Use new ECS TLS fields

tsg · tsg · commit 5aef9eb3798a · 2020-03-21T13:36:31.000+01:00
diff --git a/x-pack/legacy/plugins/siem/public/components/page/network/tls_table/__snapshots__/index.test.tsx.snap b/x-pack/legacy/plugins/siem/public/components/page/network/tls_table/__snapshots__/index.test.tsx.snap
diff --git a/x-pack/legacy/plugins/siem/public/components/page/network/tls_table/columns.tsx b/x-pack/legacy/plugins/siem/public/components/page/network/tls_table/columns.tsx
@@ -32,11 +32,11 @@ export const getTlsColumns = (tableId: string): TlsColumns => [
     truncateText: false,
     hideForMobile: false,
     sortable: false,
-    render: ({ _id, issuerNames }) =>
+    render: ({ _id, issuers }) =>
       getRowItemDraggables({
-        rowItems: issuerNames,
-        attrName: 'tls.server_certificate.issuer.common_name',
-        idPrefix: `${tableId}-${_id}-table-issuerNames`,
+        rowItems: issuers,
+        attrName: 'tls.server.issuer',
+        idPrefix: `${tableId}-${_id}-table-issuers`,
       }),
   },
   {
@@ -45,18 +45,12 @@ export const getTlsColumns = (tableId: string): TlsColumns => [
     truncateText: false,
     hideForMobile: false,
     sortable: false,
-    render: ({ _id, alternativeNames, commonNames }) =>
-      alternativeNames != null && alternativeNames.length > 0
-        ? getRowItemDraggables({
-            rowItems: alternativeNames,
-            attrName: 'tls.server_certificate.alternative_names',
-            idPrefix: `${tableId}-${_id}-table-alternative-name`,
-          })
-        : getRowItemDraggables({
-            rowItems: commonNames,
-            attrName: 'tls.server_certificate.subject.common_name',
-            idPrefix: `${tableId}-${_id}-table-common-name`,
-          }),
+    render: ({ _id, subjects }) =>
+      getRowItemDraggables({
+        rowItems: subjects,
+        attrName: 'tls.server.subject',
+        idPrefix: `${tableId}-${_id}-table-subjects`,
+      }),
   },
   {
     field: 'node._id',
diff --git a/x-pack/legacy/plugins/siem/public/components/page/network/tls_table/mock.ts b/x-pack/legacy/plugins/siem/public/components/page/network/tls_table/mock.ts
@@ -12,10 +12,9 @@ export const mockTlsData: TlsData = {
     {
       node: {
         _id: '2fe3bdf168af35b9e0ce5dc583bab007c40d47de',
-        alternativeNames: ['*.elastic.co', 'elastic.co'],
-        commonNames: ['*.elastic.co'],
+        subjects: ['*.elastic.co'],
         ja3: ['7851693188210d3b271aa1713d8c68c2', 'fb4726d465c5f28b84cd6d14cedd13a7'],
-        issuerNames: ['DigiCert SHA2 Secure Server CA'],
+        issuers: ['DigiCert SHA2 Secure Server CA'],
         notAfter: ['2021-04-22T12:00:00.000Z'],
       },
       cursor: {
@@ -25,10 +24,9 @@ export const mockTlsData: TlsData = {
     {
       node: {
         _id: '61749734b3246f1584029deb4f5276c64da00ada',
-        alternativeNames: ['api.snapcraft.io'],
-        commonNames: ['api.snapcraft.io'],
+        subjects: ['api.snapcraft.io'],
         ja3: ['839868ad711dc55bde0d37a87f14740d'],
-        issuerNames: ['DigiCert SHA2 Secure Server CA'],
+        issuers: ['DigiCert SHA2 Secure Server CA'],
         notAfter: ['2019-05-22T12:00:00.000Z'],
       },
       cursor: {
@@ -38,10 +36,9 @@ export const mockTlsData: TlsData = {
     {
       node: {
         _id: '6560d3b7dd001c989b85962fa64beb778cdae47a',
-        alternativeNames: ['changelogs.ubuntu.com', 'manpages.ubuntu.com'],
-        commonNames: ['changelogs.ubuntu.com'],
+        subjects: ['changelogs.ubuntu.com'],
         ja3: ['da12c94da8021bbaf502907ad086e7bc'],
-        issuerNames: ["Let's Encrypt Authority X3"],
+        issuers: ["Let's Encrypt Authority X3"],
         notAfter: ['2019-06-27T01:09:59.000Z'],
       },
       cursor: {
diff --git a/x-pack/legacy/plugins/siem/public/components/page/network/tls_table/translations.ts b/x-pack/legacy/plugins/siem/public/components/page/network/tls_table/translations.ts
@@ -16,7 +16,7 @@ export const TRANSPORT_LAYER_SECURITY = i18n.translate(
 export const UNIT = (totalCount: number) =>
   i18n.translate('xpack.siem.network.ipDetails.tlsTable.unit', {
     values: { totalCount },
-    defaultMessage: `{totalCount, plural, =1 {issuer} other {issuers}}`,
+    defaultMessage: `{totalCount, plural, =1 {server certificate} other {server certificates}}`,
   });
 
 // Columns
diff --git a/x-pack/legacy/plugins/siem/public/containers/tls/index.gql_query.ts b/x-pack/legacy/plugins/siem/public/containers/tls/index.gql_query.ts
@@ -33,10 +33,9 @@ export const tlsQuery = gql`
         edges {
           node {
             _id
-            alternativeNames
-            commonNames
+            subjects
             ja3
-            issuerNames
+            issuers
             notAfter
           }
           cursor {
diff --git a/x-pack/legacy/plugins/siem/public/graphql/introspection.json b/x-pack/legacy/plugins/siem/public/graphql/introspection.json
@@ -9213,22 +9213,6 @@
             "isDeprecated": false,
             "deprecationReason": null
           },
-          {
-            "name": "alternativeNames",
-            "description": "",
-            "args": [],
-            "type": {
-              "kind": "LIST",
-              "name": null,
-              "ofType": {
-                "kind": "NON_NULL",
-                "name": null,
-                "ofType": { "kind": "SCALAR", "name": "String", "ofType": null }
-              }
-            },
-            "isDeprecated": false,
-            "deprecationReason": null
-          },
           {
             "name": "notAfter",
             "description": "",
@@ -9246,7 +9230,7 @@
             "deprecationReason": null
           },
           {
-            "name": "commonNames",
+            "name": "subjects",
             "description": "",
             "args": [],
             "type": {
@@ -9278,7 +9262,7 @@
             "deprecationReason": null
           },
           {
-            "name": "issuerNames",
+            "name": "issuers",
             "description": "",
             "args": [],
             "type": {
diff --git a/x-pack/legacy/plugins/siem/public/graphql/types.ts b/x-pack/legacy/plugins/siem/public/graphql/types.ts
@@ -1859,15 +1859,13 @@ export interface TlsNode {
 
   timestamp?: Maybe<string>;
 
-  alternativeNames?: Maybe<string[]>;
-
   notAfter?: Maybe<string[]>;
 
-  commonNames?: Maybe<string[]>;
+  subjects?: Maybe<string[]>;
 
   ja3?: Maybe<string[]>;
 
-  issuerNames?: Maybe<string[]>;
+  issuers?: Maybe<string[]>;
 }
 
 export interface UncommonProcessesData {
@@ -5679,13 +5677,11 @@ export namespace GetTlsQuery {
 
     _id: Maybe<string>;
 
-    alternativeNames: Maybe<string[]>;
-
-    commonNames: Maybe<string[]>;
+    subjects: Maybe<string[]>;
 
     ja3: Maybe<string[]>;
 
-    issuerNames: Maybe<string[]>;
+    issuers: Maybe<string[]>;
 
     notAfter: Maybe<string[]>;
   };
diff --git a/x-pack/legacy/plugins/siem/server/graphql/tls/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/tls/schema.gql.ts
@@ -13,11 +13,10 @@ export const tlsSchema = gql`
   type TlsNode {
     _id: String
     timestamp: Date
-    alternativeNames: [String!]
     notAfter: [String!]
-    commonNames: [String!]
+    subjects: [String!]
     ja3: [String!]
-    issuerNames: [String!]
+    issuers: [String!]
   }
   input TlsSortField {
     field: TlsFields!
diff --git a/x-pack/legacy/plugins/siem/server/graphql/types.ts b/x-pack/legacy/plugins/siem/server/graphql/types.ts
@@ -1861,15 +1861,13 @@ export interface TlsNode {
 
   timestamp?: Maybe<string>;
 
-  alternativeNames?: Maybe<string[]>;
-
   notAfter?: Maybe<string[]>;
 
-  commonNames?: Maybe<string[]>;
+  subjects?: Maybe<string[]>;
 
   ja3?: Maybe<string[]>;
 
-  issuerNames?: Maybe<string[]>;
+  issuers?: Maybe<string[]>;
 }
 
 export interface UncommonProcessesData {
@@ -7824,15 +7822,13 @@ export namespace TlsNodeResolvers {
 
     timestamp?: TimestampResolver<Maybe<string>, TypeParent, TContext>;
 
-    alternativeNames?: AlternativeNamesResolver<Maybe<string[]>, TypeParent, TContext>;
-
     notAfter?: NotAfterResolver<Maybe<string[]>, TypeParent, TContext>;
 
-    commonNames?: CommonNamesResolver<Maybe<string[]>, TypeParent, TContext>;
+    subjects?: SubjectsResolver<Maybe<string[]>, TypeParent, TContext>;
 
     ja3?: Ja3Resolver<Maybe<string[]>, TypeParent, TContext>;
 
-    issuerNames?: IssuerNamesResolver<Maybe<string[]>, TypeParent, TContext>;
+    issuers?: IssuersResolver<Maybe<string[]>, TypeParent, TContext>;
   }
 
   export type _IdResolver<R = Maybe<string>, Parent = TlsNode, TContext = SiemContext> = Resolver<
@@ -7845,17 +7841,12 @@ export namespace TlsNodeResolvers {
     Parent = TlsNode,
     TContext = SiemContext
   > = Resolver<R, Parent, TContext>;
-  export type AlternativeNamesResolver<
-    R = Maybe<string[]>,
-    Parent = TlsNode,
-    TContext = SiemContext
-  > = Resolver<R, Parent, TContext>;
   export type NotAfterResolver<
     R = Maybe<string[]>,
     Parent = TlsNode,
     TContext = SiemContext
   > = Resolver<R, Parent, TContext>;
-  export type CommonNamesResolver<
+  export type SubjectsResolver<
     R = Maybe<string[]>,
     Parent = TlsNode,
     TContext = SiemContext
@@ -7865,7 +7856,7 @@ export namespace TlsNodeResolvers {
     Parent,
     TContext
   >;
-  export type IssuerNamesResolver<
+  export type IssuersResolver<
     R = Maybe<string[]>,
     Parent = TlsNode,
     TContext = SiemContext
diff --git a/x-pack/legacy/plugins/siem/server/lib/tls/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/tls/elasticsearch_adapter.ts
@@ -66,10 +66,9 @@ export const formatTlsEdges = (buckets: TlsBuckets[]): TlsEdges[] => {
     const edge: TlsEdges = {
       node: {
         _id: bucket.key,
-        alternativeNames: bucket.alternative_names.buckets.map(({ key }) => key),
-        commonNames: bucket.common_names.buckets.map(({ key }) => key),
+        subjects: bucket.subjects.buckets.map(({ key }) => key),
         ja3: bucket.ja3.buckets.map(({ key }) => key),
-        issuerNames: bucket.issuer_names.buckets.map(({ key }) => key),
+        issuers: bucket.issuers.buckets.map(({ key }) => key),
         // eslint-disable-next-line @typescript-eslint/camelcase
         notAfter: bucket.not_after.buckets.map(({ key_as_string }) => key_as_string),
       },
diff --git a/x-pack/legacy/plugins/siem/server/lib/tls/mock.ts b/x-pack/legacy/plugins/siem/server/lib/tls/mock.ts
diff --git a/x-pack/legacy/plugins/siem/server/lib/tls/query_tls.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/tls/query_tls.dsl.ts
diff --git a/x-pack/legacy/plugins/siem/server/lib/tls/types.ts b/x-pack/legacy/plugins/siem/server/lib/tls/types.ts
