (#96015) 2021-05-28 12:38:49 -06:00
package.json
README.md
tsconfig.json

README.md

Security Solution

Welcome to the Kibana Security Solution plugin! This README will go over getting started with development and testing.

Development

Tests

The endpoint specific tests leverage the ingest manager to install the endpoint package. Before the api integration and functional tests are run the ingest manager is initialized. This initialization process includes reaching out to a package registry service to install the endpoint package. The endpoint tests support three different ways to run the tests given the constraint on an available package registry.

  1. Using Docker
  2. Running your own local package registry
  3. Using the default external package registry

These scenarios will be outlined the sections below.

Endpoint API Integration Tests Location

The endpoint api integration tests are located here

Endpoint Functional Tests Location

The endpoint functional tests are located here

Using Docker

To run the tests using the recommended docker image version you must have docker installed. The testing infrastructure will stand up a docker container using the image defined here

Make sure you're in the Kibana root directory.

Endpoint API Integration Tests

In one terminal, run:

FLEET_PACKAGE_REGISTRY_PORT=12345 yarn test:ftr:server --config x-pack/test/security_solution_endpoint_api_int/config.ts

In another terminal, run:

FLEET_PACKAGE_REGISTRY_PORT=12345 yarn test:ftr:runner --config x-pack/test/security_solution_endpoint_api_int/config.ts

Endpoint Functional Tests

In one terminal, run:

FLEET_PACKAGE_REGISTRY_PORT=12345 yarn test:ftr:server --config x-pack/test/security_solution_endpoint/config.ts

In another terminal, run:

FLEET_PACKAGE_REGISTRY_PORT=12345 yarn test:ftr:runner --config x-pack/test/security_solution_endpoint/config.ts

Running your own package registry

If you are doing endpoint package development it will be useful to run your own package registry to serve the latest package you're building. To do this use the following commands:

Make sure you're in the Kibana root directory.

Endpoint API Integration Tests

In one terminal, run:

PACKAGE_REGISTRY_URL_OVERRIDE=<url to your package registry like http://localhost:8080> yarn test:ftr:server --config x-pack/test/security_solution_endpoint_api_int/config.ts

In another terminal, run:

PACKAGE_REGISTRY_URL_OVERRIDE=<url to your package registry like http://localhost:8080>  yarn test:ftr:runner --config x-pack/test/security_solution_endpoint_api_int/config.ts

Endpoint Functional Tests

In one terminal, run:

PACKAGE_REGISTRY_URL_OVERRIDE=<url to your package registry like http://localhost:8080> yarn test:ftr:server --config x-pack/test/security_solution_endpoint/config.ts

In another terminal, run:

PACKAGE_REGISTRY_URL_OVERRIDE=<url to your package registry like http://localhost:8080>  yarn test:ftr:runner --config x-pack/test/security_solution_endpoint/config.ts

Using the default public registry

If you don't have docker installed and don't want to run your own registry, you can run the tests using the ingest manager's default public package registry. The actual package registry used is here

Make sure you're in the Kibana root directory.

Endpoint API Integration Tests

In one terminal, run:

yarn test:ftr:server --config x-pack/test/security_solution_endpoint_api_int/config.ts

In another terminal, run:

yarn test:ftr:runner --config x-pack/test/security_solution_endpoint_api_int/config.ts

Endpoint Functional Tests

In one terminal, run:

yarn test:ftr:server --config x-pack/test/security_solution_endpoint/config.ts

In another terminal, run:

yarn test:ftr:runner --config x-pack/test/security_solution_endpoint/config.ts