maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/x-pack/plugins/lists
History
Frank Hassanabad 6d80bf7a21
[Security Solutions] Removes circular dependencies and introduces kbn-security-solution-es-utils package (#99828) 
## Summary

Fixes the hopefully last circular dependency issues between security solutions and lists.

* Adds a package of `@kbn/securitysolution-es-utils` and moves files from security solutions into that package.
* Re-ingests that package back into lists 

Before this PR if you ran:

```ts
node scripts/find_plugins_with_circular_deps.js --debug
```

Then you would get:

```
 debg !!!!!!!!!!!!!! CIRCULAR DEPENDENCIES FOUND !!!!!!!!!!!!!!
      !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
      ! Circular dependencies were found, you can find below  !
      ! all the paths involved.                               !
      !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 debg   01) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts
        02) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/compose/kibana.ts -> x-pack/plugins/security_solution/server/lib/framework/kibana_framework_adapter.ts -> x-pack/plugins/security_solution/server/types.ts
        03) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/compose/kibana.ts -> x-pack/plugins/security_solution/server/endpoint/types.ts -> x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts
        04) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/compose/kibana.ts -> x-pack/plugins/security_solution/server/endpoint/types.ts -> x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts -> x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.ts
        05) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/compose/kibana.ts -> x-pack/plugins/security_solution/server/endpoint/types.ts -> x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts -> x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.ts -> x-pack/plugins/security_solution/server/endpoint/services/index.ts -> x-pack/plugins/security_solution/server/endpoint/services/artifacts/index.ts -> x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/index.ts -> x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.ts
        06) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/compose/kibana.ts -> x-pack/plugins/security_solution/server/endpoint/types.ts -> x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts -> x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.ts -> x-pack/plugins/security_solution/server/endpoint/services/index.ts -> x-pack/plugins/security_solution/server/endpoint/services/artifacts/index.ts -> x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/index.ts -> x-pack/plugins/security_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.ts -> x-pack/plugins/security_solution/server/endpoint/lib/artifacts/index.ts -> x-pack/plugins/security_solution/server/endpoint/lib/artifacts/lists.ts
        07) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/compose/kibana.ts -> x-pack/plugins/security_solution/server/endpoint/types.ts -> x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts -> x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.ts -> x-pack/plugins/security_solution/server/fleet_integration/handlers/install_prepackaged_rules.ts
        08) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/compose/kibana.ts -> x-pack/plugins/security_solution/server/endpoint/types.ts -> x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts -> x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.ts -> x-pack/plugins/security_solution/server/fleet_integration/handlers/install_prepackaged_rules.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/add_prepackaged_rules_route.ts
        09) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts
        10) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
        11) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts
        12) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/query.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/filters/filter_events_against_list.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/filters/types.ts
        13) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threat_match.ts
        14) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threat_match.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/get_threat_list.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/types.ts
        15) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts -> x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts
        16) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/index.ts -> x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/handlers.ts
        17) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/index.ts -> x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/handlers.ts -> x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/service.ts
        18) x-pack/plugins/lists/server/index.ts -> x-pack/plugins/lists/server/plugin.ts -> x-pack/plugins/lists/server/routes/init_routes.ts -> x-pack/plugins/lists/server/types.ts -> x-pack/plugins/lists/server/services/lists/list_client.ts -> x-pack/plugins/lists/server/siem_server_deps.ts -> x-pack/plugins/security_solution/server/index.ts -> x-pack/plugins/security_solution/server/plugin.ts -> x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/index.ts -> x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/handlers.ts -> x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/service.ts -> x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/mapping.ts

 debg !!!!!!!!!!!!!!!!! UP TO DATE ALLOWED LIST !!!!!!!!!!!!!!!!!!
      !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
      ! The declared circular dependencies allowed list is up    !
      ! to date and includes every plugin listed in above paths. !
      !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

      The allowed circular dependencies list is (#3):
      'x-pack/plugins/lists -> x-pack/plugins/security_solution',
 succ None non allowed circular dependencies were found
```

Now you get:

```
  debg !!!!!!!!!!!!!!!!! UP TO DATE ALLOWED LIST !!!!!!!!!!!!!!!!!!
      !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
      ! The declared circular dependencies allowed list is up    !
      ! to date and includes every plugin listed in above paths. !
      !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

      The allowed circular dependencies list is (#1):
      'x-pack/plugins/lists -> x-pack/plugins/security_solution',
 succ None non allowed circular dependencies were found
```

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
2021-05-12 15:55:37 -06:00
..
.storybook [Lists][Exceptions] - Adding basic linting, i18n and storybook support (#94772) 2021-03-16 21:46:20 -04:00
common [Security Solutions] (Phase 3, part 1) Removes dependency on security_solution plugin from lists (#99431) 2021-05-10 10:16:19 -06:00
public [Security Solutions] (Phase 3, part 1) Removes dependency on security_solution plugin from lists (#99431) 2021-05-10 10:16:19 -06:00
scripts [Security Solution][Exceptions][Builder] -Move exception builder entry item exceptions ui over to lists (#94515) 2021-03-26 13:05:27 -07:00
server [Security Solutions] Removes circular dependencies and introduces kbn-security-solution-es-utils package (#99828) 2021-05-12 15:55:37 -06:00
jest.config.js Elastic License 2.0 (#90099) 2021-02-03 18:12:39 -08:00
kibana.json [Security Solutions] (Phase 3, part 1) Removes dependency on security_solution plugin from lists (#99431) 2021-05-10 10:16:19 -06:00
README.md

README.md

README.md for developers working on the backend lists on how to get started using the CURL scripts in the scripts folder.

The scripts rely on CURL and jq:

Install curl and jq (mac instructions)

brew update
brew install curl
brew install jq

Open $HOME/.zshrc or ${HOME}.bashrc depending on your SHELL output from echo $SHELL and add these environment variables:

export ELASTICSEARCH_USERNAME=${user}
export ELASTICSEARCH_PASSWORD=${password}
export ELASTICSEARCH_URL=https://${ip}:9200
export KIBANA_URL=http://localhost:5601
export TASK_MANAGER_INDEX=.kibana-task-manager-${your user id}
export KIBANA_INDEX=.kibana-${your user id}

source $HOME/.zshrc or ${HOME}.bashrc to ensure variables are set:

source ~/.zshrc

Open your kibana.dev.yml file and add these lines with your name:

xpack.lists.listIndex: '.lists-your-name'
xpack.lists.listItemIndex: '.items-your-name'

Restart Kibana and ensure that you are using --no-base-path as changing the base path is a feature but will get in the way of the CURL scripts written as is.

Go to the scripts folder cd kibana/x-pack/plugins/lists/server/scripts and run:

./hard_reset.sh
./post_list.sh

which will:

  • Delete any existing lists you have
  • Delete any existing list items you have
  • Delete any existing exception lists you have
  • Delete any existing exception list items you have
  • Delete any existing mapping, policies, and templates, you might have previously had.
  • Add the latest list and list item index and its mappings using your settings from kibana.dev.yml environment variable of xpack.lists.listIndex and xpack.lists.listItemIndex.
  • Posts the sample list from ./lists/new/ip_list.json

Now you can run

./post_list.sh

You should see the new list created like so:

{
  "id": "ip_list",
  "created_at": "2020-05-28T19:15:22.344Z",
  "created_by": "yo",
  "description": "This list describes bad internet ip",
  "name": "Simple list with an ip",
  "tie_breaker_id": "c57efbc4-4977-4a32-995f-cfd296bed521",
  "type": "ip",
  "updated_at": "2020-05-28T19:15:22.344Z",
  "updated_by": "yo"
}

You can add a list item like so:

 ./post_list_item.sh

You should see the new list item created and attached to the above list like so:

{
  "id": "hand_inserted_item_id",
  "type": "ip",
  "value": "127.0.0.1",
  "created_at": "2020-05-28T19:15:49.790Z",
  "created_by": "yo",
  "list_id": "ip_list",
  "tie_breaker_id": "a881bf2e-1e17-4592-bba8-d567cb07d234",
  "updated_at": "2020-05-28T19:15:49.790Z",
  "updated_by": "yo"
}

If you want to post an exception list it would be like so:

./post_exception_list.sh

You should see the new exception list created like so:

{
  "created_at": "2020-05-28T19:16:31.052Z",
  "created_by": "yo",
  "description": "This is a sample endpoint type exception",
  "id": "bcb94680-a117-11ea-ad9d-c71f4820e65b",
  "list_id": "endpoint_list",
  "name": "Sample Endpoint Exception List",
  "namespace_type": "single",
  "tags": [
    "user added string for a tag",
    "malware"
  ],
  "tie_breaker_id": "86e08c8c-c970-4b08-a6e2-cdba7bb4e023",
  "type": "endpoint",
  "updated_at": "2020-05-28T19:16:31.080Z",
  "updated_by": "yo"
}

And you can attach exception list items like so:

{
  "comments": [],
  "created_at": "2020-05-28T19:17:21.099Z",
  "created_by": "yo",
  "description": "This is a sample endpoint type exception",
  "entries": [
    {
      "field": "actingProcess.file.signer",
      "operator": "included",
      "type": "match",
      "value": "Elastic, N.V."
    },
    {
      "field": "event.category",
      "operator": "included",
      "type": "match_any",
      "value": [
        "process",
        "malware"
      ]
    }
  ],
  "id": "da8d3b30-a117-11ea-ad9d-c71f4820e65b",
  "item_id": "endpoint_list_item",
  "list_id": "endpoint_list",
  "name": "Sample Endpoint Exception List",
  "namespace_type": "single",
  "os_types": ["linux"],
  "tags": [
    "user added string for a tag",
    "malware"
  ],
  "tie_breaker_id": "21f84703-9476-4af8-a212-aad31e18dcb9",
  "type": "simple",
  "updated_at": "2020-05-28T19:17:21.123Z",
  "updated_by": "yo"
}

You can then do find for each one like so:

./find_lists.sh

{
  "cursor": "WzIwLFsiYzU3ZWZiYzQtNDk3Ny00YTMyLTk5NWYtY2ZkMjk2YmVkNTIxIl1d",
  "data": [
    {
      "id": "ip_list",
      "created_at": "2020-05-28T19:15:22.344Z",
      "created_by": "yo",
      "description": "This list describes bad internet ip",
      "name": "Simple list with an ip",
      "tie_breaker_id": "c57efbc4-4977-4a32-995f-cfd296bed521",
      "type": "ip",
      "updated_at": "2020-05-28T19:15:22.344Z",
      "updated_by": "yo"
    }
  ],
  "page": 1,
  "per_page": 20,
  "total": 1
}

or for finding exception lists:

./find_exception_lists.sh

{
  "data": [
    {
      "created_at": "2020-05-28T19:16:31.052Z",
      "created_by": "yo",
      "description": "This is a sample endpoint type exception",
      "id": "bcb94680-a117-11ea-ad9d-c71f4820e65b",
      "list_id": "endpoint_list",
      "name": "Sample Endpoint Exception List",
      "namespace_type": "single",
      "os_types": ["linux"],
      "tags": [
        "user added string for a tag",
        "malware"
      ],
      "tie_breaker_id": "86e08c8c-c970-4b08-a6e2-cdba7bb4e023",
      "type": "endpoint",
      "updated_at": "2020-05-28T19:16:31.080Z",
      "updated_by": "yo"
    }
  ],
  "page": 1,
  "per_page": 20,
  "total": 1
}

See the full scripts folder for all the capabilities.