Skip to content

Commit 373a873

Browse files
patrykkopycinskipatrykkopycinski
committed
[Attack discovery] Optimize attack discovery test data (#206885)
## Summary Followup for #182918. Compressed content and switched to load `.ndjson.gz`directly (cherry picked from commit 67bedde)
1 parent 60959e1 commit 373a873

33 files changed

Lines changed: 38 additions & 107928 deletions

x-pack/solutions/security/plugins/security_solution/scripts/attack_discovery/load.ts

Lines changed: 38 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,11 @@ import path from 'path';
1010
import type { Client } from '@elastic/elasticsearch';
1111
import type { ToolingLog } from '@kbn/tooling-log';
1212
import type { KbnClient } from '@kbn/test';
13+
import { createGunzip } from 'zlib';
14+
import { pipeline } from 'stream';
15+
import { promisify } from 'util';
16+
17+
const pipelineAsync = promisify(pipeline);
1318

1419
const PIPELINE_NAME = 'insights_pipeline';
1520
const DIRECTORY_PATH = path.resolve(
@@ -63,6 +68,36 @@ const getRule = async ({ kbnClient, log }: { kbnClient: KbnClient; log: ToolingL
6368
return response.data.data?.[0];
6469
};
6570

71+
async function readAndDecompress({ filePath, log }: { filePath: string; log: ToolingLog }) {
72+
try {
73+
const decompressedChunks: Uint8Array[] = [];
74+
75+
// Create a read stream for the gzipped file
76+
const fileStream = fs.createReadStream(filePath);
77+
78+
// Decompress the file stream using zlib
79+
await pipelineAsync(
80+
fileStream, // Readable stream for the file
81+
createGunzip(), // Decompression stream
82+
async function* (source) {
83+
// Collect decompressed chunks
84+
for await (const chunk of source) {
85+
decompressedChunks.push(chunk);
86+
}
87+
}
88+
);
89+
90+
// Combine decompressed chunks into a single buffer and convert to string
91+
const decompressedBuffer = Buffer.concat(decompressedChunks);
92+
const decompressedText = decompressedBuffer.toString('utf-8');
93+
94+
return decompressedText;
95+
} catch (error) {
96+
log.error('Error during file reading or decompression:');
97+
log.error(error);
98+
}
99+
}
100+
66101
const importRule = async ({ kbnClient, log }: { kbnClient: KbnClient; log: ToolingLog }) => {
67102
log.info('Importing rule from endpoint_alert.ndjson...');
68103

@@ -201,7 +236,7 @@ const processFile = async ({
201236

202237
log.info(`Processing and indexing file: ${file} ...`);
203238

204-
const fileData = await fs.readFileSync(file).toString().split('\n');
239+
const fileData = (await readAndDecompress({ filePath: file, log }))?.split('\n') ?? [];
205240

206241
try {
207242
const response = await esClient.bulk<string>({
@@ -237,10 +272,10 @@ const processFilesForEpisode = async ({
237272
}) => {
238273
const dataFiles = fs
239274
.readdirSync(DIRECTORY_PATH)
240-
.filter((file) => file.includes(`ep${epNum}data.ndjson`));
275+
.filter((file) => file.includes(`ep${epNum}data.ndjson.gz`));
241276
const alertFiles = fs
242277
.readdirSync(DIRECTORY_PATH)
243-
.filter((file) => file.includes(`ep${epNum}alerts.ndjson`));
278+
.filter((file) => file.includes(`ep${epNum}alerts.ndjson.gz`));
244279

245280
for (const file of dataFiles) {
246281
await processFile({ esClient, file: path.join(DIRECTORY_PATH, file), indexType: 'data', log });

x-pack/test/security_solution_cypress/cypress/fixtures/assistant/attack_discovery/ep1alerts.ndjson

Lines changed: 0 additions & 9 deletions
This file was deleted.

x-pack/test/security_solution_cypress/cypress/fixtures/assistant/attack_discovery/ep1alerts.ndjson.gz

7.84 KB
Binary file not shown.

x-pack/test/security_solution_cypress/cypress/fixtures/assistant/attack_discovery/ep1data.ndjson

Lines changed: 0 additions & 2948 deletions
This file was deleted.

x-pack/test/security_solution_cypress/cypress/fixtures/assistant/attack_discovery/ep1data.ndjson.gz

356 KB
Binary file not shown.

x-pack/test/security_solution_cypress/cypress/fixtures/assistant/attack_discovery/ep2alerts.ndjson

Lines changed: 0 additions & 11 deletions
This file was deleted.

x-pack/test/security_solution_cypress/cypress/fixtures/assistant/attack_discovery/ep2alerts.ndjson.gz

54.9 KB
Binary file not shown.

x-pack/test/security_solution_cypress/cypress/fixtures/assistant/attack_discovery/ep2data.ndjson

Lines changed: 0 additions & 6901 deletions
This file was deleted.

x-pack/test/security_solution_cypress/cypress/fixtures/assistant/attack_discovery/ep2data.ndjson.gz

675 KB
Binary file not shown.

x-pack/test/security_solution_cypress/cypress/fixtures/assistant/attack_discovery/ep3alerts.ndjson

Lines changed: 0 additions & 32 deletions
This file was deleted.

0 commit comments

Comments
 (0)