[Security Solution] Coverage Overview Dashboard (elastic#161556)

bryce-b · Aug 9, 2023 · be11d9d · be11d9d
1 parent 0606337
commit be11d9d
Show file tree

Hide file tree

Showing 38 changed files with 1,660 additions and 39 deletions.
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.ts
@@ -26,8 +26,14 @@ import type {
   ReviewRuleUpgradeResponseBody,
   ReviewRuleInstallationResponseBody,
 } from '../../../../common/api/detection_engine/prebuilt_rules';
-import type { GetRuleManagementFiltersResponse } from '../../../../common/api/detection_engine/rule_management';
-import { RULE_MANAGEMENT_FILTERS_URL } from '../../../../common/api/detection_engine/rule_management';
+import type {
+  CoverageOverviewResponse,
+  GetRuleManagementFiltersResponse,
+} from '../../../../common/api/detection_engine/rule_management';
+import {
+  RULE_MANAGEMENT_FILTERS_URL,
+  RULE_MANAGEMENT_COVERAGE_OVERVIEW_URL,
+} from '../../../../common/api/detection_engine/rule_management';
 import type { BulkActionsDryRunErrCode } from '../../../../common/constants';
 import {
   DETECTION_ENGINE_RULES_BULK_ACTION,
@@ -60,6 +66,7 @@ import * as i18n from '../../../detections/pages/detection_engine/rules/translat
 import type {
   CreateRulesProps,
   ExportDocumentsProps,
+  FetchCoverageOverviewProps,
   FetchRuleProps,
   FetchRuleSnoozingProps,
   FetchRulesProps,
@@ -244,6 +251,18 @@ export const fetchConnectors = (
 ): Promise<Array<AsApiContract<ActionResult>>> =>
   KibanaServices.get().http.fetch(`${BASE_ACTION_API_PATH}/connectors`, { method: 'GET', signal });
 
+export const fetchCoverageOverview = async ({
+  filter,
+  signal,
+}: FetchCoverageOverviewProps): Promise<CoverageOverviewResponse> =>
+  KibanaServices.get().http.fetch<CoverageOverviewResponse>(RULE_MANAGEMENT_COVERAGE_OVERVIEW_URL, {
+    method: 'POST',
+    body: JSON.stringify({
+      filter,
+    }),
+    signal,
+  });
+
 export const fetchConnectorTypes = (signal?: AbortSignal): Promise<ActionType[]> =>
   KibanaServices.get().http.fetch(`${BASE_ACTION_API_PATH}/connector_types`, {
     method: 'GET',

diff --git a/...engine/rule_management/api/hooks/prebuilt_rules/use_perform_all_rules_install_mutation.ts b/...engine/rule_management/api/hooks/prebuilt_rules/use_perform_all_rules_install_mutation.ts
@@ -14,6 +14,7 @@ import { useInvalidateFetchRuleManagementFiltersQuery } from '../use_fetch_rule_
 import { useInvalidateFetchRulesSnoozeSettingsQuery } from '../use_fetch_rules_snooze_settings';
 import { useInvalidateFetchPrebuiltRulesInstallReviewQuery } from './use_fetch_prebuilt_rules_install_review_query';
 import { performInstallAllRules } from '../../api';
+import { useInvalidateFetchCoverageOverviewQuery } from '../use_fetch_coverage_overview';
 
 export const PERFORM_ALL_RULES_INSTALLATION_KEY = [
   'POST',
@@ -30,6 +31,7 @@ export const usePerformAllRulesInstallMutation = (
   const invalidateFetchPrebuiltRulesInstallReview =
     useInvalidateFetchPrebuiltRulesInstallReviewQuery();
   const invalidateRuleStatus = useInvalidateFetchPrebuiltRulesStatusQuery();
+  const invalidateFetchCoverageOverviewQuery = useInvalidateFetchCoverageOverviewQuery();
 
   return useMutation<PerformRuleInstallationResponseBody, Error>(() => performInstallAllRules(), {
     ...options,
@@ -41,6 +43,7 @@ export const usePerformAllRulesInstallMutation = (
 
       invalidateFetchPrebuiltRulesInstallReview();
       invalidateRuleStatus();
+      invalidateFetchCoverageOverviewQuery();
 
       if (options?.onSettled) {
         options.onSettled(...args);

diff --git a/...engine/rule_management/api/hooks/prebuilt_rules/use_perform_all_rules_upgrade_mutation.ts b/...engine/rule_management/api/hooks/prebuilt_rules/use_perform_all_rules_upgrade_mutation.ts
@@ -14,6 +14,7 @@ import { useInvalidateFetchRulesSnoozeSettingsQuery } from '../use_fetch_rules_s
 import { useInvalidateFetchPrebuiltRulesUpgradeReviewQuery } from './use_fetch_prebuilt_rules_upgrade_review_query';
 import { useInvalidateFetchPrebuiltRulesStatusQuery } from './use_fetch_prebuilt_rules_status_query';
 import { performUpgradeAllRules } from '../../api';
+import { useInvalidateFetchCoverageOverviewQuery } from '../use_fetch_coverage_overview';
 
 export const PERFORM_ALL_RULES_UPGRADE_KEY = ['POST', 'ALL_RULES', PERFORM_RULE_UPGRADE_URL];
 
@@ -26,6 +27,7 @@ export const usePerformAllRulesUpgradeMutation = (
   const invalidateFetchPrebuiltRulesUpgradeReview =
     useInvalidateFetchPrebuiltRulesUpgradeReviewQuery();
   const invalidateRuleStatus = useInvalidateFetchPrebuiltRulesStatusQuery();
+  const invalidateFetchCoverageOverviewQuery = useInvalidateFetchCoverageOverviewQuery();
 
   return useMutation<PerformRuleUpgradeResponseBody, Error>(() => performUpgradeAllRules(), {
     ...options,
@@ -37,6 +39,7 @@ export const usePerformAllRulesUpgradeMutation = (
 
       invalidateFetchPrebuiltRulesUpgradeReview();
       invalidateRuleStatus();
+      invalidateFetchCoverageOverviewQuery();
 
       if (options?.onSettled) {
         options.onSettled(...args);

diff --git a/...e/rule_management/api/hooks/prebuilt_rules/use_perform_specific_rules_install_mutation.ts b/...e/rule_management/api/hooks/prebuilt_rules/use_perform_specific_rules_install_mutation.ts
@@ -17,6 +17,7 @@ import { useInvalidateFetchRuleManagementFiltersQuery } from '../use_fetch_rule_
 import { useInvalidateFetchRulesSnoozeSettingsQuery } from '../use_fetch_rules_snooze_settings';
 import { useInvalidateFetchPrebuiltRulesInstallReviewQuery } from './use_fetch_prebuilt_rules_install_review_query';
 import { performInstallSpecificRules } from '../../api';
+import { useInvalidateFetchCoverageOverviewQuery } from '../use_fetch_coverage_overview';
 
 export const PERFORM_SPECIFIC_RULES_INSTALLATION_KEY = [
   'POST',
@@ -38,6 +39,7 @@ export const usePerformSpecificRulesInstallMutation = (
   const invalidateFetchPrebuiltRulesInstallReview =
     useInvalidateFetchPrebuiltRulesInstallReviewQuery();
   const invalidateRuleStatus = useInvalidateFetchPrebuiltRulesStatusQuery();
+  const invalidateFetchCoverageOverviewQuery = useInvalidateFetchCoverageOverviewQuery();
 
   return useMutation<
     PerformRuleInstallationResponseBody,
@@ -58,6 +60,7 @@ export const usePerformSpecificRulesInstallMutation = (
 
         invalidateFetchPrebuiltRulesInstallReview();
         invalidateRuleStatus();
+        invalidateFetchCoverageOverviewQuery();
 
         if (options?.onSettled) {
           options.onSettled(...args);

diff --git a/...e/rule_management/api/hooks/prebuilt_rules/use_perform_specific_rules_upgrade_mutation.ts b/...e/rule_management/api/hooks/prebuilt_rules/use_perform_specific_rules_upgrade_mutation.ts
@@ -17,6 +17,7 @@ import { useInvalidateFetchRuleManagementFiltersQuery } from '../use_fetch_rule_
 import { useInvalidateFetchRulesSnoozeSettingsQuery } from '../use_fetch_rules_snooze_settings';
 import { performUpgradeSpecificRules } from '../../api';
 import { useInvalidateFetchPrebuiltRulesUpgradeReviewQuery } from './use_fetch_prebuilt_rules_upgrade_review_query';
+import { useInvalidateFetchCoverageOverviewQuery } from '../use_fetch_coverage_overview';
 
 export const PERFORM_SPECIFIC_RULES_UPGRADE_KEY = [
   'POST',
@@ -38,6 +39,7 @@ export const usePerformSpecificRulesUpgradeMutation = (
   const invalidateFetchPrebuiltRulesUpgradeReview =
     useInvalidateFetchPrebuiltRulesUpgradeReviewQuery();
   const invalidateRuleStatus = useInvalidateFetchPrebuiltRulesStatusQuery();
+  const invalidateFetchCoverageOverviewQuery = useInvalidateFetchCoverageOverviewQuery();
 
   return useMutation<PerformRuleUpgradeResponseBody, Error, UpgradeSpecificRulesRequest['rules']>(
     (rulesToUpgrade: UpgradeSpecificRulesRequest['rules']) => {
@@ -54,6 +56,7 @@ export const usePerformSpecificRulesUpgradeMutation = (
 
         invalidateFetchPrebuiltRulesUpgradeReview();
         invalidateRuleStatus();
+        invalidateFetchCoverageOverviewQuery();
 
         if (options?.onSettled) {
           options.onSettled(...args);

diff --git a/...ty_solution/public/detection_engine/rule_management/api/hooks/use_bulk_action_mutation.ts b/...ty_solution/public/detection_engine/rule_management/api/hooks/use_bulk_action_mutation.ts
@@ -17,6 +17,7 @@ import { useInvalidateFetchRuleManagementFiltersQuery } from './use_fetch_rule_m
 import { useInvalidateFetchPrebuiltRulesStatusQuery } from './prebuilt_rules/use_fetch_prebuilt_rules_status_query';
 import { useInvalidateFetchPrebuiltRulesUpgradeReviewQuery } from './prebuilt_rules/use_fetch_prebuilt_rules_upgrade_review_query';
 import { useInvalidateFetchPrebuiltRulesInstallReviewQuery } from './prebuilt_rules/use_fetch_prebuilt_rules_install_review_query';
+import { useInvalidateFetchCoverageOverviewQuery } from './use_fetch_coverage_overview';
 
 export const BULK_ACTION_MUTATION_KEY = ['POST', DETECTION_ENGINE_RULES_BULK_ACTION];
 
@@ -35,6 +36,7 @@ export const useBulkActionMutation = (
     useInvalidateFetchPrebuiltRulesInstallReviewQuery();
   const invalidateFetchPrebuiltRulesUpgradeReviewQuery =
     useInvalidateFetchPrebuiltRulesUpgradeReviewQuery();
+  const invalidateFetchCoverageOverviewQuery = useInvalidateFetchCoverageOverviewQuery();
   const updateRulesCache = useUpdateRulesCache();
 
   return useMutation<
@@ -60,6 +62,7 @@ export const useBulkActionMutation = (
         case BulkActionType.enable:
         case BulkActionType.disable: {
           invalidateFetchRuleByIdQuery();
+          invalidateFetchCoverageOverviewQuery();
           if (updatedRules) {
             // We have a list of updated rules, no need to invalidate all
             updateRulesCache(updatedRules);
@@ -76,10 +79,12 @@ export const useBulkActionMutation = (
           invalidateFetchPrebuiltRulesStatusQuery();
           invalidateFetchPrebuiltRulesInstallReviewQuery();
           invalidateFetchPrebuiltRulesUpgradeReviewQuery();
+          invalidateFetchCoverageOverviewQuery();
           break;
         case BulkActionType.duplicate:
           invalidateFindRulesQuery();
           invalidateFetchRuleManagementFilters();
+          invalidateFetchCoverageOverviewQuery();
           break;
         case BulkActionType.edit:
           if (updatedRules) {
@@ -91,6 +96,7 @@ export const useBulkActionMutation = (
           }
           invalidateFetchRuleByIdQuery();
           invalidateFetchRuleManagementFilters();
+          invalidateFetchCoverageOverviewQuery();
           break;
       }
 

diff --git a/...ty_solution/public/detection_engine/rule_management/api/hooks/use_create_rule_mutation.ts b/...ty_solution/public/detection_engine/rule_management/api/hooks/use_create_rule_mutation.ts
@@ -15,6 +15,7 @@ import { transformOutput } from '../../../../detections/containers/detection_eng
 import { createRule } from '../api';
 import { useInvalidateFetchRuleManagementFiltersQuery } from './use_fetch_rule_management_filters_query';
 import { useInvalidateFindRulesQuery } from './use_find_rules_query';
+import { useInvalidateFetchCoverageOverviewQuery } from './use_fetch_coverage_overview';
 
 export const CREATE_RULE_MUTATION_KEY = ['POST', DETECTION_ENGINE_RULES_URL];
 
@@ -23,6 +24,7 @@ export const useCreateRuleMutation = (
 ) => {
   const invalidateFindRulesQuery = useInvalidateFindRulesQuery();
   const invalidateFetchRuleManagementFilters = useInvalidateFetchRuleManagementFiltersQuery();
+  const invalidateFetchCoverageOverviewQuery = useInvalidateFetchCoverageOverviewQuery();
 
   return useMutation<RuleResponse, Error, RuleCreateProps>(
     (rule: RuleCreateProps) => createRule({ rule: transformOutput(rule) }),
@@ -32,6 +34,7 @@ export const useCreateRuleMutation = (
       onSettled: (...args) => {
         invalidateFindRulesQuery();
         invalidateFetchRuleManagementFilters();
+        invalidateFetchCoverageOverviewQuery();
 
         if (options?.onSettled) {
           options.onSettled(...args);

diff --git a/...solution/public/detection_engine/rule_management/api/hooks/use_fetch_coverage_overview.ts b/...solution/public/detection_engine/rule_management/api/hooks/use_fetch_coverage_overview.ts
@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { UseQueryOptions } from '@tanstack/react-query';
+import { useQuery, useQueryClient } from '@tanstack/react-query';
+import { useCallback } from 'react';
+import type { CoverageOverviewFilter } from '../../../../../common/api/detection_engine';
+import { RULE_MANAGEMENT_COVERAGE_OVERVIEW_URL } from '../../../../../common/api/detection_engine';
+import { fetchCoverageOverview } from '../api';
+import { buildCoverageOverviewDashboardModel } from '../../logic/coverage_overview/build_coverage_overview_dashboard_model';
+import type { CoverageOverviewDashboard } from '../../model/coverage_overview/dashboard';
+import { DEFAULT_QUERY_OPTIONS } from './constants';
+
+const COVERAGE_OVERVIEW_QUERY_KEY = ['POST', RULE_MANAGEMENT_COVERAGE_OVERVIEW_URL];
+
+/**
+ * A wrapper around useQuery provides default values to the underlying query,
+ * like query key, abortion signal, and error handler.
+ *
+ * @param filter - coverage overview filter, see CoverageOverviewFilter type
+ * @param options - react-query options
+ * @returns useQuery result
+ */
+export const useFetchCoverageOverviewQuery = (
+  filter: CoverageOverviewFilter = {},
+  options?: UseQueryOptions<CoverageOverviewDashboard>
+) => {
+  return useQuery<CoverageOverviewDashboard>(
+    [...COVERAGE_OVERVIEW_QUERY_KEY, filter],
+    async ({ signal }) => {
+      const response = await fetchCoverageOverview({ signal, filter });
+
+      return buildCoverageOverviewDashboardModel(response);
+    },
+    {
+      ...DEFAULT_QUERY_OPTIONS,
+      ...options,
+    }
+  );
+};
+
+/**
+ * We should use this hook to invalidate the coverage overview cache. For example, rule
+ * mutations that affect rule set size, like creation or deletion, should lead
+ * to cache invalidation.
+ *
+ * @returns A coverage overview cache invalidation callback
+ */
+export const useInvalidateFetchCoverageOverviewQuery = () => {
+  const queryClient = useQueryClient();
+
+  return useCallback(() => {
+    queryClient.invalidateQueries(COVERAGE_OVERVIEW_QUERY_KEY, {
+      refetchType: 'active',
+    });
+  }, [queryClient]);
+};
diff --git a/...ty_solution/public/detection_engine/rule_management/api/hooks/use_update_rule_mutation.ts b/...ty_solution/public/detection_engine/rule_management/api/hooks/use_update_rule_mutation.ts
@@ -16,6 +16,7 @@ import { updateRule } from '../api';
 import { useInvalidateFindRulesQuery } from './use_find_rules_query';
 import { useInvalidateFetchRuleByIdQuery } from './use_fetch_rule_by_id_query';
 import { useInvalidateFetchRuleManagementFiltersQuery } from './use_fetch_rule_management_filters_query';
+import { useInvalidateFetchCoverageOverviewQuery } from './use_fetch_coverage_overview';
 
 export const UPDATE_RULE_MUTATION_KEY = ['PUT', DETECTION_ENGINE_RULES_URL];
 
@@ -25,6 +26,7 @@ export const useUpdateRuleMutation = (
   const invalidateFindRulesQuery = useInvalidateFindRulesQuery();
   const invalidateFetchRuleManagementFilters = useInvalidateFetchRuleManagementFiltersQuery();
   const invalidateFetchRuleByIdQuery = useInvalidateFetchRuleByIdQuery();
+  const invalidateFetchCoverageOverviewQuery = useInvalidateFetchCoverageOverviewQuery();
 
   return useMutation<RuleResponse, Error, RuleUpdateProps>(
     (rule: RuleUpdateProps) => updateRule({ rule: transformOutput(rule) }),
@@ -35,6 +37,7 @@ export const useUpdateRuleMutation = (
         invalidateFindRulesQuery();
         invalidateFetchRuleByIdQuery();
         invalidateFetchRuleManagementFilters();
+        invalidateFetchCoverageOverviewQuery();
 
         if (options?.onSettled) {
           options.onSettled(...args);