Skip to content

Add isConfigSchema typeguard and stop using instanceof Type checks in core#63821

Merged
pgayvallet merged 6 commits intoelastic:masterfrom
pgayvallet:kbn-61652-is-config-schema
Apr 17, 2020
Merged

Add isConfigSchema typeguard and stop using instanceof Type checks in core#63821
pgayvallet merged 6 commits intoelastic:masterfrom
pgayvallet:kbn-61652-is-config-schema

Conversation

@pgayvallet
Copy link
Copy Markdown
Contributor

@pgayvallet pgayvallet commented Apr 17, 2020
edited
Loading

Summary

Fix #61652

Add a isConfigSchema type guard to kbn/config-schema and replace instanceof Type checks in core with it.

Checklist

@pgayvallet pgayvallet added Feature:New Platform release_note:skip Skip the PR/issue when compiling release notes Team:Core Platform Core services: plugins, logging, config, saved objects, http, ES client, i18n, etc t// v7.8.0 v8.0.0 labels Apr 17, 2020
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Apr 17, 2020

Pinging @elastic/kibana-platform (Team:Platform)

@pgayvallet pgayvallet force-pushed the kbn-61652-is-config-schema branch from 3a26331 to 3c3e479 Compare April 17, 2020 08:08
pgayvallet
pgayvallet commented Apr 17, 2020
View reviewed changes
test/plugin_functional/plugins/core_config_schema/server/plugin.ts Outdated
Comment on lines +26 to +34
router.get(
{
path: '/api/core_config_schema/foo',
validate: {
query: schema.object({
foo: schema.string(),
bar: schema.number(),
}),
},
Copy link
Copy Markdown
Contributor Author

@pgayvallet pgayvallet Apr 17, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: the presence/addition of this plugin is sufficient to test the fix, as all test suites in test/plugin_functional would fail with Expected a valid validation logic declared with '@kbn/config-schema' package or a RouteValidationFunction at key: [query]when the server loads the plugin. I will remove the plugin when we have other test plugins using route validation, probably in #63549 as it got one.

Copy link
Copy Markdown
Contributor

@mshustov mshustov Apr 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure we need it in the master. This functionality will be covered by the unit-tests and tests in #63549 or updated #61652

I'm just concerned with many files without a clear intention. We can add your comment to the plugin body, though.

Copy link
Copy Markdown
Contributor Author

@pgayvallet pgayvallet Apr 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea, I agree. I was wondering if I should remove it. I initially added it as the issue is not easily reproductible outside of the CI builds, but now that I got a green build, I can remove it if we think this is better. WDYT?

Copy link
Copy Markdown
Contributor

@mshustov mshustov Apr 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 let's remove then

pgayvallet
pgayvallet commented Apr 17, 2020
View reviewed changes
packages/kbn-config-schema/src/typeguards/is_config_schema.ts
import { Type } from '../types';

export function isConfigSchema(obj: any): obj is Type<any> {
return obj ? obj.__isKbnConfigSchemaType === true : false;
Copy link
Copy Markdown
Contributor Author

@pgayvallet pgayvallet Apr 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I started with the ?. syntax, but it looks like the packages are not transpiled the same way src is, and I was getting CI failures with

return obj?.__isKbnConfigSchemaType === true;
               ^

SyntaxError: Unexpected token .

in karma tests...

@pgayvallet pgayvallet marked this pull request as ready for review April 17, 2020 09:13
@pgayvallet pgayvallet requested a review from a team as a code owner April 17, 2020 09:13
mshustov
mshustov approved these changes Apr 17, 2020
View reviewed changes
test/plugin_functional/plugins/core_config_schema/server/plugin.ts Outdated
Comment on lines +26 to +34
router.get(
{
path: '/api/core_config_schema/foo',
validate: {
query: schema.object({
foo: schema.string(),
bar: schema.number(),
}),
},
Copy link
Copy Markdown
Contributor

@mshustov mshustov Apr 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure we need it in the master. This functionality will be covered by the unit-tests and tests in #63549 or updated #61652

I'm just concerned with many files without a clear intention. We can add your comment to the plugin body, though.

packages/kbn-config-schema/src/typeguards/is_config_schema.test.ts Outdated
expect(isConfigSchema(schema.stream())).toBe(true);
});

it('returns false for every primitive types', () => {
Copy link
Copy Markdown
Contributor

@mshustov mshustov Apr 17, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
it('returns false for every primitive types', () => {
it('returns false for every javascript data type', () => {

@pgayvallet
Copy link
Copy Markdown
Contributor Author

pgayvallet commented Apr 17, 2020

retest

@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Apr 17, 2020

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / kibana-xpack-agent / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/find_statuses·ts.detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 9 times on tracked branches: https://github.com/elastic/kibana/issues/63747

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:02:14]           └-: find_statuses
[00:02:14]             └-> "before all" hook
[00:02:14]             └-> should return an empty find statuses body correctly if no statuses are loaded
[00:02:14]               └-> "before each" hook: global before each
[00:02:14]               └-> "before each" hook
[00:02:14]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] adding index lifecycle policy [.siem-signals-default]
[00:02:14]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:14]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] applying create index request using v1 templates [{".siem-signals-default":{"order":0,"index_patterns":[".siem-signals-default-*"],"settings":{"index":{"lifecycle":{"name":".siem-signals-default","rollover_alias":".siem-signals-default"}}},"mappings":{"_doc":{"dynamic":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"tag":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"runtime":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"server":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"agent":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"log":{"properties":{"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"level":{"ignore_above":1024,"type":"keyword"},"logger":{"ignore_above":1024,"type":"keyword"},"origin":{"properties":{"file":{"properties":{"line":{"type":"integer"},"name":{"ignore_above":1024,"type":"keyword"}}},"function":{"ignore_above":1024,"type":"keyword"}}},"syslog":{"type":"object","properties":{"severity":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}},"priority":{"type":"long"},"facility":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}}}}}},"destination":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"rule":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"ruleset":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"uuid":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"error":{"properties":{"code":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"stack_trace":{"ignore_above":1024,"index":false,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword","doc_values":false},"message":{"norms":false,"type":"text"},"type":{"ignore_above":1024,"type":"keyword"}}},"network":{"properties":{"community_id":{"ignore_above":1024,"type":"keyword"},"forwarded_ip":{"type":"ip"},"protocol":{"ignore_above":1024,"type":"keyword"},"application":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"transport":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"iana_number":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"direction":{"ignore_above":1024,"type":"keyword"}}},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"observer":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"product":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"vendor":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"serial_number":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"}}},"trace":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"file":{"properties":{"owner":{"ignore_above":1024,"type":"keyword"},"extension":{"ignore_above":1024,"type":"keyword"},"gid":{"ignore_above":1024,"type":"keyword"},"drive_letter":{"ignore_above":1,"type":"keyword"},"created":{"type":"date"},"accessed":{"type":"date"},"mtime":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"directory":{"ignore_above":1024,"type":"keyword"},"target_path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"inode":{"ignore_above":1024,"type":"keyword"},"mode":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"uid":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"ctime":{"type":"date"},"attributes":{"ignore_above":1024,"type":"keyword"},"device":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"group":{"ignore_above":1024,"type":"keyword"}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"related":{"properties":{"ip":{"type":"ip"},"user":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"},"uptime":{"type":"long"}}},"client":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"event":{"properties":{"severity":{"type":"long"},"code":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"ignore_above":1024,"type":"keyword"},"start":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"ingested":{"type":"date"},"provider":{"ignore_above":1024,"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"ignore_above":1024,"type":"keyword"},"end":{"type":"date"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"signal":{"properties":{"parent":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"index":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"rule":{"properties":{"note":{"type":"text"},"references":{"type":"keyword"},"description":{"type":"keyword"},"created_at":{"type":"date"},"language":{"type":"keyword"},"output_index":{"type":"keyword"},"type":{"type":"keyword"},"enabled":{"type":"keyword"},"updated_at":{"type":"date"},"from":{"type":"keyword"},"id":{"type":"keyword"},"timeline_id":{"type":"keyword"},"max_signals":{"type":"keyword"},"severity":{"type":"keyword"},"risk_score":{"type":"keyword"},"query":{"type":"keyword"},"index":{"type":"keyword"},"filters":{"type":"object"},
[00:02:14]                 │ info "created_by":{"type":"keyword"},"version":{"type":"keyword"},"saved_id":{"type":"keyword"},"tags":{"type":"keyword"},"rule_id":{"type":"keyword"},"immutable":{"type":"keyword"},"size":{"type":"keyword"},"timeline_title":{"type":"keyword"},"name":{"type":"keyword"},"updated_by":{"type":"keyword"},"interval":{"type":"keyword"},"false_positives":{"type":"keyword"},"threat":{"properties":{"framework":{"type":"keyword"},"technique":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}},"tactic":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}}}},"to":{"type":"keyword"}}},"original_time":{"type":"date"},"ancestors":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"original_event":{"properties":{"severity":{"type":"long"},"code":{"type":"keyword"},"original":{"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"type":"keyword"},"timezone":{"type":"keyword"},"module":{"type":"keyword"},"start":{"type":"date"},"type":{"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"provider":{"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"type":"keyword"},"end":{"type":"date"},"id":{"type":"keyword"},"category":{"type":"keyword"},"dataset":{"type":"keyword"},"hash":{"type":"keyword"},"outcome":{"type":"keyword"}}},"status":{"type":"keyword"}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"registry":{"properties":{"hive":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"data":{"properties":{"strings":{"ignore_above":1024,"type":"keyword"},"bytes":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"value":{"ignore_above":1024,"type":"keyword"},"key":{"ignore_above":1024,"type":"keyword"}}},"process":{"properties":{"parent":{"properties":{"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}}}},"package":{"properties":{"installed":{"type":"date"},"build_version":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"reference":{"ignore_above":1024,"type":"keyword"},"license":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"install_scope":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"checksum":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"dns":{"properties":{"op_code":{"ignore_above":1024,"type":"keyword"},"resolved_ip":{"type":"ip"},"response_code":{"ignore_above":1024,"type":"keyword"},"question":{"properties":{"registered_domain":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"subdomain":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"}}},"answers":{"type":"object","properties":{"data":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"},"ttl":{"type":"long"}}},"header_flags":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"vulnerability":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"severity":{"ignore_above":1024,"type":"keyword"},"score":{"properties":{"environmental":{"type":"float"},"version":{"ignore_above":1024,"type":"keyword"},"temporal":{"type":"float"},"base":{"type":"float"}}},"report_id":{"ignore_above":1024,"type":"keyword"},"scanner":{"properties":{"vendor":{"ignore_above":1024,"type":"keyword"}}},"description":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"classification":{"ignore_above":1024,"type":"keyword"},"enumeration":{"ignore_above":1024,"type":"keyword"}}},"message":{"norms":false,"type":"text"},"url":{"properties":{"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"scheme":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"fragment":{"ignore_above":1024,"type":"keyword"},"password":{"ignore_above":1024,"type":"keyword"},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"username":{"ignore_above":1024,"type":"keyword"}}},"labels":{"type":"object"},"tags":{"ignore_above":1024,"type":"keyword"},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"@timestamp":{"type":"date"},"service":{"properties":{"node":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"state":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"response":{"properties":{"status_code":{"type":"long"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"established":{"type":"boolean"},"server":{"properties":{"not_after":{"type":"date"},"ja3s":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"curve":{"ignore_above":1024,"type":"keyword"},"client":{"properties":{"not_after":{"type":"date"},"server_name":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"supported_ciphers":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"ja3":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"next_protocol":{"ignore_above":1024,"type":"keyword"},"resumed":{"type":"boolean"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"threat":{"properties":{"framework":{"ignore_above":1024,"type":"keyword"},"technique":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"tactic":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"transaction":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}}},"aliases":{}}}]
[00:02:14]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:14]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:14]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:14]               │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:14]               └- ✓ pass  (63ms) "detection engine api security and spaces enabled find_statuses should return an empty find statuses body correctly if no statuses are loaded"
[00:02:14]             └-> "after each" hook
[00:02:14]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] [.siem-signals-default-000001/EFSx11uuSJG72VgwFxLSzA] deleting index
[00:02:14]               │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] removing template [.siem-signals-default]
[00:02:14]             └-> should return a single rule status when a single rule is loaded from a find status with defaults added
[00:02:14]               └-> "before each" hook: global before each
[00:02:14]               └-> "before each" hook
[00:02:14]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] adding index lifecycle policy [.siem-signals-default]
[00:02:14]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:14]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] applying create index request using v1 templates [{".siem-signals-default":{"order":0,"index_patterns":[".siem-signals-default-*"],"settings":{"index":{"lifecycle":{"name":".siem-signals-default","rollover_alias":".siem-signals-default"}}},"mappings":{"_doc":{"dynamic":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"tag":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"runtime":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"server":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"agent":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"log":{"properties":{"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"level":{"ignore_above":1024,"type":"keyword"},"logger":{"ignore_above":1024,"type":"keyword"},"origin":{"properties":{"file":{"properties":{"line":{"type":"integer"},"name":{"ignore_above":1024,"type":"keyword"}}},"function":{"ignore_above":1024,"type":"keyword"}}},"syslog":{"type":"object","properties":{"severity":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}},"priority":{"type":"long"},"facility":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}}}}}},"destination":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"rule":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"ruleset":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"uuid":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"error":{"properties":{"code":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"stack_trace":{"ignore_above":1024,"index":false,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword","doc_values":false},"message":{"norms":false,"type":"text"},"type":{"ignore_above":1024,"type":"keyword"}}},"network":{"properties":{"community_id":{"ignore_above":1024,"type":"keyword"},"forwarded_ip":{"type":"ip"},"protocol":{"ignore_above":1024,"type":"keyword"},"application":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"transport":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"iana_number":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"direction":{"ignore_above":1024,"type":"keyword"}}},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"observer":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"product":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"vendor":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"serial_number":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"}}},"trace":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"file":{"properties":{"owner":{"ignore_above":1024,"type":"keyword"},"extension":{"ignore_above":1024,"type":"keyword"},"gid":{"ignore_above":1024,"type":"keyword"},"drive_letter":{"ignore_above":1,"type":"keyword"},"created":{"type":"date"},"accessed":{"type":"date"},"mtime":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"directory":{"ignore_above":1024,"type":"keyword"},"target_path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"inode":{"ignore_above":1024,"type":"keyword"},"mode":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"uid":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"ctime":{"type":"date"},"attributes":{"ignore_above":1024,"type":"keyword"},"device":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"group":{"ignore_above":1024,"type":"keyword"}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"related":{"properties":{"ip":{"type":"ip"},"user":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"},"uptime":{"type":"long"}}},"client":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"event":{"properties":{"severity":{"type":"long"},"code":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"ignore_above":1024,"type":"keyword"},"start":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"ingested":{"type":"date"},"provider":{"ignore_above":1024,"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"ignore_above":1024,"type":"keyword"},"end":{"type":"date"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"signal":{"properties":{"parent":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"index":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"rule":{"properties":{"note":{"type":"text"},"references":{"type":"keyword"},"description":{"type":"keyword"},"created_at":{"type":"date"},"language":{"type":"keyword"},"output_index":{"type":"keyword"},"type":{"type":"keyword"},"enabled":{"type":"keyword"},"updated_at":{"type":"date"},"from":{"type":"keyword"},"id":{"type":"keyword"},"timeline_id":{"type":"keyword"},"max_signals":{"type":"keyword"},"severity":{"type":"keyword"},"risk_score":{"type":"keyword"},"query":{"type":"keyword"},"index":{"type":"keyword"},"filters":{"type":"object"},
[00:02:14]                 │ info "created_by":{"type":"keyword"},"version":{"type":"keyword"},"saved_id":{"type":"keyword"},"tags":{"type":"keyword"},"rule_id":{"type":"keyword"},"immutable":{"type":"keyword"},"size":{"type":"keyword"},"timeline_title":{"type":"keyword"},"name":{"type":"keyword"},"updated_by":{"type":"keyword"},"interval":{"type":"keyword"},"false_positives":{"type":"keyword"},"threat":{"properties":{"framework":{"type":"keyword"},"technique":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}},"tactic":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}}}},"to":{"type":"keyword"}}},"original_time":{"type":"date"},"ancestors":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"original_event":{"properties":{"severity":{"type":"long"},"code":{"type":"keyword"},"original":{"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"type":"keyword"},"timezone":{"type":"keyword"},"module":{"type":"keyword"},"start":{"type":"date"},"type":{"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"provider":{"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"type":"keyword"},"end":{"type":"date"},"id":{"type":"keyword"},"category":{"type":"keyword"},"dataset":{"type":"keyword"},"hash":{"type":"keyword"},"outcome":{"type":"keyword"}}},"status":{"type":"keyword"}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"registry":{"properties":{"hive":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"data":{"properties":{"strings":{"ignore_above":1024,"type":"keyword"},"bytes":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"value":{"ignore_above":1024,"type":"keyword"},"key":{"ignore_above":1024,"type":"keyword"}}},"process":{"properties":{"parent":{"properties":{"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}}}},"package":{"properties":{"installed":{"type":"date"},"build_version":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"reference":{"ignore_above":1024,"type":"keyword"},"license":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"install_scope":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"checksum":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"dns":{"properties":{"op_code":{"ignore_above":1024,"type":"keyword"},"resolved_ip":{"type":"ip"},"response_code":{"ignore_above":1024,"type":"keyword"},"question":{"properties":{"registered_domain":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"subdomain":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"}}},"answers":{"type":"object","properties":{"data":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"},"ttl":{"type":"long"}}},"header_flags":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"vulnerability":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"severity":{"ignore_above":1024,"type":"keyword"},"score":{"properties":{"environmental":{"type":"float"},"version":{"ignore_above":1024,"type":"keyword"},"temporal":{"type":"float"},"base":{"type":"float"}}},"report_id":{"ignore_above":1024,"type":"keyword"},"scanner":{"properties":{"vendor":{"ignore_above":1024,"type":"keyword"}}},"description":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"classification":{"ignore_above":1024,"type":"keyword"},"enumeration":{"ignore_above":1024,"type":"keyword"}}},"message":{"norms":false,"type":"text"},"url":{"properties":{"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"scheme":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"fragment":{"ignore_above":1024,"type":"keyword"},"password":{"ignore_above":1024,"type":"keyword"},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"username":{"ignore_above":1024,"type":"keyword"}}},"labels":{"type":"object"},"tags":{"ignore_above":1024,"type":"keyword"},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"@timestamp":{"type":"date"},"service":{"properties":{"node":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"state":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"response":{"properties":{"status_code":{"type":"long"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"established":{"type":"boolean"},"server":{"properties":{"not_after":{"type":"date"},"ja3s":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"curve":{"ignore_above":1024,"type":"keyword"},"client":{"properties":{"not_after":{"type":"date"},"server_name":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"supported_ciphers":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"ja3":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"next_protocol":{"ignore_above":1024,"type":"keyword"},"resumed":{"type":"boolean"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"threat":{"properties":{"framework":{"ignore_above":1024,"type":"keyword"},"technique":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"tactic":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"transaction":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}}},"aliases":{}}}]
[00:02:14]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:14]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:15]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:15]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-oraclelinux-tests-xl-1587129352758883255] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:19]               └- ✖ fail: "detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added"
[00:02:19]               │

Stack Trace

TypeError: Cannot read property 'status' of null
    at Promise.then (test/detection_engine_api_integration/security_and_spaces/tests/find_statuses.ts:62:90)

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@pgayvallet pgayvallet merged commit c4ddd00 into elastic:master Apr 17, 2020
pgayvallet added a commit to pgayvallet/kibana that referenced this pull request Apr 17, 2020
@pgayvallet
Add isConfigSchema typeguard and stop using instanceof Type checks …
138b4ec 
…in core (elastic#63821)

* add isConfigSchema type guard

* replace instanceof checks with isConfigSchema

* add dummy test plugin using a route with validation schema

* remove `?.` prop access

* remove test plugin

* fix test description
@pgayvallet pgayvallet mentioned this pull request Apr 17, 2020
Merged
pgayvallet added a commit that referenced this pull request Apr 17, 2020
@pgayvallet
Add isConfigSchema typeguard and stop using instanceof Type checks …
e1c530e 
…in core (#63821) (#63867)

* add isConfigSchema type guard

* replace instanceof checks with isConfigSchema

* add dummy test plugin using a route with validation schema

* remove `?.` prop access

* remove test plugin

* fix test description
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mshustov mshustov mshustov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Feature:New Platform release_note:skip Skip the PR/issue when compiling release notes Team:Core Platform Core services: plugins, logging, config, saved objects, http, ES client, i18n, etc t// v7.8.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Test Kibana Platform plugins cannot use @kbn/config-schema

4 participants

@pgayvallet @elasticmachine @kibanamachine @mshustov