Skip to content

Commit 7644225

Browse files
ycterceroelasticmachine
yctercero
and
elasticmachine
committed
[SIEM][Detections Engine] Add note markdown field to backend (#59796)
* add new note markdown field to DE backend Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
1 parent 2231693 commit 7644225

46 files changed

Lines changed: 612 additions & 2 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/__mocks__/request_responses.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,7 @@ export const mockPrepackagedRule = (): PrepackagedRules => ({
5959
version: 1,
6060
false_positives: [],
6161
max_signals: 100,
62+
note: '',
6263
timeline_id: 'timeline-id',
6364
timeline_title: 'timeline-title',
6465
});
@@ -392,6 +393,7 @@ export const getResult = (): RuleAlertType => ({
392393
},
393394
],
394395
references: ['http://www.example.com', 'https://ww.example.com'],
396+
note: '# Investigative notes',
395397
version: 1,
396398
},
397399
createdAt: new Date('2019-12-13T16:40:33.400Z'),

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/index/signals_mapping.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,9 @@
133133
}
134134
}
135135
},
136+
"note": {
137+
"type": "text"
138+
},
136139
"type": {
137140
"type": "keyword"
138141
},

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_bulk_route.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,7 @@ export const createRulesBulkRoute = (router: IRouter) => {
7878
to,
7979
type,
8080
references,
81+
note,
8182
timeline_id: timelineId,
8283
timeline_title: timelineTitle,
8384
version,
@@ -131,6 +132,7 @@ export const createRulesBulkRoute = (router: IRouter) => {
131132
type,
132133
threat,
133134
references,
135+
note,
134136
version,
135137
});
136138
return transformValidateBulkError(ruleIdOrUuid, createdRule);

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_route.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ export const createRulesRoute = (router: IRouter): void => {
5555
to,
5656
type,
5757
references,
58+
note,
5859
} = request.body;
5960
const siemResponse = buildSiemResponse(response);
6061

@@ -117,6 +118,7 @@ export const createRulesRoute = (router: IRouter): void => {
117118
type,
118119
threat,
119120
references,
121+
note,
120122
version: 1,
121123
});
122124
const ruleStatuses = await savedObjectsClient.find<

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
134134
to,
135135
type,
136136
references,
137+
note,
137138
timeline_id: timelineId,
138139
timeline_title: timelineTitle,
139140
version,
@@ -183,6 +184,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
183184
type,
184185
threat,
185186
references,
187+
note,
186188
version,
187189
});
188190
resolve({ rule_id: ruleId, status_code: 200 });
@@ -217,6 +219,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
217219
type,
218220
threat,
219221
references,
222+
note,
220223
version,
221224
});
222225
resolve({ rule_id: ruleId, status_code: 200 });

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@ export const patchRulesBulkRoute = (router: IRouter) => {
7171
type,
7272
threat,
7373
references,
74+
note,
7475
version,
7576
} = payloadRule;
7677
const idOrRuleIdOrUnknown = id ?? ruleId ?? '(unknown id)';
@@ -104,6 +105,7 @@ export const patchRulesBulkRoute = (router: IRouter) => {
104105
type,
105106
threat,
106107
references,
108+
note,
107109
version,
108110
});
109111
if (rule != null) {

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ export const patchRulesRoute = (router: IRouter) => {
5555
type,
5656
threat,
5757
references,
58+
note,
5859
version,
5960
} = request.body;
6061
const siemResponse = buildSiemResponse(response);
@@ -101,6 +102,7 @@ export const patchRulesRoute = (router: IRouter) => {
101102
type,
102103
threat,
103104
references,
105+
note,
104106
version,
105107
});
106108
if (rule != null) {

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_bulk_route.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@ export const updateRulesBulkRoute = (router: IRouter) => {
7272
type,
7373
threat,
7474
references,
75+
note,
7576
version,
7677
} = payloadRule;
7778
const finalIndex = outputIndex ?? siemClient.signalsIndex;
@@ -107,6 +108,7 @@ export const updateRulesBulkRoute = (router: IRouter) => {
107108
type,
108109
threat,
109110
references,
111+
note,
110112
version,
111113
});
112114
if (rule != null) {

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_route.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ export const updateRulesRoute = (router: IRouter) => {
5555
type,
5656
threat,
5757
references,
58+
note,
5859
version,
5960
} = request.body;
6061
const siemResponse = buildSiemResponse(response);
@@ -103,6 +104,7 @@ export const updateRulesRoute = (router: IRouter) => {
103104
type,
104105
threat,
105106
references,
107+
note,
106108
version,
107109
});
108110
if (rule != null) {

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/utils.test.ts

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,7 @@ describe('utils', () => {
9292
timeline_title: 'some-timeline-title',
9393
to: 'now',
9494
type: 'query',
95+
note: '# Investigative notes',
9596
version: 1,
9697
};
9798
expect(rule).toEqual(expected);
@@ -154,6 +155,7 @@ describe('utils', () => {
154155
timeline_title: 'some-timeline-title',
155156
to: 'now',
156157
type: 'query',
158+
note: '# Investigative notes',
157159
version: 1,
158160
};
159161
expect(omitData).toEqual(expected);
@@ -218,6 +220,7 @@ describe('utils', () => {
218220
timeline_title: 'some-timeline-title',
219221
to: 'now',
220222
type: 'query',
223+
note: '# Investigative notes',
221224
version: 1,
222225
};
223226
expect(rule).toEqual(expected);
@@ -282,6 +285,7 @@ describe('utils', () => {
282285
timeline_title: 'some-timeline-title',
283286
to: 'now',
284287
type: 'query',
288+
note: '# Investigative notes',
285289
version: 1,
286290
};
287291
expect(rule).toEqual(expected);
@@ -344,6 +348,7 @@ describe('utils', () => {
344348
timeline_title: 'some-timeline-title',
345349
to: 'now',
346350
type: 'query',
351+
note: '# Investigative notes',
347352
version: 1,
348353
};
349354
expect(omitData).toEqual(expected);
@@ -409,6 +414,7 @@ describe('utils', () => {
409414
timeline_title: 'some-timeline-title',
410415
to: 'now',
411416
type: 'query',
417+
note: '# Investigative notes',
412418
version: 1,
413419
};
414420
expect(ruleWithEnabledFalse).toEqual(expected);
@@ -474,6 +480,7 @@ describe('utils', () => {
474480
timeline_title: 'some-timeline-title',
475481
to: 'now',
476482
type: 'query',
483+
note: '# Investigative notes',
477484
version: 1,
478485
};
479486
expect(ruleWithEnabledFalse).toEqual(expected);
@@ -539,6 +546,7 @@ describe('utils', () => {
539546
timeline_title: 'some-timeline-title',
540547
to: 'now',
541548
type: 'query',
549+
note: '# Investigative notes',
542550
version: 1,
543551
};
544552
expect(rule).toEqual(expected);
@@ -688,6 +696,7 @@ describe('utils', () => {
688696
},
689697
timeline_id: 'some-timeline-id',
690698
timeline_title: 'some-timeline-title',
699+
note: '# Investigative notes',
691700
version: 1,
692701
};
693702
expect(output).toEqual({
@@ -769,6 +778,7 @@ describe('utils', () => {
769778
},
770779
timeline_id: 'some-timeline-id',
771780
timeline_title: 'some-timeline-title',
781+
note: '# Investigative notes',
772782
version: 1,
773783
};
774784
expect(output).toEqual(expected);
@@ -941,6 +951,7 @@ describe('utils', () => {
941951
},
942952
timeline_id: 'some-timeline-id',
943953
timeline_title: 'some-timeline-title',
954+
note: '# Investigative notes',
944955
version: 1,
945956
};
946957
expect(output).toEqual(expected);
@@ -1053,6 +1064,7 @@ describe('utils', () => {
10531064
type: 'query',
10541065
updated_at: '2019-12-13T16:40:33.400Z',
10551066
updated_by: 'elastic',
1067+
note: '# Investigative notes',
10561068
version: 1,
10571069
},
10581070
]);
@@ -1112,6 +1124,7 @@ describe('utils', () => {
11121124
type: 'query',
11131125
updated_at: '2019-12-13T16:40:33.400Z',
11141126
updated_by: 'elastic',
1127+
note: '# Investigative notes',
11151128
version: 1,
11161129
},
11171130
{
@@ -1160,6 +1173,7 @@ describe('utils', () => {
11601173
type: 'query',
11611174
updated_at: '2019-12-13T16:40:33.400Z',
11621175
updated_by: 'elastic',
1176+
note: '# Investigative notes',
11631177
version: 1,
11641178
},
11651179
]);

0 commit comments

Comments
 (0)