From 298d5c1c9f86a4244f323b957bc370c04bbbfac7 Mon Sep 17 00:00:00 2001 From: gchaps <33642766+gchaps@users.noreply.github.com> Date: Wed, 23 Sep 2020 15:23:20 -0700 Subject: [PATCH 001/120] [DOCS] Removes duplicate entry from settings doc (#78343) --- docs/setup/settings.asciidoc | 63 +++++++++++++++++------------------- 1 file changed, 29 insertions(+), 34 deletions(-) diff --git a/docs/setup/settings.asciidoc b/docs/setup/settings.asciidoc index 7f48f21db7197..af68f3e541628 100644 --- a/docs/setup/settings.asciidoc +++ b/docs/setup/settings.asciidoc @@ -54,7 +54,7 @@ overwritten by client-side headers, regardless of the |[[elasticsearch-hosts]] `elasticsearch.hosts:` | The URLs of the {es} instances to use for all your queries. All nodes listed here must be on the same cluster. *Default: `[ "http://localhost:9200" ]`* -+ + To enable SSL/TLS for outbound connections to {es}, use the `https` protocol in this setting. @@ -129,7 +129,7 @@ be set to `"required"` or `"optional"` to request a client certificate from [NOTE] ============ -These settings cannot be used in conjunction with +These settings cannot be used in conjunction with <>. ============ @@ -141,9 +141,9 @@ These settings cannot be used in conjunction with certificates, which make up a trusted certificate chain for {es}. This chain is used by {kib} to establish trust when making outbound SSL/TLS connections to {es}. -+ + In addition to this setting, trusted certificates may be specified via -<> and/or +<> and/or <>. | `elasticsearch.ssl.keyPassphrase:` @@ -157,7 +157,7 @@ corresponding private key. These are used by {kib} to authenticate itself when making outbound SSL/TLS connections to {es}. For this setting, you must also set the `xpack.security.http.ssl.client_authentication` setting in {es} to `"required"` or `"optional"` to request a client certificate from {kib}. -+ + If the keystore contains any additional certificates, they are used as a trusted certificate chain for {es}. This chain is used by {kib} to establish trust when making outbound SSL/TLS connections to {es}. In addition to this @@ -178,7 +178,7 @@ This setting cannot be used in conjunction with | `elasticsearch.ssl.keystore.password:` | The password that decrypts the keystore specified via -<>. If the keystore has no password, leave this +<>. If the keystore has no password, leave this as blank. If the keystore has an empty password, set this to `""`. @@ -187,14 +187,14 @@ as blank. If the keystore has an empty password, set this to authority (CA) certificates, which make up a trusted certificate chain for {es}. This chain is used by {kib} to establish trust when making outbound SSL/TLS connections to {es}. -+ + In addition to this setting, trusted certificates may be specified via <> and/or <>. |`elasticsearch.ssl.truststore.password:` | The password that decrypts the trust store specified via -<>. If the trust store +<>. If the trust store has no password, leave this as blank. If the trust store has an empty password, set this to `""`. | `elasticsearch.ssl.verificationMode:` @@ -300,15 +300,16 @@ the `polling` method could be used enabling that option. *Default: `false`* suppress all logging output. *Default: `false`* | `logging.timezone` - | Set to the canonical timezone ID -(for example, `America/Los_Angeles`) to log events using that timezone. For a -list of timezones, refer to https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. *Default: `UTC`* + | Set to the canonical time zone ID +(for example, `America/Los_Angeles`) to log events using that time zone. +For possible values, refer to +https://en.wikipedia.org/wiki/List_of_tz_database_time_zones[database time zones]. *Default: `UTC`* -| [[logging-verbose]] `logging.verbose:` {ece-icon} +| [[logging-verbose]] `logging.verbose:` {ess-icon} | Set to `true` to log all events, including system usage information and all requests. *Default: `false`* -| `map.includeElasticMapsService:` {ess-icon} +| [[regionmap-ES-map]] `map.includeElasticMapsService:` {ess-icon} | Set to `false` to disable connections to Elastic Maps Service. When `includeElasticMapsService` is turned off, only the vector layers configured by <> and the tile layer configured by <> are available in <>. *Default: `true`* @@ -317,7 +318,7 @@ and the tile layer configured by <> are availabl | Set to `true` to proxy all <> Elastic Maps Service requests through the {kib} server. *Default: `false`* -| [[regionmap-settings]] `map.regionmap:` {ess-icon} {ece-icon} +| [[regionmap-settings]] `map.regionmap:` {ess-icon} | Specifies additional vector layers for use in <> visualizations. Each layer object points to an external vector file that contains a geojson @@ -347,16 +348,10 @@ map.regionmap: [cols="2*<"] |=== -| [[regionmap-ES-map]] `map.includeElasticMapsService:` {ece-icon} - | Turns on or off whether layers from the Elastic Maps Service should be included in the vector -layer option list. By turning this off, -only the layers that are configured here will be included. The default is `true`. -This also affects whether tile-service from the Elastic Maps Service will be available. - -| [[regionmap-attribution]] `map.regionmap.layers[].attribution:` {ess-icon} {ece-icon} +| [[regionmap-attribution]] `map.regionmap.layers[].attribution:` {ess-icon} | Optional. References the originating source of the geojson file. -| [[regionmap-fields]] `map.regionmap.layers[].fields[]:` {ess-icon} {ece-icon} +| [[regionmap-fields]] `map.regionmap.layers[].fields[]:` {ess-icon} | Mandatory. Each layer can contain multiple fields to indicate what properties from the geojson features you wish to expose. The following shows how to define multiple @@ -382,11 +377,11 @@ map.regionmap: [cols="2*<"] |=== -| [[regionmap-field-description]] `map.regionmap.layers[].fields[].description:` {ess-icon} {ece-icon} +| [[regionmap-field-description]] `map.regionmap.layers[].fields[].description:` {ess-icon} | Mandatory. The human readable text that is shown under the Options tab when building the Region Map visualization. -| [[regionmap-field-name]] `map.regionmap.layers[].fields[].name:` {ess-icon} {ece-icon} +| [[regionmap-field-name]] `map.regionmap.layers[].fields[].name:` {ess-icon} | Mandatory. This value is used to do an inner-join between the document stored in {es} and the geojson file. For example, if the field in the geojson is @@ -394,30 +389,30 @@ called `Location` and has city names, there must be a field in {es} that holds the same values that {kib} can then use to lookup for the geoshape data. -| [[regionmap-name]] `map.regionmap.layers[].name:` {ess-icon} {ece-icon} +| [[regionmap-name]] `map.regionmap.layers[].name:` {ess-icon} | Mandatory. A description of the map being provided. -| [[regionmap-url]] `map.regionmap.layers[].url:` {ess-icon} {ece-icon} +| [[regionmap-url]] `map.regionmap.layers[].url:` {ess-icon} | Mandatory. The location of the geojson file as provided by a webserver. -| [[tilemap-settings]] `map.tilemap.options.attribution:` {ess-icon} {ece-icon} +| [[tilemap-settings]] `map.tilemap.options.attribution:` {ess-icon} | The map attribution string. *Default: `"© [Elastic Maps Service](https://www.elastic.co/elastic-maps-service)"`* -| [[tilemap-max-zoom]] `map.tilemap.options.maxZoom:` {ess-icon} {ece-icon} +| [[tilemap-max-zoom]] `map.tilemap.options.maxZoom:` {ess-icon} | The maximum zoom level. *Default: `10`* -| [[tilemap-min-zoom]] `map.tilemap.options.minZoom:` {ess-icon} {ece-icon} +| [[tilemap-min-zoom]] `map.tilemap.options.minZoom:` {ess-icon} | The minimum zoom level. *Default: `1`* -| [[tilemap-subdomains]] `map.tilemap.options.subdomains:` {ess-icon} {ece-icon} +| [[tilemap-subdomains]] `map.tilemap.options.subdomains:` {ess-icon} | An array of subdomains used by the tile service. Specify the position of the subdomain the URL with the token `{s}`. -| [[tilemap-url]] `map.tilemap.url:` {ess-icon} {ece-icon} +| [[tilemap-url]] `map.tilemap.url:` {ess-icon} | The URL to the tileservice that {kib} uses to display map tiles in tilemap visualizations. By default, {kib} reads this URL from an external metadata service, but users can @@ -521,7 +516,7 @@ These settings cannot be used in conjunction with <> and/or <>. | `server.ssl.cipherSuites:` @@ -549,7 +544,7 @@ is optional, as the key may not be encrypted. keystore contains any additional certificates, those will be used as a trusted certificate chain for {kib}. All of these are used by {kib} to establish trust when receiving inbound SSL/TLS connections from end users. The certificate chain is also used by {kib} to verify client certificates from end users when PKI authentication is enabled. -+ + In addition to this setting, trusted certificates may be specified via <> and/or <>. @@ -571,7 +566,7 @@ keystore has no password, leave this unset. If the keystore has an empty passwor | Path to a PKCS#12 trust store that contains one or more X.509 certificate authority (CA) certificates which make up a trusted certificate chain for {kib}. This chain is used by {kib} to establish trust when receiving inbound SSL/TLS connections from end users. If PKI authentication is enabled, this chain is also used by {kib} to verify client certificates from end users. -+ + In addition to this setting, trusted certificates may be specified via <> and/or <>. From 8ea5c575eb8cf1dc38649ea330eeddaacf9110fd Mon Sep 17 00:00:00 2001 From: Chris Cowan Date: Wed, 23 Sep 2020 16:31:34 -0700 Subject: [PATCH 002/120] [Metrics UI] Reduce the pagination size for snapshot request (#78051) Co-authored-by: Elastic Machine --- .../snapshot/lib/transform_request_to_metrics_api_request.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/infra/server/routes/snapshot/lib/transform_request_to_metrics_api_request.ts b/x-pack/plugins/infra/server/routes/snapshot/lib/transform_request_to_metrics_api_request.ts index 814ec5e74ff33..ca64d832667a8 100644 --- a/x-pack/plugins/infra/server/routes/snapshot/lib/transform_request_to_metrics_api_request.ts +++ b/x-pack/plugins/infra/server/routes/snapshot/lib/transform_request_to_metrics_api_request.ts @@ -34,7 +34,7 @@ export const transformRequestToMetricsAPIRequest = async ( interval: timeRangeWithIntervalApplied.interval, }, metrics: transformSnapshotMetricsToMetricsAPIMetrics(snapshotRequest), - limit: snapshotRequest.overrideCompositeSize ? snapshotRequest.overrideCompositeSize : 10, + limit: snapshotRequest.overrideCompositeSize ? snapshotRequest.overrideCompositeSize : 5, alignDataToEnd: true, }; From ca27ec8385f547a3a0b87d7dc36067388207ceba Mon Sep 17 00:00:00 2001 From: Chris Cowan Date: Wed, 23 Sep 2020 16:32:24 -0700 Subject: [PATCH 003/120] [Metrics UI] Fix EC2 Query to only include aws.ec2 nodes (#78236) * [Metrics UI] Fix EC2 Query to only include aws.ec2 nodes * Making the filter more generic so we can apply it easily to any inventory model --- .../plugins/infra/common/inventory_models/aws_ec2/index.ts | 1 + x-pack/plugins/infra/common/inventory_models/types.ts | 1 + .../lib/transform_request_to_metrics_api_request.ts | 7 ++++++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/infra/common/inventory_models/aws_ec2/index.ts b/x-pack/plugins/infra/common/inventory_models/aws_ec2/index.ts index c12137f7810d4..6453332be4f50 100644 --- a/x-pack/plugins/infra/common/inventory_models/aws_ec2/index.ts +++ b/x-pack/plugins/infra/common/inventory_models/aws_ec2/index.ts @@ -31,4 +31,5 @@ export const awsEC2: InventoryModel = { }, requiredMetrics: ['awsEC2CpuUtilization', 'awsEC2NetworkTraffic', 'awsEC2DiskIOBytes'], tooltipMetrics: ['cpu', 'rx', 'tx'], + nodeFilter: [{ term: { 'event.dataset': 'aws.ec2' } }], }; diff --git a/x-pack/plugins/infra/common/inventory_models/types.ts b/x-pack/plugins/infra/common/inventory_models/types.ts index 7eb74056dcf28..5cc788f238365 100644 --- a/x-pack/plugins/infra/common/inventory_models/types.ts +++ b/x-pack/plugins/infra/common/inventory_models/types.ts @@ -371,4 +371,5 @@ export interface InventoryModel { metrics: InventoryMetrics; requiredMetrics: InventoryMetric[]; tooltipMetrics: SnapshotMetricType[]; + nodeFilter?: object[]; } diff --git a/x-pack/plugins/infra/server/routes/snapshot/lib/transform_request_to_metrics_api_request.ts b/x-pack/plugins/infra/server/routes/snapshot/lib/transform_request_to_metrics_api_request.ts index ca64d832667a8..b18b45f4935d2 100644 --- a/x-pack/plugins/infra/server/routes/snapshot/lib/transform_request_to_metrics_api_request.ts +++ b/x-pack/plugins/infra/server/routes/snapshot/lib/transform_request_to_metrics_api_request.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { findInventoryFields } from '../../../../common/inventory_models'; +import { findInventoryFields, findInventoryModel } from '../../../../common/inventory_models'; import { MetricsAPIRequest, SnapshotRequest } from '../../../../common/http_api'; import { ESSearchClient } from '../../../lib/metrics/types'; import { InfraSource } from '../../../lib/sources'; @@ -52,6 +52,11 @@ export const transformRequestToMetricsAPIRequest = async ( filters.push({ term: { 'cloud.region': snapshotRequest.region } }); } + const inventoryModel = findInventoryModel(snapshotRequest.nodeType); + if (inventoryModel && inventoryModel.nodeFilter) { + inventoryModel.nodeFilter?.forEach((f) => filters.push(f)); + } + const inventoryFields = findInventoryFields( snapshotRequest.nodeType, source.configuration.fields From 441ebf65f77863de263b702666e9c5bdbe8cd2d1 Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Wed, 23 Sep 2020 18:53:21 -0500 Subject: [PATCH 004/120] make QueryStringInput props explicit (#78336) --- .../kibana-plugin-plugins-data-public.md | 1 + ...in-plugins-data-public.querystringinput.md | 2 +- ...querystringinputprops.bubblesubmitevent.md | 11 +++++ ...-public.querystringinputprops.classname.md | 11 +++++ ...blic.querystringinputprops.datatestsubj.md | 11 +++++ ....querystringinputprops.disableautofocus.md | 11 +++++ ...lic.querystringinputprops.indexpatterns.md | 11 +++++ ...-public.querystringinputprops.isinvalid.md | 11 +++++ ...s.languageswitcherpopoveranchorposition.md | 11 +++++ ...ugins-data-public.querystringinputprops.md | 34 ++++++++++++++ ...ata-public.querystringinputprops.onblur.md | 11 +++++ ...a-public.querystringinputprops.onchange.md | 11 +++++ ...tringinputprops.onchangequeryinputfocus.md | 11 +++++ ...a-public.querystringinputprops.onsubmit.md | 11 +++++ ...blic.querystringinputprops.persistedlog.md | 11 +++++ ...ublic.querystringinputprops.placeholder.md | 11 +++++ ...ta-public.querystringinputprops.prepend.md | 11 +++++ ...data-public.querystringinputprops.query.md | 11 +++++ ...ublic.querystringinputprops.screentitle.md | 11 +++++ ...-data-public.querystringinputprops.size.md | 11 +++++ src/plugins/data/public/index.ts | 1 + src/plugins/data/public/public.api.md | 47 ++++++++++++++++++- src/plugins/data/public/ui/index.ts | 2 +- .../query_string_input/query_string_input.tsx | 9 ++-- 24 files changed, 276 insertions(+), 7 deletions(-) create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.bubblesubmitevent.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.classname.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.datatestsubj.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.disableautofocus.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.indexpatterns.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.isinvalid.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.languageswitcherpopoveranchorposition.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onblur.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onchange.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onchangequeryinputfocus.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onsubmit.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.persistedlog.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.placeholder.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.prepend.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.query.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.screentitle.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.size.md diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md index accf46f534e89..8625120d54848 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md @@ -79,6 +79,7 @@ | [OptionedValueProp](./kibana-plugin-plugins-data-public.optionedvalueprop.md) | | | [QueryState](./kibana-plugin-plugins-data-public.querystate.md) | All query state service state | | [QueryStateChange](./kibana-plugin-plugins-data-public.querystatechange.md) | | +| [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) | | | [QuerySuggestionBasic](./kibana-plugin-plugins-data-public.querysuggestionbasic.md) | \* | | [QuerySuggestionField](./kibana-plugin-plugins-data-public.querysuggestionfield.md) | \* | | [QuerySuggestionGetFnArgs](./kibana-plugin-plugins-data-public.querysuggestiongetfnargs.md) | \* | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinput.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinput.md index e85747b8cc3d7..aa7c3bb5d4932 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinput.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinput.md @@ -7,5 +7,5 @@ Signature: ```typescript -QueryStringInput: React.FC> +QueryStringInput: React.FC ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.bubblesubmitevent.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.bubblesubmitevent.md new file mode 100644 index 0000000000000..5a41852001ac0 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.bubblesubmitevent.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [bubbleSubmitEvent](./kibana-plugin-plugins-data-public.querystringinputprops.bubblesubmitevent.md) + +## QueryStringInputProps.bubbleSubmitEvent property + +Signature: + +```typescript +bubbleSubmitEvent?: boolean; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.classname.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.classname.md new file mode 100644 index 0000000000000..7fa3b76977183 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.classname.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [className](./kibana-plugin-plugins-data-public.querystringinputprops.classname.md) + +## QueryStringInputProps.className property + +Signature: + +```typescript +className?: string; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.datatestsubj.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.datatestsubj.md new file mode 100644 index 0000000000000..edaedf49f4b10 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.datatestsubj.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [dataTestSubj](./kibana-plugin-plugins-data-public.querystringinputprops.datatestsubj.md) + +## QueryStringInputProps.dataTestSubj property + +Signature: + +```typescript +dataTestSubj?: string; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.disableautofocus.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.disableautofocus.md new file mode 100644 index 0000000000000..cc4c6f606409e --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.disableautofocus.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [disableAutoFocus](./kibana-plugin-plugins-data-public.querystringinputprops.disableautofocus.md) + +## QueryStringInputProps.disableAutoFocus property + +Signature: + +```typescript +disableAutoFocus?: boolean; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.indexpatterns.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.indexpatterns.md new file mode 100644 index 0000000000000..3783138696020 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.indexpatterns.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [indexPatterns](./kibana-plugin-plugins-data-public.querystringinputprops.indexpatterns.md) + +## QueryStringInputProps.indexPatterns property + +Signature: + +```typescript +indexPatterns: Array; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.isinvalid.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.isinvalid.md new file mode 100644 index 0000000000000..a282ac3bc5049 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.isinvalid.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [isInvalid](./kibana-plugin-plugins-data-public.querystringinputprops.isinvalid.md) + +## QueryStringInputProps.isInvalid property + +Signature: + +```typescript +isInvalid?: boolean; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.languageswitcherpopoveranchorposition.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.languageswitcherpopoveranchorposition.md new file mode 100644 index 0000000000000..d133a0930b53d --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.languageswitcherpopoveranchorposition.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [languageSwitcherPopoverAnchorPosition](./kibana-plugin-plugins-data-public.querystringinputprops.languageswitcherpopoveranchorposition.md) + +## QueryStringInputProps.languageSwitcherPopoverAnchorPosition property + +Signature: + +```typescript +languageSwitcherPopoverAnchorPosition?: PopoverAnchorPosition; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.md new file mode 100644 index 0000000000000..d503980da7947 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.md @@ -0,0 +1,34 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) + +## QueryStringInputProps interface + +Signature: + +```typescript +export interface QueryStringInputProps +``` + +## Properties + +| Property | Type | Description | +| --- | --- | --- | +| [bubbleSubmitEvent](./kibana-plugin-plugins-data-public.querystringinputprops.bubblesubmitevent.md) | boolean | | +| [className](./kibana-plugin-plugins-data-public.querystringinputprops.classname.md) | string | | +| [dataTestSubj](./kibana-plugin-plugins-data-public.querystringinputprops.datatestsubj.md) | string | | +| [disableAutoFocus](./kibana-plugin-plugins-data-public.querystringinputprops.disableautofocus.md) | boolean | | +| [indexPatterns](./kibana-plugin-plugins-data-public.querystringinputprops.indexpatterns.md) | Array<IIndexPattern | string> | | +| [isInvalid](./kibana-plugin-plugins-data-public.querystringinputprops.isinvalid.md) | boolean | | +| [languageSwitcherPopoverAnchorPosition](./kibana-plugin-plugins-data-public.querystringinputprops.languageswitcherpopoveranchorposition.md) | PopoverAnchorPosition | | +| [onBlur](./kibana-plugin-plugins-data-public.querystringinputprops.onblur.md) | () => void | | +| [onChange](./kibana-plugin-plugins-data-public.querystringinputprops.onchange.md) | (query: Query) => void | | +| [onChangeQueryInputFocus](./kibana-plugin-plugins-data-public.querystringinputprops.onchangequeryinputfocus.md) | (isFocused: boolean) => void | | +| [onSubmit](./kibana-plugin-plugins-data-public.querystringinputprops.onsubmit.md) | (query: Query) => void | | +| [persistedLog](./kibana-plugin-plugins-data-public.querystringinputprops.persistedlog.md) | PersistedLog | | +| [placeholder](./kibana-plugin-plugins-data-public.querystringinputprops.placeholder.md) | string | | +| [prepend](./kibana-plugin-plugins-data-public.querystringinputprops.prepend.md) | any | | +| [query](./kibana-plugin-plugins-data-public.querystringinputprops.query.md) | Query | | +| [screenTitle](./kibana-plugin-plugins-data-public.querystringinputprops.screentitle.md) | string | | +| [size](./kibana-plugin-plugins-data-public.querystringinputprops.size.md) | SuggestionsListSize | | + diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onblur.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onblur.md new file mode 100644 index 0000000000000..10f2ae2ea4f14 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onblur.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [onBlur](./kibana-plugin-plugins-data-public.querystringinputprops.onblur.md) + +## QueryStringInputProps.onBlur property + +Signature: + +```typescript +onBlur?: () => void; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onchange.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onchange.md new file mode 100644 index 0000000000000..fee44d7afd506 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onchange.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [onChange](./kibana-plugin-plugins-data-public.querystringinputprops.onchange.md) + +## QueryStringInputProps.onChange property + +Signature: + +```typescript +onChange?: (query: Query) => void; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onchangequeryinputfocus.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onchangequeryinputfocus.md new file mode 100644 index 0000000000000..0421ae9c8bac5 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onchangequeryinputfocus.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [onChangeQueryInputFocus](./kibana-plugin-plugins-data-public.querystringinputprops.onchangequeryinputfocus.md) + +## QueryStringInputProps.onChangeQueryInputFocus property + +Signature: + +```typescript +onChangeQueryInputFocus?: (isFocused: boolean) => void; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onsubmit.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onsubmit.md new file mode 100644 index 0000000000000..951ec7419485f --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.onsubmit.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [onSubmit](./kibana-plugin-plugins-data-public.querystringinputprops.onsubmit.md) + +## QueryStringInputProps.onSubmit property + +Signature: + +```typescript +onSubmit?: (query: Query) => void; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.persistedlog.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.persistedlog.md new file mode 100644 index 0000000000000..d1a8efb364016 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.persistedlog.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [persistedLog](./kibana-plugin-plugins-data-public.querystringinputprops.persistedlog.md) + +## QueryStringInputProps.persistedLog property + +Signature: + +```typescript +persistedLog?: PersistedLog; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.placeholder.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.placeholder.md new file mode 100644 index 0000000000000..31e41f4d55205 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.placeholder.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [placeholder](./kibana-plugin-plugins-data-public.querystringinputprops.placeholder.md) + +## QueryStringInputProps.placeholder property + +Signature: + +```typescript +placeholder?: string; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.prepend.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.prepend.md new file mode 100644 index 0000000000000..7be882058d3fd --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.prepend.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [prepend](./kibana-plugin-plugins-data-public.querystringinputprops.prepend.md) + +## QueryStringInputProps.prepend property + +Signature: + +```typescript +prepend?: any; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.query.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.query.md new file mode 100644 index 0000000000000..f15f6d082332b --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.query.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [query](./kibana-plugin-plugins-data-public.querystringinputprops.query.md) + +## QueryStringInputProps.query property + +Signature: + +```typescript +query: Query; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.screentitle.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.screentitle.md new file mode 100644 index 0000000000000..0c80252d74571 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.screentitle.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [screenTitle](./kibana-plugin-plugins-data-public.querystringinputprops.screentitle.md) + +## QueryStringInputProps.screenTitle property + +Signature: + +```typescript +screenTitle?: string; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.size.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.size.md new file mode 100644 index 0000000000000..6b0e53a23e07b --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.querystringinputprops.size.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [QueryStringInputProps](./kibana-plugin-plugins-data-public.querystringinputprops.md) > [size](./kibana-plugin-plugins-data-public.querystringinputprops.size.md) + +## QueryStringInputProps.size property + +Signature: + +```typescript +size?: SuggestionsListSize; +``` diff --git a/src/plugins/data/public/index.ts b/src/plugins/data/public/index.ts index 57865f05871a1..f7dceffa9fdbc 100644 --- a/src/plugins/data/public/index.ts +++ b/src/plugins/data/public/index.ts @@ -420,6 +420,7 @@ export { StatefulSearchBarProps, FilterBar, QueryStringInput, + QueryStringInputProps, IndexPatternSelect, } from './ui'; diff --git a/src/plugins/data/public/public.api.md b/src/plugins/data/public/public.api.md index ed58ee840a8f8..28dfbf824470c 100644 --- a/src/plugins/data/public/public.api.md +++ b/src/plugins/data/public/public.api.md @@ -1727,11 +1727,54 @@ export interface QueryStateChange extends QueryStateChangePartial { globalFilters?: boolean; } -// Warning: (ae-forgotten-export) The symbol "Props" needs to be exported by the entry point index.d.ts // Warning: (ae-missing-release-tag) "QueryStringInput" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export const QueryStringInput: React.FC>; +export const QueryStringInput: React.FC; + +// Warning: (ae-missing-release-tag) "QueryStringInputProps" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) +// +// @public (undocumented) +export interface QueryStringInputProps { + // (undocumented) + bubbleSubmitEvent?: boolean; + // (undocumented) + className?: string; + // (undocumented) + dataTestSubj?: string; + // (undocumented) + disableAutoFocus?: boolean; + // (undocumented) + indexPatterns: Array; + // (undocumented) + isInvalid?: boolean; + // (undocumented) + languageSwitcherPopoverAnchorPosition?: PopoverAnchorPosition; + // (undocumented) + onBlur?: () => void; + // (undocumented) + onChange?: (query: Query) => void; + // (undocumented) + onChangeQueryInputFocus?: (isFocused: boolean) => void; + // (undocumented) + onSubmit?: (query: Query) => void; + // Warning: (ae-forgotten-export) The symbol "PersistedLog" needs to be exported by the entry point index.d.ts + // + // (undocumented) + persistedLog?: PersistedLog; + // (undocumented) + placeholder?: string; + // (undocumented) + prepend?: any; + // (undocumented) + query: Query; + // (undocumented) + screenTitle?: string; + // Warning: (ae-forgotten-export) The symbol "SuggestionsListSize" needs to be exported by the entry point index.d.ts + // + // (undocumented) + size?: SuggestionsListSize; +} // @public (undocumented) export type QuerySuggestion = QuerySuggestionBasic | QuerySuggestionField; diff --git a/src/plugins/data/public/ui/index.ts b/src/plugins/data/public/ui/index.ts index 35b1bc50ddb1e..299b9d2681578 100644 --- a/src/plugins/data/public/ui/index.ts +++ b/src/plugins/data/public/ui/index.ts @@ -20,7 +20,7 @@ export { SuggestionsComponent } from './typeahead'; export { IndexPatternSelect } from './index_pattern_select'; export { FilterBar } from './filter_bar'; -export { QueryStringInput } from './query_string_input/query_string_input'; +export { QueryStringInput, QueryStringInputProps } from './query_string_input/query_string_input'; export { SearchBar, SearchBarProps, StatefulSearchBarProps } from './search_bar'; // @internal diff --git a/src/plugins/data/public/ui/query_string_input/query_string_input.tsx b/src/plugins/data/public/ui/query_string_input/query_string_input.tsx index 8e1151b387fee..0986ad0668c24 100644 --- a/src/plugins/data/public/ui/query_string_input/query_string_input.tsx +++ b/src/plugins/data/public/ui/query_string_input/query_string_input.tsx @@ -46,8 +46,7 @@ import { PersistedLog, getQueryLog, matchPairs, toUser, fromUser } from '../../q import { SuggestionsListSize } from '../typeahead/suggestions_component'; import { SuggestionsComponent } from '..'; -interface Props { - kibana: KibanaReactContextValue; +export interface QueryStringInputProps { indexPatterns: Array; query: Query; disableAutoFocus?: boolean; @@ -67,6 +66,10 @@ interface Props { isInvalid?: boolean; } +interface Props extends QueryStringInputProps { + kibana: KibanaReactContextValue; +} + interface State { isSuggestionsVisible: boolean; index: number | null; @@ -687,4 +690,4 @@ export class QueryStringInputUI extends Component { } } -export const QueryStringInput = withKibana(QueryStringInputUI); +export const QueryStringInput: React.FC = withKibana(QueryStringInputUI); From 34e8a3f139f6dd636345374238cee5e8b1d10351 Mon Sep 17 00:00:00 2001 From: Davis Plumlee <56367316+dplumlee@users.noreply.github.com> Date: Wed, 23 Sep 2020 18:13:15 -0600 Subject: [PATCH 005/120] [Security Solution] Changes rule details default stack-by value (#78357) --- .../pages/detection_engine/rules/details/index.tsx | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx index 4816358e06226..ad8ab3ed3a148 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx @@ -88,6 +88,7 @@ import { timelineDefaults } from '../../../../../timelines/store/timeline/defaul import { TimelineModel } from '../../../../../timelines/store/timeline/model'; import { useSourcererScope } from '../../../../../common/containers/sourcerer'; import { SourcererScopeName } from '../../../../../common/store/sourcerer/model'; +import { AlertsHistogramOption } from '../../../../components/alerts_histogram_panel/types'; enum RuleDetailTabs { alerts = 'alerts', @@ -345,6 +346,11 @@ export const RuleDetailsPageComponent: FC = ({ return null; } + const defaultRuleStackByOption: AlertsHistogramOption = { + text: 'event.category', + value: 'event.category', + }; + return ( <> {hasIndexWrite != null && !hasIndexWrite && } @@ -480,6 +486,7 @@ export const RuleDetailsPageComponent: FC = ({ signalIndexName={signalIndexName} setQuery={setQuery} stackByOptions={alertsHistogramOptions} + defaultStackByOption={defaultRuleStackByOption} to={to} updateDateRange={updateDateRangeCallback} /> From 66d11bd1c3c2ecdd2aad922be86f916a0d20c48f Mon Sep 17 00:00:00 2001 From: Josh Dover Date: Wed, 23 Sep 2020 20:09:11 -0600 Subject: [PATCH 006/120] Optimize status lookup for plugins that have no custom statuses (#78342) --- src/core/server/status/plugins_status.test.ts | 8 +-- src/core/server/status/plugins_status.ts | 51 +++++++++++++++---- src/core/server/status/status_service.ts | 6 +-- 3 files changed, 49 insertions(+), 16 deletions(-) diff --git a/src/core/server/status/plugins_status.test.ts b/src/core/server/status/plugins_status.test.ts index a75dc8c283698..176e2414a8d04 100644 --- a/src/core/server/status/plugins_status.test.ts +++ b/src/core/server/status/plugins_status.test.ts @@ -161,13 +161,13 @@ describe('PluginStatusService', () => { }, b: { level: ServiceStatusLevels.degraded, - summary: '[2] services are degraded', + summary: '[savedObjects]: savedObjects degraded', detail: 'See the status page for more information', meta: expect.any(Object), }, c: { level: ServiceStatusLevels.degraded, - summary: '[3] services are degraded', + summary: '[savedObjects]: savedObjects degraded', detail: 'See the status page for more information', meta: expect.any(Object), }, @@ -186,13 +186,13 @@ describe('PluginStatusService', () => { }, b: { level: ServiceStatusLevels.critical, - summary: '[2] services are critical', + summary: '[elasticsearch]: elasticsearch critical', detail: 'See the status page for more information', meta: expect.any(Object), }, c: { level: ServiceStatusLevels.critical, - summary: '[3] services are critical', + summary: '[elasticsearch]: elasticsearch critical', detail: 'See the status page for more information', meta: expect.any(Object), }, diff --git a/src/core/server/status/plugins_status.ts b/src/core/server/status/plugins_status.ts index 113d59b327c11..988f2d9969ccb 100644 --- a/src/core/server/status/plugins_status.ts +++ b/src/core/server/status/plugins_status.ts @@ -33,7 +33,17 @@ interface Deps { export class PluginsStatusService { private readonly pluginStatuses = new Map>(); private readonly update$ = new BehaviorSubject(true); - constructor(private readonly deps: Deps) {} + private readonly defaultInheritedStatus$: Observable; + + constructor(private readonly deps: Deps) { + this.defaultInheritedStatus$ = this.deps.core$.pipe( + map((coreStatus) => { + return getSummaryStatus(Object.entries(coreStatus), { + allAvailableSummary: `All dependencies are available`, + }); + }) + ); + } public set(plugin: PluginName, status$: Observable) { this.pluginStatuses.set(plugin, status$); @@ -57,14 +67,24 @@ export class PluginsStatusService { } public getDerivedStatus$(plugin: PluginName): Observable { - return combineLatest([this.deps.core$, this.getDependenciesStatus$(plugin)]).pipe( - map(([coreStatus, pluginStatuses]) => { - return getSummaryStatus( - [...Object.entries(coreStatus), ...Object.entries(pluginStatuses)], - { - allAvailableSummary: `All dependencies are available`, - } - ); + return this.update$.pipe( + switchMap(() => { + // Only go up the dependency tree if any of this plugin's dependencies have a custom status + // Helps eliminate memory overhead of creating thousands of Observables unnecessarily. + if (this.anyCustomStatuses(plugin)) { + return combineLatest([this.deps.core$, this.getDependenciesStatus$(plugin)]).pipe( + map(([coreStatus, pluginStatuses]) => { + return getSummaryStatus( + [...Object.entries(coreStatus), ...Object.entries(pluginStatuses)], + { + allAvailableSummary: `All dependencies are available`, + } + ); + }) + ); + } else { + return this.defaultInheritedStatus$; + } }) ); } @@ -95,4 +115,17 @@ export class PluginsStatusService { }) ); } + + /** + * Determines whether or not this plugin or any plugin in it's dependency tree have a custom status registered. + */ + private anyCustomStatuses(plugin: PluginName): boolean { + if (this.pluginStatuses.get(plugin)) { + return true; + } + + return this.deps.pluginDependencies + .get(plugin)! + .reduce((acc, depName) => acc || this.anyCustomStatuses(depName), false as boolean); + } } diff --git a/src/core/server/status/status_service.ts b/src/core/server/status/status_service.ts index 9acf93f2f8197..62f226405e81a 100644 --- a/src/core/server/status/status_service.ts +++ b/src/core/server/status/status_service.ts @@ -70,10 +70,10 @@ export class StatusService implements CoreService { const core$ = this.setupCoreStatus({ elasticsearch, savedObjects }); this.pluginsStatus = new PluginsStatusService({ core$, pluginDependencies }); - const overall$: Observable = combineLatest( + const overall$: Observable = combineLatest([ core$, - this.pluginsStatus.getAll$() - ).pipe( + this.pluginsStatus.getAll$(), + ]).pipe( // Prevent many emissions at once from dependency status resolution from making this too noisy debounceTime(500), map(([coreStatus, pluginsStatus]) => { From 1f03ce41adbb43e6d1e4e98045efef3a72e74aa7 Mon Sep 17 00:00:00 2001 From: Spencer Date: Wed, 23 Sep 2020 20:51:07 -0700 Subject: [PATCH 007/120] [ci-metrics] add docs describing the metrics collected (#78363) Co-authored-by: spalger --- .../development-ci-metrics.asciidoc | 65 +++++++++++++++++++ docs/developer/contributing/index.asciidoc | 3 + 2 files changed, 68 insertions(+) create mode 100644 docs/developer/contributing/development-ci-metrics.asciidoc diff --git a/docs/developer/contributing/development-ci-metrics.asciidoc b/docs/developer/contributing/development-ci-metrics.asciidoc new file mode 100644 index 0000000000000..d4d54f1da7b8b --- /dev/null +++ b/docs/developer/contributing/development-ci-metrics.asciidoc @@ -0,0 +1,65 @@ +[[ci-metrics]] +== CI Metrics + +In addition to running our tests, CI collects metrics about the Kibana build. These metrics are sent to an external service to track changes over time, and to provide PR authors insights into the impact of their changes. + + +[[ci-metric-types]] +=== Metric types + + +[[ci-metric-types-bundle-size-metrics]] +==== Bundle size + +These metrics help contributors know how they are impacting the size of the bundles Kibana creates, and help make sure that Kibana loads as fast as possible. + +[[ci-metric-page-load-bundle-size]] `page load bundle size` :: +The size of the entry file produced for each bundle/plugin. This file is always loaded on every page load, so it should be as small as possible. To reduce this metric you can put any code that isn't necessary on every page load behind an https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/import#Dynamic_Imports[`async import()`]. ++ +Code that is shared statically with other plugins will contribute to the `page load bundle size` of that plugin. This includes exports from the `public/index.ts` file and any file referenced by the `extraPublicDirs` manifest property. + +[[ci-metric-async-chunks-size]] `async chunks size` :: +An "async chunk" is created for the files imported by each https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/import#Dynamic_Imports[`async import()`] statement. This metric tracks the sum size of these chunks, in bytes, broken down by plugin/bundle id. You can think of this as the amount of code users will have to download if they access all the components/applications within a bundle. + +[[ci-metric-misc-asset-size]] `miscellaneous assets size` :: +A "miscellaneous asset" is anything that isn't an async chunk or entry chunk, often images. This metric tracks the sum size of these assets, in bytes, broken down by plugin/bundle id. + +[[ci-metric-bundle-module-count]] `@kbn/optimizer bundle module count` :: +The number of separate modules included in each bundle/plugin. This is the best indicator we have for how long a specific bundle will take to be built by the `@kbn/optimizer`, so we report it to help people know when they've imported a module which might include a surprising number of sub-modules. + + +[[ci-metric-types-distributable-size]] +==== Distributable size + +The size of the Kibana distributable is an essential metric as it not only contributes to the time it takes to download, but it also impacts time it takes to extract the archive once downloaded. + +There are several metrics that we don't report on PRs because gzip-compression produces different file sizes even when provided the same input, so this metric would regularly show changes even though PR authors hadn't made any relevant changes. + +All metrics are collected from the `tar.gz` archive produced for the linux platform. + +[[ci-metric-distributable-file-count]] `distributable file count` :: +The number of files included in the default distributable. + +[[ci-metric-oss-distributable-file-count]] `oss distributable file count` :: +The number of files included in the OSS distributable. + +[[ci-metric-distributable-size]] `distributable size` :: +The size, in bytes, of the default distributable. _(not reported on PRs)_ + +[[ci-metric-oss-distributable-size]] `oss distributable size` :: +The size, in bytes, of the OSS distributable. _(not reported on PRs)_ + + +[[ci-metric-types-saved-object-field-counts]] +==== Saved Object field counts + +Elasticsearch limits the number of fields in an index to 1000 by default, and we want to avoid raising that limit. + +[[ci-metric-saved-object-field-count]] `Saved Objects .kibana field count` :: +The number of saved object fields broken down by saved object type. + + +[[ci-metric-adding-new-metrics]] +=== Adding new metrics + +You can report new metrics by using the `CiStatsReporter` class provided by the `@kbn/dev-utils` package. This class is automatically configured on CI and its methods noop when running outside of CI. For more details checkout the {kib-repo}blob/{branch}/packages/kbn-dev-utils/src/ci_stats_reporter[`CiStatsReporter` readme]. \ No newline at end of file diff --git a/docs/developer/contributing/index.asciidoc b/docs/developer/contributing/index.asciidoc index 99ab83bc2f073..ecb37ffe9c97b 100644 --- a/docs/developer/contributing/index.asciidoc +++ b/docs/developer/contributing/index.asciidoc @@ -9,6 +9,7 @@ Read <> to get your environment up and running, the * <> * <> * <> +* <> * <> * <> * <> @@ -78,6 +79,8 @@ include::development-tests.asciidoc[leveloffset=+1] include::interpreting-ci-failures.asciidoc[leveloffset=+1] +include::development-ci-metrics.asciidoc[leveloffset=+1] + include::development-documentation.asciidoc[leveloffset=+1] include::development-pull-request.asciidoc[leveloffset=+1] From 6a04a6410a37ea720bcad49df074a7ed9586ce46 Mon Sep 17 00:00:00 2001 From: Scotty Bollinger Date: Wed, 23 Sep 2020 22:55:02 -0500 Subject: [PATCH 008/120] [Enterprise Search] Update Product Selector and add Setup Guide (#78233) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add conditional button text - Only shows error connectign if host is set - Removes conditional rendering of cards - Changes the action text from “Launch” to “Setup” * Add setup guide * Extract ProductSelector to component * Update index and add routes * Change setup guide text * Fix imports * Add missing mock * Update x-pack/plugins/enterprise_search/public/applications/enterprise_search/index.test.tsx Co-authored-by: Jason Stoltzfus * Remove Literals Co-authored-by: Constance * Remove Literals II - The Force Awakens Co-authored-by: Constance * Add back access checks * Remove hard-coded props 🤦🏼‍♂️ * Remove data-test-subj attr * Reafactor access check variables * Remove unused beforeEach Co-authored-by: Constance * Add newline Co-authored-by: Constance * Update image to compressed * Remove unused things * Update to new way of using lodash things 🤷🏽‍♀️ Co-authored-by: Jason Stoltzfus Co-authored-by: Constance --- .../product_card/product_card.test.tsx | 19 +++- .../components/product_card/product_card.tsx | 32 ++++-- .../components/product_selector/index.ts | 7 ++ .../product_selector.test.tsx | 54 ++++++++++ .../product_selector/product_selector.tsx | 97 ++++++++++++++++++ .../setup_guide/assets/getting_started.png | Bin 0 -> 194538 bytes .../components/setup_guide/index.ts | 7 ++ .../setup_guide/setup_guide.test.tsx | 21 ++++ .../components/setup_guide/setup_guide.tsx | 62 +++++++++++ .../enterprise_search/index.test.tsx | 49 +++------ .../applications/enterprise_search/index.tsx | 84 ++++----------- .../applications/enterprise_search/routes.ts | 8 ++ 12 files changed, 330 insertions(+), 110 deletions(-) create mode 100644 x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/index.ts create mode 100644 x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/product_selector.test.tsx create mode 100644 x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/product_selector.tsx create mode 100644 x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/setup_guide/assets/getting_started.png create mode 100644 x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/setup_guide/index.ts create mode 100644 x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/setup_guide/setup_guide.test.tsx create mode 100644 x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/setup_guide/setup_guide.tsx create mode 100644 x-pack/plugins/enterprise_search/public/applications/enterprise_search/routes.ts diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_card/product_card.test.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_card/product_card.test.tsx index f651511e61b44..35301af44b413 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_card/product_card.test.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_card/product_card.test.tsx @@ -5,8 +5,9 @@ */ import '../../../__mocks__/kea.mock'; +import '../../../__mocks__/shallow_usecontext.mock'; -import React from 'react'; +import React, { useContext } from 'react'; import { shallow } from 'enzyme'; import { EuiCard } from '@elastic/eui'; @@ -26,6 +27,7 @@ describe('ProductCard', () => { }); it('renders an App Search card', () => { + (useContext as jest.Mock).mockImplementationOnce(() => ({ config: { host: 'localhost' } })); const wrapper = shallow(); const card = wrapper.find(EuiCard).dive().shallow(); @@ -34,13 +36,14 @@ describe('ProductCard', () => { const button = card.find(EuiButton); expect(button.prop('to')).toEqual('/app/enterprise_search/app_search'); - expect(button.prop('data-test-subj')).toEqual('LaunchAppSearchButton'); + expect(button.prop('children')).toEqual('Launch App Search'); button.simulate('click'); expect(sendTelemetry).toHaveBeenCalledWith(expect.objectContaining({ metric: 'app_search' })); }); it('renders a Workplace Search card', () => { + (useContext as jest.Mock).mockImplementationOnce(() => ({ config: { host: 'localhost' } })); const wrapper = shallow(); const card = wrapper.find(EuiCard).dive().shallow(); @@ -49,11 +52,21 @@ describe('ProductCard', () => { const button = card.find(EuiButton); expect(button.prop('to')).toEqual('/app/enterprise_search/workplace_search'); - expect(button.prop('data-test-subj')).toEqual('LaunchWorkplaceSearchButton'); + expect(button.prop('children')).toEqual('Launch Workplace Search'); button.simulate('click'); expect(sendTelemetry).toHaveBeenCalledWith( expect.objectContaining({ metric: 'workplace_search' }) ); }); + + it('renders correct button text when host not present', () => { + (useContext as jest.Mock).mockImplementation(() => ({ config: { host: '' } })); + + const wrapper = shallow(); + const card = wrapper.find(EuiCard).dive().shallow(); + const button = card.find(EuiButton); + + expect(button.prop('children')).toEqual('Setup Workplace Search'); + }); }); diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_card/product_card.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_card/product_card.tsx index 833a782a32f00..482d68736af01 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_card/product_card.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_card/product_card.tsx @@ -4,13 +4,14 @@ * you may not use this file except in compliance with the Elastic License. */ -import React from 'react'; +import React, { useContext } from 'react'; import { useValues } from 'kea'; -import upperFirst from 'lodash/upperFirst'; -import snakeCase from 'lodash/snakeCase'; +import { snakeCase } from 'lodash'; import { i18n } from '@kbn/i18n'; import { EuiCard, EuiTextColor } from '@elastic/eui'; +import { KibanaContext, IKibanaContext } from '../../../index'; + import { EuiButton } from '../../../shared/react_router_helpers'; import { sendTelemetry } from '../../../shared/telemetry'; import { HttpLogic } from '../../../shared/http'; @@ -30,6 +31,25 @@ interface IProductCard { export const ProductCard: React.FC = ({ product, image }) => { const { http } = useValues(HttpLogic); + const { + config: { host }, + } = useContext(KibanaContext) as IKibanaContext; + + const LAUNCH_BUTTON_TEXT = i18n.translate( + 'xpack.enterpriseSearch.overview.productCard.launchButton', + { + defaultMessage: 'Launch {productName}', + values: { productName: product.NAME }, + } + ); + + const SETUP_BUTTON_TEXT = i18n.translate( + 'xpack.enterpriseSearch.overview.productCard.setupButton', + { + defaultMessage: 'Setup {productName}', + values: { productName: product.NAME }, + } + ); return ( = ({ product, image }) => { metric: snakeCase(product.ID), }) } - data-test-subj={`Launch${upperFirst(product.ID)}Button`} > - {i18n.translate('xpack.enterpriseSearch.overview.productCard.button', { - defaultMessage: `Launch {productName}`, - values: { productName: product.NAME }, - })} + {host ? LAUNCH_BUTTON_TEXT : SETUP_BUTTON_TEXT} } /> diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/index.ts b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/index.ts new file mode 100644 index 0000000000000..b67d130cd68f0 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/index.ts @@ -0,0 +1,7 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export { ProductSelector } from './product_selector'; diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/product_selector.test.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/product_selector.test.tsx new file mode 100644 index 0000000000000..44efa57db897f --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/product_selector.test.tsx @@ -0,0 +1,54 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import '../../../__mocks__/shallow_usecontext.mock'; + +import React, { useContext } from 'react'; +import { shallow } from 'enzyme'; +import { EuiPage } from '@elastic/eui'; + +import { ProductSelector } from './'; +import { ProductCard } from '../product_card'; + +describe('ProductSelector', () => { + it('renders the overview page and product cards with no host set', () => { + (useContext as jest.Mock).mockImplementationOnce(() => ({ config: { host: '' } })); + const wrapper = shallow(); + + expect(wrapper.find(EuiPage).hasClass('enterpriseSearchOverview')).toBe(true); + expect(wrapper.find(ProductCard)).toHaveLength(2); + }); + + describe('access checks when host is set', () => { + beforeEach(() => { + (useContext as jest.Mock).mockImplementationOnce(() => ({ config: { host: 'localhost' } })); + }); + + it('does not render the App Search card if the user does not have access to AS', () => { + const wrapper = shallow( + + ); + + expect(wrapper.find(ProductCard)).toHaveLength(1); + expect(wrapper.find(ProductCard).prop('product').ID).toEqual('workplaceSearch'); + }); + + it('does not render the Workplace Search card if the user does not have access to WS', () => { + const wrapper = shallow( + + ); + + expect(wrapper.find(ProductCard)).toHaveLength(1); + expect(wrapper.find(ProductCard).prop('product').ID).toEqual('appSearch'); + }); + + it('does not render any cards if the user does not have access', () => { + const wrapper = shallow(); + + expect(wrapper.find(ProductCard)).toHaveLength(0); + }); + }); +}); diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/product_selector.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/product_selector.tsx new file mode 100644 index 0000000000000..07b8d4b9926d7 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/product_selector/product_selector.tsx @@ -0,0 +1,97 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React, { useContext } from 'react'; + +import { + EuiPage, + EuiPageBody, + EuiPageHeader, + EuiPageHeaderSection, + EuiPageContentBody, + EuiFlexGroup, + EuiFlexItem, + EuiSpacer, + EuiTitle, +} from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; + +import { KibanaContext, IKibanaContext } from '../../../index'; + +import { APP_SEARCH_PLUGIN, WORKPLACE_SEARCH_PLUGIN } from '../../../../../common/constants'; + +import { SetEnterpriseSearchChrome as SetPageChrome } from '../../../shared/kibana_chrome'; +import { SendEnterpriseSearchTelemetry as SendTelemetry } from '../../../shared/telemetry'; + +import { ProductCard } from '../product_card'; + +import AppSearchImage from '../../assets/app_search.png'; +import WorkplaceSearchImage from '../../assets/workplace_search.png'; + +interface IProductSelectorProps { + access: { + hasAppSearchAccess?: boolean; + hasWorkplaceSearchAccess?: boolean; + }; +} + +export const ProductSelector: React.FC = ({ access }) => { + const { hasAppSearchAccess, hasWorkplaceSearchAccess } = access; + const { + config: { host }, + } = useContext(KibanaContext) as IKibanaContext; + + const shouldShowAppSearchCard = !host || hasAppSearchAccess; + const shouldShowWorkplaceSearchCard = !host || hasWorkplaceSearchAccess; + + return ( + + + + + + + + +

+ {i18n.translate('xpack.enterpriseSearch.overview.heading', { + defaultMessage: 'Welcome to Elastic Enterprise Search', + })} +

+ + +

+ {i18n.translate('xpack.enterpriseSearch.overview.subheading', { + defaultMessage: 'Select a product to get started', + })} +

+ + + + + + {shouldShowAppSearchCard && ( + + + + )} + {shouldShowWorkplaceSearchCard && ( + + + + )} + + + + + + ); +}; diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/setup_guide/assets/getting_started.png b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/setup_guide/assets/getting_started.png new file mode 100644 index 0000000000000000000000000000000000000000..f0fcb432c29e1b5b9f3b66fd58e0a65784798180 GIT binary patch literal 194538 zcmV)3K+C_0P)Zq>I-S}8gwOzl(>R^lI-J=7gUvUc+&rD!1ccB!o!bV6 z&jNzYJD%D)p4>2--T}tDHlE!&o!A3~(g1$S0D#X0gwZ*j-35oy|I8LNp5Hm1+v)A} zH=WoNi_{j5);XTp4T#Y*oZmd0+5&*f0e{R2hR__5*E5{l5scF|o!>T|+WY_iA(Yt- ziPJ4IKO~mf3W(4LgU>vi*cp-6H=o}sncXLr+9a0S28YudkJT)g+#ZzK{r&w1gUvaf z;3=2eAClKSp4$+L)D@1@ESlUfoZAYC(*S$LGo9Tqo!$zE(g1zQEScUBjMW&8)GV3W z4vW$(n%*>=+98wJCz#w4iqIR9+4lec9+BAqcC|L1;raRcHki~coZlpq*#Q9o42#vo z=lVIB)_c3;1AfO6jn^@a$0(QG0EE>PkJmGv;TMqDY4~ETdvfBg0xR}P{ z^7HfKFMbsl-n|y*WBLV5P`@inBE4(yVUOZX0zfQl-nVY)EbS^CX>`S zm(khT+5vjKK$6BSoZBRe%w@CXFP-9xzv9!>)Et59xNK}~T&vl{%hdbdfH}v$M5N$LOigUp(Es|?RL;hsqN4$Jw95MU{_wH2^zeJP z+=SrT4wKCpJw*NKog{?5c(v*O_r;0J@u}1Boz(BQT^C!ct*Dg6uC9oOMHWP)r^OXK?0Ikd0sN*r z@dNC&hn*kf^6(_NJ7EpIY9- z9Y~TSt(AgsW3Mn`BF1j&Xz^*=M1VH*?Zwy?bJg$neJws4*Z>#@O&&2q9LI4jYAja) zRIA8tbC;ADiBn^-t%C}o{i*IcsbyG1qlvM1he1{J&2I(G#Ru~|O^xE|9Rf*`q;;wQ zv_|#FB7&1>(Xydb5yGf7xn=%$-`6yaM9XbmWY|3VQ+Gv;IIcszha;#|0iniXOi5l2 zV8<=GtzJ2R%IDV()re&gpBVM$bF5YX_dfC{&-?jw>cj>=wB-OwlC*Z_!PoBG>m*59UX?>! zo)v@8Y`iZbi!l~uS4|sZkR(Z3GqFwgJNsKj_Iolo4=WWF6a_%Ho1<60wKW?JUNC+e zI|RYW>L=&*Y<4v`7a4%60>-WOWWh5&>mJ+YTc%=co?P$EPdoG3=96R&yF1LY-0h-yMbRb8)%yGK*Jd&gWW_!+ z+pWIsUsvyiI%T){_}s5wHcMggX*nk)o!&o=pU2e?SkefXY?p5@>$SHFIXSlS^Ov{R z{r>oKcd5SwXfPN&3iUr;OfDsGr8*6$qEYydFLJB;sRs}9Xl>3;tf*;bF=snbq+^#5 zZHXpgN(V~F13#5g%n-t~3?SN^ilK)D)Q^`Zab|+%r-Gmm_5&a9B-I!>7!2+nohd8@ zRXr)k!*oSglkb_g|cuZsvu- z&@Z*y4_189ncVFhNe$8gczFnLFn9=(qnh(o0VYBz9l8KLg&&EOtF=6VtNBV5dO6u$ z(tm+nuw^d59LHIJWPhCHo!Vqc=_Faq>a=kP`z1t8s4G$x=T1JWzF>clDiI$791QNB z+yz)p&x^bkrpn=*_TmyL9IPmW03BTA`Yl(|Dz&Ze$)TkNrp8PZV##9o$eg<#;D>Fn9=_nS>#!3E~E#>y$%yVuEgQEL0mxZZr`i5Sdud5+<#Gg78#mFc{n=zu7yVpG1-< zj+3r&)4kQds_E)9B;BNmG&BiF69~A{Di|3AC1Q}38P^yRH*+y&)`Kz5CUcmXyN5Z< zag+T6_D|gR3X|Qx!SpwJ@TIz|Jow4?y;nSeH9#~0C505Gx8cM2nPn<#_8~{e{`q9l zFI7xw4M+$}5~+=E!`pFfTOlGO0AzMc{cv$nFv;41VcwfJyW?;&fgnW1H5LG!WR1gz zexp(#1kpnXVvtzVQmNFgSOnmQ>=dr8@cA~JG(KBIL0Sn(#2fefi_$*u4vxPj9WiSc zi$&O|DF18SNM@mQ{}7hW0G6;$+7Ll+zZ8azHoo%ZjY`HdE9c?ux!6ZYAhR$H!^NUf z%V*N7F{x6$N{LiYWVDiXadmm)IP=~9XOkcS(T45cewsTFe7Zj)xLVN8I&VR6Ie!i< zZQVB@gjD*Sc@#NGt7IXQ1pnUb-|rp6{CcXKs^nBX(MCb6q`?3fEu$82X(0@$#x`3IKvp+*t-a z&X^x8cYtdsvfaL3#+>=XUi5ackGUo?aQfr#mCrfX<0SMjZ6-*yr(ih5u?4eF=O)mK z5XCE;KLvh~(qhlqyD$}D47J0_Jk~j zvRtP6@zoUj9pLx0v(bs`bGgX$WC6!qx0I(HhcZqnkKRs{b$dh6+W47~NA4H5b{hy< z1ho~;S1Vtqdi?dzsY%jGV5(HFPcHxjk@GKsE`tnX=v)_wutwhfx7EPYED)8>dQyVln_?6Yp2I?$^bAh`Ir}t)lB~S+t6n=zI64rk(C6&x}BcSn0V)G zZ%P!*byLdRYJuh=8V(B8g_m(8; zjAq{{mepJi=fQlt&x5VZd!#nnVuryC#$|VYO9%u3=&hNqR;yK+(de>7fPeYCS?NSE zmvQP=+3ozcy}mU#zJq<3nv&D#A);dT=>56-go4^Lfk-8D;R`Qya`9v^8#zS2)toI5LdK zpk-wMvDha64xQdtFUr)!~gxRkf2S97*1Q|F_ZI>1z^UZ({A%tjL6Kq-*H{pe~9 zCKxFNJOls%?2M>x5|9}>Zqc@7W*bb8m!X*f6&@U6A7P=vR`b%f=s}DkogLZs(b192 zhDjw$0Dv%kkD-5q#kL;rbqVCaQe`*hHWHN?O}f>B)D}$TG>K`Gan6}t)}w0(62RJg z@zu8n4+?-p3mxCi{i0T7)wW${VuIPjd4K>w!+=-jY#f}0O&IGS&|d&3v(@(x z5X+NFC-xt4_f0sz+v%Ff&*>AGLi&!D0jo6lbN@{Wz*MPTr9`ruJqLoRv|L0I@Y91D zQHYj>e3M~PTs4kl8jP%;B$ymfpXpQU#xM%Q=(_vEUXA#Y8?8 zo(BMGQYNpppJE1(q)b%}eR$W+D!`zNfh((E-ykn8H-pQzC@VG+oq{1{Vj`ga9z7}A zPag|_@WNkm3<0Z%oYB>Gb90f(#83Z0qcNzp`Jx7#b^ktqZCd(QC zkW!#*8T@Z?I2aRbSC8)ifK*mDVWAEHOg{{gD%ES%22f<2xSMLOya}TE$&QBikF$-r z?^gjU035mLgjN=Kqb(elBK>4!-C%;%!n_&YG^q*%RWW1y{$X2mORi=*R`#$J!QI`8 zM!*3U4kG{MX#-N=LY4pkyL&Ff0-j-0s?S;l0jBQmDJ`RegYq8V+R+3RFXq0C0<&lH zCAOCFM1OHvg{6>d+bhU+p@*%Q^@uY$ms|frgAW8{*1_j8tQA7Tq<42A5xD4BX$b&| z{GG?oQ*3xB)4iaqf-o)iAqCE)N|oxB3IS-fB3%Z4mCI_=eS1L^5YQ?ZR;vP5yt#X! ziRMJNgFORgqmK)AD?l5dNPD+Q0T6m30M_$RAv6GeyHU$9#JM(R}|ty zr>_x#%DTg;u$9yelF3VO$I(R$OxQ4Kh!}wr6_JYA^L6*mJUBaexLx2URO^6$&DlXA zD?wu$T&2%#z%eb;W&}({nT>(INwKp5P=vO&w1Kx8CrOW?&!jT%ISbxr>eY&v<4#27B5l&<>9TGq9stnP8kd32Ik#o*{@Movn0bT6xg@~5 zfjZSs2a9d;21oTN{at` zxDZ`f{bMjT2 z`@!yoNkm!GsxNhfDlNLR&IJ+D4*&V9*`&aEfa0ey9#hF=3s*O>&Sc=<2R z>K>fDqv#%~?~H2FMmifXRjOAkVqUbIUfhf0==;YrkGup+Pfk1>_F}l+Y~h^~3|irn z6Rd`-;OpMR(ulY-O$uQ$3tTX8H@_o-guKFi66wvRt~;%%X_5_mTI!CHpy&2hf86|N zBdjpEJwCVzdb+O9lAZ20-tH48>O?))kK0qa}y&i8MDPhOa zw{*QX+x_o9U|G<4qW%vbvJNYV-HR)KJ;<61DBp%7lUmR*oiX7 z2TO>-Qs;ezq#ck{ss3f}idowRqAD^rVb(CztExox8FORbeGm+>Oi=U#Fjq2_fE2pPj>=;_pzZ(aWdK6md`&H8MnqO zbT#-1@^*4J>`~{QVn*YO+fVEBaivq1F#G$s)!C#hpI@FT?yL)_SWGvYfFcF0Ple^YNweGT$5CP1fu61Uf6ZsGymOhhMwvax;CXS$CoJ z$^GwjIlKRMn#P~PMMQjbFq>jD-|llKU(OlIoQ@XTeW8hjCF`??$oae~v}yGsK{ls@ z?Yzpez`RdE7pv89b!nJgQBbKaM%(@VYtCJ$M#X)#-J&K`Eor^E*j(D|lyzsCuhX=5 z`F*%LHKZC*RH(_isH#zIIP*TMntLE?XrgZ2xR@yI)nDfG+FWtqCCGU-nh$zJ!MRhO zjkc@#AdUJL@xDk7)6uQ>jlr5ZCHl)Dl{oyk88#?dwr zJBKZ?X8=U)(mvv|z`WELO?_>2U;y3Z6EnZIrUugw?W~vpCIJq*f{$pBY$PauoeI0w z;fv!saS`u}`26{p5T`$x8@2+7eX%h0_Zwl8178qEbP~oS5uH;#{yZ8%RUjSj!Qsu0 zu%S>y1A#`Oo=};*A|lXfdjK_5;&Gt!FhC?WudaEw4oN1vNDc+CjgMwn5$}SyKG(4! zqc4(oYckcCT0JJ#wG^9HviP5`Lph-Xw3ZiE?zlgIEw6u)kY$eZXlzcs8bSaSX>GLE zzbr$+P7~YO&iz?6G)Uzr5JcVsS`rwr93(yPM0L*73Z#cp%_S+K(2qYN;x&^0Jq<-) zjtY1r5K%CJ^-^Y`S|L$gjMq79{?>;>06#SoUouWSOwU0WH-*}u7?WqYB)&UWs;=Cb!+~xcYeJ|Ltz*<=Z%JAZ7F3m zmDn~V^3S9NmJ*oTWQ=T}8w-+c>d=LlxOiiXda)Qa*@b#(vI{T#7JfvZ_Y~Z{Q?Gc% zOy8Yy&en(L{Atgxe;gO%HzIZ>bADdulfrx$h9)sp`C=rsBK-~D#lN8o&M4n<^BcaO zS2n;&NrabaqNGWjWl=yad@0uV+m@Vxf_L6fVj4xTYIa$xYyfh>lec&%0F0*PvWR<(ZwLq ztrUL_CWGz+9|h-quWZ+kd%ZX+qNGX@QC6>%1}7)+X@xQS$#dHBD`sUiZnXy8rbUWT z#btH98TI0m>6Fz60UH0Uto&(K{SCj4_vNVg(TTLJdPom2kymZMc-rPs& zxU`3Z+at|Hefe zJ&7J$d?)PU$%U6Sz`Qzp?P$FkIJMD>)?+;@5>wO9j@O5VW*lt}9=nO^D7#e|JQ^8C zN7c;%Sjn@6vwVHB8#s=KWP5(ymA2|Fu=YGqqN6a2zLLlEu66jq9yx1)-S5IH`Ellw zbnCER-EK5ScK^_yKcrHG(R$EuMuFXVDM`(lQF}Yu92w5&p&i#vQU(Z>?18f1XaJPo ztC&O*1x0qN7!Mu8XjIpaE2M@4iZRpL4YtwDM_pf1Vr%ZW)UP@yh!$;;iqq`tSgggm3#WyZaAJ->zCLouPeo|jvU7svAAX7Q~fZ!cx^t2pHv&36YNhbrXZq)0bVZDAjq27*khKu4eU$5z9p`5n$CXMYub&w zH_~49<4Y5Q;`NMYC$${5*_LxgZSr_asPha#RIx)X2bv&ueYlBVV2j$2F$4G0#_-tB z3K9sb^kmJ*EahM$cGq%YfO)7S0+im!G5Yk$shcdIxRt@KlVfy@5p?Q0N&JBtdk?)b z${lIWQ-S4>BPpXyB?Y)|jE8snshp@$D0uK6p zBb@^|P&@iI@NqC-6k*DK8Zdug{`U{9*?rxWfju&?mAG7X9u-%ln(I?Dt}QPiGG3#P zLBb;bN4Tz4S`QQ&^8L0QSy`2(aRgcrq5vk_p-z8empt|(1uR1?*Qj>Jgd|(g!PCIe zpkhFM(YK=<%l*ygw+@KDhQ}>ZoinK&?YyNNl+FFFr5Gb5!>;`t8fJLW=hBLpwS8(E zg-oHmygYpUYDFXlxEFtIGz^W|!<{BK2eq5ck6#)Fwv&R0`Kd`HNiJ4iF6)5ksGb0p z40-?)`C4bn8%VyhYqyz-0{${61L{m=t&^IgmB9{7WeT;pl0XW^oq)*&1@M~zFU@03 zA}{r4{n|1d2&B@ovs>B{?4MM8>M)KEev<=BhKZ)q)OTQYAT9vDk_(;|O?DO$o(_!+ z4hFu|d)ujyoDmY%3YvBU@>zB|ev$-t3(CoWu~o=b2bP|_avhkzP9vRx_olQA^r-6z zVWw5nZsS-6^6#SaW#O8|^(q4aGa6LBxnn|Nd2-+3*O7*&;_vqBIz*blxVAHy8+U=H zDI53NYMvsji2I29H^6<(R6p&>D~tH|L0Q^+-S9H00-qpf_s}Fxn*ftDKa#t>0Nwbd z9Z;xk>iA$F(wXf5zJ@H4tpJpb%pJ(sLpLr^P+)R_$x?KV5RlY0DWpnQCh0+WP-~3u$I%x%EUBS7$HdnqKZ~17nYG;auocT zn33fbG=u>Ff%Ez$)}Uc)-C6;zhJfKYtq>xitQA!?HdHWX(pqh@kqi}E!SWI_t}xcj z4Z+EWv$&O(kpf5tuXJY3UiEqHI9s^~qlF|=utos7q}o{m@C&>D!RK}A|r z3A5SB=kLOVpgRXedv3}MzviHM#BSAkwl!4?RE$JLt7;7B&zo*A2f+NZz@76?0Qq_H_{02q2)}dK;$pjG0JLMBb(wVtM;<2;uOKKu9+k8B7mh z$2#;1)r^h1kHa?%7F%~$0Qk=XsYze78B$Xq3+dwx)eO9S@X1vKKW*atUh{Hn>p00(Bxvltpj7LW5)G|{$lDCqM8|*vPCY>irbQ(GEFyqGpx{83 zA}>*8c;!z96!x4aeHNt=JC4w~CwIc^yamom2 ztsqyVmtmpi+K=dO_T?C&vI{)D**f-5guG~3fCMjGyw3BCXm(Ud}1KCa#gJD#6n9S zi*+96$of$?2a=61aO zZHPtix@MW$_OnL-Kri$_>YR`C%e=jK&_%I zpG6wAvA2JJgB2sppB0obygDBd?Qhr;34nXWIC6{kGQ*^aE>Dg>@>)KZ24 z!lT;klK2UEue@DAx6HbAg2Fb6h_HINnLK7g5T&-FqkaTCf5xCMHO*}wB`~6r!5`2< z{>(e4u9z3V836^dWELNPzH%!D*3bp;+>835#$-FKmlvsGd!AWSjwv9e-dAX3lOX$AB}X0HJ7 zFCgGxuRn)6s$=+7697Z!9aoW8DWT9wU>jr2qEEg=ame!2man%qNX&>qa{!D7y1dV3 zsKsJg#%%_wYTs;hR7w&khz$S=*?U?rid&)9uLuKx$cW>5%A9S<)_Q^|J|9*54Ze9#~h9s{49G+u}y@^O;Q9!r*P@&%;qNEpQsiy05Iyk zTxo#+C(tvv@C;uv0C-t2-#WVU=BCV69PmL?16&dSfvL~{M?R8^vI!n~XUOcZLQi@M zOPsD?t8#0=(Om1eBbOWw5pdW;h_*?E2_QLcn^67J0$xsm+1IGtpMeB=fHf8;RAP>$ z(S|?*@L8L?uU9)R6IQSh(rDt8)mn(Er0YvLe^=3*WXYC^o=PFL$|bOH=~5*oO6Xz&x7Sv>HjqphSd zScx6IN3+Y+F6fnQEe_b7JeQCfXpm^-P1?^K$Rx#Qxf9!{DQFVzlcVJ3~UKI!rAE)k5= zm(Kd*G-~Ly(2X-5!Q#C1cP|^t$b|wE0;-m26dj(tbcF!dRN#8GqYx)D#Wv~}jezL*N&WsVyFNxV(}+dQWTSOH0PVTnHwy+bKEL(&AVMV(_Uaobr%Pt7H6}aor46pSvrDl2kIUt%yc{)?&TzSX1d~EOj6bwPv-N; zOIaHLtn>~Hc2m{t!X-KgMBq+G>_D4H)tl~&9{ml!X#kySW8vY5B?@7#y=p*%?Dl{Pn~6c z`{wKYev?8e-iP8#d7KZ`o9M~C6Ci_kpy}6N$f~WEZq|s++fthbMX1CAAocPTVRbO$ ziGTh9?1sSN;$y;XMUs0Rw~k&O!1>sZgQCQdt|v{CuHHa|i(zZFrjt^hxPDP?7rybQ zf^LfgFN5P(2OoYMf4KT(*jTtwy7_wyY5pzTcGxc2`}yAk%>nrmI<;7pga%K`7Qmb* zNGE;CY|U3P=O_fMutWD}-1W{57DP#Q0Z6QT@} zmR24ZHU9>FeK2my3oNx^E)HG49{A(tf>~RxQ@WbEy@7x7CG1e7fsgH|rFa*;ZdSrO z3Q{udLEC#@+oeK*Xq@22qzg;|e?DDtY^1Jm+zH((w7oZNMO24jBsm2GzX+s{&zx9h zlZk(By5H)9t9dx$WP5pNSxke0l*w<7m==UUn3mSpf3D!k=bO%6JN2<`r#8voy+5j+ zSL^QKk|U)1m+@tD?$>?Um1=Okr(yWee)ut{7lT2!5>am}%3Hgc2fjpHB~>mdo8$qG z{J|h_n@dix7L`PvIE2By=#LLYIW}1p0X@X+ou8k(KNnPTKlNO5J)NKUzWee0$ib%R zUSoD7K^%;;&K8C^Zp^NOK~=%sF6<%qU^%eA&O#vb4)3Z139{`-Om4DdlonzMsHaL2 zpP#kzFv~k0#+DIuv2ACxnq>(vi3vu`=uCN~)AnRisYO&JPk@PKS#&67x0|FE+4fEZ zkd{vK&E{65S|LOEkk=PkmgS@2PI&;BkUN)CVtz5Niu+LW?!`1fQ~-XdYQ^e8v^iJ5e=rq&owx~ zS;_L%B62V@kr?xLNjAwVBd(UuhNnq8>ugdHk+YZUeLzEqGR_#%Q6BNWH)x{Yn70frk<>JmVl5#gc{P| zRN|*bdI+-JGux4W4nA!d%(lziqp?n@@*{BtF!dPoh)Rhj8UcEE*&#N$`!WKH3FrKY zX}X^Ml7dYf2*e0K*G@|*CBRQIXw7r^D8`;)$8l7e+!v%izDeB_FpVR|{_Wkio8a+&KUb` zC1ap86hDd4$gZ8NIWafMIKxJ61&b9Wn3Asn8)7WD@vy_M`ea@TurF;0AYkFKj?Jox zmc}HQ-C1dIy}{%UTiL_AOJYuCf+_IVy8IfTrgPzO^7uA^b3E~@B;r}fT$-CVaqZ|* zb2hR+g<-HU%pwkY8~s7y@`3oR({x5Cr*sj0S_#R-+Yi@9FK^8xrMm zHeKG9w@eT<#oZzH3Z<`{qn+e2Sv!l0k8a>&cD^&qAzA|1XDXx&`Dvbi)WgS?9dlgP zS}(sXp=@q)PVAwW7-p6X&j*XmbFC0tXhy*HI%40FOf|?dF91Je_5E7Z*Pq9O460z- z7A6?6g`^zJE_r%^=mbEV_i*pL20?qaV9$zi`#wRW8mp%KPq&!iVV>JXbBA*A%Is}k zV?I|G3O*t$_cA2U*$V8ND`2L)kY@pO^o`+Uk$t@Z4wi#-RGpJD@_f#!iTxvW1{fC= z{2WLC|Hu4Gb@t|i@Ad8NRFtpks8qWFVKm;;GWW4OD1ksG!%7zsy4~H3FT5XRHr>^R z0@lPpZ@<6Dys>v}yKO61^ni05n4v|Jl1R`(NI`;iOQ9U)5O3zh4*pOWK3#CGkezTy=P|a zyAckX`dJK+BRvRL1a8CK03d7RpM*N5ls|av z7Pfz0lmCu-1OEmfdV9$aT%p@rHWC0I{*trUC`v?CZ&`qn7yh%%6okJ)YO}k-K>{F0 zaYP9B_F6=pBUs!7Kt?cpk8wD-!f!o_z8n4#kP%Q}qlP^q6g9>aZsY=_#t!*UBM%-t z;%kFmB5t`M;lfd&qKF&G@95~?xW^%alyH&A5CHkCD-;Mn=~`lH5E8iG0=WzEv)8L? z2%~$8tIBsZRs5d}v)s+hmtnj{M0vz2hb9PXj|lZM|45ZFWj^;C*myy)-%M2mjSL?2 z(+=L=-4R@HDMOc&MMTtE zsg%k##7#?CacjM8q~ZPH?qq~3l7iH{DdYfdT!S4z0*T0yw!u?)v4?O#-xNay4k4vRqHl_xc$UarX zW(|e;fYe?Dl=g0|*6WAKe}5hA155t#UauC8_}WOgR3P!aXU}S`VW>lIxnb0vZTEUc zd%G6Ksx1vU zUqi!FwNx)_3^36@d!@#oZEs@}_$J?t8z&^xT%hGIlpa-pTzF=Fezm)>&E4^9LY^fY z8rq#H^o26m1#@E;r*HPRwys|G)jLCchCCX*rTVVDHM5X%gT)S81IAwA=>7ZsnUh{v zh#2Mb^^RoBdu)%$H(r&d@yC>Hy{a7JUdAqf`)jjF^ zl}l?NzjHXhy1Lpe^bIB0CL{al)A`l;R-MNH{T(?@q;$1Azcs(`9A|i>^UFDxovZHd z&UdTnc!;kD2Nh21^N?yf91=l$8japzci!H*JS{aE_cq`ihzRAktKHo{?9NQj20K|C zw(tr@&EBm~g9BHUfr+~TKx3*durQW8D5(=9Mb711*Xu zgMDGeP1m>V)%o^ZHt;1FlYzz^t+wiiEBVkhs>b>+uil@(KSCj159|sRa}5*y%|b~X z;-8vYsJHg_yGv6N0sY^^(MMZb^WD?F@yjv-16vQ7hQhd#pjWhtUc5|)eZLXR?khNo z-0@5=@g`-&{2eEO1G$o#-LdPXyE_W08lh4bmn1a3oY;T0DdbR5@wyv4-rTgi=>Z6Z z!hhdQoHd<}lk28JK1;V){C%NS)Ja{Mo9Qh^ly5%$K;Fom`J!H|c%4LRIxJlU7S7Fs zj^DD%2~dm+Rj`X5T?N^P+Dn+KY1KZWrv7-AH-Gg1bVImyTiJc8wO{$hZ1>$T_UpxHN6)N+3`>wAh2 zA&`ZxYrKn*xY`a0!a~f5gqQwGR%Y$Mt{;c)Dtog6yDB}i(e!jn&&`wi6!VXWJlD!K zJx4FD&1@SYScd!6`E_U^3J<3uJ{6ZRrk3nP$J0H>J_Ojwl-7#aev4!OO-J9b52r%3 zECQDOL=!ao#d%-3XeWkCGoZ<5R*BYJUKK=D5;U}4pitL~GnoAYM4rPHVPHZ6knqd8 z9U`+rLDUBBX*sz3uT37TZ>1L>u@K}dySfGzIx>f~(yoL70fk8DxMK!d`t_r|&|LsN zyINk8t$=5W%mW`^g@wvd371+49b9P3(SzdriloG6i+1(b9%#=jPw$otA&FA*OE&Kp zYno=3ahX?qGXNsax3h&Cpp)cbYwoA%7cg!xw3Q~0{yk4y1M&>UlKNkUzjcrU-6S^hI^E55- z=2%EjoSG?WxbaPDCJ_Aei33V#k8^I~Nfe^5KaJnXe8ZS5W~&<&uq>0%s#CtKg?Kn5 zLhfkZ8D1Wn1Yk@ps%+-o(Sc@0ljf*pPOdHFBRrD8(SwFiamk$etvJnNH{j!UEKC?G5}Qcc--mk z-2>ov7V1$;uVe^-Nf_x1eL(?%sD@M@w0brQw_&7tdAj?u!}d}O|HWl5U^Eh zFrBKJFTkfmP0P5aUhet~2_k;zj7~hk8qTC3DC8DNs7B%@F1Tbbs>ZoC3uW&pp_wQ` zCso#_W4|N-{4oGPk!qcRzl4K2NlF#TenYe{ea!o}lCX!=~QAg2JjW^B^g zPu*4Uod{N$9OH}!`jVnY#ir;A2muH+XlJIfN`nhyy28<;kUamgXJAx9U`b7qn{sq= z5@|iUS@9iGL6mlNg3TCtf4x>ZhO&k+XTM%X2N49LNW35vUSL@&9%z+OpUO>dr5=n( zF3F-s0AxmyO0l~q4ajWOk@i~#q(SOQYss#n*=}-lq2tx$%mhe=BAAh zeCWn@E5WZF#VWOI*)QFD0Q}A()Hxd?o`f0#GjiSSPzWnweqlqKm>^X>t@SKu@VW{lBC>8nAKiJ$rrp+=P0LQV%qW`-PYn$wl^MUi}UoeY$c zR#Jz#5TW&o3=rNpFqNW{(+CYWdT-XGBLTaDu7rUHW1N6vPbMZ{RaP|Td?&;i7}{AQ zQc`0xDBKQ+tM?tgZqk8VXBNegUk(6L$eoh5%NhoiorS>0sX?Y}_iX}2L>tKf`YMLw zY9jo{4-Pz2JO==5eoPy85_6(pJz#1kztF~XNWkBW%;n_j2kQu&koI&)p$Gi; zVx=MpF2LXHTTBl_Q-^CBti+7QZ{@)a{Z<7X5s@8RBc_cJlf93pE)NbM6NI-sE&&iW zoV}A*gc@3W>cKx6#j^mw*LGS^9e+RLP&<7glP?d`)Mj)|Qui-2S6sUun!R#I0-V9Zcp5e1t{Vt(%*@iVv@;&v3$1^{fP(SZ>P9 z*`A~+rLCGIog+5_5L=_r5jFMwG&3he0DvZmMuCE$#Gg+^zWF%Bqfpu=aUcO03`4mB z>Y=fhgLQx+3Jle}!npZU&y-Dn^6QB)%f4_G?2G(A{ynx zT7@B1UKA;{iZpZOSXhaxKIZ}e5YP`n83Kz{l|Tmo^ehk|vNRf9KT+@T?>mc#7hb%^ zh{+rZWBO`}0I1}vjs}aJBQ*KjN_VeuH=U0CmkoVP3YuW8&AD>DU&vK5lUN>UfI9nZ z5z`Pl=HoF0k|hT19vePSW@VCkL;y6&UWz9}06>i_!JwEn57yh80RR>?gkq!@tL09) ziVFh(I7tUk!$jBZS1RiXo%rYrp?8v21-Xk(KPIr^n=FM{2mt)$orDqF`@nFT^ysVd z$3lqHQ>5W=PMRKrt02%@S&W2W-4qf@nl?|yFz1@^`R?L0;KP`^SZdL%mP2BB_KwPY z;~{#x93~9vBwXN-iqQ-GeJzQH{0)x;79fS>&xbjESq5pIOlr-`tn$sLaufk0>@nd_ z0u%BfC`yQsY_S>yWTH{W-Zp$H$#s+X=kH@|JyYcx^EBZhhXhGl$0~`VnvBwftHsF) zbmbWSSAmzp6k96tX95qw1Wc6QSeO;0VW8qpz$ZqCqT+l2)~V#+Ty-*N4Bn=W&fOCN zes57+Soo%i(U2DY(KF&7l&h$5Bqs2OR_@mBXw|_U$hi}Za)C7AJJ^0=O9R;jVR&+; zJ{~Q9RuM;W!wE=wUHGe{w~u7=G834q*66-fM@n%9AUjE;`d>$)S0LtV_ytOIRO zGorO;Z)!~I41TOPWfF~28z%aW%`=A4S0P%(46RlL^iHaH=Zb zd?yq<&+UYXWnTgy<17LaIiA;10*NkL^3Y%7)v6PncmhFO z@WYAAvsRJN++U01%NfA*a%K`aIYTH_)q-u}BZ+?qbfzV@kpigHCOG40c)w38GVs1x zCjcU$9RL&5`}fx0_m&YQwN)O47s0M4k1h0on;=_Y1fBe?^bmm;J}2pS7ZoYc9Z--n z5yF#+gBi)xtRRb*POO7OM-y-3BszFtK;1bh7)sXG*dm#9e^qCu2^q*+gAWUxc@SQ* znJax6Nf1q#5Mi2dp==fTV);G~d~EsL(ds5bh#9CRY#nXA-G{mZEBim4c^YjWglu?h zK_w<*69g5>j7<8*+u2_v0Aj7VMf1YVt5dxF|=p3c}21W9R z8;rSe^-5gzzST*Qci&NYS%bC3C;{S+j46x7{2WwIq7`X(8-@yV&4{1ao*AX5p21F= z0jPs)7HlgMeS+Y5W&P?Ik5!@Z+3LAx%7{V|nZ!au9*)ie<}=)89My|UaUsbq8>ueL z@eEU9d-mxp!Yq7pW!2-JI8rY;Ae8=Pok9I22+o(B+8*>srVQ_vIJ%5+EO6g#5``wx zK0~?ggp5aJDt>H4U{W#z&dwsSZUl$!s7HQyZhza?BavMw>K3BOnM{Rx6vFFt)tOX@ zZO0x65sWF+_hh;oM6kv*x$E{L139T9$K->||5k_#AAWb{I~EH;sJ~BMUxlFhaz8

I6Q5tDzByZv<{Cma4{EtvXKZAgfY5By)Nw#LuMBv}m$*NeK`40_?tu*BD~(dsZhCNIoi*rD zC^#N{3_bF!Bw55u;05&0&X?L7x*0W@7HmqT!qKT;X<;A30)T<&o}BCu_4hj{#3B1m zc^@k->n2X%7;vZ4@x1k;9atqo-U~!p2xL~*on{W#6Mpyw3eEcX%Hi(X+S+P$n`a)m z-vn_})z-ef+FDouJV3+035S3|9BG$??HGQ$Rox5w-EtQKU&HO4w(MMP>(h2PBxDhq zsqW0!DBQ26!h(fpDS$fNo?k24mnYi>w-F=@kg@r^ZWq_=?#Vmj+xG?@O1LsoXc78o zW(UgwONq%LT)F$h+S=}6Da`xn6eSi&!In4a>uhBhcL1 ztNJ`{?6s%g1$+u*qO48N?AvQw?IEf?66)Sb*S78bZaS_ApP69eFtq_y>+J7hH(KyNdPJxxG3w&5N??-MGLHpa z!kzkG?KOM;X(~+qA*wrW$WOOhHq{+R2?D!BEM}+Q*g1RkXnIp++oiv|m_6zK)h_;F zh6L&{UImj!S3k9&T-5Afs&H-JUTE3-`z_qa>ihdYiEy?&VHI0b6(tLzxZVfH{FV|Lo#|W5E&n zFJ0i_>%l8hz6^j;WoG*+jBi|l_)a->Ccc-3X6MO;;B#e3j)K&7Y8$K?{ux62&||7y z;K`ct$hROQY3ifK=Jo|xLa48-!^bcv*9z27Rf6l3fKgl<2K7g&HlX8|ZFSu|J`-Fh zLqJea`BW)=aZ$sb3J5O0oKElGSxY|)PG3dg&+SnY*JboB+1n%dPZD|lIFPU4m;9o9 z&V0(%MZWX-hbs^^36Bq)(`ycWIwRMVDn45!<$C}idGZ6I1L_Fdhq3_;Q9x3~mIS@Q zw#ed}tBFb{_a@Gvkgf?u#_@#;;&N(sQhhkVY@K(i4E-tXy9zo(1@suK*R zZ+v~O<_bYZ5noGgMHy&2bqeyIrX*#s=J^DzT#6wu0m$Mfi-<2mJW|+H21g(OKp}r* zVUTlyzocsM6F*}%Rv`mdNl5(U7su-jzwjYNvT;&11@(UTvTqnmwrEU~q1W`!04OKX z7r=p^|8IS;yA^g0hvPG-A}upJ;<}NNk{Ln^&9`B`1^^+q7462mH->|qjmiSKjYS-| zL6fB?Ns2V71ki#ZK`5I^2>EsiD#Z`S7ghZj0N}8 z8^{R$y9Iy`@xyO@d(D)+@N-x{{~tu^6nmTEFMMCn#Q$<>{V%2tHHH9u z6AK2bKK?SSM#xW=dg|k&%14L1*8HJRvsmjbym=Ul4YPp|06*`QhXVv0zIICsIb&IO zAbk8^0KgaE;vt$v`C^~mea;a{96MkQgYaL0pEu|^pQz9O5;8l**8m{jxjFtpHLTYE z=Z~KOpsc}H!W+2a4?-}Y1E7QuEp9i$&m;F;dM!|YGLy>&@F!SJedOju83Lfs4;N6L zejaF`QVMZ<@M8o(e#%fjSCx^V`p*|$)D!3xUcCpv?{C@+$hd`T$ z14y}T%WpSnyl)#VLzD6!QYTdi4CP; zNQ*DPGk&71;WhyBJ3&UMq&M*7R=*CGm0Oj^Vn6yV`?no@X8<^I!vVbpz`!753EW-T zI(FSaA$@02nAZYeO^{r2{1&v_J?f&_fz?X0-FY z{fGAe_{~DB5i*!@696eJkpuAcLIssPq|!y9NM>=VK9baa81VB~NPyUlIX{Ty@PGWF zUplb=BsDar06|3M6aG6x3y>n&)Nc71is@fd?a`eu=VzDhxl|?BAd#zegifZ)<%8cl~Xl{zy>JIQXv{j z000Dizsp_OUH=IH8OAdBAO9MFD~B$Iq*UjdVF^?}^n5W;cuw40F#!Stf%Xiy z7liK)E9$rR+W>t+sKaofZb7;c2zAzN7;cP>XLmr@cm-G|+*`NXg%MJX&%z>+2+x@k5Yb98QLyM-< zHGi)8)X?A?{9_!Gql{*jQxTn!0mbn9r3HiT(ET z*>CPF-}nrLaR_l^y_{1=e1;>CDfCg0^8xI@cJ2({{InJkG0rUo zn)3<=y*fF2zK|97l=$C#?)cT^$1-|zW-c63{R0L(s=k%OSo~pzWBHZlq)K&PE9$s5 zvGmNnHrm5DNt;M){B?H;G<))P-H*VKS2MN)meOuvDirM4icq%DwK-efyxIiVNy9)9 zQ`7UD0=xAUAYkC;gnLVvzq-CwPlW+O&`wrVdOBY$CwOAerISJBa$TH8U0W~W;OZWx zYJh8TX!bgq2|Wr$1d3==#^+|xbcclvntROPfC)H*7OmSybHPb8@@Y}CHxl-0eTC^q zq=Ya5kBa(1arfy8QC0Xz*{kkvB-V2+(CiBWk7SuHRrl=#UOzkzg@PRc1&1A1ap2d+ z>~B0Gqy#vznoH#NuciZnJLP*B{vvx~>!8DlCaqk%CxIm)T@@9G7vxFw^R%I;jgA<;#>zbM|pNf>Ts%JNn48#$UhgoL%my@(h-U z@LCiO;Ok&0Z|^nyYS1Eb=XX5INgUShuL6H-{*9`A1}bjL^Xw%!gmQ^$^xCAbNjIo^iC{kGLYhlC@sdGq}phLS%Q^&p0Mo5t+ zt^2$MifhfpUEVi6RL(N7`Ep(#$Mvpp$8HDIaVon*H*xXP)N@a>LK&f_Mo4h+{sqXCbdBTyUFY1zW8-hM+CCZr6<=lC-FMjwQ(fw;v8=SD#W60>3 zp8Mk_fSn7~iLHU_X?b~EUJ#bCv`8LEsR5Qqknl0>vZu+jjf+9JG!Dj$#8%4q5&$X@ zW2Kdl7wIyl2R1T8n(xN*_f6~Z>+$jBsFz#V6nyfL@#6nbbg+TJHL3G_hi@;z1eaJDJqymEIxl>mjTWaJ_ zKb9pW)#x~`UZP(6L18tZV+HF1`UsPD1EdT0^1oXE3N^c< zkB_tGJy3-T>2B6Yx}8h{Ms%mO@^yDA0Rvz$)A@>bUDmYD@I8&OnK0t2S<=gN+NI+5#ONLwQQSUA83m z5$>tamqK!?x~aAkB~!<^Wi?6XF98rFx>PPOnp$UVn3XIu(&x@7X4;d-NoS)v)lj9i zg}FA4_j&6zx0H9ue~H2kQh}iq%&CP&gr2RNKmE`g=Q6HoWqU3Xp`XtQSdpAH0E*uo zFGgg4)UICm98a(zE_)4m#u#K=9~?88$)I$-I_0O&4nN;Y6q%0$^(3l6N{iU@7A#Ut zvtU=AFT{WRZrj4VBHb;6_e=7uWSsZgEQHC@(%Dhb3^bzrQ(w+RaDb1&9Isk4R>gG?+1pQ4H%P@H6k+o&a1U6*9D)a=NzNa};vMEh! zmIJ;r1#W{f`!-<#8b~uzasHZ?fgq8sJIS$1g;@`@bwC)wE>e2G4(uh_g=v=CSs62T zL6rGhi7WJ?NT4B22+2@F+Jtd0QO!qqvH*OlmSm8`2OtSUUhoL@=BI>3+7L|iWjWWd zic4I2`~)%IL6Y3wGSz}R5f8b?vYukun3X}NdAcK0C1j0M&%WW934f_RiAcHxm zgAs`)U?{Y5?r6Y2$=_C72ulDAPk$`y<9L-&$re#I|M&v^q2W_ANu4b33?r5}<3O(;3HTCpV^DR2T|P+Xp}@(zTBPtw{fh zNc^-7J{(g6fvjaV?G#bbz)D55fxuo)9QD79w6$*2hY;9I$@0^@P#LLspFp=zK(v=z z$P31|z;+DcD}L;l*70X(9|j_hdw7^v4J7db?G*}vO7Q^@cb=DO$RhpjB2={LV{BXEnU{um#Cto z#6R=UpfM6hVnOc707@v^^~|LI&69R10#sAUZmG#+P|(w4ZlN!?qxR-?%tN1d*8-cC z0$*q`y;|XFz(E>|=AQp>FWYlzBe>?$oC8bK@^7yL) ztt#-s;nFOrD!pPIJ5{jOpzfnItfXfwli0ZK;>v1r43Q8dJ&1ym{gpHV8q>C(O!^C? z*=(gG)~QQ5z-PdT?`#1o1!71G2`frEt7QVl$k8&;HZr4|HtAplAmM|@Ph>l_ zBAY2`iZ?1O)F4)q$(zs}Sn%THIHf{zy(uX&ty=7ph`w_R?{TU$AT&W za2WtNL65Vce7lhVHdcQ`G1591p*d2B5@7TY?c*;TSY~otPF+Z7Ba(I_G-|3nNnmK(gW^GH9EKP`@sLRaLnST#nEwO7mSi=k4c0g3Sus&WpMEkL`XIX{^hSZPoTnG zs!U=6Ner_bm}>+kAPdx&(1M|)xn=-v$aNmYDoCPr1XwtfV4effC`onA(Z}QZ8VpDz z<&n`9LJg(4pE87Gzemsnf|Yn&Pqcaw;?mwx$6StLs*w9npFa+%f~j_x&_W{M_?SL3 z#o$~6jG9_B<1?-6i6sJ{8Up%i6MPIrf5=G@rl}KNDqB=me8BP(&1RwyU>(dKe&k~) zr>08}PO|!P=4udna3ux?;TD%QJYC;^Zpo};P&f zqL>rfYAHfs$}g;I*eYRCstf?|*_Q#Z*VUtz6-}b1F*DJg63oAMyafQ9)VQ=vOcqaF zMW*D0X~mUd5`d?F_#+Qm5&%6JP#J|jHUWSN*P4@!$`}p637|l6H6>9b`>AXa00B;8 z6BSs1-wc2X7HN%`mWk3AU6-tr!ho7cWs+9?`E!?t#1*lS7=6Nc>R7b0_V-001FF>y z)4EYhquSYduOZL0X4_se>H}bs3o1czZ~iqn&zW*!d9*^-a!w_ZKO+=jnV2@(1_4k} zkvAntkR<+1R@P7N2@$>l07ZPMXhtp1Vjyh{le@tM4vf$U&IHWl&T8qa^hiYZT9pYH z5E1~BdYzO?N~pBoOlp#2ngK3k>@{d_op+!G;Q51kAp+?N0d=4L*krwQ8cYvH7$=5X zO)$|HbRFo>+-Hjf;>!t6U&io90{~Q%+GR(&N?`xPr_4`DTjh8+8Knb_azqkcLJWv7O|sI`OzNFF)6UXy=5um%qWV}`ni>scb4T=x| zM|}Xaas)s{h^)-!MGoRIQ>r5YFxy3p$k#?whdSa=f@|#kj-N=zT1`Vj!g~PxmfKKF zf{1|II6z=oLxO3nttdSG$P~>)DMlW={Y|^eH`bJba0oS2gKt%|+qk$pJ?fNF6`;g3>kUJrH6&Pk=W@6OD z1cJuNhyYXe!-LKM&Kb5rnvswn?z1bC6MS3tQMMr+o`TH{CC*Dp#~PvwJp0Fl$E2LF zexR>ae^$;O7Lj;JgB<9{#^Ex|3P{*Es8|-?=Il3U)QF4sXC6HuS%_$%!DfD^U6AJTwswMBrWs@s zvWkZ|^hfu-hT)Sqpy|zzg|NiwMyb_Iaz$JwUKGNOZ|bOkT4;%RfvG3Zyn0sQjZPrg zI{EnNCY1m7$4w<5!vY_*Wd<1*xPdMEsBEExwt!>5%=^qT*%?nW$o)*Z_oK87ER^ zpj>gmv-}Ze>*o0K)I)J8AE6pXYHcpLNkq+(&I>G$XlMf@{RwTH2#D!>PDXdY4Z~l8SD1i^xnaI(yT^+mfJg+nZh?R%w{fZ2C?ixpMQj~4JqE08v};5g z5kiZs46u?uT=DStzXAYpRx)?I%qZ!cqeW8RK{B00{>=={5+qv}GR$zXGs;Txb_J2P>2pWdEz{CFUn=ShbR;crbvlm7Dra|m!7ehchukfzI3C314|KLO>mC*wt_$-x@hLC7 z8L6&rC6k(tI0-@skEoBrxHwvODithVXB!L9CxLC#257pQmi#`BUEN$XzBNQH1R$(l z^gNgdliZdzWDau$=Xwx`ryC5wV!d1J?j_GmGKfK-K zwhE`!tNpUakk9MH`NF0lh&BRr{+$j($q273#W^eKZXFgK_;1+UMO2aa$J;8HfK7+h z=x8QdDQ%V1%sPPDN5BQs7b|Yahe~6+wSFL-V%^5+T>rRte6Ho_ z{>J1+6&>fF&MnxE1)Q*8XcqDhBzFR$YHN5>$B(oBDi%;r*WP|eIF93aXNgwYr`~_m z=zRjmKcw6|>y}vecS=XfoAb<#=z2%5P%cxD6cu*K}s zJiyW_=ia1LcL3DAr*;mM+%LAO+YQCH&D?nD?dpc3SBigKniA}O6!Xxy?dc%--kQ!L z$K5vzYua1b|8VB%MfQ<8BK*VY+gElO@Kw%z>c!N6GKUR4xjMQ!>BmJ-w-7l0kMvo% zShIClbA!^^ldGRDFI!u!)=xiOJv01;L(HCRee9e$3Hzt#@j=rY@zbrMt%l_A2sciHPvFuq% zOe>J8t3f;k*CAdcnhx$wt%Nz<<)z3zZvR+tc>fBfbrlE#QDePNcDd6jCt7TguS!^R zFVAhD!}{vN)b+w1#;j~|2DMIV!R=ik`X^g2FjaBuW7?k>yfFT*fC;GM3tc{Uui1*? zgzKgn_SLp3)L>T5b%9}(#EX5*N&ubY zO3y#P+$egwcGlC~^wXB5|!L)Km(^H1$sB>EObdD~T3)HTT&c-@iCJ zOPqZ~$3=*W#G_hueyyTAMH{Eeg+ST=Cbw)ea*p8ZZLS>7%>1tUyl;?~A&3pecb4k) zPk+3qHHH@^joPbE?U{BVHLG4T=%}%0FWMXaPyoJ!+EihtJ5ztf5tV{XFp=FUyt(}8?Zu|#2oJ6;_Mb1buil<)=f!~8 zfj5a?&CGPWrx?6PeDGU^`P$+aCs%LYRMVSAkPDkj$Ghj%Znyn39XG^hyT-Bjtf~xI zfnZfnr5A!HgEEqCxbbi}9H*#48Sy>i{PuMF>guiRqk*`y+ox}iW~y_Wsv6J>Lh|W_ zcDw$^=bOeoBmTFF2v4Oywd?hhlsnKk1xF9Eb5(TlQtE%&WN&QlEX{O}+Aqli9vg(* z!>N<@W&2Y)-v|hU6y6lS_+z{NbZOyP<<-gdrg6>1C*1AR_M7_K=@MQ?5oapQz20;cO3Y~$Kmmj1sik_m{`OTZ zWEfJrq)nWDdv$sBHoeJxn(O1RD+~2@dttkOy#b*L_ubsvt9JV|l^4oTVQVknULK+2 z!U8hjL@%ARyWRRU2-L4hN<@4c)9Ui+9Q|xb4nRzqy;!)y9C$uu3`pJ?mAg2>S3fDm zT?IuvSN=bd&Hs}HC~0*J%)z|NIDCK>Oc{zMyRPJE8I(a{co00D74z+=)<{A<8;gAJX4tY!stLmU4F`@`i!Ngrdkp$xb2bQ8pHT;~;g=|Wj zo13xNfX#`bxba!6uQ4?wF_oqKB-h19s;>C#GMI|5NtPF4-JlSx2KdN^!Vu7P+toOi z?2s6;EQv?Lz(O8#xq=Ub#tpuCnB6JGpVNjqI~$KnPKfJ?rThRbMxq==To-X-;q6T_ zo)5S~Q8}JODbzhM#=m|@f=PRuWZCznRkGa-L3O~zEx#3w!~mP*U~souHY=b=3`n`v z{}fAu%@bp945}gi`4$_;1`<>v|JopUT{A4+ocM#P`3Zypl^QSvKs*eP8sNvjBwFNq zUju*xLPqw0fmKZEML;7QWO>w(ov^@4>OpzSy-@xv9t3>|!uV}u5e~%0*3nnLfhJzXapzK1F z0oM7Oe@Bl21cY#Gu6djJx`bE}tP6gGpM5VB)-kB~Hcw*k-Uu0n#4V0*H11zP-^2eA z0EZA58-D6T3H`T7DQ>B+?*fY;i&D@g6yB17j&Q$UW<3&;1@W^nlZt)I>>p9&w+8#i zJsZ}yicbW}?!}C}CI1`#N&UEHGpDlMRAugM28kPjlEB>mOoJ5pG2E5Bo-*}NkpVuyd8y`G?tFITI()FM1laYZ8n=r7(@E`v%93%2~4nHI4 zWZAd>K_oX{%(q@YGezmp2h_Cz$Epwb|BO*W2|C)R@TJ!J04R5wq;P2YTPD)DW%~M` z_P^xNV8`Qlf#jtQYLQ&&*A8!x#L4djw16H=Fls{-3(Vy&i3pa7Ad}5)1mx?V*^gv5 z55ms=m%rzQ{-5OzQcDGsgyzci62;j|F96GyEa5->;vvy5HwT7v_X;)qCJ;yfM9IHi z+x=IADF&qDLv^ub0{m(+-t(HQ*Y=@2bUM$UeRvOgIGRP1k zrSRXhX3UKHp)c$4P1}EDFd9Fik*F&m zpB|XQih#JTuU4uXj4uBrBbfZn?eQRT`@+vr<=25b!uLKi_XJP)Uu!9ArXt`29z^Ja zus`pK@qbo=5v0OFXJf;4lxr3vG;+uWA)Xl6k{?8bpIX`nK#snQ2(y@_a+w?Gp|l`B zgDjqY9%wNqt>9$g#71rE4Uj};OhIzFnm+`5+T7HoT zIus+mSL>R5x%x19>F>ECJp5KyzSy{su0TA^d zcwMW_lFK?6c~)h}xBYE8!fWKggAo3B^x#1xLeMiN&+CF-)Mq z38Gm8B@RzssP@%fqErGs9#0^MQM2NFeHA0FK%vJ)6fwDYYp&;Z6S0A_$?i~8sp=H& zpkl6t8~6?n6@r(H6M`3gDjvcY!VkcjAI(Txzcv--NymZUZA?`jISQ{V%*=OZ3Vmie z2!cwD?9O4md$f?2mumuhB$7>6v58+zPZ`Pp02@XvU2nBohbws@y?@_|-J7m=cV`OR z^Zqv$pgi1iID?Jw6Y#xb-28xUV`>G51?KCZ`40R?vOR6Ss?YrHcYm3i3cEv;uDxtu z&bQvOMgD9j`e)~!c8|K%6;>XglHzU`@FkxvrQ)H1`iw+Edj(d`{dy4#2zr$;k^!{e zyqyNwy!vkd5PNCi6wa~i*5`ULWeEJ6bJaJOZ=R+%!C65)kK|t#=H}*hCqZ{~5V zU@uJ8?4Lz)>3bOpa+sGEx?8O`Cm6Ns4EJL8`CFV>X}{_Z)2a*O-E_77yZYgdf9`|e z;2KB(@w7V+&5kz&bx0n5a%<369LxdPyrKs0D@N}W+R;U!D*d)VkD%`L`U0OEIOI5o zR^>^QImx~6pQaK#p~WL-(|vz8(Iwb4vg!8aQTuR?kPt-4P|vICWoy1YhiNr1fP~wh zK0G?Ao|N+blQb52T&{i8JvvMgYp;(C_6kprF5A@C!4x7({AvC2@>3yY5I_Tt`S`^W zT3MY#s&^uw5Hvr46ZNAR_K}OqgB<{XRJ}WMm?j3oTBTL#x-}rz(agfi)bM}=tfaZ6 zI=a8Nu)0pR)goBFBZ~AuMWa`>QRX-}W0;rzDQQJZZ5vPW;9*G}Y-5L4-quty z#6j+;@XGv}o*ebcpwIsD^%SyyXA4_ke#9-F*2`IcMA)J>&wE-<;xdhn@e7Sq9WBx- z$zpwg1FC{!#~*V%8fw>jh9XTSY)V<&_rl6T@`|D1Jhqxp1 zuzvpPZyQA&QY;n|FaGw&ICU4rpdEM0INZ6v&@*n#5%KKmr;|-(82A<0rLA()s#Fek z|4xEPpGtOWX|;)qC>}>mNCoGmg2Oc()I60Uj+Kj%djR~IiK1-ccr!HNVB=^{KuTtEKQDfk$|SbHIacE*#^@7`+9>g=RaB(_CMz zW)}xXs&MSM?0KC|Vrzjaqbl;KO<{kd)6pGJM`wlMg8)hC*PUdgvNrPy6J74Jy5T+{ zq3JpH5tJ*Y`p#tODb7|iO~y=0ng+xKu&jQ>RC^7Q;$s*V!uS1FW^g{anb>G8>;>GV zm{w`z7qGy5y0w&Dq-h4j5~rhEIh?IN1EW4H!+`~HvX!e?9#T!bB7i`i$MqKLwE76#y9pf~@z=I{bO zfkgvxL83+GMTilqwa=Os?)U+Oxr_nF-#=`%neE zvIB*>va4&Pr?8s#;nbG_P{FM?T!h4J-U=uUPiFm;^<+cvcnL|f68jQ_Xp*NcdBvAR zM9xvlkP!zIzDc0%yokI`Vt8s4s3Yc^uSZFRW`bhJ@Lvzlt(HBrqE&Q~#|9x3+{6Ll z8~J34`yljIiE52_!7ghR&9pja?_auK06-%3;&D6C@%a9D^XS4A{)+YtZMSd}?saE< zrX(V&0zl>!Lh!qeTDsmm`)P`!A|l4CRXsUwqKtQgZU*+!=P$0ZGK~XV3EpfuEP7;^ z1T)ef{*;$SZ6q=U+Hot%tOb(CQV~=M@U=@Sm{F^^yJC#oZ-V@+L{Y$#WS7Y*4C>QW zGD^u(@Q-$M9pk3wF4KlQF`|gQwvz;<1x#S>ZY*KN7Gw(EtiF&Fa8g@8e`(+< z>!U|Xce5n^Yu1-4tPR zw}3enKyTM;5@=l!E}SRuBuKJ!`!G)cAs=WZ>CEqh0Wy%qew}Pk2z{@z&~DelZe?B_zcUXn(W~Fz3ir;r%)w2=r5+m`E0v*vubA zq}26vTm{BuV)9!cSrx-*rB&iA*)g={YT8w$=drWu@IEd2-#gn%ed(MXBGlohq-R?u zlZNHIc_&?Hfo3)dfT)Y96VRI&t5D$s?qK??6(8n)75YJy?C4Ex3@?L9w)qj0L5M-- zzx4i#cKBER_6GnkykjRxM2<`BNFM^dCyhD@BTNg0_(Gt(VE{*fhY=UJeQq~R2T%UJ z{Hz3fc%W~_#30!ZG`plS+WRPc^0BOe=Ln*K`@?12U&&WDtZ|qCm{!PvLq-)+0JU=@ zqyzt(2IcyFBm&PA#7$+3gATCsY*H69D!={H3r-BeRg+vn#91S~N{%~{ha{V;JB!q8 z5h4V^&>^F6bHCT1W((w-;lv>GX7j~WUs@Zue7=DPrFh^+QC)`br>eQ6&l=@=G&8AVRtmO#F?E!vB*!7kro((1C~L?TX&DlFqVkl_6dZeHI|nEPJ(q_* z;%){L0)Yqzg3t64Z~7q_{zIXzC8JyqoJ70N=>ta1x}?cJI6xQKON^kRJN9OBu)2wq z2Z@iToASnhc=i*a+x%f_hGhG^-c3@O=XB)+5DZK+Y%RJFq}bvSURYe&LQ*15L{O7B z^F7Wv#h3%r(?mv-_KDt=H?$ut77`riF>um@;_*%G-_c=#XB%q`InrK#SjZ~`z#0}m zFkFERW;yBQ0$RK6R?{;5QL*&Zv?@?LOe=rzLH#r7%pVKx8^oqpi@J$ovV!VIJv#M< zfgvULHYiaiG7gB?xc?MiSWk`-gFuL8u?HD>&I9E+daz!tPVO}PB>*H(pEpjDXGvVW zy6wuaUTNzLOWHWa^yX7CVgNfl59VveHc8CWda@~7Au8lwHRsKG9Q=J zQ!ov7kAKA&vs$pR4AV0Lp-AHD9goN;@zW3FBB6Ce;#CmsG0$UrJt^M>dy>BXRPy9U z^7Zw~q+}I(JYLx#v$!DFJegaTp~67G^XFk9LpxgzwT)smS4*lvtOFl#q0+rVi@4^XJ3~MU+~^Kg%N8mAfUHnjrwXUeO>V zSOCL}AONb<=VfG>Fn`#d#|vZR)?`wFlUa5Px*Ai-2S5`9gyD!!{a0qb382X1=xY#{ zk$SOF$R(dVnbd&9Q8GlLK1BVWmchSFSi>)xt?e%Xpb((97$3tZGtYvPsBh9u0IWIq z{t%R7OlRf6`Sf|yih_)X$iy5PBE}YR@X=FIHo@L;x!bhKEKRVhCMf{#kRmy%bFY_| z34mym)0(12K=YcC4VM6jlp@b!54n7`0Ljo$QVe;WH`y-$AdK*|ZQ(2WhOWuAm%cwb z&Wy4}XsHJ(H5%}0C~~~TMP9SWnHE!t^7*<>zHQJ5k)aSO&dc1G4L{|yiOB=KQUSxG zq7nd8-Q>g*j06=Zi3NFt@r#oEI?0uji#&PU0P`yB3vZNyN0H>K5QC$Be;oSfBO%a_ zYS3W3amZDzjJ8S0f>3#&m!|47c~*JISOEOr#&J5m_R~u)&DQ%-B!?(G-JF?)G~} z!`uh>0_#A^tl~)n^rP}4$xE-35n7d4hqo<@ua8+igD(hC%O34AjTuCo^OPU}B8;Pf z+{>@XoG+1Murbv>vyx;oB(5b$u?4%L*TuvjAu#aBJ9~@Dq3@~vGaxN$CQBevitvg> z`1$#ngk+i)<-eWAXivwc&*9fnECAqYnyyhKyl}pDK$0ZWgtxqvc6p~FzW}fJu{rhw z$)6#Uq;~gw9(BQG#U$Lq#j}usgIOCNEuOw80~OILkH;pg4f?AwX~=LuBs%M>J0VHE z_>|EC63T+k(fKz3*x24;uX0e)kBRm>0LufBKKB4Y(J0EJdikoRBCz*p2W~MSkxF7Y zpg@*MyyFNayJylUfO_Uwv(t_Y3)TA8SS?mzBtNc zRin+Ho?-EeHTGH^5A^&L&FoxmegOc{_Oy-VnDUqaNR5zr+2DGhm=>U8r>PNSa$8)= z=_WiJ*lKJz8KLX&=piITHJ$TPL|TB*(iat)2NmbT$)X_C8P8hU#1n)x*&Ru&@vI%B zlh!iVNcpAc=yT~!+ZtLUjbu;Doo?O(;Ll1xb2{&E#N?{0H)rw>6hXJRiJ7UH)J+cn zs7Ok7QVL_lG3?B@5Ek5UJtYCCl+36OMn7&%_rA*Ld&! z9$jF;n2VeMbk^W6F%V8>afG0tHAKtxt3I|t2!QLl3HZaLvXFivABqU_48!M;EeDWn zOsf&%#B{>UBmsa7LU}n*r_$2=bmm9^WUNfL(^9dKB_jg>B=J5l9RSGlVN-9)gh}}e z0-&^#OS{%6RePN2KhLh>oG*M-(t7i66gg0cN|+Wqf-G zIAO^uD)$WbJ*MwNw*VE(pEmifQi7q1Id4h;B>%M{QxIWMW1c{1mT&Wjq!K^G=#9dr z<#s@^1>$O^$v@3`&?k;RH&JRKz>-2bRhf!m5_L7(�ql5g>VD>@gEGXo+_AivS3P z!oW*=_{kU}oklDMR{DJ;_LcaT)H_%b1D3K-R%WnzQI9iApznJ)6*?o3B*@`PhD;0% z&Wo2TPuJlB?_BUu5>v{-1%86|py$UCIeOdY8C6Ur;3QUZsT2tUARUrFXmn+$j+UN# zb?*ZIyhI>6CZkRC8%!PPKOXSHZHhdl79B8R-L$lLu(V*_*T;yh8YqCNnYKO#pF&cL{UgdqUVgI*B^8R@8re*{21*WGJK zl78+-0Zx9X)r-s=?wHY z5nQ#vvpwZA%FgYVbr~^5QmPzwp}w>m$&?}%Id_qE0VXu*n;FNfuABHbVU5{wT>_w} z{e!)$=}jVvqRkkM6Xe@Y(8x4Hgfb>F41rLrKnoEn1p|cI4=QO$#<($!bkQ`H#6{cq z2Uy^)i9f)f=s99%7-X^_l2Gct+qdTi^kHf?^BiL$@*kg7Vfq2DWZo4=y!(kc~=}oTctfEkMR| zd?Pqb$y)C5LqxYV<6}gC>+)~NV&ZF1)5FlAJ}1}t+AzR;j`;uLY0?0uD;CW>r63S& zCztNV?Hce5EF40f?%?Cs&{=vw9cz>kabvsa3gkj$A4FTnco>v~6R$^A6*}qx0zrz@ zA+yKSI#GKlnXw2A1tn}^1Bx*!ts5r_ z6!|)lI_ zVaCO*0H{F5KvE>f(gjVOJxG=$gvyq!170VO@l>SmFfb$gfO)YniX&Qn?Ty01bcQsh z!SIs04HwY&2#o8i&}IH6C<|JV0B@==U@#6vYlS#$*weYvkKvj+>#E9HGUjVB2f@%Z zu=}1sYgT8cm#-0tV|IyWDW*E2+AT80>sO!xmdF$h)wu#1KKs}P$DL$P5oa=o8fK{p(zt3CacXPGJN^Nf;0PsBG-`W zz%*q)6P#F|j3--Sw`GLZs`guG3vh#vu|~=QTgp@(U@#up9Ia)tV(9Q3kSN7|+K}cO zg~jR|&Qh3ZUC2kfz@}9Db@&kwK(NR?x1x0Kju!RyjC;5SZCIrjyzUY2Jdif-r>Wfl z9#F_S*WsU1Oyy>~5yruQX=*S6mW&UG;eFJodxSHfZ7y&hku9P|9wWD%poXtdGDUF! z;lokCk@U@e0rZE`P4Yq02sH>C5FiT9nh~G~FY3}0C~Hf4+MDtm0kC5{F8@-U48tId5?vgnc2VB8Rw3aY|e-;qI7@bdLtD|di$ z2cp!g%t{Flky;u#7K<9t5{T`uGctmm=+A#ntehw>TcCI?xstra-T{m^yfBtcR}+aG z@n|mU9FEXYI{>d7OXbYnhblbyJd{l!sW&z*GC125!6-#PRB6V2tIM(4DHW|;QIP5c zYXC=aGE3dW(@(^-5W@#!or)+DxFplH0HmYg07*c$zw2pJaLr58P3a}+vx6k$?#&Bv z4_A7mjj5sm`!|vqk=>^-y=pYT{!BT9xWaZqRt<_8>>ui1y^9moWo`hSZ4&_FGlCrt zcOsrsx(T-uh7CbvHCejB04ix@N|zaukFU6IF;B+2TWw3HRA)o0^RMUiB1Y4*pEF#M zUPKM7P*W~>7W=94@<)&C(|mri@%JL74kxZEYOj*@&Qky6!dP}S^^4$1mADDzE^Ozs zAZ{qFzJ?Iz&i>u1p~4Yr2cYK1oPQ-7QrxzC_187L0O*6jh3T zk<$xCtW@AW{>(^^-NyaVery?M8ir-cv=lqOpuxCr=-BQA@)6(VB6E(eaMYO5bk>QZ z79>UM{O6b+sIIp&_(=>ld{ukEaO-C_;k9@XKRvW_*oB$kVFTLOWt0YJxn_y~2ukRd zx@ZE#G{>*Q?soqm;&YhQ#`->R|2dx?qg(d?PZ&Seoe2xUSh&%OzyQ&i_igTUb3}y% zc7eE7*q8jwpDj9uWy>4$HLcrq4l|JN@O(3(xeeRY&cF1Zy6lPQJbAfUv25egIZtiy z2iYX3_zOqJ`0d_xC507OI6NT`dIR0A9Zz>wZaRZ(d&$?#Shs_w9T%dl3h2DpHce9l zpEt|x0>f5crr2W<>(nx9A+L)&zH$0hGrL{$_>>=uNBEz3db6pS6Rn)z;f8RTWJ2kq znq?X0{&}jugawdaFSU-!mt&*j)OX_EH2s*-z_6h`Fifg9wo;TpkFIe!jxz+OFWL*& zwy~~b^pTuwxaQo$H-DaemQwG1k4d|=b*S04c`=ojdjq5o>OTw#M3&~;S{KVv|FEDx zRavW>c7ScyYMH&zqHQ@I!WxxL!_=CYck<#p`**7b5X$fKyPX&~?K2=%Uyv~QBRFe# zh@I^z^?dWq<#-$)^E^sb9IYxg{k>i+0ZvpQC-3T+sPLqybPRMspD zX8;W7w0{h4)NFmA8HQP&CdJrDi&_73exTW1t2S(f#Qq7T@AhzDTBbHTNfQYxh+jWi zmj>8ePIaB38ehZ@TAyjAZE0WG3G2m1h55{xG|WLU72#dilJagBSiH#duPnrI1I&cu&#p!gRr54IpN77 z;fU(Rv_){2Tq!L{3AB)qgRAgT$dVy=@Y>}*zzsLtx9$H)mgBaRt{p1U5b0+^A2`^Ot|Lv!+3o1^UCCo6+**5n>OE%$0x@( zr;D697!RgD$>!qU!yhL?cg4&YwTx5VPeX8J3SHM~nP)DW3^vZvc(l;E+1-ioz(!gr zD`l)%Rp%tZ{h-|{YnyG(-|G`1xnFC&J|m_qLVE!elT~98JmG^{h%_o`qSqWO<>qDk>>IQ$Rji@h=F>OX`Mm&Z3^$@(p)QeW4fkJ!Qn_ z;}%BG%8`g74^_jAO(b)rFHD&WbXf9rlwUcg;agNg4kgc5%9!IoTU+mo zoDH5h__S13s}0n%&p(gjNwL1ZR!b4{fc+J?xfj|tyT^=i;Y2ke4ZGX5wO&IKVDN2X z=<9o1w}_J>C_eZjwSy#>f+V4XyJXOw<=)u+X5!a;`6afONjWpkzM?~R8KEr2=vS@U zEt51o>WQ!7an)+Q0LKM|;*c&1=#iNfFnWX>3PxY0aM^c|ZZ}Et%-0EqZ-CsSu9ZW| zGV-v#$PP*va3fC61$Udf+~Wv^35iL|vqvu0F|v-{?Grff49?xz_sm@!5&s>ntfN&C z_v&>aDs~pJjE8+GBmzg050To`A_S5QHL8be$fP@&qXDFqcoLb2@x}Y z1C~JXaXouLC5cl?+ZXQhjMfBm|4K#L;^0ZK5D^=?p`f=7UvA;#4pC@#M)hEXqm-~6 zV5($9c=8-zM|6Tj)?V)zIFg!G7e|P=!=U-zXS@@`~xWX zsGdC{IZBpsXov{h1VT!)*iYXA73sjtr~SPmA*?(3C)&%18=w*e9q0@vQFmH)hY>J-zG5WaAyxWlHm zAit?*@z!wyqGg17O~8QCkYk$!*@J{+hq66UwT6wQu9(LFxs4K++;IA=!rM2adZ!vJ zGDOjtml>*aXWrpcVqTyxVtDaT_y|jQWo>{O&qGtBx7aj~1K(W;3=X$mpr5|06YJ)v zK+Bx6(b>%H$%yPIZc`Nf=i>u!zMW?LGbEJC*5y!-<;*ban^sOmfJ^`GoQ&Mz_E+Bg z!k6`WjdEF@WBL~Bq6osD&a*;TBb+f2CT^g*cgul)eA9Y-QR6~*39{6cOJngC3_6zC zsv#=xnBMk)RX_N_S6yBNBK!!xBfF@K61;MTF<151?iH^f|3-Q4Qm2nbhfaZ3)>g2< zDru`t9YO`2Ma{d9^$A91Y07yKXkwh%qrf@7rb2Dl%I;H-gaER0^C}nY za$WXPz|p7}DCYU@YQ~%sYj%1kOPR*K0Ul;{Ycy4bY~ZJHBdMPHVsFdlKu;Ca`TVo? z+Kd4@=2hQHn_wW8o_p74E6AztQV!eCG8-+ZC-i5`;id za$q13n73xYtHE-hL?odYB&%f2e_wX}U(c^W*6l`=w#j*p6=uinAp#gAi^T)MBbyT-1GabRH zajOoL27Yt!YSz%70GP7w$3CZ|XLH-l*QLbfGyt)~9KGO{3Zq89Ig;%eWZDwB(}INx z-vU6UNj4`L#Ey^WKs(rF%alfe>Grvcadvp)t^ooYs&0m6X|3>%q??QkDaOg%ikJ?x zaXSK!4S=&8dFO%`T|+9e;58igV(+%%}yzn z=vZBJf(>us3jpUGG(#W*^%U)hN(ulcn=ZdsBO z;%rmOiZ#G-EreBgq_F;HZ>5KMIWq+cH+#Uc9kK{7kVel0R^{rlG;h6iSo)BQZ5<-Q zsb>M;-gSDU+3e88R4_by=7T-8v7t!u0o+LVV>4R?s`e5Mh`Fs((Y-Q|^`#V-+V2E; z?x5lu`5B|4)ZzgH#WkJEPun=A|GjHDe@-pw^y-g&>p8XJGPq~+FBNbB|SCpBm zvj(Fu&vRrWG2^m~yh_COBBx8UpwX(#@_5Yss;+Ta0L91P{8Tp)#W*v=$wcOz%tv*Q zNs?(%9Bpht^%|3Xow>+D;8h(WV;oOpA~aQ%Z`HhwvT8zbWSfz?kU&kAXxkj-~rh z2WgE2vAIUT3&B^gl-lv6nf>9fkIlwYeV=6+w$i%jh0wKlE>bA2mi-?9h)kWI3lWa= z${OW+%HDg>yQBYWBee%x^~r%$no@UoMoCi{Y*$AThQr4q^$ANV07MlMG8sO4^ysSo zm}t!Q5vJ*0ey+gWy$HKzYL_v#ZbK4wq+Oou=m9KS_(mCAsMgxEfTz(0Zgl~GU1ODs zh=a><;aH}9N(*mK8Cxl&Du%n^7-l#EH^Z!2E`aJ8rV&3Gvlj$Ir8`^lk-@X4Pt^fi zsSXc@;Aj$WlxzdG=|%a`QM4@Xn9&xF8?z~ZPoO^{m^<*wBvo?|Yu4G}h^6-(^U z?dvqSOnY%MtL9JY=+ei6ynr5gb#5RF zoXCWSYR14;wM0OI?Q_BRG`P}`WQ({PC@ypfQO<#lH3~gW(DUf5b`6qFN^r56_T%_w zI~4ZA#My=|ItgpCe$<2i~QDSB5HDg#BWGXKshR)!!kY;-%Wz z031fPZs%rs+(OL6tkcJgk{=v}EUqY`!{7BMaFd$fzx^T|UCHk(booEbakF_34ivUe zx(#O38f?Ee*`PJ@@CmdC8bjxQ8~q+4`n88?p7}v zyfFoFRO9vZD2+=kH0TY;vL|hBRqb3}cKyX1YTxc?*Qy3+@PRqQHSakk0un_d{k6Nj zWpF^ZtCFl#1~P@Okr{e`5lz9J=0;$I#>*WQwLhcs>f>-r9`w#5K^ztl{HCCzCOm2QM!q{sI1p{=RiUQKJT< zJEMu)(>eR>z4o`)T6?W;wa-q=(A~uggVmIKyT9f)ZYpu5s5#47qxDpvO!vG1*(xN{ zTMgif&o`36#$kAzTn^GvrkQF(O3~MsMcq{>K*lOqKp|fHp;6*3P}TR^Ra|$*9sTuc ztKjftGTobjoyH27j(z=ot6W}BCLM2ii3}GLypib9L`js+<CIyhcIfr(_&AER_(fimh!P?|4aA9?1mhK2U85F`^B^ljBK-xjZBEwmA0c z+(bDUCt2ESks9QKygLmeKDivu>9fme_jV(>-5QjN<3;DTlp6JcP3f7PLr);b^(<9t|JYI2bPF5JvfA5LYn8Xd< zDX+6^jJ?sdE{SM%*@1)!9-_0Oy!O%qnvPT2lh1$pE-LySAN^LYvU{6*d#fnAo12@T z7!~*HMg*KB&mid)&Z`UdZZ<9Jo6JzHfzG@(qK;w2-4o4#lcZBSM5~rkPJvpfM>d57 zPPzJXU&6wkfmWAQ3(ydwSiTJ}{PX7|Ah!0_VB|9Zy*NLFeggt#ueFIXV%L~s(~WXG zoP_VaP}7L8UX|t9DXD%0Org#9`LRY6i++5(10e~?UZ@^N_{FJV?_C+#Ibahsktiih%FCm3P-s%v#3juYGB3wJj=JQAdQhQml z8dK=$WkES#6=(ZsUZn>$Qj#&Ylh5HV-`+xBu)k87Aj494O3Ymo@RIAtA&kGJUfNSt ziPFu_z#m?=&lZ{EdGyWK`P`8<=$)pw5eZ$A>K zYaAw_DpkhG{(`x>f~Z~{HVa8G&eo4)jF}+C$QLB-P0&SR4ECp~S*e+2_&^y^d3hDF zp#=zFoFNszUMg`G@^aq_o>bD-VH`$*mXm>#D;$OZ6sGLI344PO&;dmjVc#BX>P+&P z7Ahq7zmyx-V{rB*rp z$?c;eetwgZp##TDM!72!?fhF32#|8eL6*;(d|wzEL8La&b}oGA$TlB)B8<9gpO4wVZRlD*zM~CA=+VuL!*H*VGYKyl5C>~{(prdYSqFZy?Jk}^5xPM@ug0Oy3TnmBGQd!on{zXl1UzG=8dS~qWo zA3Nt9EKP>~hX_F%%i8-b=sE#`OgLUXF9vAhdJ^Zaan?8z(uV^e(l7yY-dlbh`G6P` zpQXJ@MYSmoOX;7kT-}g`x*e#Iz*(fYbOeF24&uoRas4vEbQX^0$4uK20hEN}ZH?%I z6kQ=2Nz_i5pXb8f&7Nx&)GW^xq!gu5sh4$QY$hQkJXOBHLP@%28fdWkqWtFKW3pEv z+wHs`GiD06+92(B>P?k}*ijJ%NeAMNY~{p4=@bz60JaIoFbwhxNtEoRqj_Z0=$pkL zsTPO#C8}H>8xfQM`k=$ZA!oa7Zdms9JuqMbEvS1awaSOzNybI!mRv8l-hW576=vyq zfvHgDei%;mpmZHn6>5j*HDYf*Dvt0V_&0l84;!OV*xCAdEoS>q8*mDou%%p8AU41f zT4FY}D@Dlx-q>N3|KN*c7|CW2q+6T5(HYFw%08Et;{gfG8+~-1LPvtQ!tTWag@Rh( zSvbQUiv}W+EOA81g%wzPvh4VbU!xInf!`U^<+ke!mk>~CzdrBC*bGE042f>Y^A~(e zlMKYN=K%7D$@Hsf1^w~!`8FIeqoc2-Y82oQ9l_$GNd17SEPsiA`^=TTmS>aY=C!Lz z0f5zZc--)Yx+*NR^s>;$u#EY^QEKd@41~VMEN*VCwrE3wqI_gtXHQSOrNPvd|F-0h8rg zDqyjgdt2ZipSk!*qNlvUfY`L2^HamcM_a22^W_LWVF;W803EMK#`zl$*|IQld*if> z*dfY|zMMZnIETbhcDvFI7Ft%mco>mIM5h7^S=8{)<>fqOvs8g{ND7L0FrCQTi=rJI zuN(2L0jL`tTdO6#?z@KCXFC_6guk31P`J<0=|f|yAP4<$RTwTuHyj?Xy})j*c&~8DJEs zLn>;%nGXtZHAxi2D6qPK#YTq1$qv8*UeK*Q8!#uq+;+uwA_FZCF7T)0V7sn~G1!(Z z11r7kVl>aoy12!}C@@uOR>#H!15cM7ehdK|ICl8synI|N<(F|p=)FZ`sj~IGsb;~+ znF7K!`X+=(4wY@_(*kX5NwOd3#Q(H4qY)Vgc?C#B6f)WaJgGeM^X)J_`pAk$Wt))R zGuwiv15_1(Xu9@w%+ze??7~KS1@$T9rKXd*&<95ZOAttvp{l3T$m8@RNDD*4&1y6x zBLd8co`H{t&Sm(1OiLlEAtP?#Z-D2B!x^wagG1bnk6O&r z@3TrOQnKu!k}N(JCPU|Mv2qZU7&hWA~?^gJ!ayBfX)y-OM3u*g*c24BGLi-FM_&BjlF-oEqTisw-^jtLSz8F z04Soq3a8sEnqcM#{g0jU8a#u+1s7NLiH1NVxxyM#-que6H zSi4i0`dH5a1KW+fQRMEP7npv{DWZ`*@_}d@9s&z-Gn#>WiKZG8U7qP61@xqc-D0NX;)Mckp`OA+b_Wuh2 z=38Mll5{YotbZ_xRysB|{S9n$w*dG^ysZ!Wdm+6%I&XwC-!$ghS;9&U0HKn#ITF>$ z*=>!lexu9`8{aYSsiiE@@Zz}cvyy8srBS$a7+owQ9a3X-L=~0%qB${f&q_MQoy2#)vz_OOOHy zswragJ{psl-M4&QgFh6pVXuiP~SB*73$T5Cx&EGOuPdF zZz!4yjwFzwQvyP?Ghh&0T)D@KdeCU9G;x?^&2)x|WLH99nQoKhhEunCnT{B!L1|29 zF*cb zdrn_;j762kiBk@{oIsUFIJEe5_T$d|1<8ng6t8%Pb8reERwHLI4Xm z-*F<^M^mC+O)g&~bcgYN%hMTaOBybBb{__SYcr+FD0Ea-zR7CT7)SUsc^b7hsZ=+y zY713tGDmns`Fd3}fXbZS{G|_o$OHiRsw*d8@B$)BeW5TlY@C&Le?OD<#u*|$m7lUB z>WhtS-c$s0wv!{?Q36M2aABj6;lHilD}Q+Voj+oV54Rfsu#S(G5emeLtUDcu!T^qm=3CUENH3s3y@hP2_GRYi2+ z%t#~FYVQGnTR&JWmee`Ih0;RS$#$p1%t26zb<0jk? zsE;Y{7?YC64uzgn-ZQnI&h{4o;2lr?=UFROn?kQZ%LM>iUQWcw!W{3*542_f3IM-= zCW@8UN+;1+<)Lxg=?c>D_IrForGEB=kqH1xQ#nS3PXz$P3CJMCY53+NTLBJ%Q&b-2 z3Ih7N2$XYXx>SDTYbB#Yhc8vHSOPywaPZ?{Kl8M+Bg|Gf%-1T+Xe?VuR+uf;TGXkl z3-+}DU}ZdPD1uGTl@pkZUM>BLb14Fw*XI`&C{zVmgmW}L{qjN^M8(<=D4JDD`gDHb zAsUltPQ(1vehmOZ2X0oEZiH~YFnlq*T1^%X3G@}Sci-dioTli%ispD)e3KLaus^7t}Fhq7!+-icD@8|0CWR-I1OR3pf!%8HI5k1!6QOKC7|mHR0FvVL6#6=CN~$ ziDPXS)ygJFG}&IWZ=<3*Ba@EHC8vrrwRy=_;OU@j=dE#bdUHTBT#c(c)Mk-$40iD( z-cwCc^h6a_RP2JKbaqzF+D*07I`0h|rYbk6JizqITpDqkLS(}<-{z1aqjG5mVv*AZ zFDEQe=e=H?$*~8@jbZ@!L<0l>`7sT&nlk_leSGF&9Mjt`$4#Oo92iaJc1Xg=FZP(*=&zLjglX2r9dbJ}NS$ zdC`3_a-CqJA z7{v0S+{$QQ$0ks7m(I|4Y4D1|J=R5kmra0OEGd&udYeisNG;V{%5l1A($!z~1%PfI zB{-Awm4wRH&(V?K8?OiVDN1G22PHq1s)9smfr@A4LvvnBxBW6ZW*4a(=cvU};P5;3 z_HcFBRZX1ASz4&Kh)8Q0DW1cqN7p0fM&zd!B!N-RlV*hG zsB~O>kj5kzy9|A6;q@;OM@`4o1T3}q*!dG*A9Q0jn;U6Z*ly3``f*=%o=1v59>Pqk zMop86ITV?X67DVzs+=8(Dp2)ZBH%{{CyJ@BzpB^2FYXe>Xbm5c_ehI_oM6dqy8f!Q zpteQphIac+RjmsA4;+CCcCL1e1k(g5UYM~oD7>GZ#9M+7%8MHEVQn&>&wu|7UZ3Jh z;x4k0eb-D|*_Yw;T?&5c1sEj!lhBmDTQU9dS~SA)ddOHVZ4`ZC<5y)YNHdik4hfwH z(#)K={g(fuqdjO7hi1l+Wj04$;vORHAD=Z(@g(|)cf4;tio|zcgmHP9$c9VQU=y+w zUjl&fi0-2}4`BE<631FOqHU4M*%b@`h(ar7@kf}4GDAUMyU6A0`xNwKJW?07Ruw7? z18>g*W)Tp!Jxl3^tbET7KQ}`H2H#^Frm6seA~ewZQL-amWE_y+ohHo_Oyi1eJ|+r- z>Z?;nzjPw{IhJ}*tM<7J5%Wa*0Lb7My01>zE$SYZsV5Ag1kO#xu5@ty#_N>Yk^Q%J z^2H&;#99XWy}`7lC4tjP-|YYZIxsa)GEAu@kg-PeSA==Fxe&X}656@Qi_xBTFoA{M z6o500SW7IUoQZoK4d2R?o4aZKo7uGm(E(0L$-m%t8zQsP`$nX6;9)mgo6JIaI_> zN~LTh2$cCXUObV7W)mhmRstAlGNyWV=ZMy{c(fDe3pgn09Xt(K#L8|HlYN|}SE-H{ z)rF8%P^Th{nI0U0g_n6*)F|hPi8h{m_NijM0vP(2NoE+GSY*1a^R2q($r55R z@jSGnAsP<b5&|4^fl#kK=(o=G9V46aQaY^ye)JUPKO@^#LwvyXI@}WJV>rRQNl6b@5;TRFSON zUZGKZcjSIR?(CqBY;99F@AfI2Q4YI905)0~W+yEvCGi1Oa|HbFjl!dDiWz7nuRkhK z1~*Rn@`;~dGe1|V=ycRU3N^6-V5mye76zymqq0q12UEEA2^`4byTG?oxjFGY!~t$b z%p`wXCZBYpfV}>gED<~3bUTb3A)I{tTxua9lV$c&}nVAv0 zd9ZGgV59IH%ZAnDx|$>DP;wzo_#q;(6qNW#oJ0xB$S*&^ZSxoAQsp>M{SJfaAO$>B zP>35LbTHf=7RWMv2~N`}N`bf+F$Ih#zwY~H#4^1RjR}Lehrl6aI?RzK4n5bv1EnlpZ}{Ol3)Ra4ALAcJJ8ixk>eIlq z?nR}7@GtoIl}#fL$*HiC`Z_h!V*x-1u=-02Nx=dt3L@)NC2ynX67)erTvk;O?s0Y+ z`)gy8Cse?m7uO-pOgFo?36S|C?!~OG$@;U;Qhq42b_hN6@Zi9iRkD2S-)D(q^kF&0_c>s)QsW&VNoy*xtg$x;B$R5&)K5OplHqt_dww#Dm zXuJiV_5GB9wc-(B1(ZLMy0wwFf~)|>+*U=4KLrF`MIWdxVLlAfj-3%15#4JtjpH_n zn#=d-jCO+-(MEWl!?n2lHxr-r$CNfmKEZ}~tGR-Xzz$qxe;c>u(N;w}o54?fuo4R0 zk&{iv+Rwho28H_8Cfz5O9?IS#lCQ_{`2M*s!<m`cBVOV8uwDs3Z}#4aUts(X3WuFS|?Yuc;t>{h?w+kLJy94o&yI-2h>`F5?IZYDEIgq&PVj2@VlH6|WyOYLQKnyW2 z$M5 z@k1OEnWUnE0wf|%x}OYmt)n7qrN%6tSDhRS=+1|n8vLPiVbX%IqbEN-0|8a53Qp~0 zoSKcDrRwD0NI3D4m+AGSinBL4;_u1^4hx=qBA7k^Hj{o^NY zkk?q;$Pzv(nzL2Aa4`rppKJ3oH~3G(EXJI%Kifrae&fa?{=8C}*x2RFF$K^T&e;L7J-R9P|M@X*I+gLG%A=Pb| zu4yTg-gYO8-u-WY_4?zJrz^iFMv4_*JWKly|2rbs>IYN^%yA6&PUi0xBXL1kC64b( zWjK>E6j1MUlY4O%qtH58ksW8|;cREiqrRiJ-P)XV{Swb^aj&JQ<;wO=ZPtP}O^AOU zZbSE;b9P?Lx(v$Fulk&%6`a1OKk0D28#mGK9--L?S2c9o$6iy6@SD%e2QyZ1&|riS zA%)KsJFg1|f8DaLzEEtAw?*dD9nsw+BT6zNkJ<=P*XQsJP#j^0v3qIiM~sb$N>9n0 z=q2myD}D}xyuUBuuSX1%#Bj3#=`vVc=rhc9!fTS~01K!kcAhBoKBrP`2TD3nmx}&3 zG1nse{FtS*PB{KIk14mVS{rC3K?6WG;F99;d64`9b@Ji7hXa9aN#}Xqm2skg4|cz! z+X9c{-u0;gh}Tx-jdAvLZ^O(?D+onQds$^J%8ZD}7(-eyX@kFUXS=m0n6@n1$xjA_ zZH8Ids?A122^1xABZ@Q21xIa%PNo0Y4fx6Dgp?YK`^U}Y_?)02LP;MZH@jzpg0R;zWsnnx6UMsHwolaIV< z)%H@vWEsPW5W8$q|1SU}Q6c;CcrfT3?YRt7Z&&Hk-6huIpgA+kxgGj9G*{TOf1sX1z)%b4#DaeJ z5Ez#IYPj{yP@Lztnf5ZlKdB)djg479qssu$&1VsrR_B8!mSSrhzl2+F)OuS(lEk9^ ztq#4Dllw=VLGO4jtI$nBT|&8=v+ZL+*6@D!pQ(^@t?L@gJbeW6<4j*<^A26+Re?dv9V8tJNTzYao?j_ ztG8TRQa-2O2l_ufX$}rvefDw66f5M-RD+k7XA`ZLTp;5>^uK;m8Eyy5$8F`Z{Yq88 z`w7#581AtFc{NQr!%H>xbfZmbpI+e`7~Ly2OY67|Gr3K=1{>W++=s(XdtU%XV^R_K zqvf-+&zo1*mhxdo57hvU8pq3>HnVBVrnkpZdp{1zt~<}>$uBli8lIfrs||Y$b2cUD z24ocAoCkUi4q9`wd?X^z){t?;Fk6Gh%>G!+e>-UBUYs<+sM>8JozauT$k^-jTCK*C zuA1Lq;q?Ag_Os)G|7oe~ZudIjhVD^^%zke0SP@exIvlWu<#jO`!hWwFG}sE7ksW)SQpM^6t4S z)!F?N5=!TN>K~t1_;>>~5G$)0}2glKhoHvhYeX6?oP{zcXOjT1#A6v$D( z-^UAcud&artJPf)O=l?os3BZcTgng>gzgrI1LdMyU75Vc=1c!%iq4emwa{-=$;ejq z+D}oS_bw~{qTB5j?K!^*uu{9#KJU5T0xn~(rhZR=5lCn$!FU5tUuq=9)ox##<&KO| zz?SG=RQr=Cb@$0!AP?A|SFzl?K3P(eRqZtZ@pmHAzv!o;eE1zhosFGcd4J+y&~c;1 zYPZ`@1caWy@`J8)yG#dD@VojyDW+YAy{WF&$G+GXm4X|*$5q8r=K1+AoSn_;6G0Hf zVP^X<1A>s-qImT&JbUmU2tId782Bj z$G7iatsU9jv*nl1A9p6dkcaQzfBN!xe0Yn$_d+~D1li-q_s0j4l4;S#{^bi%1EYGH zulE^S-0x%;+L&n4gEU2$$ggTUCxa=>$wo|E>q+f7q(Va^%GfYNIh&e>JIVRt0^9cF zM7I+xG%KpsspyJyV)W)dnzHkTy@#o&ZR`rk!%P*9f6807oy*w?T5858ifi9U*|jgi z%*oO@`u{+$^HC$5%;szSm2f@AaKP7DVB@{eQ%PyNZ{>%x6XbZ&$dUj%R?}*%?x)8M zdl{WLzu{`j1w_L#YL7c%^ur{Pz1aD+=QS@!1n;DGa>L<@7Qn1_BSgTng-bMC4QfGWNV^5t~At@6V~>B^2U> zY4Fd;vH^@|50U0=+Hj%J(G_VQNI+<(U25vL~_h<_qmSZ*ysUC5U0}aChQ7X;Gr1zzlfqHOU9| ztdGrCR8eNZryh^mu(_W|H9PA1x{I&Zfg6;Gt?tm;`E z`bJ%Vdbm1I{;M9T0PGS#a(=U7fG?D0`{3QfAz_i~Xz*tN9HUkY{ozf5-_!Cp_@dZ| zI2_ycQ@0bc9RipN_}cR#q+T)K;4yt2ssP9lEYCSjdxxuWC^DYy6<4J-tBof)^VJog zlbiR?7QjKNp|*Mk8d=TWp@l2PlJlpx6g8;gtF^?^xbn{mYA61AsUdp5^`Deov5MR< z5CtmJ=WUX?UGM}lcUkix_v=Oe`qpPcsuwD?8Vg7cNN23F*HZ@d_0D?>u>*F?igIlmyd zxtO%e5sRxjr#Ylr-fg^E84Eq4d%|UnSnVbqphk-ka34!MdgAJpqOxkratRDJ$ETYzXP+s{7vtoNngA&te)xnz?6dfNgH3KlGm{RDCfi7VsqImc>cGX{txG=ED ze&n>}5|gSlG1MeX#4N@%BAr81J-#4Hn~GDJD2^qr3VfcXx+(%^F%P#A*A!ZNsKo z>Y7F>@=bVoc?oqT(ZwBd1&a;?dXmWit;{;&1(O4e-yf~!>?dl@^`|e>rGL8DoB-J+ z)DBl`@X5(Ct7Kz$s?;CuzFJ7+~h7cx6QZkOBB}7}}vmfG%9xu)W?-?TkjP2#SKJ4SLc{<8x8Q-3Z&E{cPb5 zo;(q={Pt7d4#VLyX?3MKiz`up9eOU`cwtQ{2ElvgxF7l+D;ryfmZT3@bG*CsL)eTN z0eNHi5QhFzH?R?hp&&Oa|`a;^?UO9z3lb-O5U_TdUXG#RX}HnqC)EdcI~hU_M5Dvg+@v z+A3E;}XItW(B z84PRBHYTkxC&kuq?D~!1aCO=0#hWfyehhthw88N=yUZ0%XsFj*2ku|3Mh#2rkC-Zf!ETc z>YzSxTU-mkJXgJXh1l!PmYsa%dHu0kKY0FY68Te@nXO#(xp*d6Tb0^HZI*9@cfxSs zZMJPV-wl!3L`4}$HZ z6AS$9?M2L(-TZog{eYwI?Y+CtEe*Ihn9}!OP8`(xB-T6Q{Vv(GwrhsdQfl#i^Vnh5 zb~$7%mizkK!=T#WQ{O= zt+39AHDrXrFx>7zmowo<4$t^x@cjoXmD+ZY;VutP#WGO!NkREq{G9*UY>Ubp?G_hC zKe7yc$9q%C>HAv!*X)zamqAGLnkpb+548-dd>ue(_by(rF_i7A*3IeTfktz+V|2T7Pf|M)%MDz}gG9T~>O32|u@LBt+*hl31eHAE*?A^}u^kHZ0}zvDGv z*8D#5MSF}mmPzFelQJz-x9#2$jVFKfE<+4pnu9Y(` zSiIR?50rjAB<%_s}-FjgMCkPblfg`krpa1h$ zoR#tC$s-ATQlHcDj#rykCJytI96cuOMUcUa*TvCFSQzOcc|h?r$)11wg=1k!Oh7m^ zn(L#qd%iZZ9CoF)gSU+LlN#UodP&ndY-`$SdLY)4PO87A~j*z+O5|aWi|Oe z6bMecw}b#eK)%1>6dyp1-4B=2Vw&W=)0~{q{eF5|MQ789m%W~-+aRUP8YbHz8Hfh# zxaz$5AhwuX;cV%+3XY{rA%pE&?vp5!W4fdvQ!mO>jCOzF zy8XB=4ic)!XsRjM6bP?)Vf~SEN_Cyd<+nkHq)4Irj!$B@Q+ZPFvtq=425OHCD9%)F z-<)Nd0*hRZMFqHLM{5~hson`ClUiU&WK=pHI7&u?(s!9$LD%G5PXS6B1^o4K$xz;6 zAuOb*i3s4IlMZj@ zOE+I30#oXHxDAk)e<+q$dw+>^?Or*N2cJF>Jw07myy^I45n@97Pl>obCSu5vwb8k9 zS%<8nN^-@F4b1xv>s1V$d~=W3TTiiPD=mn0qDYVm%y2}mw6d8Y3mWtr6SN$a&cFu9 zB6CHZa_CV^7zj~;%>YSQ0o|93u@_gIw0M|-qxh-#qLKvrxEg$OhDnbDjz2DKL{Ip^ zr0yV6+`1Fijl!t51phsveNDoS&LngmtQHb?75@`AtQxu&JY<2?73CHwjw$sMoHxg?qO=dAw3&s| zokrTSnejpEPw?E5&x@S~Y!A}lN$*+Bi5o-sDDcD-4fVdk5E*@BdadCWA~un59}^Gs z>~in%xr+il(!KA)FxG;IjSd?w`d1cj7{0j?Hvl;>`bHEeR9ld|?iRo3w7~q#XXBR-ZP;lPd2NvL&Go{gHu;3t__?hzdHem;cfv;ZT#r+OOqBjZe3eY zso3eYpH?C=1r-2N@!NX~p!Pz=Cf227_qf|oM(jO>>Q(_$Mb8ms4`rHbyxbC)hohsP zZ7M7?TV%%%d$qjvQhDY;Aks^rvE69XFPZ}`WE36OD@8-hz-3gcfmHvi>dU>XgeIQJ!*5*CJrq-l3B)pnw?0^C^{f`W#a8 zj1VuZVps4|^(mWNd~VtQ^a`iRW^Mut!r-NU@TgcarZdwOb@6yJ|=qc!* zbeiQpBH+^h+-okSNlAxW;!?XLrcDRveXo;%`l^)l5cso=W>%b2VTuJ6ZO)sn!AJBW z%sU66k=R3*)I5?velT_pdHT%g+|w8!;wv;n9MXMzA$o_f)xt0YDFDc_&&6#UTzPp; z-w_H8M+KPHq{7ExmEfiPS^A6b!cD*wmb0s%Lo!p^$aAFl>VNhHZW52b zbuQAnBn(WnIcMXkI?^gxmT~eQOlMFV!Y(tPvIu1)`JT0SSl&h z88Jo@u%gTUn}=4g79tCR@98f=B8fjhk|bcrNPiSF zL=1&b5HMO=Nc@Uchsul;dS&)}EN?3DY)$fR8U^Fx#8p^8I)PNCIF+&iF8g^pE^L^C zFrnU%E`@zD2>GLQ^(Z;v(oj-2az|jK)u)b{cl)WE1R<0o; zL_vg>B$UKyk4~J+++ctNX7mUKgvorma21qHJ{P*GD5Ag{pVGOZY#-7@nGs_Y8)k_Z z-4Z)?5n5ecF2!xMmSb6N{l&{nv@sG?pTN#84p%Zdkx07_V%8llT(L z+g^iQq!l^Ua5}?y&$y0KkMN74T&+8DB3B*gS4ukei2#NnGO_4({-Pqi+pz>gt zK_e~1kSgk(1?tN|tJHxi7X~#(_3kZjfUK#35^71Nsh3+jcOzY)x!%)Bi}aCXSH{7} z5&SYn7#%T7Lc3a_s{wqm&-hn+uVkNW)I-De`+1d-&=}#iZtWQVnF!8q1@NEkt{p75 zu8ZR#G&|bmJl>N4-dnLab>fpE*O$gOm+g><{3DO}iKZZ|c|QTPcZq5MGmR{UKft{@ z9#d)Egf&kSvDCgsG`no5s6>AC&+q#CPh;_9@;(h4NTD;7F*n*Y?6! zJc&ugaP9U}sY_Z+Qps93oI-v@dPA?q?F|I*^W;$mD0);h1_88s3#nW!oGVKJX$fbI zZmQ_>u?gU9{JJ?$#YvtLu-WZ#mZHrmm3q<(lhU=X#ij0lCWM_tksXVe%-r18m=@t zji%FrXl=jfdNwO-79o!6Gv$C}51csIuTDij!UGf)clG-PxU1aGW|qh+*sWO<-=UA7 zVooh#B;!<>4%e@m4*gcy01XV)U;Wrd7NdFaJzhNsy9)UlK=o60pK)# z2c3OqBjXPfHP27u2N+`@p(27oH`=Gy@vC2VF)5rKed z^n>X!B!~j1?Ew+?kMI_OItWA?0>Cr?_|+GNH`9nwFE*6xE3RI6@?-&0P7p;hnC@fA zAQDO$yW8zVgsH3?c_W}V*~Jh5C4wQTOT1wEOxOgJ+8WdRx~FBgmMUH&Q)P{NYh zZUF{Pe(SK{OGItbH03l43GH=ce?syX#U2I+Sh&z`60+df`gnYy7E62$pp|aQvp6iL zTq$hJ(;@-j(IWd^xGda0odZN-LaT%4H36U`*HC~vwa5jugK?=zX}V5g0gAVfK4McQ ziUDWFdta%VH@;FqYS0OUiVGF-xMRQZD#AXc)5b)5- z7tnJups%(XoW1XHwUHEt62Fz)pi3q{`Q#4o5Q`X{7!>|dVJ|1%PzHq^t&t;u02uU}1RqbRz)3_n+441y7-NMy!;bhhB2bJaDu}T#5n;5>M4KH;vN<$|GsqJT(S+ z<`ED?i~iLDBv?6~{;8&|zn60#rz2^HV&u=do#8V^P$azJ-^w2?Ku5uNX$cqr;_{tH zBlhoi=+A%nO>P%A5254u`&9B^gC>yz68p27YGZ{H%aZT8o1C1AqVvhLd_ZK0VTfyFfPt~M5k+oIN3RIa zJYvx_2X30+TFSE^{Iz)}fC5JuE)JUt5xWQN9KkACzl>LFruUvZ$E?Ju-vH1zTJ43j z6PP6}-EEQd^J^2RGFE!F8NezjbA!I}%L?@uE&1co4AvTIDC58c@w0PLpW0%S*)dTM z4+~$tIi_J`+|eQrMr0Y75M?Y7&;r(s*|FGWOIJO&0VJ>WwY`T=d0fN9S71OK?Ah&quHk5jp)*p0#se%`_WQd8*7I(7^OYa0^~Kb;WZ@s(#%IEZwe z#}xyd#!g)en7_3zP4omu9sHM!E-%Rt--Py>BRrIRnTKnkqjJFKV}fCTv#-*;B?fqA zVGWh&`3e^b02dy>xISj#3Jo$>#pyr1n;8SD;BU5VG49r8buOtWk(T)V!}R#S0U*Wc zeESWYlP`n|L6LU08yoqV?GIc6s7Q${85B6sG1N=l5A7cx+& zoX=_N(4|tU?CfN!Bu~DXx%os0xW{G3OjkKslXjJeVPeqXoWtTtJ2D`#h~tENqFURx zDp+f#IKG(6%UXh682w?{V3>eRPi}_VU2AixY3oy`D7xD~-uCVq0aYPO2X^k{26!R4 z%Icbc-@hz$SVyq}mU;u~_@wBXcX)`rf#E`7QzVwpkY9md@huD9a zlK*G&Wr0c6CNf3IY$R*@m{~fa+L7f=+{Gcxn`LW$HWr{&a6&I3q3&ae&<2JL{- za<+y~O^(^)yi7SWIVlZ>3@6E0jBMkpo^9d!$*R>Zur<@e0T*pO0fSyPmto5BD_z(I zO;jJY_%f8v9Gz*sT+!h`VY9ov?6WSJOu^}l?JUV##*393nSs+8Srdb+*~9Km20JPP zC{||DO2PAV4v>R5CgLd__b|>4S@k>+$W(5xDw~cH)9WTP8yPzFAw>6{ZLc;?cUw=B zNjRPT@Ejnu0=qG!hKP68x1m)05(I3{E$)f{8;vK}(Zkf7MCqZhQipX0mDz-H)Eu6} zBA*$Dff-bArV1G*pcEVyYxBJR$0HF{f67_04wX{ST=q&MYnCf#ek9s5CVZduTv_&n#t#>WMKe{f6R0H7f6Pd{sa za7Cn3_g|L6|FdNB(gk528kEGMWf$0egPyknpqj)Ba>%}#lpOT@3Cd_19eT?-Sw}ct zQGf7c0${e);BXDi7{!C&bWUKxso2QY)AN28ef`%P=qu$`F1PbbZ^rZyDX~Hi1Qe`k z(GxWA4~I;(>0q4Qz1eX`Z5n4HS8cC*zREcI*p{sbQZ6}-YtB0Eud10gj-Iqp$L8T0 zTup1Hn`RDxEK(o#*9a7Zq0ZkpMXeA#iq&&!rWqEe*iiuBou^f}!97n=e@6CJj_Y(p zpsr~ptI`E&5d)l`rxFwhIK*ScdwwgPnVy=@fdUcB5O5}z6e7`nJe>B*2GDbmwD38D z0U0)g;XKE<6+azboal&}KYCfC2Ksst-MjXZo%`P)PR=eS6HuUNwXin} z0d*SnxWe%vl?jeT2E_l#`2G{pU;?|4Bc06tjM5vfQt5y*ZFZFw;j8iR&wjR3>5}X2 zWm`JQ0%!NV1M&-~qY{wPp|MQMM>fR`t~{!jb3ou^rd2-MbJgu~>P7sYl*2TrXf?6J zg{A#~65lOw7Mw%yTZ45w2TjpInBnsmJLN~eK7X~1ZK+y;=6V|r>Uiz5-&m+_$Q+OA z0}lUl1phI4bvHD92lWd-=li?&Dvb^+l{JlIjI8h1$^+QZ6JAJjnA&7SQ7*2FiJO$m zgfcWZ+wNz-7yC1{$|h?J+w9wv%dlrVA#05XTl}D!Z?$%x4{4@nmpY02JbXvg-A}fI zM#{3AyHo=;(gp!`?K_3az3fgaw=<|0W4c0r@iv8b=W3-sRF!wJ%qc)_{HvXJdr{;o za{u{g)}e%#r?+2ScPY!ui_0s+3Hyt;ZWEVz3%xaE#wb-MVmFV2H%E)#ohU1Zqx1HA z{6TN(1I4#Kt22&NrQ2s$ySkf%2C^K&pLCQydA2fo(kFS}rB* zNrF|iC{8(kHRq)@tz_u}LN6XMU9vEsyLvVSmS`bUyt>8=!s83Fp|+WTfOmGkM`bwV zm}}V_fS%<_!*kQXnIpADsUSaI?TJ%ZiKi~vGFvBk`h(s~hnee4z-zLh=%eM&!Bd#RA-(l9q={g~{Ma`xfXEPxW` zN*;`|)jSipiy#^RW<`*&<+uEo&y&Ab~uFkj;4EY@fuKDhm`idy}EnS0#BQ&y?fj1udGr99@)a!99=b^|Pho zhafA(k_36*;j7W;G2FzMx;Nn9k)ODztiv}MvC3B>LvUEyM!?r9Ec#uz9In^bm$rix zvmo&=Mm8@GD(%IbkS9#KDl>=cBn_9g!#p~bgtu_mJ6&J8+@2tdN2q4c>0j0Bqv3%O zT&TuSwYXFttzUhvCGzI;@th$^wvQnbe@(FBxOWo_0qOwTdSKaGF+^z zQ~7mMv9X{k;x;x(5U!918FBs#DL$V4@w%zYl#Xf$IIi4EvaRRHm#6OSi@``Fmb$-0 zy5`|Rj2#dv|L0He{B&_o;eKn3t-i=vQkoPOO#NSl%Pp<@^g(a4(HY0~qv#p2S!F!; zN;3xjH&-f;xwmxiDc7meY~m&fq}>%VeA5wwFz)6*(h*u{7Os_uemZfqdP<^dpDUdJ zqZK7ScrqMTR{M$cIM-9j#gSBz;oc*kmgi7qb+N+1@N6_JEi`#T*c)mQ!+lts5&ne$ zm`*Glo{@ciSumbfE1=N!)o8Rn+$_9VT$RyDN~@A=c}p*xvlFv(!_nx~*%1P=K^1e( zBl*?FQR+3VIegH+({}YdP6I&{dBKvAB3a(f#7YHlLN<)zX2}A>;q@h66 z^!x?>E$_XVWxPJV1p~_2r_0IENtb231hx~i`;Gj;Ap5rfkAHIEgbXrpc z1UR^Sxc}wpoA=NA$mwo4+OaQ4bI$V>`LCm#5 znTDU^GzQNCFK`aQJ2BMEx2fy;zUxyXb7xF!K#D&;?^Jum&S6anW^N53|I5zT07^C6$$*@MYJgRt=aU=U_KTK#krz+-(8<;_` zOTjR+Ih|7067y$vYGB?~soG6b>P{n9dqNVq!vbPA5DMy-|s3>bngq)!3=CJa@yXqf1KA zybVZnflNp@f+4EU0QnL;=V2NKOMxv+>{;+_W}S#fF?9qP_Cy{jebdN z11YA8=*VF^8#+#J2TfS76{=yHR+N|0$iC>HO7<=>C_{BpPk{Ku$g(df0O-{FRqV!7 zA*ai?3eLzoyQS7ia=TK44StPX=69v)sxyC`vEn&l8{-r=Y8fB%j=L2e^51o-k;K!u zyryt`SWESr7<28M_95>5_k9TiY5){a{jQ5RkfSw6RAX#z;1bFvIsWn}K-MQhkmb_> z$ehJMQ)1cNr?zXWSac*aeTXKV!WA2mz>b|Z`s+YmFN+c+0 zg=FiyIUgu|C8K_xHN>i_mRcaDRn(b@#Q~d0)&R~q0y>G|lJ`-HI?jrVIbyJFr#@$d zxWQ;$rM76C=KeTODV%9c6X4pJLq%z2L@{a{tb;KFRjvx7Y^b;Ev{Y+jA*&HktkR6C z7P^s$I}C0a5OiD{vjQH4y*5F@QZ`mm!F68jW680t>O=mju%U%d87}dof=YW3OaXwC z_qhN|KNdS_4eCZsEiHj}8m)0d_qt2TmWoa4&pB1#zgk1ld)c01VyZh;8l?(yZvFr< z04BJjH!lstc3#}B(vOE6x9UPrGD-P(=V_Mq) zrG%ssjQ70`dfT`kSZffnk9yrq05Hm5G%P zs%t&y^LD6kb-ZoR=gBMtVJavaYNCpfmzI40MmWgxkd86AtLp#=T~T`w3VFeNah-!6 z8SEU+jW;9z410+I1%EvotC6Kv5;-tmUyjy_J&I+t<^=8pA7jZt8^LIGAQ?iPhLUm? z<%W{meFqAhsx>m#s%zxRB+|9sVIW4PXhY+nMx_O}q&Q1| zF!)0h-;Mm~3++ymx9bSXI^UxXhxYoX@uL{r+0uUJaYFV9>E+ zxg1tI(uCg8+qDKH& z*QE-kEdtX#2s z`(~rmD(VV)6zKqfW?us!vBet0mY?Oq2;lIhk#tLF6G|%y;x`u<+%7UNvZB_m5dKlF zrOIe=2*nVM z5G5T_bj<^GX4Egl<)jRsy}?(ii)RNlG6-l>%f0h7Zn zn$uL{Ra=kUyD3w&10b7}@%osp3;*QEcXa38WXlQ3I@E>u4Sk(Onk8YrYft$|8>e_S zD>ZTxxTLy*;)PVI#YMKd$0(MW6s=rCI>y9v z9n)02+vVM>)Azb)IYC3e2jVn~vlw0Sba=Ks^3_O8wqm~=_R!7u;3w2HMn7@)@wH9AL8a5@ z8!SU@)B61R_3^j@h?)?(pv~tq{W>NHEdWcc@TWx6 z5+={v&-)>>m6-#*&=7J*$f(A`n%$k9`7&6|^mtxvx7+Q7&u7~oX6w8??>`@p zLmB(}Rsw|HIAL+YoUhX)qQ-dsmACWjN$d#2cmr)yiX2hoEG!& zGjmRv=e+OCyuWvEZ!N?Px;FxdgxPyY;!A4l>sVn}o`|X3$>Iq~-`K=}%q)(+nUrKekIrpWIR~gPZ!!qa z@8Ka`F141akhi0lfNMzM?c!)g%}I^a%M){pqhf!Jilj)Ii@8u}tWS(JJ9kDy$mTrk zRgNLwCyKB_$@dn&y>{Nplcj5{ZoKvxoV7d3K#Lf)Ueowau3f4pXUx zr69IwR7L`xm$@Iu?P-k2+E3bo0|ZagMZI{1ZFo}w`2>5Jc&fOPURv|o#KYxw*5can zvlKcv5!Gs^Bvh&ub>xQ65S!ayW(@^rvw9J!@)y;|7gr+g=IKHr)P;hV|S>x*(~wReeOb$+gDN9QzN2)V}Hvv7JOAK7OxK0hjT7v zV)4f{xsb~1*;l*fq@}+)x^}#PD_0I;UfUaC*j-KU>)G_=u2;#LoCMolT3Nx5>%Mss z88pyQEKU_!%uNX>T_&B?^Vzr@Jni>1mSN|IoPdNe z(OiX9ar7vaO2sE*4wVF)2Rnv$XL)ydwMq#z@80IL(z6Rs=IFhvd}-drhd&(d@28$U z+28~;IkvdHj8a=CBh|EZoMY<{4^E7n3x}4K4K+M>AH(G9;J1S{Qi-v*^{a!J)6@xp zIUipY^;B(A>?d^2SS}pEOQ(vd=fQ33r&cc%iqaag8Vuer3qk ztfnh=1kd^WkAgPS%XH<|4{_)bfhUC(96`m-4YoPF!vyp)yjp+$l~+y-^1RU`0&+pP zN`{}4-7NxW*+oqb!JRXHQ`Qfs3hTnIxE6v6{QV+BhDCYMt~46sl}_`v_1Y_i5azm@g=)m?S{Y2$W*Z%8Pjbqz`nB0>rkiCJ3ahdSTQ}uS10k`M_KnDu zh+?S55dp)#lF6BtVKCM1pwV&}YT0h5LlK&<5!XbsQyH)iRNBC>ixEhvTTf$@AT_sZ zRk<6F6v^FoJB{%M`Z)+uRYm_=w>`W|R<5=%7Fwhj{jcRpW8BUwTM-XChY2yaRKzdg za(XJe$~+cQc#PTrc5d2FQhNWyU+{ZOE4R;Qq#lo1`m*#mwWax(e{I$|m6eh}44Eb{(-_LOT8*j&G>doRxo*rb#OZ7{M8A=>-n9jt zr@c3~@N=j5*@*85VgecgO+ygNu$gMf5k=>hgF|)(nC22{nJ*DSFqKcjz!qZS^C+O| z^+htdynOO%xeH{Dub#;1c{&&eWObDTeC5Q2I12O%>!aqUn?)oplcL zlQ;uX`tuB$Bc&w~ySg|*s47U3{{7Oh$eM$kFtTijK4r`fce@=>DVAIOK+08gZiY- zSi*M|C}oQ1T85uar*<835Yfs|Q^er_3$MNSenaK6f&S@kfDlm-ezoz}TdW`cM+N%V z>oizS8_*jUm4RMhrhI-5QS21bEzdt_O`W}It#%scjZ?JQ>11eGeJ;N4PW`)XrE^!W zdpv#pt5%ZZ$#=6?Krr^DjtR0T$>g>Jhogbs;wB zilu`q#iY#LbjDRxr46xD4;ighDyYN*Rmz!`^0-^g$`@apH!xECrE+8HXLSV^Hh672 zU5!ZZROt$@gD6*OAtj#?$88S}$m+^e4aPG!dLp?@`}|uJw9sB1_K5IfL>N48AFmW{ zaw34>GvIR%RtDn1z}Z8nqg4((r>E=z{93^-Etbr$D}P78`6C`4QL;h$MrP!gdjt&0 z!Q~T>=lFY-&`m>Au;W5}&n4cWWo+r?G!d!no6H39}#m z7r_UHT~Ug|S9@3rVyZD9uKhCs#s`CNP0W!fGGbVS(@yG^nN!b&m{()y9`FkG8HDk{ z1SDW;?b!?UKyCwZw3xqyZvYtX8yflYlbL{#U(c~0xWB>Tv=46>afyITCm3NRCQ%re zRM;h&v4Y$~JU7Q#In7w$vDq+8BLVHXF=wr`l^vkpBQ_ERY^}|OHHlny&8K~XlsX_` z5s^FwT_d_>1#k^;C-8rYy2gDI#0O__B_IR%?J~E8=sglANGb-Q%|S)PQYVk!E@gbi ze@(=r0HyI-1ch}rzbC;|0cvVz9Qp%sfG#y*@hP!u-TnM?@AS0$ z+pV~v6qY(f2p3W92Fk67Iih9*gHfde!SI-}#yU1xDNpc9R(2ad{z&a@LXE#IsHH}59VeRuSourLv=PjB ze6hKZN3qH)rac7EAf!N1TF!g|U_&HxKreYEbxCvyR!IOz{E6>m zh${40nIXWKK_swX`oMT`Ip}Ov%Yl2Ge}E$S!nLS{Ksv&DfkdLBfI9OeYL!LK$GVRs z874{5AgV6vA0$Du3lEj4Gj^Q_TP1WMtO;XISlAOz+>ZHs;7<~eK!PTqa84UDw}-B% zfA$fO2#EKRC>U4laElS#Wcg_TQE^$7+?Z(%IO_NI9uZ(o$_vO>$bFzVDfy%}NS^qB zAbMb&Qd(NA3jS&$$*los6RwR0@zNZ7XlG$({6zc zqY(9E<^IonTnJlIX}ow2gG-V4+2EP<2fI*%Go!plpq*0l5 zVAZ<|h~?%BTrU%yDnxHUMfY6%`gvEw#LkWjwjr4Yd5kokgD_McHFzc@6<8EON9Psl zCtrxRbtEio*Ixfe2JC_sK6*C~&kuo*O&!|6D(XY!rmp-=T2_!HNDkHNuI|B=ksZjQw8#r{Y7fN}Ko$`|77V?C=2(g3oe(;!KD3iSf~WzI@Y7R?_YW~CK? zE_h`Fz}izq7D9s03y~a1<~6W6Gn=c?1Z*pE+I?<-HaQ1~^Osob-K<7%wE*Ro^^%CU zbN$Rf<_h4jY1!=~E*%1hgczi%DM}28R8|Tgh|t;yrX>X>;HOuJHpgcD0T^DNq1{jH zK-G))2uZ-afP9jn>pvbQXbmu@B**wAl|qAf!~M5ece7J7qUc0X71mWww2Th@!_x@& zq=-dTW-?_)5oKlt?8$4ovA=u?d?7zJa3r4tpTY?^=19ISR_6(2jBcN6W%dN5n9ONpiDY(zhJ0$$9>2F)7e$L67+r z&CFFz5yMUi90G&x`RKdTV$yzux62_7P^akvdttoFQxYecJX?40lv*h5XQdQ(QlFp= z_P-Pnf!ntQuw0F(Ios`=Qj{8~Ys239`vtlkX+ba08gKvhv_a#DB~r@Ltb|wGX|_Bb zk%0(Q2)v3{qm;%`0Wvb9zg9%9Y`L^9*qo`7*q71XayQOp>R@ftE9rcd|T35@V z4l96Nbb)S^0C#g9+2Mvq-f5ivh`u{FF3;zmVnCi-C4i<>-co%%6iVDHLVbGPu43#s z(jo#Vn#^IccMRx&l|N#XrT}tCt!`fcab=|@QW>dc?OzZONC#0YCTdVDZ>TRjbY#f? zYK*_v_mO7AuJD(b+%QWhYn-x|fYHe>=~6F^+7#ZfUTAi~A;XN*kbQ~$j4k<@(+pDx;4kt#t(3Lr{=f(ng)=y?3Ez|xeJ(x)P2<2h z(XT=-qRB8K2zq}4zKU8H*SEW$98xL)TXAd2hRl{Wq;Ap#CNIO>Tpi<5n-}zZ2rr(T z`pG0wFn`9D&H#e}$c6>^=crsZO0p8b;_~Gn4N)?%{jV1Jv=Bf-nW^I-q+J{f6$))b z0P#>%KnNg%K^(aQIMDo35c-R!<-sLaGz|g76ELBddl{H+Nz{C0&`uno0BR=`KnnyA zc?xhhMjHU@|N9MbE@NC(3=rB26^A5K0G%=2cMm*9;?Ufe{(}U*3ryA)7-XRU+W9{P z0*GW@G{8rg!{~fwf8EM+&WnKbBhw|zCxG?)mllpqkIQ)u%BLD{b2!@m7 zK*)Zz!Q=S}vN2VjIXD%`SML_UQ3zlla4*1)#QW#|&+sdLf6QW>#axU+pG*7cle3Ug z``-y5jiI-k-w5V0Z7?ylL>ef7RHg_8kP5>2EffClck-zSAe2ItZyVGWWv{hbcfCgE z=exU>%cC6I2=#_0*tgV+h-|nj0Yt%n5djnxiBOaqxUA8+#mM;ptU7(m0<7=gLex>L z`U*y^QyL@!$VOQyh8;xpuG0}0xZC1hOJ4xxeNgNufb5+DNL6JW-v`^IcB7z0juVFJ z4w|6l%mz`5yV2?!0px%v-(Bu^D*@!>mV65oK+6YAb>tQ-IMRn8SHvr?g}bxCyz#aG zaxd09HW^L|y_Cg0m9fz~8G`^0K`}Um-LD1kFiCi($bbfuM;5|24h3`%&=f6@Yi4-@ z@Fr_WDnEkq0}w!duqnxKh{Y^Lo3Em>juXVE9ZX+}CD&{il#2`;elV&bzbx)>$%S}g zIM9AK>Lh337lYwo!W2MFiQV8pz<(_Q=nAE$OzUR=b_IygHd32XD*c354B^_gEEqjJ zqxa7ANi$g4U&50^0E0+eL;)mU8-P;zNF+eNho>dW1V|e|0R)g^c59P%36hl&I~uf! z03uBtU&VWS-=A;^kh7a6C*__q9spJhg9t-o3yTPB`{@*6_@9k@L<+P1kO+QPj!A$9 ziC_iA7~EX)^c}4OjgF}(liR?u1|=*68ty$@%Dkq=$yJCaLP1XDss>aAQm0+e-hyYl zkrH7NVVpshLPnxEp^Ct@Np2yx24$DLhZ!RAX#s+9s};EmLblLPumEu@$kXFsguA!} zgP#eLQc3PR`^n0@L$Za=Zi=iiA!5LYZzo7C3;{_hS#R*a8Y3FBkTAHXn1@5|LFOf% z^;+I(0cIe8C?g}tfaKc`CipgoS9Kq0sPHm|gcSWo{4lJ?iN zQk3BR^}j?|pnvt-9_=(5IFy@^XJ=;zbDk@1sD;%6b8Ux4*dL17&tDbpgo=DBM-*1n zhqxI|Ct7~+%g-H1MZLa*f?AKKTBZpIZGy1e)@hfCQ!XZpQ5;yR zXI}t+>|Y28Liz57nnnSF-astHEOfAvZSpDGH{b0*{8?|BmGrY|`9c6?MZlC_Rqx@5 z%-4b1Mze|$(IVxYsz5rB0R2Njbi3dkAtWYnf;-P*CagEKgr*0NhhL#^G26 z9ULaIF^dU8xzxyxwv8$ake`D0FcV<`y6xOuI1#4};{|BcuCi&(%y1uqC$NdqrKUju z!9)ZXnFqUF6ZvIjEJH*#XL-B@n;@lvo#1fEyd_Ch-e(4*f}0zz^njBuC%sq&pt&4g zc5`cle&CBI>>N8V$9}gGKs%H3Kt72gTw%uW0JeunDn*(X_OqA5m9!MOxE2rb1zNz% z)c94R)QyLqZ7WRTI<}=DK&TEFTSp3sFBy?V>>$YnZp&EcQiL^f%#jWPIPfRKP+u%n zE^Tr14*&BnFOmDj`c46~?mYtK6upS|ez@TfQxgQw0KUhH~{UmmMeoWJPI%NDgcxRKwxCYnnzJtsvC>qe8omejv@d4jfihE7JPw z_2GP7{WGhmv`|3h0e>g`KSEW3#^7IHW(`-w_Ju(_jh_# zbu-rHC~L|NYu{3VaVh%B)igNetU%%Yt!@SK%OXB3Z)YXyFiI+QXEmorLu;0API~(J zmj@5n!d(+8hs(qZzGXLXv~PQ;5?O`JQvg4Y)FYV+)JG|x9eLTAk>u0p>{Nx$VE{00 z4Ow+0WO^PFhAfDj$aehPC6Ob{g=uCAA+vjsX+|WLHkR@;oip7fJ5p#!Sg9>|w#-DG zD4)2o?S{yXQLdOzQyI8r;R_32mRq4)0XB(7XOJl#^PIC1M>E`m0;$Hfz`BbuSyrqf zX#tg1Q3E>~-OznMG~AR4QmQvq24SlcBLZd^`z2u2WA?ieqo`cphs>xXzU~+BjA-c) zeEgAs_c0GZiO#Wn zDeuiKW)>0wx+bnk`ei|m6FCGz^g9+ck@Xbo0Cqr$zxLVW<(JH5t0iA74V!0i)|noh z*+yoPXGc*AAOxedzl`@vV+~kVrcR>is=XS@{L_(TOgs{4a z6%ZPL{;M@ri8DCUKG|=^9`X{U0cN=?R)pTO5{K#g&mMzCL}D;7-S&Y11TX-etz;FpG5x^BvKtl{>MjoFUBpr`sk`5;(k~fX zv-3_Bm&3hv$x4bGzR!VFRD{RFljT7wpl?}{4ZZsq46=rC5U5HC*>)kz20toG=po@B=Sw4APmKsgFl2&0v?SIFoDjlY4z+oTkHVa}9 z>6{HD5=Ua3aekX!0#nSDiqqQo2ovsN4n!^HmTlgyypsW~U2@2A(uDU28xcyurt*@2 zo%!3BE|PA$q@}~T52mIeV)gk8B)dh90eE^a3`AKRvRpVIw<9B+OU0!;q*usncmr4h zY)Re}N&>FrZngV_>3UVX!~OjvQxV(?%-|#nD7x>f171nkfbiGceWty|6*_uJqBApk zZXT{FD1mowNgtvr!hk{MdWV7_tX;h@Ou3pmh)SFrGQFqa!qIjb!Xd_%OW-Tc;582H z(j~9pv<~7^Y&13R@B3A*@FCyJr%o#mK)Sp~`ZVoc5W1PW&LSW_9LuvKLlsXKrEzTW za!@n$TF8tZJky zbs6WVV>v-w!`xn5fMqv=9ef<(mi!$Sru2UlMw=DQj}duIR*^0CD7-9d1TU9D@035j zx0;f)LpO%^WR*;OClz6jlS@$_r$&N$9dkGBuzUC3<6&`U=N)N4(fPHvt3@D0333A&1A zihe_qRpytN7DolL-Pe-_jQ}nC<}~WY(odT+3>zqv*ZY-DBo;H^Eo<853LH}v43^kk z&^I;MWtxtp61La;bGlYIUJIwCn$H)8BnY^god;9MVve40I5%W9V}yZe z-_&q7=2|Aoq*Wqz$NIEZ84tJ%>2<=fq5q>3JSP3TfmYLvJpWN z66^=UKC1Q^l=vn>b@=F!Gb(q)n{d9)OnoI=*={}{S z@)^ubbEa-)To~=!cvSIbOp;ZK~=x5&_t@WXNHe#(; z@>}};)qT*PM~R=pC{URVPZhuo-xgW2DNgKB>TK)mIv!j!(KJkH@bK0CmcEsb2j{%j z*FiVv9Oe4iL-@LuK54lWFBdq>*zg*UJsw8j^+d&Eh6On=KiyN4D-?Pw$ltP zvOpG(`Q)jE$00Lj4sDXD{qkk_?A7B%O8mP8(B^%(P}IYE@%clqMParuuEkQiJT-+8 zO+?ub3t!w7I?pn{fVq>PikfTxNqOD0=fgy%iBh}m&tlUS%ArJdlx6b|1+X58{d&-B zc5m)}=}Rigp9N4!U@Mx7c-Xfp4|Wi@CU--tlmJSpKd5JZ2)%g%DCIh!)d$_1?hT^$ zK4ojH-H9MXt=H?`gd+Sm^O?S@-tZwa&??lu=`4~dz125bps@A2y;`YNM~_MX)rit* zehO!enQH&2n#f37U#Tir-R8SGYrQpJyYjx>P z{~`Yjzwf)}<~F`@Tn%%aK5~0sN$>e`YMb97D@0fl#cWYms5%E(Ja7nZ zHF|Vl*l${A^5nt8Qx~{WE-jC~xN+&yohJ{VHbxW4it;$F2JKxqTIRXul%y^z zsy&ysW4Ry2G#yGMi`!OSzd)Zyj$Yi{Fa{TkyBOz8Z*=@(mUNbv7hp*~z51v}cK+RI z2JP|S;%u^OgvO)2xN4OyDdyDX$yNNAk6vjsddf_H_GEP9<&76ls-l~uLJq)HS00ae zj2_(`%hAPWEvmhjZuCx$_Dr(<9xaB$JiYt)(kbW*;=N&6*GpsJRxt+?wxz*|Y6+lw zv3m?*dv;pSsl(_)S_#tVN3RaHM#o(~-uwoZrT z`KsKPaRjyJfW>eys4o@@-f2Qnj4^mUC>-BT)4Bwp{IWVfX>p?6{-Ug^*>tRoRKar8 zEbC!viJL6ge2TJqm~(6lOP~X~9MLo-n@U;vfH30 z3~(*Is5`)Z%5xh1Z)2*=FlYSaW8#^Z_suJM-Ztx7;XXB-nmBBR4 zBH5QjfQz#VGz9!!MQ+8lm=@C-<2*&pw85zWrBJO@OZ!sen|R0CJgn<_GR`s^8v>Z& zs#z2w%SB>do{|MWE@4+Bf07`yPWt0%RhGkotwqa&3}sN6sw#1|hYyK=D#$x#RL#bH z?4#nGj+zha3V;Oy)I~qlgrJ1$UJ2Tkw~2KtQjU)kRr)mS7cG-$(TAt`Ds^JqkZ zX1cgJ;ix^@birt<5c=2{C{yPl%ng;0oC>8|>MnAo5s#q;P?cqcq@vs>8eQw=NBCGv ztc0j>LWCP3&1YN5JdBrgA4PlW$)%h-BYOQYkkh^k4*0tWQ0Jg7j|q-p%#sj*!g*ig zXh+eXenH2(hNrUQ_Vcf|)@|+Dmyf6Q)w7HW7+8aPGEZjX8efDTC7piinRIl`#YD7o z=UPZ9&!7r4W0j*0j1?7GiOy+2;{<&~iZiyvH_lNQF@p|^m7PSaXr^&fhsVH57yK

;ShZ*E4sz=OqW`L|zxSiAsU=%j9`OP%xh2@$@ z0vO=Sk>839-5c>R^7v6iRr@DvbGjv``ZM7+4v=82eICB{Fx=9Q32@BYE7FSw+*Wb>sVsCqydVW*F|}d%L^L69J!nd zjBIh~L~EHFtQ)hm(Jkgv2zT+kt_ff;LkwHrk@d^HB396l zhXTQ(fweKUOpW5HM%rUlX>yU7u7(NO6N`~>^R8?X@&lFm?=0o?fVYu%wuB%~!~{^) z*&^~w9fxY;Uqj9&88vslPs(51$HbGsV@iOH!KjQ>pw*cAp4fEH7BoU_8_fbt|G%hD$LBv>^G z$nw=2$5y&RB{SCPm;$JyyR`+kHvzo2d&9b|QQN&60=NZlv*@k_>zg%;C6@q(5_u7ACbPfrQnDT?447xY7q;hMlQ*YTH&51 zthyV69%xoJ1xE|7H3DcMp}`O74YVl3(!~(h#lX+}DG0Plq1F3mbg4_dNHMoGd@1{Qgg!c$9fCT4%WAE&KUIxQ3o@j`g_U$%nhRjlV zJ1gFHo5@CJvoWjL#C&WsCL$=9&bjn;L4FH~^xj^_N&@PFni`uFy{J#^h8yA$)?Be1qR49?xM ztMK+!BUMJXx;W6qs;S7@e2+&V7oZVqHexa<_W=laHqzNVl75_A%i7IgcIR@2*oW`A zZgfUju2@t6d9PJ7E-_6md9)my@L8unvrtj0l zd_HZaDD58)Kf6QWCx2UU(5go;riWwj_(&LuJT8x3bl!&!~jTQQ}(#+&StsYB(|I#mPCDU?Dm- zJ6^D`Kd-CGxw!zID3nLQOgpV$HyRfW=Igk1D}<4E$~Fm&_#>%j-fi_K6F}e#+S~_1@s-z`Q2}dPI@&A!1AOWZQO9SAd0ng%TEX+90sKJ*$Xuk0fMkoFOaA&4hzH11eXZvpw%ddpTa^R3-hS= z9Mk|fuQ`{h(T+-O$F%OSHt5PS$nXTV@BA--e}C-y^x@rOvIP5;Da=FofKLMH2mD?f zV-5A}T2iF}tA^TzEjq>@xbmp-QpJ=lgT@Qs*QdaOIg=;vUBL#F=_M}~Cy-9}f&_P~ zQA0pk2RpkqT?MAkNepuCh?LXBs!ZnqUqItktaJ2lR6 zsn^G${~1cLg1#ODyQwrm-(|)vC0~xvleVSJS$+ z*G@L!=_E%cnk^4b6JWe}og%{h}LlS?&F30EZk7#L~bAoj~0NCL}xi1=g_?xqRP z57Wn>4|WdSHd1;oXGl_?JWl-+^aB*I0C8p>46MAa$Cn>&+*tA|Q$;?ly&Zuv0LIpK z%5PYRlDYK+JK*sI(GkU`uP!h6E>L6*I0F>?2x1~lxPxG4x@U`rLZDd5tJ~t@W@rWc zpWwPl;TSYnH@#R;|MskuEn=c!J7ASj3WsS6!H*6wNEE=B*O^iPcm5Z^zdQ~`0!W@< zzp?^C4790j3#pmq|3qaZIgw2!KrRr3G2!`sVo!!Xf=3TX-F+;MD*JxGB#v{7O9Y_v z^GkR8P!SD{>bP-CU*fMF%GN62^*)01DI)#Wq8hbdABP^VfN##Zym7rwoCr6(0=|+$ zE2~+Loymr?u>Ed-8H@sw6H5Icp&(GO7l4MhSIU$1_f3&sHCesnZHWs^euLg0a<&a+ z+T9q$1RM&e{ix99cdA;q11K{ZVF)m(Om{$~kwSvcM>msYD6m%{$`G&5jT=j`e0<_@hR7L3G-5NO0zzU+0 z?d&0l6;UbR4>rcElU0DaMu9cSSK!L`@c>fl2zB+s8K8km?jp;k5zAm^WCf9{`cHL& zbGLzCr8~h2&rO&v^pE#?gPy+VbE>~kh+n>K3LgxJ7~Ratxsw|BYJe>+^LL`Z2sBhl z{TIN$KSBYd0#4rNLPyeUg%bf0z^!1fXkf%BfHITc7Lx!!)KH1kv`^MZ5{$=zMbYbm z8BnyLncBGV3PvD_?q{k(dr$bV)riokDI%R2#wG>TG&>0>lZTMAkWBuI)l=OPoJzenqJ=B@&;K0PY}~z-)*Y z8<;<`(KiWt7Mva2R6<6zL01lnBKTME|7hh$k1(-hRRRphU+9oxVJl-&M$S(sv zL4`J7${9x+$D}{YAWwNM(pZ0MzGkQ5ynb(x(fGu_ckF&R0 zzLSOkl1I29cIW~*`F#Ij@AI}DUeCKq#tzyR3s@a7c})qZel7F{oP6H@?0vwrHiVq9 zl2s4k&-r_no?45$L8iU6cnXNQLniZpEM72TK=`rBnmDm*fj1$817r|9{^~26H~$yF zzdgRPcW$qZlwlZ`87&>BndUSh8=ZuNoVuE%i3w@8X_7WJJ=Zk$usv+4MT>}1tjMx- z7e(CFD?z~vPoUt9h~Qu3g*W~iKF|A2Z0iYZ>y761fX+@bhs^iP`+kSt^Zc0r!a{DP zJPRBQ=qKw!PLk}%jJN#;UCGj~)Q8EC6b3xr!%S^r=$3-mLF@P?-P)wJg~v1BHE(bu zBrF)-x}Gi%AK}utc}b2B_Ck zQ{f#S6&38J@X2mY)n(t-ZL*W_(8ARt?-?RF5M~eL-i?rkS6Uel1aNSFTOje&iILIb zHVK8oy|WacHDROTxh*_{3D^-)D=8F-Zgm1VX~bJO9rF>;ia4KY@lVayJ536`Yz@%QfSrVUqb}&*gC$399VH3Cg1=2F>u^qWpXy z<@xYSK|X`Nd-Y~djiMlfEM73GSOY@_Xl=1efHJj?n7`#a zD1jqjT;YL32yxdsUX%gF%5hW#kS079`O6&Zd==JQBT4{~e>NovfL)N46g|E{VJhdi ze$096AyNpm{eJ65^{!D8hLxx;j1rVt^BT2QbIeCSJEGn|rB91>NspcsxEgjXkqIZB z6o4LrM$Z$)^~C4y&{k7lTn{TXVY1joxf{R~om41{rXm8EvEzAEz$A2% z!ZLv>wzT>w?cx6;tNNLWqYfec)M#0B^l^3xN#qgX~k!5`i@k!2ftC0Tcz?fprN= zU^s9@nK1F4OWZs23az&EiiNy_am!>~hIGM`+Yd$Y%qYVK6QyZ@Q{eJlTOL=MM#2MZ zh`n%G*jkDQB8|<=nTqBBW>=XDkD~3eG{v4U2IG3$jdjb!_wftZL7n9klRyfbe10Qz zA!)}Ca^lEz7v@Vr*)=m_txd`jQg0rGm5*&V0rdqsRnwiC(~etW5;Tm2$NFYTEa`ej zW5l~c6xq{8N}!?XC<`8gn7=sFqBp;-X7OrgncG zjVHBikrLYxqm-+JtmWaW>R}yYNQBJd$7iOAv98vG6AS7~eCa5D{20^Rp%0J3%)p6w zHLZtj@+_|22lz(l9*%;Chi-bD@uWX9oBznXrQ$Vn=O~A%u>%48?}rE=<3@62IzRy& znrIeGX~ZyW3y1E~%bTj0FmK$%!@+SxSYERU`H93At1!r=xs~F~4;0IxQbNWy=qMr; zi(w#FqyQ4OeCsCJ(T-k&v20PKas*DxKA=Vga*TqL0>~C9-XkO)1SXo08*C&~np9Ej z_%w`V!&D^%JZRaI4GF8Ifk=+ph#>Zyxh?aoo&8639~(LiC<@d%WFY>7G5ZEj9+zZ> zkFunE(mh0Vl~Gf>yAy(2sT@<$OU^6aaLIt|gfQlAVe!Ih>{jJl<3>YWi;a z;7KwJS4|PXODG^r1#Be6V$IuaR+JHL7Na|6kO%a2;vZ)f&S4;72LcZytJdLa#-4{1$N<5Ro zk1wPcW$iYMjIyR(RR9(9Wqhh=6RM3Nj}l)NMALvM3s+}mw6~bNDxM%N^m|qwMg_KvQ+V*S(NRpX7w2V49|8X&N5D7)puh7Ar&e zH+slwdK$*u_6^o7^vOW$*TreBdD4j{#3*u<-WL%bedD+&vtV#WrNTahmMXJE_a)Tt z_}hjnxGZwjY6M&h&O|s88~ffVimq@nd;K*V)YKslKqMg zI~InPss0ww`^M!2(3@@3o*m-=CM09d8?IU@5fAaRdXAn+zQy-^PKuP)bF8>WK{ydpP5<;(L9)VR@{`X$R30EOZ5#;Te>(aC2-~Tp z*=M;DJRs9kB;&H<%bQ-|7tr3nYYpQKxnRfl&|`+sKyTiIHHOVx4-GJ&DR}Uk>xB}~ z(Kj;Y%7Y1AlUam7)fb7xC+K-M3lZU(y4?I)y(HzDS;+gPGBvbpIfPC`1UeA&ewhl5 zR#`6iq^KJ%uBUUtJJD+6kc1m*0N{fqKTnCX2&dvv4jGzuv2mMDW%L<&lNKD*Z5uJB%#w=?P|JW_)Uc z$ENshPXg zo0`lD{Y!k1^UGnIocq1}1PP?-@N_W>t8Tfg3m~T))j;_!z{K9PzL~G6#o3q$ot>O1 zgrk-Dt2tl1gWMt5n3pz zu~c)Vgjo5e{A#~*T#LLp106_YN}%jR)ksx0z*%pMb;1b{r@;8K`Xn136*FO$cIGyrHjcoaFu!kW2L=-1!dzNb$nog2<5kXtwyl*9*!tCKI`Gf2 z;Kbs3iIg{j_CrD-8S$2tuy?lFw~?#KDhg=washi{w($H!t-p*c2LZ(?p;hK{oCwXO z_=K+)qa_R$uTRGeRYPIf)Gm%=qgBpfF{>jWQNsY^f2>%qr~{ptfm7Wx6_deEi_e9_UVeaHF$$ zxB2O(%{<`IJTVD9w$VP`Yc#P!Sksi$(S0PfTb-M0PGTjpPV|J!U!BdzzfF^ndsP7> zfr`j8Z{^482Ol(cmw0fE+v!V{$~T+Ma$b1eVo9LsNNV?+b92@FqJzibs-YMj94_+b zVlsKE|A=e;?DXzjqcOkekpW=wL3&{zfdA>hTHs&4M11jK;8_Zw05Jl&H};#SbGu7D z=!%=gVB_XN1J7m}<8X%J#_=Ie&sQ6J?ewanmZxz~Amp2Sb93dT9L6<3e-UUOd@h=& zXw<2kw@)$FbORf!&FUlsjOnAxejcB!HX2o|N%sodlM<$9m*%T`d*%G9p_3HFfC#0_ z)oQamJ>d~1v|0_f`eqwV=mCUMnQ8FTUP{7Vqm45Ph^omMjkB#)=c%6R!;f=)aK2h? zROeGU2uh!d)7v;WJwB}-Y&g1FO2t|+w$yIUHIDL&5Cy6ZS%c1M`m_7Td*$@RtRcC| z<S1Ek_qK1X<0@RLJ125i)q(oyA;u;{Ip;+LiU^35LtRkHq}3SVVWX_ZME{ES(58 zoF`#Kc%BjMvFi=(+*!E{V8;*g^bo^!K6>G&fdKxO12mYIUVkP)lXtHFb{~VMpNOE&=xU89Lk+kv~;Hzzbz7hgHaz@pM%!C0~CY z(vKLTfG9c7vVMZ>Oa!`Bf{UKAh^v-3z+>eu=I zcelFuLZugHOnYkJ`EMn(mD}a4(J64Ij@TD}c2UCnM}PAA1W+M`{s`-%GArFv7*-XO z<$q5B-RJ#+08#;890=flJ467V`OO1RW4P)h#yFyX{ioD8E72~{O4S34IFq}_rB?jg zW+0lyo&HFR7bT1Qv8|~Co&Q=Y-8lhd$eH{ug^}$p5T2p;HQ?N_A6KFN|93j~o1mT- zK#>FNeo?TlKNNw_y?!3|;w1=-|7>S*CjguAkJt71MXdzAnu6aK!1Fnz{0ZVWX8_Gr zEXMT-;2(_w+!!&O84Qv7_JeB1f9^801o;9|Jy+Ud;unzeH&=%p9E3@ zLscD8DM=_dI722;Tu6M>yZoF0Mwt7#1`|*Ic{5N9)hGX40L6*y;wHCf!r%S9`-1no zeV$agXn!x&fL({TzF(6jo6jhKqV73U&*%RNV5QodJQ`onk7KmZ4E{Q~$C1n?=>8BRke^&>_qU`Y1yn`N5eT1`U+~UwqZe4%l*0Qu{6;zZXgF%4_(eC6FeKozyLL&^~I~ zZ~^*C$bZXpf0qFY=f7W1{*m$dSRbk!xhCrh4q)`lLHA7kv251wb;oN3pW^6VCtJz- z1z+FK)8T*Vv=F#1SLSg~`001wZ3z+9t@f$>UVpaIif|mqy=un*`8(F@#l*z3fAJUu z@y9Bap2PclEw#Ol@W&?JMX#`?owKThh42J=faMLygSdM9 zfI$#?&m+z%V2pRP-ksp!gvgYtgPw4tSz+*?Z_lOaY(cq+Y|g7+kRflbm(4k{i(4ha z|Hg1Iv18Kk7(v!W7Twe`;?MSYJ#OBs*sV?r zXXM4MZu=M1pVMo#{A|9WR1t0j`EVke?bWpYM=w|L3he=B%6ARYG#U?hJh}AI+)Sf9 zx$1~E^G`XvU7nknD{~ayRcy$`o#_V{-)_H=lYtb~xNE8T2FBJ8Fu%m>%DCadfIB}v zKc2(SVyHcJjE+|um~=uw8Q)^c{&{Jhb7S(A$n}UjY5pl3XODAm`kwmQ(*f`8JWn(K zs-vF~vSZ`>jpJiXgNZ2HP8I*605Twd0|ERW#1B9J^0`cdd4|SFt}AM8d>8Ys%F|hW zNQ2m@)M_T-9F;e@dd)Ro}po*wG2lLR{YyQWnXW7=s< z?R9;dIEx~UHvPeFdJ&Q)0*Is4DsPt2rsvZ!HvwW!)LYCqW-#k3U&ulbjek|j%a&!DJ0CTcz~0mPQ1ulnYTJd7EV{xLZX7Rvv}1wN z5o%*8KHVnSTsH29tb4%LeRKqVJ#rW{HY2vwz>cNT&Q^ZHP-5rx`X~3W7Q_mV?M>$# zS5x(gAF;lx#65|^GYl#9fL_H4SJNsqAdAWv&Tw9R@C~OtheJo>!jqQzdAtls0A424 zgsYE|ZX=SO8w=afXm@!xJF6UvK>55o1#)#Jv-45DGD{Ex&QkXS^c*IhYYQ}aT#TI3 zM1BkCNqYyakY7;B+N zK!17&`sicSKQAt}4)q+yuCl~MhR3Fsco>)U)qP=H-2qyRoM5WxRK zKmfl&y!_7A7svsb0%DadSa~2#4f{%4SRWz+=qxr13E`B6<1<+1K&^o&!mWYL4~ym+ zi?hJC4qhpf3OtewE<|UR3{BZryxLp~3t_>wxRO}Y6#c$y3;NFKS3Z*}O74LP?m-ai2ICJ}3W=X>Si>e{nD{)Hf_SA;9-r$f_-wEQ zsH>j>h{bIne`hi!UvSu0-%ih}N$k@r8GNHGXD+U%YC478j~_}Fhm)K2>8m6pTulHS z-IF?wTLkx$C>zRqJ<tg@8O+7cW>kDO9lcsh-(tS z_uhLM6vz*<&pZnS9ID*~k3jK5feKv=NEcbFJ%+3ffwyz9ob_0_-{ABV44U-$F_cXgbRWHq@5C*YR&2$eI#kOU#>``at#$mmUaUlbo5^;8B|IX)o< zfb2VSQv`Yz~(@Wj?VyhVb@{7%lp2}CjWR9B@ zK)ymc+bNISEGSq8nntQu;_&^A8ds#ug2;`tzsDcT4xd88bdm?Sz*^S%XTbUDi2+A$ z7owOMF-d^6gnWhc9rghu_(uL?M}dFUnWJjYwZbMWFS`UV!31jKLN7+hx@I^{-tM4g_2bqSnV0r9i(u1+{@sS=45}wy6X#{eGSGS8yb;VAt0-2&96AP~qOljUdG; zXdfO|M6F^-w=AHVfl5i5a9UD0f^ygAGCF}cDZ^(3l~L?L+-9jZf=I6Xh(Sx*)$Bq4 z5W|^7FuInnN$VG@j!_1@OSYFh0!{|D4wf7~>}p1lz(~3Va$w2Cr4V6n78FC&)vP`DHVC4_*#6M;Yd}#p`?18SunrldwgQkEB?U~dp&M1&=9xjY7@H~;j9-gj> z0Nz=rcY!_1h#ubW;eCAl!Cd{K06seq!2d-&M*&11Ac)Y`2j~R^sO61qnlOA;wAAl;hZ@9bF^6T_1wbmOxGoqF)i9^;gm|l_pz`Cvc9^`V%NvVgCuC zZI11jZj`#m6;1hJSlE*=E$RdT+01BP;TcgX!KVTwP}d+H=||Dv!U8MJAP}uEi82tE zp~2)~&jR)T(13`S zi|~3QO$fbu$u30rvz7Vm?S$`}aXAg;$1?rl{9 zBL&cBr~QP1`4Z)D ziFGX!CLbzWa5nK|#pZzjMbD0i6HrkYvDCE18B@ro6u?A%k33HUr@k5K0)PN6*qujr zb2SY4)ZW4i2*K1a$esnLqLa(V0m+A_5w_ch+o_sCQ>xu!)TXA<)uVpA$T1&dqH5uE zM^Las0PCj}=>vo*QW9Au5zO4!)1XVB;qtZOgHqy!QD{3?6+jxz9Tn{boMHkmF<)_S zQ5gzWU9y8tW}D<{Ywf{600(iM;R@haP{6`G$AO0eNO^8j0LcLL z70`>vN^l8OP)ZuRXY4TySv(;c`X8jFPrP2%y6*vt|)4jlm4s zYQlt5(yUnPR;>{>X%WCMSo2~R3#s(c{*6X#-Lm+Y&yGU?nX1tc14w*7g~gj5y9YfK zw<4>)2Bt6xM>Ov=+0Iej;*6xfZg&4+xJ3Rv1kj4FZ^#;Dc!EGR0K{hs1$J~m7xHx6 z65FRFScr8rKthrh=Pa?Aqf{osyB|_KJmc$OLSSXA92ua&_d#v?Q3o|;kW!0TB*KEd zOmNomGoIbUhnt+l65;d^+Ld6)MPSu%`gngM@&u83Fi>HC86uOZZ@;Q~Jk!hOh$Nz! zL^R&07~(Cy6e3riHNRbl(LjLrAMY=F0l|XT#;w+*Ut+#nN&{CL6VX^ zi%eg8;wl12${)lV&khP|lc;+^*HY^MzO_t2a%W(_NlyVpti5KAsFL0a1HP>);DG=R z;_C5yUjV=Q3PjYc%>a3TL#_MuQ7J)TtQe(;ux7cvhnkOuYs?`aYXZ~+kQif&u+~Du zD9&YPy+q<~z7j5Fq%cF*I;^$j$;Oz$J?1GUg7kZKIs5a41kvk>3{5@qYy*zh--dmX ziE&sYfHa|`0K&2wlvA?bp_iTQ=^EM)sPuHeg!r-oj?*cZ!gTxi5L*$@Y8aBRde;JQ zw95n$88oYSxhG4loID0w*z^(fr497Q3TVlbOd|U^%qve$u&~Xfay}u=T4YV1KvyM> zjI;!bvb^Nsuz-evOjFs(o^j_V)30kg(~MsFFal^Ju@N zRKS^sFu?(C1SKr&<3yG~lx3e8YjboVrs?znLCsdft}B%tpAuL@k-JMIZ zR)+Y(6q<=SoH3*Ey+vJ?w!kZ{<3qB>0gJ-X>UHE`+C&4V8RV1Wi(<5ySBjoyyn%3z zcvYDof9oQ%z|3}$<=Zwa>`(4jysq{R1aJ`7RRSaZ!#K!CpU)Br^TgA&^m5pT_RjXw z#S|?yy=)pegfN|9556lMVUC{5homrDxP>Zm8u&gu!%(Yk)CU2AKE$^PlxDno|Bxj# zCS1T+F$G;>hx_6lzLEw;853=-Mq@PxVLLZ!B*mar!$ zLodRE)<@?c9A_^Z5LtUHwPisP1k~QG_5|FjdDGj)QI(Q)PTH82!abdX5IC@?Difv+ zt9H+&b0lyOV{d(W|5b%s;C;brh{;!qly(eklq)V4UdtY>F^A&Z7R+x}2nv1i=4_Xnm9H+L}fL{r2Kxt)eGNwKq06MxGO(aH=iSF^6jwTvJTL6pr|4~kQjyZDh zfRSD=S~QD`jy1=xWi5#A@054=yuv?~LdE=bXFz&bgf>5&G>fd&7fkvKNG#LEOWbazuB>!v6xDD4G$i+{;Ip zsUn092>Lyik|B}qGMUU=p%5I4B2)&##lni|U?|Xzve4p=Pd3nN05!ie)fYetwLoYB zQH-EVHEX<@h2C^T`eOYF)9%yOUSp~QN45uI+f3A>3U?a9ujl&a1=CVT3X}O_$JMsT zT}Y6kyz4V#6P^wRijm+LXHaN8MPl|{omY^gWPL_<=dqd9=}-VNjod%uKD%F;33R}S z7p`3heiFCGvGN3x9U;~ZpaaGsJq9Zp>Rse`6?FD4(EGahc~*TL0|khGZ;l2Fb;$H- zjbW=5wl^0ycg{u=rOB)(8{A$iHbJQ^Bgss4GPRVQ7!(bmL5FMW)nF)z{-4ZGP^Wi;N}uVzR-QMr3Z}c8wD=r7Sr(z1{Y)5rC|Ts z)|u!ZZ*Z$JKbf6+|9t5>C(%_!R_#uIY9kfwuPit;Rx1ZW`BFApuGILX#m)ur+|Eb< zU-7E9KX`zRAh!OI3GI%T<|k9JV0A6obHHgE+TGrq3S}p&yY&Msx|tjvcz-rDH8C(3 zbxR>P=+=8zf>Tq|6QxAd28bA#@~HGrXK^|UbyWx^b75dIi`V_(tkv9K+>=g}$g0nl z$BJf;p-?eMX)#dFX0yREcEVZ*%jI?`37%jXlzqe2X*1e8FzE?-f&+<}gWh7+d;5dg z?9yauXGjVp)kJNqKbXQbOYx}AB2n7ehi?w%^Qm$v$Nl)W_V3(YOyxtV#&Rue1EDm1 zC^1;h=JTxFq@;=^cUC5*r&9Ocxt4sKuB!7dDb0?NThN{BUF+T1;*%1S#eB8#we{h6 z(eP^y4%I3qcGq^}Ma#iq;V!mz*VcMx_uX!@c}YC2T4Jrzn}eq(M%)Z=((&Q7Orkbq zHSszm&J4}2t?lmAqw=87gi9X|$A^2@b{2+A%f`Brr!iF9U0+Wuh@OiveL*yr$c!aw zQRkVS3*fn(6%zj=9~d5fZ&F|gqJRKGKW%1fZ#^@4v(n_1PG#6HbePoTG4Pdc4N(?JOs?_JB}l9DdGxg$Qk#Up2jEL%dr;e1+860iH3 z^npX?&&=ZNMAFopPGI>U3BA2&k>PL{bgPJZ*2jy6>BxlJw>6hR?;lc>f~Nj%?duOGnH35G>Z<17CD(S4BbRwZ)SKQZSgtSY?!bdnJ9u$!ctp6@QiwQclN{3jMJO` z&r5YHY*PJLzfE*zp=nuYc=Lx+Tel5M=-dv%@PMDKz!73hL&}TtdX4}p1U-Hw)^iwC zYMEykf0CZ2S*DJ9v?Ij=azyD-^fzD*C_DU6&js+@&J2nF?B~6bSzz!-XbAEyKsA6> z(shS2hh75wJmRw>rju!KSQ8}&2<7Scf#^T@4@c#WK#?>fEdACNKKy+^BRQt22u?+AsYg4^-Nb!}OdLKAx568O9hDiJ+;d!mcocimzz%h1#R6`n;py`x}oi=1xh*gu}9*_U_d(*^`vR7yd(Y&#nP)D{0v zv!8ZL6P7AeKb-=2oV7?UY*SRwT8H;%IMv_?0plN0dV2FpfSfp#b%|4XW+rtChW1FQ z*il5TW|tp%nCAj`ZfBPi>3MVj83Q+gSeIMS1vGY#qXPJ9=~lw#bzV-1eic>pxL_RC z5q7DjcXYrmZV}4!5z4ZP(VC8#juN|aM-;`xO>F|(9iy`YJ1U}rfH8Q+AybS~+A*!+ zIfo_CPLv^1`!CX)9FOnRbF#bh$;=4b4ja|MmROdE(8&$AsA|=%F(;Ii9?z1}qKQ!I zQmW$`&981)9{HG~kgccbdAoqd+38 z>|IV5lqzNr$~Ac`1@P5!8AG#?v-aiq!zuW_p`Mil$nvBt zCC_K3fLw}5goQGWP>KK^`;5{fhuPxa;+!9rpX6Ks&+YM%_^*8BD_=q%P!v$3Q3w5Q zx1(Vq9xzRkxY;@;V@2A5V*;ZHKpQaA==LMSx_z?rWFExxbzRc)h@sGJhL!9zKky9K z*nuz0F$b9wHPIKef^nvb{tjoB&=1fnIySTTb&+o6f$`eHFxBm2X?6}v!!S+r=y(%m z09Zf?I}+?_5*W*k+A*loIJAyUK1iJ5d=5@2fRG=POQA>19uonpcz{$aE4nZ~m#Yow z2iR!-rLLhU^AtNZ*_cbeAU;ZYfkKJ`WDdFYH7F3 zYb#8@Zq=_R*i84~+3N66ZFWc2g){}wvdj@*x~IqIOXI(a{>s>ZRlJ_Kj>RI9u16(4 zrf@aQV8=d<`S&Y>_wQdT4cxzWZIDn@H8X0(v2O0cgZV-tZ8K`cAOp71DV2@G(eZ2L zNi3Ty%tmzwD?ePFe=s=@`nIWD`Dg0swZihX`_%#1ASf$J0Chm=s}Ck8CrabprrrcF zTeF4oWN>m~a4*_pp2-|AmQVr69SlwkAho;*ARZZ$lKb&*`BdRQVT(=ot$y z3@5ciaRnylYg{#v zYHyMfrXp0cm?=$61RJ;3_jQ3E^K=we=UI6osk7&68ojbyftTzb+}W3aPfRH>>kVrc zBx2{j)x=;U`yksW)QD)YgC&sa%Q$_040ov;k}N&klib@5!m7(Tli{IUv1e#+8+W-l zxLbq#DosoSgLXE2p0_Eb^m>(%9ddo zrxHM*W`N!f!TL7dIdqwRYzvoTPlJBy^2FY}XI+K_;#OyO_AyH`wilLc>V8rDOba+zRv-|CGhO=H5F88>S`d6hi1< z4lwbhi>-kOSh_vbdlvIM+q?PZoc^?P0X(ncx0dJM~xadtjdPWU9| z#liLUd!QwE09#PXHHWm#8g^(zJdsG`-tAfaV2jkP>5w3}ec<+c`ZB7AY z`X2VCT4^w&U@3@)2cYCWjN!`7<5ek6E)OIs6x=D}<#~4TAx3Vsv z9U`I0(9 zJFF`oypfMhWwTgdJ~jQpch?y_YQC{xp9@HaPLLl~;`{`Wvx3J0`Q%3K{C1722??GU z$hxk2NxoU~d@wE#%P<#8)7%EsekHVVw~+2JSZF26YAZ1z4`XMs9NEy5V?^0tcjJ}N zjoVu?i0iJu^KPs!pU3+0P+x3gbH~)F-MMNAL}+p|T)|4xEdoe%g&)9(8wt0`@sINm z_}oq}fIuMt2>AB*jy&(#TnX(@G=Q3?dAXlV%_8>X0J=xAhO2={-}{FJRt^Uz(eSv) zGw^!yV5;j1bf1|7l$2CtkDxb2DwC8t>^lP~bZTJ1%{M#T(_NUp>GcAK1oQ{cn>yVZ zbF~DP0xS1q?^W2>P_D;Urd;hnyrA;UF+^s}G_w1_jeG=75-b+Gd%NiN69+TC80vs> zfX7cpf#0A-cY_-q7irdAp=xeKqxfoojP!X$5^lx@a&DDSuDfsp+n@gM+sKM)?+Dy% z)HxTTfd(^57@#n$rv_Jr(Wn<2KtE8yF48fKqdo)K-^!yAvj4dAcN&Zrfp5=EgcK#` z>czJFa@2aJFk%Km*tZwxAW!FR4nDM|xdGqi10;BH6dR|-heb+|DQsCpMW`H<2jeWZ z0_Q-p2K9{4-4GFv0zw?WD|hK7$>BzU&`I)XCcCb*Uj#Y^fS-wBg&0TnOw;$4`}x#+ ze7>mR*3TzF&eHy$?pFyQk*J*?U411t!(B)Z;%!&v9c_@Qj(mm50iXw5WO5+0*h<}$ z$;V=K6n(F??Isk1JS&4kc%W$ks05xLBrx?bEph=)dq)>RN2Ef7AIc2~px@84BD~nx z&YR6(+JuO$-pLNaSUOP8#^yLx&F$|lWWlt@HPHfW(pBlZ_XlGNk{Li42NllKHj?gycjECtCZH;g#3jV*G4sGl)gL;#a$ z(IvV+7neK}t7s5aei<#IK>?S_bIR4!irZ65)IV_NLD_ffv{L|4bHO|q5w-x%Kn2Jx zn2213HV8tV>{;1d<4>f>=<#~nU7@?Z_^JSjsP6>>H-)K8NMJec*IVc-#v(430jk&r z_!no4bw32K{R)XTot+RsJS*Lg2RQBOpx(E8+ahoQIfMa9s^=oBA^y873+&9}8iaOi zIz+%D2tR}d5xJq^Jt^gd@aV<2W-;gIbO-!Y`mWCv0lb3T2c{)i250Y7?>~q{-hRJS z!S246mU96-D@AzeXFmSg*U(=3@sEGzrT^>q?g$`UKqY|jvZs|;ciPQ-#wWA9vt^H$ zT_8XS1eHxDRL2pkkw;9&i1sLHz^;}DrLLFW& z+tUu8b|8IOW`)y}kyasByE;VxHOUYl;6N$t3T7lE1>Xk#XV)c|7cIYlxs_81pdMcg zd2ImTZQi~c86Rh{H2-QpIT-N2X`z*5PgoY^AOMi0 za-rBJ5)z(|0iK2Oz4r4z{^?J@^{t=%?EA`o_OqXT>svql>5o7E+W$=*eDM(heEHkK z!$JhyLn1W7QdFb5Ar10pNb>4I-1VC7JQ_)#6~(-7lQ3LpsXjiP||>ivC^XRh@M6tiy-QmOfM zMA`(m6I}($RRx1<79+Sq%q9BQ0hv%ZD`*{f)TlUssI@CK>}Ew#Xk8l%JAmT~020r+ zk?sQg$BuT??85nrvnB`Divv`is}O2v5AvBPzwRx;o6=2Tp8nj3sWD2OV4^Zcg%Fjj zz(fUcSef=P#R;hMez$3!P5}LYzyS|i{@>`JwO~_Vbi~`n2&hz zO`7V@xlPCd<8UYo52QSM7UyJHAmj%513+V>0OAoaxHrTDgy55Z*mWa^M`b_&`};cD z$(<&G89XwX#G(LFmpa-Bl&<(5UjR)CU~4NP;8wC{-??DO)P^}SoDE#WZxG4f;#e=G za)F4;F+9Xxee_;7r@8OjPaTu|MXiw`~DBV``vGU;azW4 z_N-^U>kD7__IJPg!|(s>TmO?Pcp!i;69HWMr2BaqJitVdVU<$AK)%3P11-%YUL0;h z#OD$LL}Aa~-BEn4aV+2BGKc1cA9}G9pLVf8Fz#=8CK81}09)mP=xmWiC4j5d&=L`y zN&x$d{vN^PQO^!6*K8NkPs#h(K|ZBakCENv>ivz>Sa);=gqm{!d_2$Zr{9A1eL=|{ zbPs>t^{!{(4~=E-q6+@>$Nys*=y-rHlMr~=Ekx)V!@D+H0D(Y;u4!-!MRb&p;+Pt4ar-Kyk20)oeS-^LjbCR7TnI6I zmLRyzQ`+}KmxwMFNOKo^YfOc}I;iws$`^+QLz|4hh1KkbQgFUFHjuXSq8mA8(7~A< z0Z^tVau7g6^Q}!saJmaU9i43+a|QH?mSYh_z%EX!a{N-l)#Bh(R~wCAfY{(Z#+sA> zx-OyW4p*lLAnG=mCBq&BL`1r7YHGnTV(|Bex5%uI?o8Ign% zdQrtV8YGB$-69}`q6i7It3|)WF}1;%_Y$qu#er<~!p2uZoC)Q;X#m+~-7*V_4hT?u z8#89Of>>KazoMr%D5*BVke6O*QiPbUaw!mC`b@Cj;}j4>OILyjgIJFzbYmL|#+|Gb z+dEjG;z9V=)EQ*3-H5b9t31%aDf0MX7KRY7a0aFw@h*~}_plS1QQ48F6*reKCJ^v+aA{6X52FYA;Su+_csB36|2i41XpoF{-q-+% z9@PF*n}04CVxAO8bKgcesmpd~GxyHC7pY3|tq3*f*~&H(Q%BawjZoj_?1-w6(vI~? z%yz^SLbtapS#!e4-7fwp?MvC|J9SO+in_a3Vi;@1NE#M5aTb_|LTQ;5T9P0Km%C-f z5qZ*6_@Y4TF*ng0J_85>l4oV+Jsn;O;ONG!noWN;G^BO88*zCCy15lcDS8oz@is|^ z5V?0}=wJ(wjzd5A!QH2wnf)IM;0r$U`JY1lzTjxzQ;6WVfB3VXe*WVxefs~7Q2^ic z@|VBq4R4=kT3~vB7n0Rj2-&h32bN_R4RZ-*q95bv=tJ$^(BiPEVIu}fp^Ko!i-5%z z$9w1ofg_UW&vs%R3{)|O6)&>!!tnJ5BZw}kirLbtTj$bV^tDtUMCcMo&C>-t2*T^0 zA7%34Ru?niXfh39)CMOpv)p;9t8Zho7c-NJo&eWy8@>PDp0nWCOf<0KrM(SqD$x6? zTZLyb!5Egopa)^mZ5&`Zb|Mh2k%O`IB0=}pR>|Y1e!lxIhQOYS&gM;BSzquZ@Y*B#QS9|Bijde1wPi;N9m5KQWu*u-WCeuI) z<}{kv&U%>@FI&#|ME_76h6-fv-nfejoqjx%=}%$JG6o9>dTwq684E6TUA*GK^5(iO z0%*9ScQ%8QSco1(J@2fk9gaF2b525Iy=Q*~>_)Zy*_SKf6NK@HSby(~bp}uv14FZ) zoCrm3Vg~=-AmFp=iZTyfjm0K&y2HFM77D1`g}3oRWlMJ5(3mNq4)S74%eeraHuQz_ z_xxtW_5tXhjl=4R4+K3CuFfm(rJ3te?fJlBk}g+Q z*VIZP&23Y3d7`@mS&YyG@^`n9X-8$SK=z82$tA9YPL*=9>jST>+1=ZKuwimxsg(2k zMS`&KwQvuG9bM?E3%YJ+fQVlU=0jM

  • qpq6nq)jhEg(+11qUe zhRk{)IK{$9@LCeGFFmdP&PJnLZY=hfCl)a)BLZlc@xfpplsc4JT(2`MQ)Zav&IjL_ z^goUO8Z-5++QRDULTz?ytEi%DJT7iMc@TVXe=O%y+2UA^#4ORXYXv6 z8~t~Bi4kt5(E6!fNX@N@o%e`x}kzN`hCV+K4O; z7s~T1E0x>`3LnE1Bg5u_SGE@y8@Jc?StKU=DC2Mb;F{?OAm(-UcM8?{`D$UD{+~lm zGZ-_Ry$9&O|?kn;DlA0qN~wC`PyqJOp<_&+0o*b4W{_uaq$zW1#9)m~siQQh6W zrE6IwKfBOCqOYc*5Bn|Pov_wJQOqj4((c(g_d zLb--s*=PjI1DPcEpQcCQbtV3W4#{PJr+L#z%8I5PvJf|M~$SENqxV^{v@jn($g8AE>EdbGaf@G|>)I(X?{`JY~m!&9^9jB7Bc3f3{9y zIFJ(fzwuN+gL&gy-m?0Zk>`Ht_n*PkDSPpGn2TFlGKv@e5qd2k{C0JCH z3g#BTLT*3ID~j0{sNG&u+UYL&EV7C>A*j26vq4Otx0YJ%@jxHUUli<&4r zz;j{Jc>ntKt*D?->A+P12ckYZi?*wS9OTx}W8+c;C?>V5Gz0R%;h=$- z!U0ODxW{4K*HL)Aw8L;v*(_D`DSlxb)ey?Ut9j=~<<|y#Spprj1z&5Ci=Gh=pY10TqxNZ^k@{=YCAqLBE{ zClHW!S*(RnIbBJgbU0<~J&NrIoPYzh*Q8vb)or4uY09a@8QEnbW`wqIQH}G;;$+p~ z4g=sc4R1Tj4-S)Nuol%-gamK@mna;F<6}}Sh7H9#RF4?dPdk(WgO#v$7PTl6pc)9{ zzThK*MAO*+dFKvQ-cD|EwDz+=<#FqZUb#aLy?zQERys%o-E1<+9H>d>pWOhJ-<_#RGn#E$8ML9aU zMn!%t-6_-LXKXUB9rqf zOn;}@U1);iJ8)@?19WK^C5i`sEQbUUGKT=ojtV*w#cEa6yv-J;v;8xY{Xv1l^S2EJ zXKOO#N39WLD@^p6-yQk?Y=*t?@Ra~U0jc8-qF+5V{Ug%aoppmWm6m-?tvop2lCjsPBt zs+_~6iB4<&gT_{=9!;rpzC2354mW{!ZUgOgN5Iu^rkxf<9m%g0)k8f3Wj5#A;GG@2 zBU>JwGCpK6a_^Tmig9;r-Pj0d0;5c=UBB(r42)*Y5_(&5W zpH~BcCpRvX7ANqfPk0 zLlp4vYm5WYd6=8=Xm6w5I^BY%80}7&tv>#mCX0(50emK_L`zw_V_~W!>{yBp6e^_j zF>~@@{G-3e%A^T$4Rytn2;k{MLp?w_PwiY6nqlVe^|I~4QGd$${nlK!u0Zi)i`3$Gs>Ng%58balV)1r`5%OyZ3 zF^Y3D*CmocN5j@p0rg{S)#7FyCNbng^@TFvo&Q5opMN+`9?Euk)|0YK+En6 zqGxib6o#WdpXrE|NUDJs+b2Y4v1T*`6t!{=90A0U&T+P@sGI0(xS=Bg$hK-tKEACr zn$Gj7Crtq)a@s)WH#JJN(ECs1(AmU%p8TkL5`4wEv9U_;)==2Fe`{zf(Ywav#wsdg zYc(w$@2wOviMqR)7@aF|(z#5fvc9)9B+j~8VXPOCYRbRH z(Fr_#7%WcUll^#z#Q*9C-uqqxp)bIwf!foe3yJlImEN3>I%20_)P1?$%Gg*Y7u5}+ zM2lJRz2$4m!>i=Vi!O4T6OJ4!tPSTNPD)k6_*0+VT|*-AB)mAzk{B?+qsKFNi|3N) zm2eMnK4r3=s4S0tay(7_Z4T_4wG8@2W?ayF%`}$Q?E3n0VSO$w{al$DjkEg>gXd3K zRc1x6_f{%vydjOJI%epUUK(nCM%Xf=bD8&yjU{G!Gzz~Qp@r+aYn8%!0v+&lNj}m= zOo~H5AMyC^%)sPQR~A_7SreZl7$$I&W996UC!1=FC3zDnp-OJKob_ap%Bff?I0$mB9Ui;W!vn!AY@!gC zfLo*?nJK4Io~h}{(yXN^p#a}-<}0NJROX=5Ja@6l)&%)?DJ3Znn3IXdDY8cAAQd%1_GadL1Q+ghiP1IH<(bP$-)D^np)XtF<(9MLq1l{7P6Sj1~MohoMt zvy;TNC>)$%7YeS-rQMo17JS{SDY@prT$*D^a?P2&ZB*`AdT=f7JMh4UGX2vi%$Ao| z#Wi5}M^Xt&LMYX^R#PD_IW88aL8-Q8KA z8E%m@-E@k4IrjdgrAfBPusslKxEf4BQ6>jSQXi2iPz)WRO)4Pb1;cO7&3jxhz{uyv zeUc$A48rbWEO1qJMmG|s+OXp89t#qDM(}tep%d{)MIM`UwaI?<=@lxVae|-e|5gAY z0kRZClx3&kS#5^ z4aL994P?7qfGKrN27#rN4>5eTTVUsRps$6n>sM#U2-0P|5dwO+1F!o8Hn^#YW8Yla z(*~SMdjQ++eRMs!U^)}r5Fl$HRURi`i{LwKb&b>* zu75EWN=uQOZ2=q!e7c`P0q-%#{VHCPkC)!_7PoHCDnRcNn;)#GePyqvOanvB<40i*)w3o3#m$NQN)0GI5DOb>2Jz>5tx6SyESi(vU= zOGQH#fci3Q(Ir|}YWW15d~#a}p1A92#TDB@n0bG~ZHRc=j0qRm$w0v;({0`;NuJgKEVpu z6u>vVeCd5}dF8VuC*0iIJ1+rMj<+ko9kKKw`~ZS@NM$Bgd9u>2oPcCus)N0+vvVoC zxn?3drC;{&M&3*I3S1DdWCYXVULEKQ1lnC-oWM6rm@>p>=Bi-C;A~J{fG*ZG8Np60 zVk^H_So8Vn0_q{p6F@rj=uV1Vc3A=FA=7j~07w9(DkX)`gy`~=i`)Z9od>Rt+H?%a z3;8xzu#?&KU|2eaEcx^Mhf}fTk>|M?sN*>BI7?kFqU7N!<*T_KKVhyWXoT&p;9Flr zlR(t(;lU^9S-yuc57-81{M6vgqj*V4h!q78H3ssVdz@ro%b?7>FHl^;LhK zg1;4iL!tgzQ?g$sHgUI|;3go0Ky16lxh${{@T`Pp2BubOunxf>BP$gNu#A9(>9Mr9 z)yc{t|5T%09{=Z2MWE{&vyON^AzVp79LJ z(rPQAi&tNS7YZnk{6x+;i3iy7e=LAhz@I&y0{--gRX~9uyy@jHdlQM!&!Yfdh?bT* zF9B5v8F1x;2{-*E|3cZr-h=n`qKEWNg8}edFoGf|AoONxrQ0t+&fy>uRiLN9;R01T z>E~P{I^bvk=s5;!`P3btmQk9nq&ycp6-_3PS|=x8C%V(q)&^1>#BMZ|iSpG1q;3*S zX9_J+=uAig5Au}y0;rvxzzcVQ@~N4#{gDnYlmn%p{H;Du=Zn3&i9nI;=_{8ymr5Y_ zhZ#i;&2+!zJxkg9t8ZC|$~G3=Ka!aQ-~ixc?!3QSNs|TRj}C?eg40Gw7g16tO!pg4 zL63Nwot}GpkK&Z%Cdj#m;sSjTxwj6{4Ex=~gm0q_M4Co|>z25Ry;*?A(BEOu2E?X@ zE=WZ0#W#RjakVY5v3XsG0Y^3pyp6Nq7_3tO{Y4OBguMs7 z@0_eix?p{_ANiPUa-%CI2|RQ+u&n_v05S3#Ol9y0Pq5WRD?Yq2>ZJg7Ub*TW?XPjw z0Uq`Al}i*rLjL=1CH)k@1$c$+j6Kl$t`Nv)IMfg9*%EV7;b-x}Bep1CJ&B3XMJ5^H z2W&K$!Q*IYITyf3n+kcn$>1+Q0iXV4TGIo>9}uCR%{X+SjPE)W&_yCAgozykL}Gd+ zgtD~>l213l&FW2gI@ z;_FEEz>}2#_HARxj_jlDJUiQ^7l9u*njfe$E3SWG-UIn%PX~Q!YTc*dlI{dF^|=&E zq!0-O_b}W~!dB`gB04q{Lq>q~v;SIm?s@_$9|@xMa@^i^ymfniehKY<`}_(Zb5KB? zkbd@YC4e_>6?L{K*P!yK1h6o}xhehnn?1s3C27$U zD=^%3kBkTV+W4j6bM=JAh%J01S8zBHD&k^|tn5fUB0Jf9E=4xm3Z)*Cv06zL;Fnqvwon8T- z*eDnRNFXW&5HT<&f-n2yWrzS0a4-t;0*NnR^5K+=eSiQ{bigqm;lsW$f&)1&$c{0Q z@QDCcZh)qQZ+II8u%QGnJxF@JXyrxZFT?9j0bB`D{6uWM5J2X%&};p9@730;WYD*H zM{gAc{Fa+v0)ZY;B)l_EY#BkU>1U#ft7v8`1fYHN#-6D$)Xq!=Fm@)^els=a=8$Ie z4ia*T077ZeOw$s+$@R?}A!Z)wh<$LE0*C;*SV9kKqX4!e1OugxjO5w=yvxggl$|hk zEv+dc=OdbCuHOhS`y*h89kGYj1wH(fF5^60Mz}EmJ&*PU*L~cW6HYYnT+rch6(m4f zGbAr??<7NDT-%F4@NUAC^nICWsMU)YLwoU~#Qm2w5V8u)$p^#vE?}bdFjEo?j0TWu zBLD}m)s??h!}I5`ga-n637?fWw7T#+qi%p_L330?9Y|GmqY`Bb=8?oAGPu#FL>S#Q z-RmY#@KH_j8FWCYu5`3tdQp35g`>*4y9kt|%Y|xQ^rGi_N2^IUNo>jf4ZJ(#abpN_ zvgGrtuM&O~f@>v56q*TFab&!~oKzfDLHhyaemo-d|CInf{pm^pPb`7&deRlp&I`=U zz)Q;`*bsN&dGR2+1XCJ8GCJS^x|u|F93BWi_g9%&EQ_H%_OTls_*i%M?I5 zU-Xt9#VANOLhX`b3b`jUyz!?xGda-LhTG?uU4(2^da*sVZ4tnWLQq~z=oCOVJ`A0t zZwo!Ue^xH7B{*2?l_=JgEhRM_%FZbiFBF^~D`;JkF|3gu!>@Psxu~WUNc@L0nq*Zk z#qdB|X+YNwyET3oW(J{FFc*W+;Eo|Mh}udYzlLm(Cxk(flk5lyyFs3gT=dG2CVuBa zx2b5d82?4Z{Q7!B@H9~kq;dn53(wz6ZmyewezFQxWbIHp&!P(cpSQXl>*9ETkaPQI z-TJuzo+t|DOvtA%Mt>A@F>RZu2z+{x=w)3qkY5ZcAbt&8nm# zUL=pBwWT<^-D32lk?Dx&Q^+s!#rFC{KNkk!)wI(mYy+n_!E8hRk=(q8Lu)b(f-yjH zo((9_*UbDN8)QsA400kAG)y=~$h!2#@rG;nmY zyX1iYK9|$Lk<^~4a}$RdFGsu(z*hWNUHu6G5NPgkO!@Fx!TZl51CeaoHg`4&&qs7g z@^{_jEyx@SXDi?=Be8E3KmJKPK;Wo10&UN2>p-TZ$l|yU%U~oW6Z1b`qW|hCvryOY zrJG<*7Szu%Ww?qcy)ZJIQZ6l;gl3LtD8)qGW~d7Sh@%73l^Olq13c+m@E1-Q1-}c7 ztZzS=>j7mF1hXJ-c>B`(x)A|`2h=k>>4E~WzqEz`y65`l@KEJmo&wm~%0cHSr*SQK z2B}B~#R?r`I^&aBV1I28>~=(O9G(tJa(~VOuY{16gR>Z}jm?CQEBW-Ecz@ml-|8y# z?(V<`^iBXnw@6djlaR-74$t>-pl@59ep`3~M0(gb&4 z`sP@O`;GKX^h#*2yRqJ;9P&y&gQ+TVs?gOnbgWI{7YNT~dSw=s!z?p-4WqE_2+3o2 z2O-lZ5kS_HTbZJ}9SC8*f;=?Y0n___PY1oq_EE&OhHQT{rE(Y+5;ex%^6U98q_Hd# z@(a1km*XRT;<8M49nZ+)4Yc9a8CWpS1@Oe{0e{HlfT!CT3{>>DUh@R9^2Gy0Mz}Y; zy|l`$AmpJXmnS8y)N zt>oZ?DNJc47~+@@7JY5!OyydQ#7h_gy8`Q)DlM3X6f&_}0NtOd)(c5q(;#GeJL`g< za}{}Vmlb=^cF$(t`Oe-EH<1q5V8uD;!~|N2Y;j$o33{J!6X96wE`~0)US*Ds`8hH< zPc{v#MRyx9Pso#>$RwfCPrZ?ji~g|YJQPVa?!-B+%I()!jtGJ^u99l3Z&{kn?K2k; z#fL)K$^LbPjz)WREJP1xv5q~s(#z#angF4#xoS2WiR6Rjy&*g%k#;>jH;~2jQZ~3U zoYsY!N@Yq^vmT7~O_p+mA`)rQ;*a*0vmwvY?)zG4I0X(S|U{~B}wuHQu_AV&k69`Ft!E0afs<(gi?GGNj zC+WW+hJPVp4LSzi!V12lLSUvJwcelgaI#~))}xVZz~%h4LJ)g7@+oX{;7$;lW?e4@ zr>3T2)BTmYy%x(b@n%mcRH!1`YA*}AaGsr%Wst)sWuew!qycEoaLZRU8oFFh| z9bqxEnCcrHoth}*40b@3D`M>aB!pseer%PZD2@_#f=rEYSJJUSJ2 zU1hp^Sg{Q{(4+hNlxV?5N$F5xfXjP5lLHBiw%a@5hIacW@i>+q+#mNb_C2BL##W{< zcxNr=?$H!U;wg^zb1&hYJ9pNu*DdkC1*xsi%w`G?E4#JBIXSeM+1<*!-<_xp8AcN( zt(nmTcJ5VrXTx#_njC1(jH4BmL{Uw`*e+ypu7VwgiCQzK2!+I|?G;LeHB!2TIw-%s zg?qpy$M@~@PlAs2E%dUU+`nE0{g3b*hh=MG+wa3W>$^n@r`t3e)96lccXDFOIv`O% z((8Ncccev{y^V+Cnzg-m4?e_RU`qpTOmS z+zb5P_q^vlb0Zi00tA$QV25v^u#ESJ-%%Sz0swMitWe41xIH8f;#dtg&BN%sl^ z$zUn+gK8b2VMI(QWQ7BM#gBzU4g1C@W4uw5Wl9&E3>*f5EXP(1Tj8M@`#~w3#WPhQ z$kVzl7mBRqHlooX{!af!0BOfdXk?tCna8AxZaB;2w{sX-xJe<|9ND`Omb0ad{6wLp z>1dIUr;D90gg%*JA_N)YPHXS__V=H>VL&4BU->-$$OVr72@6YzfRLeZ*g76Ygndy! zQI75f<4ZgfHk4W%bV74xXr|}#Wr~a92~$I*|H@Ikgbi^E<9$~^qk|r&y05Mu^P?;| z-G=OoJ{dZCB>_>qpqwki^VANG9~~hK^5iH^l6wDX5UYxSLqI!^;OU5fkrv_6oIdgP z3D^lVLv_jnm#O7I9UY}Z>7zACfuatGS#k=Cq@v^UCAaM$u^sLY{yK8;uQl(Vh~Pi^ zgcQJkyEE-@dsvsNzxY!}3@Xrc0YCH8AO89a2S!iu zWMG6R4-F$o{FglYCD==Qp~*yTfeB|>auOXg?Rd{RZt7$lCQ!j+UwxYd$Mb9|a9D`L zuz$=9beto11iY`?o{)m0|4Z^-%b^ad*<8Y>6eWe>bN;6&k?L0e1*66}G`l0n`s2`2 zRs4@X(h*{Vqvh&}AGwB9bo^ZPiTWp?YDM>Q1hC~__d-{Um;d_P1N+M#fA{;( zonT`4txsSOta5@p`<2g=(LW`BHntMx2%z&u^W{BSq_X%NRUJ85_2VXQiUMfofKZf9 z6<;yHJ}!XAh1c$Oa;C$k{})sOlpYsAl_o=7m?chhhoYyXmbTDNllts*rW-1ZRi-pV zZojD{j)n_4pMiD@QI(m(0NT4I_k)B!E2Sp9K*$j?6igv|si0es~vRZb)b1^+m`-sxKogI+Z6z(j=%(oYZMf`_QUS7rQ= zbDTsMqB{o(94LUa<7spLg&0u)o#y;AH;#2353eMR@o~>k^(XBZN&k39a~=ik#OU|a zro{x(Sl1kVkoZ#|IO2=oF73M%+_m6PU|WrI0#(vf>=U(c}k!(&ZRx&lQx_-p{5gu z!2kOK_^Ge_;3wbt;x|9`oMZN}FaG3^0>1dm-}~$f580QXg1`OUufOm}(J*I%pD;qS z2p~)Z@G{j8#&DB{m&$ghoCMo^wP_B38GqPc9G*Sja9l@JOi@xr5*d5S=_s-N3@JF? z0~9|0aA3MIV zd6@j>7A4HAU!R+;n;MFFx)COx+c#4z?)yxxpI4w-UYkl}Yp^}AtZC-Z{#LGt5n!$P zgGe$ihAW4IY;F-x#^bX^i)WtC0w3}IzVd@#K>a9x#|7|X-}%+290h#a*Oc-(5(o|a z+aDo;kFre!TjHLqd5{-;{PjQj@H^h|j*;gBi4UqT0mM|kXm_nv^r>}gDoi!Ng|FB5 zyA^3ywvM4&A`5SEp3rFbO@ID-Kyy zJD$nS6{vh>YhfX65*edBLdyt)tQ1D?v`p({E6FtVNUVB&YinO_lKuZw`sW6fd2lg! zZ*g!3dZip2_e}5FSY|kr8Gg^$ojsFUE{e66|A}vfpIWy}tUwpaR zXjBV{wC+q!N5{to8s(M3czVQC0*K|r-E)PNa(SRImp;^_?%`|I^8EexEco09Uqx$S zcwoLfF_5V-3#uKQ1KmB)Xe$fc&Pai6Yjq|I$jui8$WCGNVzE;XCn3`fT<2Aw4u@qcO0Yh|*`{aik26FIUTr>hfG#vmF>z?;ly+TVEfJ1Gqo|lwmtPI#((; zaLt_0Vh5xwn?|vBu-xb`WzbADAHXKn)^7Ee8v~glJs5RK%ZgV9%JT!)_G*+SW{*HU z=|llHR9zk}vj2)yMt3sr$z;Yd{JS=z8z+{o)y!aHv2iQ2U>KT8C3JH0`&UcT`G_Yn zx{t-=HOd<+z6;#@LSmeCt2X>uCAr| z3>1(O235O7e_8YtJygh3#Q{{lN4vt62 z>kYI6T8L)y#?J-Nj(&ggoqr{N5(NL^&_u}VY!~pj1peuFk1!Vat|!d}9END`zI0tEM7&vpuQ)9iNFlK!3+K2d1gF!#kR)j;D2b z6I)17j^(j(KaU&^J@#i@Pp-W=6$(Z0x))YW(@?8Xl9?buRe-mRagzj110-Q=eoAGU zpa9CtosJI%vo4P-f1`gms!I?{pXOF<^d_L_+3H->uy#_JJXoPzA}vKy+XKldbw?BbFI_X5?YE{+9DMyWofaLU8w9^MwAIr5n+sE1f$Ve z)F|#o9W@$_#^r-1CYl&ECK}@sH7<#}(L{}3{Gf6Dugu^H%U^8ZM}B z-g@7gCw-bD0W2qL8)_Uu;jfvGb|rF#sC5$h*Gx!l6N-7WNNEU?3aC-xjNTj~eUuZ2 zT<<;|1||n(hpq`grYUv?nD+TFDcd-D-x$eNno*wv&o=CD^7~txGjHCs)LX$<2tfV_ z-6Ee$c!~zg!|jd^*OgXJ7==94&pH(wmfGLNAgLBZJ8giN z)J7EEk2Ee_PvGI>lO0NwZ4Zl4!vMtS!ADbjLz~-C6BYk}KH1|e8j-TqSaCfJZXU`> zGvXD&=H0r5gEQE$qve=e37~f`;BOVgs+sB=wJZ*wa)czaY`)Po6z!UnJq>qvZ@A&{ zxFUoRL+_ibKTq&Si^+db3uN%sXgIZP z2op~?(HBKIt>9nn+b4*;82m~w9#P5* za9~qIM}DIxCj#hgpSBwWC^ixf&&0%3$?YAU4*LNJ0?q<%DVuUeR$_Unxz(@EDb-cM zrvWJdso7@5qIm^0@z+O)eGIu1`$H((^^+X~Mm1=-6u{Vgs>3hW1LoI9-F5P&WCZH| z==AMQuZ|KPnNHCxDrGZ1i_%P-QI0Yx<9EwDydEu-q}WoDTvq36hP=7fY3{QCutEW>3(an?hZ{!# zr6Q~M#j+9JalHgRH{NXYJf;;f1dTNSuv~<9NE04y1{MX2k2Xqthch0uHY#-4`5VIJNwG!Jz1K61jU#|IkdV-)B1kQJus-DBfo__16nqpMNYm53Q5RuO z?5hBb>fF(a-6E+Tm)Quyau3FoIv`DnqKQKToAsF1q200b381D8fV}FGPzNmg{p{7c z2NS^VzIBjW1nJdi@4n5_L;&du;0Ry_0w@62u?ZVEfsw~IjUWiTl~%E>VWbQ9-jT|u z-ce}Z3Tc8LrKu5ZURqlrB4D5DjEf`7b~D~{LNg0TyONxlAo1c0=dX@t~zJjBlEk{HfS z_6)!M&@?~%_Tim`^WjKu9xBP_7BHDz2>~D682yP4ivT{A!{5`2cXlTD^WVFV0{;Au zzhf@sVVVVW1n^l9z(e4$uo&7m3IIAmdlIg-6)cP6+O0*PD-js6SB8OvV`l+?-fks$ z3cZE4IzjBH8Q?adPYS@uWzQf4MDupG*`(6bZpRhfuW-s-j|@fuI3T;_F%2HT^VQHa zu{|W%Cq!aHMekKHm5a>?(Y=Aq54Fk}I#@CS=@&>$I3I{JCW590@_wPAHVchav<|Tz zFf=?m;t;!+cn4IH(s_;jAEyqxqO2^~@gV|qHBbTpRN77Z&eMHxO0iq(CPN*6<49v; zAdcvXw;u!)wk~+7y*|m6Go`tJ2_`dI3l7DX8k5)UxAU#Mr)W(c453l1r~CFq z0L8nh)!vBvbpFg;CLfVzzEMXQYD#sbKKs5QKaEe!=tf-hJm&`bFYJd&3!6)f7m%sa zOFbJHkq9JuG40c225|N8CaGr(7D;aOK8OHbJ<`92L;#_GYWRD0V;0m z#*ttPF_ZOi1q$Z6GWbGlr2o#Sj!l|-ZYJZ$*)*aLHMyn-Nx9N;1p@6mIuwm{7XWms zZ%-8Z*V^=$))s)H?!?hi={*9_I=clLD5-G*QH{uOif9`IP-vi}=0ak$w4I@S5*hZc z>D9jqA92-q2igE07h*_fNb`**G>E@qNwJ_ zfYnc901)unB@F@#ql4S2moR70w(+(B(L^|{WZ;JaaM*|+#+Zl|+1)XKCQMLZ_a3`U zWzpfl5%mLn1+l`!gx%Neb_2;byJ(73Qq>UEV`NK|Sb&VcRtjJ<1d!^hx!b4nczNQN z!aM@z;RuvAbVmR&;Q&vpjd;Bhz!YSvwW+xQ7jQEGz@!v5&)y<52rgH5ZpGa)`{@P| z+QSR?)0VSspDal}Jv+C6f9_~lTAIEU5T8wrq*uWg$0z>7 zqZ>mADU|>&az|*`ECo>Ue__eA?4;q8`SmlYTdLdS!(0xGNCAF?4hTm}na?Vs!GV02&4buy=^)Ir6AI(R=PkoJRl!8|pzo>;ZTW z7LLo-)w%~-37G6!58ot~5NfkdWj~4lc~_W8*!KEl2pkXiar;Nex&{&W*6ns*{rT4cUVX>}@Tr{td)z-FfG0x0cOeaO z#whsj)Wd!AGL3<20_Y&|wX368-5@h5G$Bj1moy@ww(bm}S1SSRn4hzBHQAyRE>1%)0+d=Wq| zyn~>CWIAK0O-wXe=o)aUh;o=i7zvkGeKOvP$Pid0(2UNVLjc)ATN`;G|C?P*Z1a8a zfJ>p>J-0J5jKc|MdPkLqQ+<3o<&q&V1rYpYZG>BaS#L_IHx z&G3$m18dD+1Ws{xUYz8P8l2`#1aOoVnqP&)F6-bT;v=v)se&*H8;q!cQa4xJE@KVK-yPYj@~Y~ed;PHzsn@S z(vJo{tI*V|=M%t(E&_ZKm;c>I|ISDRqip!qUxL=%PXT}P>$8eNh(`VXPcF|GxHbfS z$^1PZ*TDd`i>{_3z^Az8W4aVkzy;QWSc{Gs9roSTpuuP@R<>!^KoRrU7@TPALoxW( zFodEJPzqRinS`3#$U`fek@5ijZ!IXrCRQPZWN}k-leo{dhp2z>JHPS1Ar~T(R)3xr z8WbH^!?u}CO<+e;0DIHiN(;BBpV)p8z+#$ZsfI-Z@Mfetp@NWvgeE>|>7q>oVV)+S z>U5tofFfM9I}knb(>HONLSI1);Rql*^_=e<0?3900+hDHbrS-Jpi);gFXwJFy~Q*t z&Z5Jnxuevn`r@~3vze`u(;tdQ{}1cMnc< z$dw^sw5^!V8t&k3-rw2)sB^eY^7S~Bwpz~cX5l@T-|c)U*E?~2-8}A~@@j5l7Kv%x z(j0Cp(nzfy|GF|@r!i4soRhE;0Mh?iT-|*OGkL(Qp?@9u-c`55+!=PJG%+W#0;Z|L zZq?z73-7ywuvY;okkPhQF?{gTc?5y}ixb+>kDz<83}z1kSS^&ppkBON>E0KZE3rQ1 ze_Q~u{)PG9e=G##T0lntpZZCTf$x_K{=+xVghLaFaCw#j$~r){m%tUXo=AMy!eMnS zhnDCs$O8(SM7QF-LtMs!Wp{bC5{1Lvk4~UtG*Q9uZg#sxD`8j;TR4t_8^iNyw}q!L zN=y=v1akSkBw1?VTIZW+Zl}X5jVY zaR0X6x0^~$rBbPh>D&D!pQ^=4eiWCB`wtIf(4TANf1%2ax2?UjR%UB?M+XDUP~RN7 z(;tJ{^InIH*nV5Mv5C`#U7J{+tW2B$gzi902n~7hX2{@HEI7Q^mvYhPU}|Hnn;&Ls zIT`QW?PzUi_1lY80}cZ~@5LxnBM8B6L=3#sWW~~IIW^>OJ|j#h?VZ?ickY)@~; z9GXU?<-xm06dBJrOM^?SpI-~I|(A_0e5@0%-Q z(JjW8=0qn(V1}xuxUq;A@kpyDy2xSx_0$YpE80j6Vs5+G&ZvaV0y^3b-(4*iwd_IJ`7S4B75DPZo>iRbY$vMGHdY2_ou5x-G79}tu@`X)x}T3#dnh+5P6PtIgK6u;jSk`DPyBx? zJGi|V2rO>*WGU0Na_`_kFnBT(?;Yzb&(HTQr*qmP{^teossH!@*hzyN%L708K?cDL z052I62BmP%`|#o6hu?7z`bQ!lpMcP4XD>=BXUcmO=h8K`C3#&O2`_TY(WsK*tg`xoEh#;!Tk^Rk~a=~~%(J&zM0)7}|J1+B`? z!Qw_BFh4lUYG9`WP2N~p3`|VSgA*;_bP@xTIz z=0!F2faE{qYlsZ1Ar0BEL73W+$=P&zA##G2jEg?qxAC)7VzaZela=5Jt$FEId@K#f z!EwX3WFkE_79;%r2!Ef0g2sSns0>tpQQCL_rI4PBZ)J^O)h7iCf@pJgXKRx3chq#$ z^G?2Wz^HD63)Q0$n^!jD@y$t!;)!!V%{harX1C%vj-{W59G-5P&xpJ<5wS3#`F{bd z27u=r1G7EzM^L)^4}zVdxVQXG0VEdi@=OAP2J@j;#8y|6_`wws3x5zYOm1z(W7&|V zABPMq%x=wY4j2ybL=ox+X7OlF4xD)6f|YbSJv$jX@w|rk5XZ8FHM5BVqMxT@@mU4fF0ky15dU^6y5mX5d?ZArkzo-=?Q=VItB&;$`cdIAk> zZtcu2M09fO9LSRq1Rx<6OL&8|3li`!Yx52M=UhWz;e#5%mu_vvs7LD3AB+csB!lIU zX_a0;FpjkJQO6LeI%SBQ7{z-=JLSbugV_*@FSm}LtnL>S{JtAh7~|Nj*6MY(;}SzU zzs@sy{)r1BPnEBoliM_W>&c53ZiYISBLU=AO*R_XdViWBNr?DLh_$Z&qifP}k^dJ! zWru}^#=iCC%{SkX*R<51Xz z1Xy%}!H3-iEueI%26|zCIT-+{E<_gG2`I6A#ouR+3e8Ga?RaN1*tmt{Efpwnx4*>_ zhWaTlr<1N2Y8I(VmWKZMsz*7$0BY(+sqpVX1&|W0i1;|Z2s*|A@<%(sEry;kZY*hhN|Bkx+ zkD3YaX8e5wEiQ|u$B+KM0G=}dlsqt&0-jwD>?j~+0q;8ozGTH9RRN^>IZQw_=`-5j z)_{|UbKU9e(3RsDPeEd{5u66p8Ap!rzDfz=^aa>N+bE6Yl zaJSR_Ss{~@pztuqBNOP21dl2pp+53V_~)DgSlbE5p~UbC9=uU2oNqYpCqNQdttsi# zk1+`EM`(sh)mYu!vBvR|=r@%FwJ+5F)-NbpryX68 z+WHRz3u<4+6+mY&xcNN7$?l)_1bO0R7eLMco=X6~aSV?Cnr}TB#US^e1w0cB1C#U@ zJn5;AycEqr;y)enUrhihYDA-+e!NciMx|b|jlK1h515WFbK?1>w49O!K?tgCx-{C40^A95S=;irT*zu4IL={r(3%v$;{rluaL$BBua3f{$DdmOsk2IH*q!8}|H&q| z+BtcCA%p7b^(*Z&902|CU+F#|C|^&n>!1Otfhq)T$sD1c9U?sK7mPhb*QbDGQqomag!QM;tSNS2ES54 z;cN0I+RL3(2Nc%~^~vKM->i85oFP)K> ze-0+hS+G87`xrtS=m8n&Hl+N>~M97Usqf#{IjH)-crh0}tc{!?LxH{~AMZpz4;-Qal z&qht$4F~*%193&biNW^~I{bfJ0H2Bx@X0lR=c@;P>X#vaXRHOp82BtA%nvUO6i^}Y zKlni^Afmvl&O?BCu$-m1#?q>tMGX+SQRx>gXoD7)i%HL~<{?75n}p#bPczkHLzZxd zowvN>N+gyK!JzaN=``XefzGC;=BfifIr_=4OqX1RjMxPf?2NMwG|Q0wu9Qdq%4taN zzyXz;6siM z7|+Vfow~uLWFhpm;dW$v)!2{!1igMW-rf_BB}ySRXDvvqW#SVRZpPns;`8r{3r z9v@Ar%(4g|Hg4|p^c2uBs834V;0h5dv=_z}yhe4tO0z26$z&3J1^?iZ6`m0*lwUfA z(;R!L<<=F9fW1r1PMFq#GFuctk;2)Xb{w1z;?l&ar!u+OmU90{Pc zI$R8-OfK5<9=WJnn}fZ9RNI}!&e)Lv>XG(9$_Dy2v#}O&;w#jnjdc~V2s^M1_WqGi zi8tLfk?NQVbj2%DhAa{iDcn6wEgjBx#gmNfM3W3z?v!d9@29A83nBm6!E&H&3Y`3y z;d2Dg`{LfB(`F7vxy`^@KalU?cJ4K}wlN5=CSfsnW7p@G%v7q}GZ{Q#srSjL=5kNxUgIpEV+)K7l($$w`l;KN~$DeC~=@T?Di80!F!1hACG!-X}f+j|L1(_ucw zEwpv57+5lw z=C7wMUA@`a0pA9zh)i3t6B}VKrk?oCw=D)x@KC(Apq96A;2qrR9B-RSy{E6In;Y4* z*miGm9;;sG=gTW=QVGIxUg*So0yy{nxuh;QDt+L_+KshqH}=rrsnIhV!8cM;vycQB zRm@zU4IYiaLb2;JAXiV1FQ);4IOiOo7FvD#p$m0*&4=%}m(>1g0c2AG$fa;SP-1cDY5+~eZd+W7Tvdw?a-#=#GB=yhG0fh$L0uC4 zdvjX{%T`e&8}}N9V4|(qn|IfTnmvs-qkX8E!`Re7i?8h39smtc9+DR9AUe6V*P8N-xlTH>hi6~vDOl>M-W zfDALbl6H##=90ZONkD8aAhNK{-QB;Q2S(Bln}d9GePfnOv8an>C?&aFtuQp{mV$G< zDF82g#rE!9J3| zTBp^+S_W|eg$;~?&ZKAqeQf|Hhc0>5p6tJgi0( z=t9^gmXjrkUvlv_koOu?g@2ih5g-G+g+M+`ryj`nd*-|fq%ztIkb}qNCqH$4CY!@i zfCIfgu(gd7;IcA+h0P$(xD^ef-)O%I?)W>hGmJAgE{?mDeJ8x(-FnS#NoOvyj^z{^|gc2`sM0OE|pC_tzcz^wEq+z7%zzaO_z$o=>$l&iMR z3RO)n4Y!eR3+@G!X==Dcggof?Qzm{=G|-x(K+|K_P_h#W#^=H1F*AXbhi?n^-!Kn_H3*g5qP0i-woSU<{oWMvX!NF-O zyuus#Ul&05Ae}P@qL_duz2VNxf;<$)AQV8*uviW}zxo6bz~t-OhD;&O}qYdfa zJV2Rj=t6MYFfif;JDQci1X@urR%Oym9|Jk?DFD<#Ed8l>Ft(yDP1t_GKPZ9zso~@! z=sf9NyKRGr3M$`~27jvED-%NiXLWFB1HYVRGoS((UxIiPHZq#V$7G{b+SxTB2vq^R zDu9!Pl|0Y98M5k6b!82PpI6<0RI{tP5b4}Og|ESye~|0^h^Jhn*-Z#&UGo9%K$-{+ z{}h+24LF1I3E=9@k1P3edcXcp27hbmbliYsOan8l9z6TDrv$X^q* zsUx~A?Cv_eL4ZLM?jt_l36BKwuLGVdfZvN&l2N8XK1+ubK&O4Y^`0B+G!ecB!rYCg z?$0d7bb(wA28aRT+Y=+>KEa&UQ2@h!9NG~;F)t;x%SGoBa1*+^eJalk;~3)A0AB_6 zCpzp^iwCT=av7Lh^KiazaNz#}cuoQQ2#eurE1~}h0esbE6F~5=UhdUFJ%Dwo|A@xi^vSJ@syHv{y^1^#iW(<{TE*bIS4?3UoX zPg9s20c=nL=*jF;0I}y7LQ;Gjt)a>6jj1v)Ut)hf44PomQfhawq|sJb^L9o-;!=D) zGu1yz?_eJ}?YtU6*G=_T&J_U~?t9;@_5SyM@f|o)-9IgWI9Xn+JHBy~=uo*@TSlCc z+3o4N`{5;z>%({Z-iAp$rsdrT;c)NxqQYGT{?#o!#wdR$iPg>ZnOQ_jgh%C}Ka@3s z<;z*02w*=WO{h(SFlH)Jjz<_|BMy(Z1vrTZ1L9J$1p%a@!W0HUGzflt0lnjkpOSm< z-nYK@3hc+C-Pw zjT-X-nz=$*mX!cXS2gE3+zq+CU9d|NnlT>O{LCnVy`V9n%+m(1BLi;#AVQl&%rOG=N0-Ich&Dm!>CO;%KPeHQ-g7(54F~{*QOzYX942mU z@C%y4(Kmx9Cq7G+*AxA&fOMw4IBOx;@O77McIXD8L!0y4qvsL8M+0PcOaMQ1Q3A-- zmpNZ4zF|Wz8mZa-JhKy0#^>G7hy4&2h`>QaR$hb19d$_)&U0X_bmCir$;} zO&tM@>$29s@U4!UEyBrfm)M`uKMDb)Zz#r6akbWFa)q9IpD23VHfGYkC)i$x}-C65J2`623M^e(>>r+a%|Hk-H-fe zI3*QwSfZ;05DF;$qGNv5Cu6vC4l?cNBmO)=st%p=Gl-L&Q7k_yjOlq`-3Vv#zoEoyDpax zq2Tj<<+X^c6}D*i$*@XZRc$M2AE)8Sd8Yor0HoE7?vEN`)i=1C=d@@OrVPXDokzKbCVbdfCx>bDU>0*pYh9E2`zJHEhu^1&0f2iFG&h*I1raiZ0=s_i;e<*`~xlX zX-%U~e!+QmL}*t=g)olOw3`_ex;zs8OT2cq1WN+ZKWsk|Kro`)n8A+rCsbmdqS}u+ zP4(dpoTlL{HW&ydSLgG$3&~2*_`d+2e-7{$=a~b%Pc85z6hO=YG6FojCzc@f+3m3D z%-LKCx9tg8O^=P+9P!8_YmcW{0-$Mgi$m;JAhI`l@^JQIk9Xs7cX1w#;xYwUqtk>J z^idhZA{pq9b_!@JR2gh*1kMy)8gp^eonCfyjLR}SbSq}KIbA;h{w4j(*8R?`7U0E- zbxB7IlQth{jrqQ0y{z__Et--j;Gtj_#%d0h_m;Y8Ea8F21-5WpMYq`uXZ4{7tuU+2 zLKh7y(v^})wx>Y9{gD21E!e~O8v;lLz;qRUy`X_y z&CM_3CU5}!nABiWmwTNkKa!b^G$wAxmn1;urUBMuzTdf4l9z@}Q ziAJ-B>j_p$p${Ca+a_r9o-2(uQp2*RHM@v3hG^nTQj245rhyq%4vmbEoDU0!nRrOx zFJHkYlZlTprN7pOrrAVdHIn{x_ zhC!?=Orbqmp%OzDW_@P$2%3^hZ$~p`*zbVnd2oc9bBh_S*T6+Kgy-*_$5@t&#S_SZ zO8AE?@Tb1JiXd48kSkXH=_t^O9Yp;u`fr4zy)n0tnkDI8pBRshua=nEcH$*)sr@t- zZnCGl78K7>5A7}HnT3Z<%S30wEmhBYVmM$cr(sX3a{xnS>}ZuRJ7@ceYM$sy$m@c} zz+KUsG6&&`-r5Oqx{e7aSO_n1rUJ_dB>)WK;OP&4_v11E9$D&NkTehzPV;6XU9#}1 z=_k)tmSF;(52IlW3OWG!&hg|SfVXV0zy)IO8ow(1@Ng4whr*As)qOPt^@r2nbt^`X&DTO&@X%0JD>H2`2t74 z{FB5Axo5)|5{t%)V~)9?zR*P|Iy}QYnR2>>t&gUzt%Rw7%$e?|Rq>kPPTzt8G6aKC zzLb59bBNd8w;tx87zx8cFFS@z4h4qTG3e>I7Lk5sU>(K;hG1MxY;LqiG=sHi*5qKy zB@4v-P|75}QUq`}4EnveI!0GGfMc;;Y$a-ns~b{_v0P5HiLoKpd_?aQaNufHpSu7} zh5$A<=chZF?39YFHJEZf1sB=sPrdyW=M+F+>BESAoFyP1H(vn(ly(sUsKbQ0|2<2t z=CB>W`f@ip+lm--HL~))H&5zE=l~rGNUMP`7OZq`Iv768*A`aVxaQd$ADnb+YJH`z zyS8S?N zkZ(pMNRfYv+iPACnjm!|fB*=Y>VA;cjUzsaFY)I0z1~}c&7fv$Z@Ud=X-98$W^?os z5+?qQ-nO9;znz-@C`(TCb7X6Sx_kM%Y6c7f@WmokipTk91yHf?;YpA!40rYQb;c7U z5LDS%nudZt^!P_tkt#7oY$=RwQ<9e`UY_MwVLTtj#fAy3<)MmiKRD4Xp;0PQLxS zAOGUW-2zWjofL}ZM)x}V%6-dY12}Aza5ym9-rv`Eu(laNaWA*X#(_!&6>s=kl{JR7 zIsAHY>m=`CU~U-~)Ze~&e7aAD0U$a6aq&MN0iM4W__N1rfk{L?n~MLIhrt>crEtG| z$K7|l1CAhqg4Q&sV9A>vL|^M_&xV}G8vWRq+!@?2m#-JH!5S#b%I;l9ALxvC8&$#) zN5MOTD=YoO>49S%Ke*Y`U%uNlJS(A|Ji{m*hz<7@%Ux?}=$D~*2o%sk^wh4N1+PRP zj)~aV@?D%!f!;|%3xy;{*pit3ig*pFyI{5eXVh6PI8;Q7mHMcrpWl{Kr_*VrqV#naXBxIyUbmYAaLR=s#mR@Ual$dmPCqmNyMJf3o zAr%PEr&^)SA~W@s{5MLJ*n$z<{76KI)NG0nGq>BjTFMFcLN)x)U?hoMEzLP45j&hw zWME(bqFdwM)Tzb-lH+`@+}4dsEvlTsYE>70 z^a%*y13JUK>QccFUipkSl}aUnVPP5cRrLs1!Af_eg2MA-;1vU10POpmAV#VqE-h54 zWCx6#hOM=|Ep&_;cEn+9hS*mG93#9VZiCukn-_gjlisYXCag%M5=lBWzw8ZC3>#!$ zsnLFcVAV9C*XX)HkW+K(o|AjibmQxEU0nat%@tlnV-yFNNk%^|W9GF$ffu zwD)rf6@rq<3K0LX*{#j&zyQCkdino!Q*?Yichx`ueCoI)f1SX7RX_4KSfQF80!pRE z2h^GP)#N5?C;6!-VWto%e%L@eV$X{32;uC+79(eDzSMmJCK<#bB_DO_)Sd4Np1}X% z&);ClhWO*1LQ^U+mWcGPevJR~0GS1Oa2(bPfx|ir35`lPwEGF*<>CSU_-Rjn`qRY_ zL_2B(IzwFaqk)#w6R1=*yW1N1nH)K`+5@c+C6pWqA_Uv4z7PAJ0NQDeACeM9qsp1q zkDEfsBd;CX%0u!W{ByeDbWanBHH9w}_TOnpsFDvkf&^QLgC9h;#C$}82&$EAk?wpU zt&YtR)1f1- z+8L?Y^UK!#zwG}!!1G&zsAYghAAa3e?k|9!_ync^seW&{KN0%U+%pkC0P$;vAnd+Z zAy6P^)~V534I%81=^X)7vLV|}_(BliCLlLw4;e0TYpq{N-_b>Us_Ib-xE_7_>BbrH zgDQro9lF;3R_8e33nU8i=;u=a|8=bflBXcZ)n3%`)Tq!wRvlBTe^e1^g`z&7quqbs znv|VJGShSKxFx~yJFjWS12Oq8Y&jvN_q!R`_FvH+Mge3k$az@^PpuV#oIL`5)%~5( znFPKx_e=?3y)aOZfcSL?V$c+0^q61K{Q?^8uNa=hgHix%!T>#_x!EZJR87=VuNiy) zjsB}S+03J4=Sdkni=|u((PYEFuxZ-yPJN*Q$o5x~WhfBq$zOo`akQ$}op8peQ%)%y z!;+|6h3ua`j0ks~im;DE2_2#$KYiS&Nz)aDw5EKDx6PPdUI7jeT+Juk#{x;wATg8CfLHbxNCcM~o(qSZsF!x_2fHDuO)fBKAbXVEhH4)Qt z-biJ@!fic{zPG%I3g%luUJTyvv5peKqnVFz=W%kz^dec*PB4TqZYJDHa0ZC zbqrcn0D}VwFIohxlAT273OTZ983O|^jRdhIzev^PHqn1DdC4t*dqS}g>3&9z`x(P6!4sda8B;x%1XQTGgx2+V5eSPKLUhs;FZ{86mF?+y5dsn%yb8R-nuEvGX zOxMn~zkYxJdSQV|DndfgTkP8PyM4k@?r(hw{TFtdw4jHc36CIr5>TC z3_(L+rNTucR25u~Rjsjdignma^J}9P-WO7+oSf@RrIrB7FSaLg5=(}3Z%^M{)!uQp zvs+WiEiJKJO!>iyO%-pj5?hqP2g>vk=rZO+A68*&ngKKQ#D_?}TXG8p~)F-F!PO!QJ=xCOvR0GIJp>MvpGB_&F6AmqUsq3=`{bTOGw+Qq9 z0{D;30zv^F#1Z5*m;yW_06fDG1i4}4KrW3fuvCJ)>{(n0y;^!MLO_iv-|pdniDswn z-UB96qa!!UY+oG6NURow}?W-s*>eL_VJhbP*mb1LmAJ-8XIH;}i4435G}L z8rIsh9k$V{!loJCy)`NdYQVf=9^J~Enl2V3urLH(e2paOGy4ZVBHB)HnU$__)9=7_L}M28YOg0NVm$hnqN^Rta`JL7+6y zSAvef3rx)XUJA;7tJDIU#khe2VbTvrJ}&G-{3ZE8r;)19x7yd?LTO?vYPJtHxq@C? zmdZ;mLF}{yIwvhh|9lI56CEIHOpUj@eMIj&!*}K){F3>5Pk1a=0)mLzJ$TsC@)XwIq7=^Z3BlKzJ-CfR z^~NSd7G0}&Vxeogl}3HlQggEh+=B8de1JGMHPXa{5HirRwA}3zdo>Mx&F@e?hHew4 zMX5^;A1=92a7@Z670@t(=zyKkA-~Xv&H1^Ua_#n^SDLLZlqb8UR>lln6_cjB+B#ZV zP~X~Q-i=u~(Fu3D4_|qurKQ#1*0lfytm=@y`R4caQ)Mqil5$BQ&ygojWLP^qkPKMD zagJ`_VE0zqtppI)b3sjyP1`^;^A?T_y&3h{Dsi9@AzR$NmGvp9hcBHz*&p>22jO=u zrN-Bi8g&^z6j>Gmzp(>*UJ4+}E6RST5;sBsV>+8wDol73IS?EBMlGF0Zg0dSV)6x-GOG_j=+M>fHI8-0gFX^K;sEcW7=%d>s}OKK235ZZ1Uxn#cM+?^;GK+8u$B%0lqrB@e@sJySdR-r z!u6z-Vhz~Hotbb!Y^wR6_PvGfXhyrG}*Ucr~4_wjRSGcco7LseH>yvNZ9bX_UM@HQj)jhS?vDx3_K_LKJ+UI-xU6n4U)dPT*Fg`bL$sSv{ytZfe4>?}~0Gd`>nw8H?S!J7s?O z-o04jKM(=dJ!ArS4rdUiK%ROu0{+$~?yG;lKSH5C1gik60{AQn;6&jGk_S#~XV6(1 zq!$2(#lekUO83%hh)6!XvS-q60X>h6+u$=nz(7R`&%|<=!_jhZ<-nd0z?K$QzMRnN zFa*YCK-onA^BWkN3gQ5qb_R9ON`R7pNYJT@k^Xg)N5SDcz!^?5zu@lfGaJ~eh{eor z?1&+THM?z-T{QxnLMt(wlnM9PhDk{#cv=}%hyVsRXUB#E(PCjW{Zi`!dJB7X{5GNN zNQCyAA6_2Z z;jxJRyS6*jNXS$RZfpLI(9Epl;FKST2S9c_jX)pF%Ay!wr0l01h~H19RNAMrt(L=& zA0appEBa>px^6o zAR4zNgkxx72V@Y7N%Uz7Ak+qrdpNKcs(aM)>)=UYBQR3}XcwVDvbe(6y`6D+U{$u; zPW|I-H=vg2rEDPGM-RGn`frbJuPgZd70fuCVE^Fi`$?ZTdNd+X`+m zv=Hl!=~M^qoH>2_V3GoOaSIH`rosPL!jwV4!~+sEyS<)oMo0qS7frADp zF2s97cXnuA<@Q1VNhHNzKX6*JIujOpq|c;NTXP2>Gt+4wrsaGH;TQov9yTrDe@`t} zB+nfW2#t)0NYYD_*rcBlz_+_~4FcE`xY_WSEBG*iMIdr5jZP~xN#KZpG%mcABr|r^ zJF`xc1yEXB?b|ne5FZ&7yl;030ti#T-5dXj2=F1B1C(jNe?$R4av}xt+Alx(6MtL& zsDEcs5ZIUle&nTTDgqQ!5R7f=fy2^b0nq%yH$5aHd+b4Xy>946VL||u=mIU6N2h}k z;Zf6!x1e?m3<7&xcoy_7!>>!ix)w0`L;%@zpoRf!1`y7f76eD3-)<#-8BqY|_GBK* zS}0Oh5b2521Q@{NM2`W0E{<{vrxh{iN!JsgDl#yEGgwO87A<(1VMlaUigHI_%&np@ z%*)wGA=p#9yKlpO7tsuDp%*rJpp*6|apEj}2_n$Kacl@+e)rbq#T-Yk3Shw11f}W# zL^NMa)XTr3u-z&inttOXEu!&DPYB@1J+DPb z84!=k{ev1fG3OTKOnVzl5-_L2hr;fS=M=XOJ}r$*w!qkOBkqIvh}ZB=ywI1Lx_hs% zqp~GuxBn+WE=U2n1_lCnCJvwDU+N#**(|`zlLI~yKm>p<3AFp3NFdheBAB8uMdB0d zNv(P7nRXqUr&w`lO93oc;*VR*_*yr3d@9Vtze8v+9%TVIozp zXTq-hVwy8}Duw)F8v=%g*g#B?v^x3{*&VH|ri-m(3NB!7Y#p7+xP%Bz_nzrBG36|! z=S`KF#OGZT1+Ii~1Cr`$p{pAMPzs=1mRAJRAHDaEC4XSK(6eb>h%iynd!})k`QDh% zrzs$bksRGC3{MQ%cMFAhMXy7<5CNoE(ZtU07lQwg5GH+mAKD+q-G@*X4*AiR7W%T$Xh106*_A20(HJiJ5drE_>E<204FQDIJ>Jy< z)_jOjksCbiM*PN)2fWs0j>m&IB{c{5-l_n4R^2+i4`K))J#_!T%W~-*-ELY<<+g6w zv}mFLdZzjlI=!3tQ^8MxJGP{HF{WqnN(eMU{tF~QeD!DlPX8Cc^Z3I-0soOj&`u%T zGkUn2Eet?^H)ia~Oj@NK<)1>|%3cfgzOy0XsF?hjfXO0RslM(e>MFT=b>-A0h*G zQ#87uw_6MXeBhzBK8E%?9(WZ^_gMV6me`NVxEMrY69YJEok3?rN+;wFJZjD?Q2^6L znVD)lOYs1EK!m>uHJ-OYx5i-gLK+po+m$iFDfSAYL8vUoBYemrz@_pD z=+GA}fB+@quHx##WhH=8*M_vk3bP{BmC!o!K=5{l-3Erhn3hOtbd{r9dI!Sd7P@lG z%vw6j)%5QDybD_S?3g8(b;9HmixkMvi zwGI#h2uqObNeCdCHU|}f03w3(v~?wAAv;Ut@Stx#~D;^!D!TZdW*A#s{68=dOH{bc+#CrWXW3qr=%3JypEg%;*Xh zvPfog=T-)KjF5DRBVZ{&4S6{#rvO5dVbxv|nM)!y456egxV=#*xr2zz*pZl@+}-Z> zajbel&G!T(hTv$6lxU57hiGYgeKA(j)M}dx5J1Myg!NB@I}27k!oYPTL4u9|27^}O z;C*kd_>}(1ZC&kz=XeuhH9IhzWKE)6K7ihkL=R>F_q;e|5x|vvb0Zp!C>a6b8<@u^ z+9M32n^W6cDAB>^HSnY{v4~`UQ^!;v{o;9{tA5g7nFFQ?@)LBGgHAvJ#gVCFqNm%^ zI1j2>lbr!q1D3%&-kk4==wy3ww(_Ne(IGpW-|gMO(oRJ+Gf2eUIyl%VA-?^;0A5)8 z!mlt4K9d8Z0zm$K>NCMY{hQ(6pJn|Y#qSIOyhJS2qa+9x!MyAxZ@9Z!dZOsxRXTQI z#^*7xE63yRsMo-?08KgQHra_uc&?C+Zm4jPx;yBrPrT50L5*H3~4L38zxtvrUV_tu39ur-rKb)UlnL`L6$-#jeGvOu* zpb47`#g+?N-Gk$H2S({l9f!-^Zuwf&TrCI0L;a@xoaqf|xKZXLjr_QC{Exd3Ugu3{0KSNvn;&2Jmff;CjWcjv}VM6Ej% zwKKrfE~l2T2(a9aB)Xu-#8sd;VcMyggSgkHIgr`6_09(Z6NmGMZDX@OaWz?58`6foQa?*ck(s)X|Vid?kSNU}~j3!EJS9 zpjef7*F-AS27G;jwJ8QGQQdHgY|CUaIHPW5o+Kk+aNdD4wsb~>7f@p*s2ts0Ie1${ z*J^khk{MWu9MWoo*NbYw0W<w*<85nOFSU#lCkkvr&^Qg|VnX;o(Da8m0u(|%CGfrj;AcMdk5vLVzMW7 zl4c_b**ArTSP>$WHqff2g+g0epcD!e=mG*!iB$q5BtRhe3nBgh0YZRS1QNTD0I^Ce z66f3*$FbW60u5lu`}&14-`F#mnRn*Cci;UT)&hU<%d@l5W|jh*G#GM6(pzh{@el_E z{$WK;K6EQ=-1P5$YJ%g~$S1pi^V8@lvAw#zHT6I}=L0y>;LP@Ibk(%F>!HVTx^4E~ zsonGz?c&V#YWqmqNhGqGw@RDZT3ua@ZU(7-R#ScH==S#ZOdCr4(GHNINzDJ|!-*;f z(kza=@(&5bgCa=`me23oeFc;}tzXUG9HBjGhEd?z7bq`2wBk*wio4+}0P*ozhHf~D z-(O6-!cSows1E|f{yWpLmnPvpnGzxu;( zAb+nT0AbGz$lJ_C(B;B{F7N{44UZ=0d%@KS}n*H3h4bltz>Xw^$Y() zx*&ohWzP;R__+uBm2gT_lIqzC0SB7IdFl?R8pl;L=+i~A#{Ia@!B^7@)$8Ba_Q6)b zEqpjZS$#BHxj^{QI3j)6mzH4q1=jtKyi}edbVvc?|ChG^0|A5tVlMC-pZnZbpn}jr z{KKD;0lt3j^!jy3;PvZo`Xa`=Xy(r!Q~mz<`_F#%b!Zg7Jp~Xc;BS`?2x}J(>*@3Z zDd12o{<@&`iUjb{_+jk-uxIM;cIZb$O^QUKMf^T0pcTI41<(T63j?4y{`$8u=Kie$ zD7Qu36GyuTCRTZ*R9Tyg_OB?tQF8cQD!4DW;(wfXdMJR>jv^!couB{UC*Ob!?zC_G z{QBwj)312b```cmXTIqiLcvRK`Q-P$_?JKb`Okm-&2RqnTd3csME>4}A5VRqDBWI$ z=;c!eTr7ZWCJL}ZFuptJr$Wyt@!KyTm}FbYc2fKPQ2{Ld1|A)!fNw6*NGrLpO8^yf z&;N)bsdB7;AII(RG>hyY&879Q`{n$I@F& zb5{YjXhl!6N`$G(t!7tbgs6~#g+IQ+UfdB~M%>j3!JVv=FjP9w6@R6MJ$LD!!adQ7 zLrnP)``^FRM@qr}A_)gR(6vI0SZuYBR`6%A*wW5sSn9=A znAnrVye0&H|5PLzotc8%Rged5$ya)2Yi4+goNmFq%2waSnVIJCAP>N6EP~33Jw@Cw zh374EuP(qFBO@a?BW}yPEn{QzNOK!ts{DW0B;J=+!dHHp07X6({PurmQ~#d?5b8$> zTwg!8e)^g3Kl+b-2$A47DS>$ze5z>Sjs{wDgB$>tjTOjl0sP>#Yb)2Xl}Lhc=8XdA za%I~h(a3O+Hq%0pmlT9^d?vaz>@+eyA6Gn^`q#5Lv$ZwulZO_&Vs}{zF%unW%i1dn zT^2<9`R0+4m=m3oyio3ok6*;Ld8ZR8+k&ySy=`kd+8oQcl!A4p%ZH9Wvl*1-f|3D| z6i7M}of!{8F!M89fCpCEHE@!tb`pe&Z25YIXPW0@vQ@V1PlBKgyf9+7U07@~KErFo zGe5XByS%7AA72s#O>6k8;n#d3fXJ(6fbQ<|cszX&;{KDJ?HMVwzgi_GK?Jo zv^&$ZjhwTxaV@qpIcw zkh0k0XS64`^C`r11E;VwH@3Jq*WVnZ#xbN+?L5t~vC+Yy6{n(#Ln_{+c$+eZW%zxD z=G(a^6+X7Vb3qRU@Ski@Jcu9uTz}L1p@jSR;44fGe4QBxLIaEILGagds{z?r2J_+% zq20Sn8Xy`y;f(pA!7(h5?V4@0v%iS-N3a>JbdP5`746CRtdL9bZQZ`SFgn^d)a(?q z4ha;Uk=D_%rm?xDW&=-`W&-V|+FR%5#>TFGbcMxmrU0r~vdbOsfpl*m4z&Cu+6SjS zH*O3jF3MUAu8vi3MnZ${>Wx7b&AhKFD+clLR$$t(rvw-5z(ZYKU5RFA9<+|Lnu?z9 z^o+?F?Oy=J?Y8G)kB^p|1*h=gHJqlW50aoAaM8k({My!P|IpA97Tql^4GpcW66!@) z`o_d)@+^u&lA+F%W()`gN&!5kyMb%AN?12j1bh2*v$%UMDliIFNpG*NrPkJRL-@5){kOLynv`a2oxi>H58 zhrs(2KmIuf0Yt(Vvwr*k{M$Jewlt6mh#xx|ND%(Fzh8d(C#7&Nd;w4hH|{ht24pd? z5gDA&QTpi)j1Hw$%i1fL==8cBHSV*?={1X02_@RTe9Fs?(bU&V@Ep5^-Pt~8qSn2A zc-*NCkk53=<87&~uMLlNQJTvyeX&REHE%}-?N+rjyLT?!a|GH9n(o3H568gE= zozTB9${S%H(y?&HX?mG9wvXvj^Icc(9UU>GJ{TbX<4LaDWD-~I z-_D!2@7)fQAp4N7d_$HOL*IX{z45ERESe3Z^5q4v947$trEsJH*4^mMA{Rm?d1Nr@ zr~-Mj2Hcl5KL;`u&#?Eh#0*4_nwkM}-lWU>qYI%HRKkH>>KzpY#4w2b^cGt!t4YB= zavGcnQ~{LMZD0b|9;?^8R$ML_!KG6nl(Gqvy(!gZ)w0cZPb}KVvkMHIN`W**1*QIl z1@q$eZa~;105PJ|A-4n68PGRTh^(00!N#?an?P0I6^5KDz{wm`o$=r_iE6j$gEPK; zr&C!VmAHQ@;ZlefGzX8Hx2`k^icq&rrh+_mk<|lfWJL6XvM6=CfR}nkvML>s)b#n| zXR!@H0RXtV!S1snKpRmMRS==jkPv#ruEgb<^#D+d`vCzI`xM^NV>Q*)*jIlIZnQ-2 z?VhHVFaSU9vu=Q2Fx&;qwlNpSp2ti_gXxI8l~fJFc;wn#XaU5tCviSfERlq;MbLg2 zps;a+p?W5=OrEW@mdOi2!w>9>E3yFY7C;OrZyq?+@8s2!DMdi}vfeZp6fjd)yulsKKcmbCR;5#9JFRa%4B1fJ@0d(f#Kw%wg z-~+FB&Sx3+RJOGOog_>?Q0BmSRw)ah-+Li`Hqr|wy4w_~#ot^$9&l9E6Q~dRdYY`f z3M0DFVXGtf?^vz7X~=1Z2thtQ9aSWUK-oILST)#v!5E~`2Y^~oKmz?#+SGDXM-*3$ z+tz^&$oY3A)_pucKuR4V7=3WXMBKTCQ8e5DVQO$BJ&~-LQQ15Zf+G+PMQlQU&;BDo zzv>z~b$rOKF_kGYQy%0sjxc)P_qQVYR~G@y${)JH?HPxZe>)V^R%@l9n}DtK`g6l zL)}w~S+5-m*dR<4_qxecBLhZtv(xLSC3%e8viMNu8IssA(zCO7ZUma{-5udug`WoW z5dwIOmpUBQJtGD;8VQe$*fU0eHZK4dCY>TN=?>R4RO7yeF2`JQ`4puGUwL&=zj0?a zii)GX+o1sNOa9J1@f_2>kC4BQ{Ni_Cf8UQj@PQ{w`@jc&^rNr;?n|F}=&qIo%F;ke zAi}@$)jtX#k@&BC>Aso$&MztBw{!R29PrNFTk4;;^V2>%Ooqa+)1XiU$cHuc z?*L;K1wcSdOMntKfXheYO=Nb~;(XQA*N~K78;Tk-UFu97=i5T?_3W0Tg7|)^y{A&(cf#{FxVMKuPs&spLMF5?Nu{xk&K*+*Z42%+7#^P-HWXVfO_kgKw zj`a~2#uw}Aa60kVMEB0w9}3`p8_Il7KTQ7K`1-H^=*f?0Kl=JFKJvf^);SOs31k>3 zI#^~D)CUFd1(*hG$z_=bQ8pI_9C-e#WyBLo(E$!nW>V29fRq*wcvuiC`-rE*%>isZ zV@2?P6$SJ1{h^L3VpG|?c-%G26WBsXd5`-qiMD=y`2umgb+Gma;GZbnGyK700 zC%auK1eG>vRR~M=DS)bL+^_HDU??f_*sNYtG^!TrLRU8Ytaj6*7K)bneadwRJbfF0V4j zDgx-W7bAdEmGo&g6RF*3FN*n$&gomxAe>wk2;fPNH%tMnL(hP+2$Ij4Iz_1z za;h!@$hhJ>loF{|*8OheO8SUIePrU0m&_ylxVztLs~umOzyQV1|r9Mw+4u`oexA zK%CR%(Xqvr7OVofHDfNVvqJz0e09{|LY)l_{Tl?(wbGdkAmNJ}VpsfJ2t%(9J={`N zMO0#qdo&^(i`@cPGav#e=&|wi%AK)}zDVpM6T!UxjY|`fn&nlkNs85x2Jmf2KH5-o z3^N$Hm|F3aCuP!omM15!bw?+Ou9itjj#IYssqk*z-_~R7(#D{|x7!(4xSE-PVZc%EH7zM50@UG^Nu|XvG&pZ)`>Y}Bxi}tMnhd4d zrh0rb%|>jiUI$(*Mv9nyYw9%)S^%lTy&hb{fzcH)I^o2uE7pZAu$sbjh1;8piL0|( z7y=`ZS~4V=P$BuHyPknAXJw_JpYez972G4_RuHp!qL~V49giZzUHn?ewjj5Jgs)0l zBOA?DkZvC6j2M!c;#G8ABmdg2NecfdFH!92L0u0+{?Ocj#hL)_;pIRThQK89yW=Se zt<>*eu4Mqr3PK-cuAdkg#)a_tyfcx^IWtdq%Ao*0E&)8p@UL|A`^KL=c^?gN;75u- z{==Pw@Tb1})t8=o_R%MnWupL^`uFC!h$(=^)!uJ!TM7mEtJPp7Q9lyP_^5{DuGb*~s3$kh`2G2^ zVwx2k--x)lxLGC}u>@eW!;M!boQ^`%NMT8xq?4kG)4^1uw@a=S_lA6q#NBY7CO98^ znTm&*<@Qte`!(e64+Ze?BtOorqxS8M&pcWj{FP4o?LQ1;5Xe=5$bY;H85UVrU4B<; zM*v?b%U~3)1WXTN9;k}VX8FHi921#NVle}Uk^uyOE=GWwa|APXE%XJpB|9UMT!i6k z!jq&Y8JEp=%_D@vq6?H9&@H&7o-1BjG26$MiKU=`RrTzt6S)}T8g}!Q)(J1&e;iOs z*aBCu=W5L-LSCIAsiQ-@*2O{{t98)V5bL=+ritE1qf(#0(%}u9^-jE;K0Q7WMXW=s zg83yAJs)%NP(u=yxLp{6Zk1vo7R-1qd_T>d`4yUe6h3{7h1M zv}>#m1Ib$3XfHXb8lTqS8Q3D#)>nBwgLtyhFpTj}t$6})@PUAJM>2}JX4aTW(AEsA zYduTzj47qRjQ4v6&SH6T%UFL}Wds3dMo7zKC>hY<-wmQWKg@O1(GzhlL$ozaGL!a z183ciMek@LW@ra2fR+yRZqOyAKzH$Bh2&~i-{``v)nT9E!^l{?<%c(C0C^tY9G=-6 z_ZJf;d{T9rS47nx&Gjv8+`4&k%3mn%jzwGh78a&2Z1->{tK>R;rmJtE^F;rQENw4H zAS&8aYd8KN(0gcb)HBx#|2;0(l#AjEMpj?m>FMk`6LapuVsKvbe!{Lu>}UOesG3Op zibDZ>Jfq)pDE;{L(Z?ZwB7sFw;8%bDsb7Bk`)@o=lJpbHQvp#5_tQI9@7=qz!Zk1q z03lhK@zw6mh0f(%M0-Y_grND-C}ta*n?u!`T`Mq=v2nDsyL~+C+TkbpqBqegr@Iov zei?vCZw=1$558w^uC=$(ZV4cl$DHh*_Mo@Sf-Fyl0*7$MczgHd*LVg~5x)xkV-YT* zh4J>TzP`RL9Gv})jg`RL=Pz$8oWP!f7PgA{!3P)~4;ICFMx=jvbd-g3=x+OOl1H@{ zXev}1?c&Mq&e753{s<@J4qO2FE_7HMS_{NhxF-^uRu{xF^}0d zl^)*QGzYairXqgScMoq)X}dUq3ahCJ&ewM9pICeF&E+cqS0RB@o00KgP!o=WG~TOm z2y)O@oY__E+bE=afMdvo+J_O~V~{`QexXg*i-x}+f&Bd|P38g%!{8tO`W4qtgD!)y zc9{y`YoCAQ+O@Z4k35T1R11j@Bd<+{4;U`ydo@$Ez!}VgW>Dyae7U!c&ySCj^5Wy3 ze1;KOfG0BC!wPo^0NE6OaJ;#BIA|1zNVKIuUz@>37TmqW#3R7wrwtn~ipiXbmf_)1 zO}DwyW*%CTMsCT)&8->9!4k7ONE&{`$=2a2X(X?7ot>>5Rm^e+S!yCp_LBeLH*qXUls z3x+2TVos?|YU!ors|T&5kFymcYac4L)=kg*w+RiXa4Czl(j@cjsoQ)Z%0!5?A~vMP zT#N})lSVm~LslFPfgg(mp2PU}O{aH{en0T!$Iw1d2m!)ESg1?uk07Czs zexy>`jsT*OiD?F4Y?l5NhZ_QKD~&t^RG$wJ3L&8Eng9EP^mSCz0|sZw3yz87mUbD@ zy4}Z-UL=1j*-w2`6o;K3hXAUDW{w39QUD7H0=YKILm;H4N8iKog(_7=KF$2KranNf zuy?Vghy{tHs_}c!B12%@XpDc+ga#;2f=b~Nt8)H$P>G7{JSdbhaA9Ld z(+EK?L>cU>FCkP_QMg$#5tMQi?pLZ~azJ#V3c9ZC4>ZMoEAcC}qExUc5&tbVjQbHl zQ4{$erxW^R5n(O(tfB>bH1!$G?((|jr#yX_FT_uNNU-+g0U|%4?e+>4Br_r3yn!!y zi79~eoChW!oKq{hD_lgSGz3)nVZWqb@<*06HbI`JDyMCoDl^X5h;4bWFF z-4$4OYE8`qO?);9 z-pDM?v?u!e+lPaN@8S9setaZts5{pH*6wF=gMBYwixf7h8FeZO_G)6Q2hxcqhq4?B zl;Tr!&L{Ady_>%Lb`w+E4$5hJB&ZhL5)^+lwcORZG=ehX{O|z&`&(Q)4Ew` z)<^yk2|N_Qz2r|az(x93$bLNbVervQP(V%uV$QMLni!+sy?b{hd*n!702ReI99%(c}N6jr}nP<;PKWN6Y0$-P5 zFuH(|9!V^v)}k@3V1lU{>FDaxQX&fc{l3)-6YfSNf#bBJf+auehhbhYl1QccqiGtw zmsPU_Q1feTiMgi5#U@W@|FF*j(kiZ44&}h^K+@CQoKdV-RA#szK<>q+I4IH9s|Bwl zaAuoyy~)!x!llTv&6SM|#*=P$VBj@tK{9G_7z3QyZV&dH*tj6*MC%J&E?3XYW>3+n zwGB;UeR@1Ty_%NLQP4YWLvv#-i%p@0wJFgx(bV+Kcv8pK$rSE@NoZC4k(;lHC*$#W zSFe*h=9?e3_?r@K?%fUr@b9o+ipIZhMA`4-ZtvTfUOe}vH(?MApAjwxEUzFC3!z{9 zp*O$a1s@t(IYJyDB~a}-xqJhCEk2!#WDB!4D3sc|aC^omjAB$Z4NSgHAar}r&PoXu zxnV8rXjdX=8HH$ktkJDn7IhW~NZ)11=p1SFG&Sj7Pj|#=t^?%4w&)2@l3leG%c%GL z82i&}efTubNE|>Ufb|dePsif{-P70J_Frqw{YU|%`WZ%Bzb9Oe=Jrl@b2T(`s4k!j z+`#X#=mwM(#mpzHq{iIBX!Ls4(kAC#LD`H6iEwv}wma=65YRQU0HWA)j#UMKB<;~? zGUBs0o|z5>95%<n*MwI6M^e*U@rJN7sHfUNeGenuSR?2o3BQ)M_3A{&}l+{-#M}?U7-##@h4ijP1bugMo`QauCA$d54?t6 z5p1e4+c^;iN~V^zY(6;z>()@7g%UT=*ZU%wygBj17!T`AvDI1!e%_^n~DrCqNy?^Q^E0X@silsvV+`9yL z{raWS^v3}z;ORFo7ree+b`>EMz;_A@;gwfoM~=AA>?5Eb5&lQ`)YX_G84l7qD($(D zXZA>?JeUHyUuvqUBK^|Vf~vVjMY4@bu>1JH*&4!IK;+{HnsvM95r8?WY8qW4R_MYBjlc zI*Xe*H(6HAFpOANGC&#xZcJ@>ZY4`!Jy)!6poZkedTjO*w1=FqG4h@kP}8{eezy#6SRksBuoYF zWTE0vmMdb_Q4L*OY}z0aQGt8NWJ?Q8jj+2TIUP}jXO#ld6=K6nP!I0|=IH^s5&;DH ztOl=(&a}#RT>8XuM-{C{NLrk@&?6~l2wV5nt8dnI5cO|wDy)0~j*OiADz;i%$CY+F z(W%DT6=)sbiG=4{NPJh6S|>XKQZ^ZNae4g|&xm{0l5o*Ej8Ai!Qu_S#4SgW6_~yCg z=-#3Fp#bi&0&pE=X}>;r{VP?#OHe?VZkCkFpys*lhFz_g^d zGypUg=v#3y7d(C|6s7=TE7&95!AkbP^m0hA$5wOif9nMiEK$z07WXpwP9W>HzwlbZK2M09>>)qjxk)-GI0~2Q#NJj_&^OrE$sHb z=1fLhp@GO9aFCNv0rZ{%DhC-TKLn7kADj|K;2Z53MwRx&6*;&Kl*ktE~lFSh|UWjTtS+yHo7V+U9Ocm8&P+nfPex!U4kTVZQnm0sHr|y;|RSbs>)zDxE7~- zCIpb6DbH+17El}A$8BQj0au9Q{Q@6QFP;zS4k#t~p$#>GX|eB7hi`c;0fZ`^?TnFA zm6Ldo$l)qX?*mRpqrVCEsIAX{GdMqGi){>Rzbl(l#eYWYw+^wyQk8lGc z3ITkM7=>WI@5-tSfg34+5>!5?It<2RMxj>D0+B0(NMLex3f%k|G>_Pi*E0{F;AFu^O{c(D18QU#Pm2nWGf4}G+Z^v_Cy2oO-u z*(;F-siXi>*GwdS%IQ)h6|uR!edmUr?7NfLW?Uv_4`VId=~zQ8_|2Xu-uIM1+A?A* ze&~!!#FOm8m83&D2BgVLV?`AY`-xBsIQ4K5!_?rwi8hx8^_*W01!@7WFa}r&vl4oO&Y`7Wgb0SWM_Y2pe zxL{x9793+3^MI2Hi*$&kg|XPxj?mDx#wov)TlQfps8h zV2y(4_pua;_u8|5&0NT8L}(RP4FfrtU3&YPRWk~UcslrGBiMlZhXe+k@(yql0)_?~ z{CAWL6Bai^I{cKvwdmLmxcG`H#=1iRT6)*jhaEL>W-Rv66y`ANs=;4Jtf?nEn_Zm3 z@@>B+0NsGrGPOK7UUoxZbk9m)W&>a{*I{mAAbw$76(YAivLGR#1DchDRR@}8hut|X z2?)UU!q7lGSzNfRZm3dC73K4!0lF34qH+{FntR%gU!JGa5%hDU6ISJ%0nrCe-P*M9 zRrLG7&EJStsy?e$*G}&PhKdgO0#2sJO{YvO3#h9W^A=kGR>S6}T{IxBhH=T$>cXBx z##{kE)twCRj?_SBFXN2zb;+vh%&Akiv-`O32P1%#!15Hpb&NsZazN{!_g)cwi3)gK zGQnlDB3iP*uYM;4aPjIj+;ji|Grdi=YCNx!HSI#j*jbKjPu#!X>r(xa1FldRF6eZ7 zs74Sn(T|KTo6DZSQV5}<$9oOGk8~0H{2*kl9$$#$L|?BpR-V1w;YGfZxfbto#7+TJ z;I%$rLxX*$JAiCw#=jo{#2HQMI1D-)Xx2kPRb1UKqOa9p3d>eS#H;TKWha1m+i-o4 z81S)u22Nc*>Enm<>y!FV-9MAHXbQ9#X-mbuEl8Fy z**pXCqwwq_U5kwWs@)y&?qS80H5Zc5?pmz3sl`2Mv^YNg==4BXDAV4B)u1ZO4523| z(aV=tGk^Cc9SY#18VLwT52pTY@2WV~#Bn*`IpmCUq`WJI6=>1|Kjzx$8H>{T2XFWqPY$`Va6vxQ)&;qhhdU7E(YzT2r>f1)TJYMgF zr**c`!tE(`dvk8g>$Z7AovY)9LI4C8V$LpmCI$wM$CulCG`T5Kv^zA~vv!*=+IY zHEVIS>BrRN(XrsYYql|yhp+l)Ql1HKN7A$0&S7YR6 zE$t&EYhjMApDUMnKvsgh5Jdbp-&@JD7LLu;nCM%?GO)!PIjk+SP|Fq;+Al0XtIAf> zA}LRjl^~=2^M#rb)i=D|-#XMA(=?N5%0kv=VD@P>+t(YUgi--BJtw;-Ct7p>^`o*; zFoG9XJJB&(n#Nj3G76c{`^bZ6m_%FxCm$A^b4xKXG3U|!%}aDt^N#f;Vr5nemv0)z zwvnM!SNB>ZC;^!&8(nr(2q&U|bmM~N>*EaU*_!Ha-wd)8PObo<_R*p4m)|_YQbbO- zvG9$n`DT0DqiNsnX#`aGrn+8!b9+a?b||w2=q#uQ6)-NIi6~0tOT)HyS8*L8SjY843zh@?qx^Q88Jm@QCxc-BNz=s0(h!udR3j<(DfE;}L zz|J7}EfyAG{fTAL1c{G!SLBa47*g>YW4*cDQXX zDG}a>074iVQ45^Q4b3((&a{Sa#?;Jee=2omxY1vBKr9Oc18ltlB=i)B4o}Hr7=;{* zt4wxZ9`gW_h57`)-x&mETNaX7Y%o^&!fb=ogI!ltb%E%D|5~^zvM*RNh!d4k?wFE? z9`e3&bv%+5JqRTQX;rxOI7`tqO)G3O%$J_w6Y+=fG!=8 z`q8a?8Xb6dA!9Uo-V3HWXqrJ9jGLb^PVS$AQli% zsgSNl1jbe?tJJ2pASf2RQ)Vdo|$EH=rN{RD`2P z%Y+R`0emiSsL#kZ3Sa>MsP5+p;+oltM+=~A5l8Ogh_XVk`z5>X#eRNt=aMbO-&Gp) zmE{olkxkuoq4NUx61q$M{hP;qcB|MP7j{npEZjWVzUzd_Dc=6y5J1L%r%xa70C?}U zFxTIOLHD|r`8W_n{N=v6xvR5{S=DF7CPr{1)ipQQIy8a>VtLFvc+?k`J39w+QR^sA;l}ap z?rCi7Z_db$6iTkdZ5>JD_u#C-G8E2e4f4;k`HFx!D*UQgu z{ck9stD5w!8An{y@)4-#&jks45JI#qUqU zig!J%>s-be<6BKI`SVLRY^Y?@J3PHpn4p#WFIRE<*7+G1R4t$E?LGU2kH7c5?|AQf zKmLVpeaO659kja?8MgoTL203X{{t`t41s@r;2Ds; zLqM(tBpelKkg|vYEgH-_U+|&3cJYOy{;jkUD%{}E=Xyaom0}8%xsNT{(9kzJx||9Z z!uot*+K=f07J^*8>(nfGdMboY$zAK}LJ1drkFYW&mKY5L9N?6UEzKJo2aBo1(r8i# zfVin|sLh^VN}Eo3bT78*C}qn=D9TKZKV zUnAhaH=-_v`V?QymA(3fPrvsaXq3S4HFKcgi*_c-Y^}8gLMNIts)=*dFld;+eCk%4 zUHNYf0skiia2*)@qx-0VJD3pg=v&?;CBf&)Vkw{{fG>FUE9dUo&9#7)v8wslsS z(;V$5yMYAbhuZjGV!DizdWRqri5>t?sX!nVWa~` zA8Z8Vs;&v{6;k%07+bKPAou{B_GPdTOf%ded>V~s)YSVwBYCB9Q-709XhC-vj}C(`m4w%K?e7!vlQbo4Zz?jt3M0;77-7 zPXp1i0aUlZ;BZC}ROPJ4i=YCn+7v)ESb~IrgJA>GC>K*TDW$qV7!3E^5kTnDbkYVq z44KR=?`dyzK>#r_g{IcyNOg6N0nh}gv=xXny|y|)V?a6%EHtZPo-}pgO2;BuC^jhA zV8q2;36u`l1ax1w7*Dk!eu37-U zA9o1XMWnKD_m%5JiiR`gy$}2X4gg(Mu9Yy(DzCs*LP$PQa$>DP19H`cV<7b<-XqEt z?Oz`~kFPpX%D~$pJfALrA94Q23i$Cml>(mCQQt*0G96N_k^hP);M9s_T&6XM;jZ2* zo&#p2@d$fg0NIW$!xHdMX}8RWSx*5M7HKcw{H49n5UdN}7gzvK+1L~$)TxyeA~PW1 zxjkAciHCBw3t)>r1s0U>jlggLQQCo8Zi!y-{!IbIboEHtm4uH4u;4HZ%mxXGFWIiu zk}kn12MHS_j47$kidGPb@xm4)Hdf5wxWjn*Z3rM|78W~l6$hzmWf*`wQa{XrE!t3r zWTVn^?7Zev=|q<(PDq;K6mb_{G0=gC2?4U%G@X#2BfG`92NIEDn7D1J6i zD|diWz!_kRdi1l0NrJ3$XR*XPVUCrK+ZjoW$7^j6Kqw%bVP)%Kf&$|yt4~LmuuyR& zz)EYSd?ntBgV;q|k*u~-x@HFz-xn#NEcm-b#mC##_YWQCX4C zbl4z(f&xf?A>p7&0NE6YD7Vg%apQc?i@1!cdquM)>-4qStWllm5539y1~E>ME$)LbrlmsXj)FKDO> z*lrVq#}enMom?&X6nUcc1dk&HwB#SZ*wVId1n^S=$hDnhtCFuK+!q`QX12Nl4&%DG zkX6@&9TEp^WD*bbRW;7kF|5VNAV=PbmtYa0FxYdMOB(`_ONsJr#W5{9S*A!#{-c&d zQJTK;!C5bDOxKYU!fkyY;P;__AOHBK_?1tQBS}Topj?RXwRBcpQ>0YAT9PV8ugrL1 z(P>gR!d@4^rb_@pXEp<70nD-l8qYYfc$fO&CiZ|!x}E`kk@XKXV5R{!cMQf0tT6ks zy2pT3ra*o5Of(+VH0(!?_g*dHeSm`Kk9}9Ol8-hl5Q~gHCk6G!cp{)_TD<386)7DJ zpOe_1q5@QpZ7jvGKN6^E-rHUt58C0%lZcjwnscFkP(bh0xu_O|T3O=dCy5@2o@A+R zrhl9~z^%hw<-B8;?C1Pdof-_-VQJQdZM=&9KCd;#TP{KY^M;2Yiez7mj)&1RycL?k zDP4b?W8`P8U0q%7(_`&k(I_p$RUp>d<&L^*#`?IAkp;`Zqbvze?;#REOsqRfJG*+%)YOKHwyv~@km@|7ng`4(fH^w_@H2Z$0Jm)d%s{TPEP<&y z@Le5_Z+?ehLgIhn$KU$aJ9lmp5?Wv!44O#?yWH-0vfi&KB99=kFLdI>iE#Kt2ysnG z0ipdJjScR2v|;iDN{f1k-Nk$oM_r0kAdSS5?r1dLfKf@h#0xLpvRL_dF@DdrMUd+0 zY%Iase)WBKZ&$qGXA#<(%LoLof9k#d8_{@IvYvXjbY}|D-%(!Uj>kKb;UXS;67{0g zRh_$WBN~0TcG@qd*bQ~vBO{SWSqM?qw_o%xg`=ICnw|#uU`uQOUv~5r4}`Ghi0LY)haq2fnqmNcKp3z#M5Ak*!{D}?0npT$@^3!80PYTAj$LJ1@73xVgHKG6<(w7>**-kt_l{q*!y z_jd4sr+X@l0jP+IXY0{k@7bv^#+riFL*vns7cWkuzsLje^WtCq(RBk;)8VOZ?)p#v zdgpMM8%dIJAQ>Z*V-GI0^eW<+VffPP6u<2UbjAfSDX3R?J7G-NUDFypK6O!8X@lH zH|HPrwx=i-a{`#N#|5zI(ygY9YQQXj*_OZ`ruu=Q zfMDaBpNnts0FN;Zi$kEGlnGk0i^%!MptqcVh*A~#n^*kjy#b;jhiT~G)?iHm?)D+` zbe95%zwBhpiX8t~0Mq{k|L!<3BPv(=k?Gh68Q@-Wg`-4kVlh(^Dg-d=68O#3BH#j5 zLCn7h$etjOzt3zFK*a8*i|LVJkcitENbNAEm*9Gv_}Qt$NA-OD9v>LhXSbUvbb#sZ<{fjvf1>%5F)$KvxlabvqJz6(e32h zWi0#gMM{Acr5(mf`XMnVOVW}uFQM&rX1z6>0g?i~;tITnfT)-N&(5bZz~5vbfLWJ7 zV-av}i5CIQ-wgr*{N3ja{X2rttuYA;EwZ=~WL;k_HzuqY8=Us(9Rg6Vl*=!wf@wQO zLF6!2+A#+7@gx~34(T+&&KzFJ7#9$N!dH>gc#A*`+V^M6$T zaEbUjkgaIhOl<7JK%Lj9gNt;~Gk}9t#eNBa^N^)|1+}I2nb_!bvA*H?5CY;U)rDrN zsyezII4EUfX^py0%EDu#qXT|Lpc`bu+w;0F@UgulfQX4%%sx4OpMd~oT>^h^yql%F zTm`vgcKu@k{5%DALGwNs=HmAa)W>F~%OsARHR7FUQr%QlRaMB( z`|wzfP~=svO~+!fP=p_yBN|Mk?&;AO2B6L6WVK?E^t8{6UN~{mAqvbM*0JnG?cu6e zxY&`S2W(7VP~Xp;*dBk_NE=gyrIBgG>& z@Bohp_@5G*92^b~ceVa3qDZ11Hc>g**w9&1JB@wJUMQnP+UCCi%7`3y*LL72l!;O@ zsV|1!U0HS~>y;x1Ji7cTk=S6DY#knKqJTDF3?%~>FA_E;-Vjy@+z2A7qoXyT*{yj& zA2y;(*~kEMog#Bcyer2M7Dc-1={J0AtN2 z@my3uTA}&C=;Z#aO7@i#ln{_`L2$0rK>vx#Tmixc&!qO+UfBx5i`<(8wZ!mV>S*Yd z?RiIm+Nu*DWTANTmUa!n%F7=|0)v!%)SKv$tVMp0N$E6yZ)t! z(BJyj*M?hJ0CRIILp44-zy&23F4Sa3zpzX?DzUnb1Cpeb--HASwE1|rR>W2>XKkd0U_={IBACV!aV7mW_1C?1!{xESHo@k5~qNs zTx9=mg`l*_R-%L*Wk$?UnAU2&_)=2&OC|q!z8Y;kNkt}SMQsB2EgucqM0&n*O`<%% zqE!Ri0*}Sxtv!u?@!!;BYD64$TU-R`K7Q0v2zIyAjN4;$0o+~%-aEa(lIj%ojlfEEv2AdvyF7ob6B8k21LmA{4E%ak^)#zfo-gWCXv- z_UdF2!0hGg7!-Em|Ee(WZ7oA0=y>cOAqVbgD=OWBb^4Io& z=11tJyf5a-vKvx%MdpRINV@8hG0Q@gs zh1pxGf^5oO`~O-9%BgA#r+O|hD#mYwD`{o6?&|nOO4ajK)iN9>AgzS2wAKVJ9#Uu^ zrRDSI%5b9qh-r}X?Ffs7a6ILG2eKi6afYN?2nGc5H_^;Y7kgU(F$ZqiqCx*Y>jKCU znBkMoEx{li?ZC4p=i=`aKrA8+xM{`$$R@&`IAzP_CBWEqm81@G6%4dih=(K_1Q2xz zJFA*2=yQkJh7ztic6&ZXAWx#)Ap(^;{Yj0j-h!alVPaftW1!z@&046cL1xzlPgk%2 zo*dLLTJV&GaQ2at5n5`r4V-E5(X@o-j}WQgpV~38707Pa5sUg{(5!R;911JcLFXuq<7dhM zkLO!R0I>_g=_rpE;3!6#6+o=hCn;CN6pZGuYVh!9p=;V{*nfzqG@r(@Af0PP#;BDO z&{%)~j>~pK05LBk$_X)6Wjh^2*fp~H_`d+MTXKCg$k{jOVJf)=d+Dacq8Hi!!>R_= zKy8IckWxouRJLHH17Azl`1$wzA_-tcc|cWt`7~D!%GayB|Gog`cwrTnhnq}EWiW8M zTQps(j=t+(;CKT(Ksbq~WBy>%t;NN;T|RPQaiNI?5NmC>GB(770A^nTjc(xCrMoMe zYilp={>vL-=5aMV+hLIA#;bnAZj> zy)_t=?W{qki<_B~A9KsV43hvJ#}pWxQ$Yl1y=%CDO=wFBo%T_*pbE)3h#Dw$ObF!$_<c(7%<51Iuq`x0mf;KS4>dh+;R zyDTs8;Z}BWURKrszxai(f9=ONzYJq^MC2Xp+hP-QxUDH7W6>q-FNIAUFK z7*No#bjKokCtY)-(aqanDA(fw$mS!pffm(@1hhnMIMG~5BS=z0?~nU@`LGX>wVDoY zXZ_#Z1O18s+Ms}O4K4*xwX;w)+&zLZhWmTepe*+codW1y0!B>2mg%+zS=BV3*4ft0 zI8&Uel#MlLLF^YC9s~~8NwGW9XDF_`FmH|MN@7AeB%Q6@QEIeR(2tPcON`K zrifU3^5o^bUIdw)J@}s&KrS-xQUHdXVmARYfaE$f>u-Nr0lCj%uo^TI0!+ z1YtMqLuz`ESp+qADU}-qM5WC?T7yQAi@rqvSdr0mfbA`fsQDgu!Dg-svn6ID2x9xy zGXX4LY3|G6BFHbN5DvieTUumn&AuG=?j`#0e>4O^RN7<7!NG>c@HO#($7s8j2+7@W zI@vbRXW+caY``0uynOE5`;#F*zU98c92ZIQ7PsNywN)byvO~xUyI(1bwc>TIOkXoA zr|}I7;PQ)GsWre|2;k#oWQxWz86bdc2{Q5D62NcnP5_(UdTV3x*8IW-6mZSV0{GQ0 z{o$A2yMw6juzgzZ1QDEdQ1M^$I28%F=z^+=j=@F>C@+G$J#vy{vSp#kksq1tE=0d zy`k@#?j9{PFm^)c(So1d=jro^(jnGA4y5J|hu<$LS+kGA3o8CP1m~Ehj5jQR51*!g zd_@3f=io1{PkND4;fG7Q06u(cd2^c`$i&3lg4qOcd6PB*-hHsKcHgLKfR2!Uo>~4l z=`iN-O>@{hvn7C!4^G^=^`G2G!!#HWp}+k3V+frHBcOXz#1L@MV9D7DrDE+$fn1Oo zdcAdZMSf{JBGc1{-*&$urWtY6W#C6Rs90gZWe^IV=_PbiI@!SZMM#wBK>$<3*F$64 zi|Lyp8UvVL2ao^1{O#cW85hj+x9N>IC5>?uXyh}_K27uEd(0@9>;!wrk)47${g6y6 zfD4-sonZTY z-34rfo;Rw%_g7y&dj4STt}%;WK14PqLiU!CmED<5#pPd*@QCGknRlXhM)YJoVb|8xpX~@1Y{v<;%cT%NsW(ua2 zvyFBl8tnHpMOFI$%HQijZM|Nv^vYc`E|DRCJAtS>Y0mnYV)nX}5$5KUz3D0N${a`2 zD+2iRP3+GRjN45nW_jfhj;XR_3^^|CC1`UY(9C5 zr3L8-J)momd>9*m!WpGMM@VsI%;|4TLnsO;;dZF~Kx!2q<>wlJNlk zN}&t$pR3iHcB{Gxw!thfr3G+tbz=isaqA_1nkSKXw0N*-bA5B^*8Mdo#Ol*$3x)tb zL;m-2W#I>=+6X;QV$JdLK4!d-vGsX;8hkd?t?#dIY&?Sw($OYe03U3=m|LN#{nNRH zwTE<^1n|+y9G6ibld1U63Sim~BsFlhOOY;HJgRbDH|NPXcwWrR>FrfRQQUbFAKvc% zmI@&~s52Hoj{U_?pbLX~M;{hU(_T@uKS^;=4TNW;`n5u}i|@7$xRughK#Hf%PpySn z4^cF+VSx#@!Mt4DRs@-Yzxez*M1iGldHvZUF9(w1Ewd!B0P-5*vx)gdbG5=feX;%= zxhmrM!ofAl{BEIUy+-eqX))v*N1t?-1#knOtZ5^a>us)XK0^k`xi8Yi4C=^P5kOWz zPoLlK6-2~q0?2>k43Rw%|8)TrL8_CAJazn7ovE+aHv9;W$Onu9bgBq~(+qe!r!+Vd zH4wq5wq*MIE>g8c6vzP2oMZA|8^=mneQ7dTJ2r(&!}pA+%t~3fG6PhOl&Z@#*HqGRxQo&0`-S zXeAJDePQk8lZQ|6**Lr9a&ObYdHNttuWf@_d;NX<9FW31NVi9~hF`FjI4T>zcH*K2Cf*D_ukM$J770(hvdBH}lquCBYz ztXl!!XchSWYgJ&RM-WEn2Mb`+i|2Z4#q;}rQvl&Vv}7tA)~)+XOoLgY^o|8^*$BM# zyDyE;wl%${#BcsNPBnu79s%e%s>vl@^oMGzcTSXlwM~?crk(yyXUuy zXwXVr3|i%A!v%*^k+?%u#O~-GO$LoRd4e$e5|a=5usd4wwIs0NT5l!5nbOHd40Nq! z+zp=#At$3*qSsmU&LW0>6q8Y&_z5s$Y|fpPwGWPral6%h6D#^&Mzcz}zL zxefk^n~zsk9#bq#(2uK+pKU%$3E=ZZ`h>JVIKlJhi8m#HTmI5OP{4dt2*+Cf0%SS7mgQZhat~I)G5O^6? z>qOJAjSg3qHAa14->ddubwdcy89wu5c>s-gXod4dlc5aL3d#BFi$DM9```cmx4-}W zk3RbN_AxU;I{&rkzMSxZ6J}R^EoxVr;|S&JwvnXF?ZF_^`})HUopD=qdfZAxS{MF| zhnzW-DcbG~0=z?Ew`&dfV#vZ2c%~O_2!QDxJ)RfThKijg?b>;x0=P0ir^kdLfU_Hr z1xkl_4X|l$;r=|bLQ3{#A%KvCv;dM+ZqCl81n^I97K#5W{b3JKz#t&%8c%^=qXALl|@4U7ambUwX&H~tT$_l^b7rg&+*pQH`g|3OUu&1xtH`7pDrPvU0!X%Vjtvj zVQF>w6#+ynJ;BLqD=%pBzxn0_(BGP{GQ1f?D<5bGf?kS1)?}L`0aPSK-gLak5fP^15xSYIx9{GtQ5G{CGim(TQrZfmgL#<)qE9Mq#8&% zvLS%ZkxoX@&Yb25{pRguyc8FL{ZG>LIaYU1u zY%%d6jCe@fn4do9Qa9B?p7HeF_-yGdK8U6l2116aI&V$@+t0KB$;Yk|77`{50rF5h z+jwfSA)viGIoSwA7D5to!`C${1#(=iCVD?z$5q2+tIgo^R zF#|^Srwic4k^PbZ3f`;Zw0=P}vi!q^?h{TYSrVMm?8bLmKA9Kf(#3K*E(fee1mh!g z`EdOQt%vg=e?A|MCXyA|5J16J-zyhbK`v{#5wm|CsV69(50(T@T>z750qhCs0$7nODIkw4pN!KJ zrT%OPAfC0nXSl=ymiT)P(X{2JHzt60S6+!*2Pf{YtSnLc*wWhSDkw3JSDwyNBDA@> zzWQPTDna`4cyn#@e$(R0%Ck!(9P=w{>+36-mVrOay8NX*k?t?iTUuXRnY+}a1H10i z2UwYBvP09;wbiwidAxt%Qt{_g9Ojr?!H3rA3Aa!)nZu`@eYUc)3!qk(GC-%(dG>8x z0FSZ&wmEp~?19Q~e>^@sEX%{u{!nVmOLHXIQ&LdiviKS>0nVWv&AXohm(|L68UDv& z@s+axA_GjwSib_*9T^}Xt4@I+{WS?$J(@=XXbpBXqBsoBe%S4Ur!7x`0ol5+YXRiV z!Id{z0QLC(&oAyD0aT`HG_H3bF)xUh_X#<;Pn9uzThP^V;YtTeBfRUgjN)hm2>u5HVrLMbg zB$y!}~V2MRa9fdHp=WWKZw2XAXZA%-L^4$&H*gf%EfW3LR#G%U&B7JTD^ zLN6jlt|aIk@w#C3P}rf6eNuaWpd{}wTP*=7IFN20-rbP=4y^$qcnUmx)2#Ed%){Rp zknJv7n6PV|9f|-v79fkY0hRpw@Q*eGw{&KAJ6fw*0CD|&=R>Hid%TsEq5gmj^fzi# zz5wL&NOtz-fG6&=+v8PUQ#Ku%Q2;ZPOSr<#E~S7~83!)5 zAPZoc1w+3F(!fwc29q9ngxphJfgFsb1>?xpcK-SaXKoGy2&kNTNGK}DaFcsV9hp-y zE8CMAYJ-%lSQD)w?mM7tPm_b>$q2LcWLc%|batU%E(r$hFpBdfYWox$swK3EMusW+ z@#7X(i+ik2$!tU(yYmSPAZEc3z;|q>%uN2J5W8ywltg1Ev^&-(=;#O~)LN}F{$B0` z=vk3yy%j|et)!#`1@@A_y%5*dB^V;qRQpH(3j@hwDNDP9AhyXK-*~y-oZmBhUjRV_ zoSj`fm|-{Yhgp`tbSH4r-K8ZGKuQ2F9W-;iCV=1sJI00rY9Xzz^|po#mI#N^c>PRR z5U7)i1@I8uKH7)IebqIQToFeyL^fd`jK*&1YNDndSqUHYUg)nzy2pMbp~^}fOj0-2 zsi{Z|t+eG2L{td@_X@X6#l_=lytGWg)HahBKXy~*eSoZg*as-=n~i`3ga*)C*4*#U zY_$W6-r~tFc^IjBZ5XYCbW{Q+KUUustHMUks?pIp#zv#&?mv-q$5rd_VB<-u_GgJw z?JOP&^oLA(jrY6&HX&x`=Wk`W2>4-^RO)`I3;96NO?Hb9u#95w)hur}rrVLlE@xm8=qU(RK&Ru%y;_HmF^+}9Qx~dgERBW0U+15hnW{vJaqvRO zXc`rCB;d91=m(86?S0HDWCav#Xa;V4?}Hf(>I3ZDlu0YF;wT!qJ=rk$&h0xli@XBL z$_MsMFb-PsZgE#WWgx|nJ0m0=dc_)u(7|V@&E}+u7haFz-D>N}0`-TM9P4JT9q^bF zh`$d6kc}~akRcWS!z{~RdKVzifEVUKgEn{m_qPNvM<8m42q=NTVneZ=S4sni1yCO_ zQ|}MtGOj9992IeyU{v*=ELmDU-}s*mW(Apssfu^0Z9Nq_sTYCioXvx{hPR#L)Sdn?(P&hUO$xG zflg}szp8tGW$#>m+PI=HPVUr^2it?+nz*qoyY-9KHlbKRFt&NW5m-RNBM5;&Y*1Pv zxq{F(5=k1V&=R38(nX|76-_p2mt8cANZEE*{(~+mb<;)vfPUwC9P@0M#3tr(LP!{F z3}fc!bMCq4`vi&{jMVszAYN0Zur#y3(*i(rL7<4Gt_J?Gu=vYYz^gB|9&;_2nNn{8 zs{!DCqX#7i zJv$Jk8ck`u{G5CM0y4|3v=dMX6#y(C{-_7cWAoYL>@L98Qr`xsl)$P0nEl*4c>vN! zg$5wo13;!+LsXU*Aa-84XN`S3)-&iVJNCD1X@x;7W4j#z0kz#!Lol95?@iUYtQx=V zf7yc&02zJVxBnEJd;n4jOdDZxxcO5Z02TZdtO9-p0Im}N(F88>I0S$PF|9m%9n`Zu z8K4ry%>bE5Oyostp#Z3%hY#Ze~6!6je%@I3~&`0;PMI006FjWhT~4va8+HKAqyuB#Vec?vWj%1 z<`;%zVR831ic~)ix}67*>~(?{z|Pphe0S;$+G?VkfdmZA{-#8)-QL^L8HC6gPv|U` zwqWFTb8qiNZ6wWDHd8CZ#+uHK(b3VNq~DDj@-&cL7JcIrqxR98b3U^`2*nv?%;39i z_e}pVn)I8Q^H6JH0M!y6p$BiAmeqym2`GRk$@1-K6W&78n4aIOT_?2{Q8u4%Ln_DWtC*~9#FaYkchfP&8yMmC4fhMe>pYIr?VoGL)t~6>c2cMLEJ2V1kk#Lq zvrAT}@pz-PRR#-zfJSj@?Cmz4Bt`8HV|;ffl0I`!$C%D*s_2quTXN5eg;b^`2@@xt z<|ea2Y0DcL?CqH1maye|JZ#vHFvZ$RG+4r&(dqy~@+5tjc%)4^EIsR@Si&f>ZPEW< zg8b(I+`~WWg3PR~uc>N-JpJdZJpKyS0?B}XkJnc>GMVKPZvpQEAVLA)p3I72LZi_m zL;Td`YHo5HidUcr-E)0>I;+}V6Qs2yI_C6sgm9_ZOp?9Rt!Ux{Sc0MLli9nsjDq?U zPIS(HW{1csl#ioHU;X8>Gt~wG0LwKjI2V+dd0*SISv>G^<68yW2wlHC}!W!2N9yN&(l@rGWV;WD8{D#THe- zd=BoUWq^kQ(C8!kjsS$Kyw%rw43=UMP)H}CFQc=0t1xW9qX-mzJ(ntxZl`x3H2`X(~p%gJAU|eI|Y2($%Y1 zLBPRC8v~axVeOGgHcN|;NBz7wW$xsFP79UPimpnX)azr^Jo(^3V!#9y3mZvh$Q{=W z0^>eQvJD8s{dL~b8imz2}?rAoT9)`Yy$FPvw9 zs)9DcY_;Z7z~hdu6k(bzWPqD|7j)?-fQJGQu@g&{y4n!3G95*AAEc{_^y-WfYS0$Y zWkYTrX)}^j5;U4z&@8E>3vPPUCm@62i}*0bj0|`>>tKzk3V<2_u%{PHCDlBwNrH98 zDN;i?Dgc9X&||b(iGX?&G_sfgJ+fHB1)_10TD>kb<>Y(ehlk)3fQ6)9km5E z7m(rVLEUr1h#jvWIH1$Pt7>u5Yyqw;Jt3R^YUNd}l`3OT2HHRDgcdbe!I*C z)x80$Zfx*pbFlyzY>Yz+=6xU#g^+|)6X~AQ-$?FBD2%9JovsP;Z5&R+CqKmFHj`~> zseN!n&8j5T&UcbB+#sz~!I{P+Sk0X&03ry0SlF|f^i%?SX&C@qGE`lYB@;ql3BRd< zWY8kQ3Z|!5A~Ejw;g$rWka4~MB8*VC0|zNw_a+S%YJ&{lZ`X37qLS6!`xIh62V1gO z+$)Q+w(`>ZQ0O8#T{x0}$(AsQxmr1DZFYaz;c*VYgHk|hgQ!gb3*G`=eerB7CxmbU zYT*3oL8=+fA{JVq; z3q~P~R`H;)l)QHB>oMu;YZFPI!Ep3xUSy9fow#DFutJL(*Q!ox9zI*!0r{B<&&gg` zt$8003Hp1B9*{#RHj70>gs4?kGZTkAp|?(v<5_J zNdPThsNYj#c%t3bRf(fuqb<~FW<)>@bGXCd@u;Wsf!VD}%K#k|Zb^so3m2f)YLz-- zX9<4@hLzRu2(o%Iv?BY{*#RtK8V*30 z4gvm|T=s>s!{Z!)2M~~UL$BpiK#YSNWBi#<0Qn}s)fps!CEo)+Y6d78(kswZ2LQd; zpE8hy{%CQ6e1XxNtpEY_0VukY39)e5T*EuIolJ&0BT5yM~FQH!Y-kRg-=LJT0o#XTbJ~>Y?SJGC3_@{J_M&# zhsUe82K3O*zyFz;F_7|Ny&qDz0kTEaN_e6Ww3Yfnt;a@Z)oY6n`7FXA4Hz;-ji7|) z0JM3M*Rh9&yAlt{)Me9|bhh^U=Kxe20AMDwv7Lj?H%Cy0E_4T^_3?{r3j{(47fwI| zcqjn(f(gKwmULq%cyuxnz@o{AX5A}zC$M^O+-xBLGNbP%&o;FB_bDs9NEfBRH|o^i zn*CwQ!9-Ej*6epsgQXu0N_q+_w!z#mursv}Fx!iDcDHax7j%JYgGMoz>vx1)6%|WM z@!rWgywp&;iJ7YsQ7>FsY*O!JzkxAEeI%p5(Sv#b3nSN>%zOy~wXNYnO`pvg@VY#= zyAS&%Api>X=^DF)7K~T+B&%pACuM+biN3KhvfheDuZ#|t9UkWZJTL`B8w8Eut+&tz z`Dw=$WXgSy4nW#)h^ya3I{O2Vp0=DZT`aEV$m;teiEDj**J_&T zXt+ni_!AK8?68OIL&*g<6Zm3-!vXc}2pw#k>q&`pBL}U)8n3r>e2?**7G)HUE3ab0 zZ9Fm5_|Wf$&cb0CI3F5u-?}|y$K%}MqdX{qajd_p%BMs(?yVw<0KgAV761Vo5C;Rn zTWc3oXyX^O0M2Z^z!b>FDiT1f0G9k9@Ie5)oU4J^9x^%RCo#K;tHtLONJptiA&C8- z-X6l^boj%s>RQHPpM6UQ=a75~V(!tIB4Es3&phapheP&IZz57>JUxyeN9P}-(<-{> zdxrbngs%#+^AY;4K7Z2dm0nik75HSD5><8dc#q~?*G#@VjKU!{GE=J5y<@q^M!0iji zxEJQnR|W8k>>fb!14cDo#Q5m#08oKa@r9IW1u~y#?A1ywECBI?oIwEQf96BCs_YDh zn9l$Oev5o%{92}Q%I!)62BjAn2a=4h3oN{Dgg*|is)9yQcl90rW_ZbGj-=q zEJzUx#$vJlexty5cBg~xU^*3a*VUzCPTmR?!m;jHth*bx0M}k8jKiA?#1i4n(74*T$=i7S-D%M5FuG%IrP+&4}A#DJ%b2 z!&vIk-S5Be>+7@gn0*wcorDJWqq}x{2$J}ty|Z_R1%Yq3{&sd0H;LL2_aQZ1FKEs@ z0MQ~cSj-K5)!IrZRq3L)eaeZp)U}X8P#{n(+du1eQd%uAAw3sbs(`?Rt3C8Eh|^b2 zPsxqMfXhUh3od)aZ7eIrI7JyC-Y5m!+B^mV=J~hr9Q?yB7@h#)t=N${-Zenyt(CdC zxx|-faI4!_w1)q7+K@v+RcTh+UR++Dmw*;y*k}8y#HG4?_1O+5-*E%5^*B<%C!5!HcCOubiZ%Agq%)lXMiRfljV{U@1U#!!UC!o1h3st`dD6KBjWy z#9(e&bdho~?p|xQKsuT%eQG?CR}1MYVA0cwsa1kq@MgP7TVX|b<@=BmDyc99x#i?-;n;*ns`dtGYTM=+^&4pwq24#-s?ch$ za#Ijjv(HKV6#b*^?XD#&jzQoedFRXn@WMx#Z;B9~^LL-)4gYMcqY<)NWCEi9p~TvY z=PyYI5Hbi*0>tCfTM;AEddyv5RzEilL3+%?LzWr(p@M^!eAw`;EubYE8?DYhQV4+r z0qXZ-5Ewx~6=ZSJ$wXCmxAej0+n7W7cNz&f4%QzIiszp4AvE|V2nW)%>W9`#vDRC(uEH$t}-E3#jC zW(}eU8_(DB>yAa(4fEqG{$(D6ey_aHTOov1EtKv<5de^}bWNxo`Z7>6 zBl{%eiY1u>mX)1`NsugBp+b-$m*9<;AVtx3ME{xJ*SJXgqE@{bxQA?f_7gcHRGXnsK zs#Xu}etGdT0FYcA1;{MPra%B$6Xc&R5kG>ij#b-<)<{$tnXOG2dCGZak9I-AG34?#4;rhgYE`Y`c zK`}nt)5ZvZD3-llT~~>V0eEG?6NGyzwUepURZ`lIPuwZh7naikz}!sm+UnZs`g6dj z7z=^a{>bNlq=B{00f_AHBshT_3P5%U06_!8^$w5CYibWQ8H^$q{Qy_&Iw)cWv@TbC zwn``j03XcB`bz=WZ9}J1hWfoa3wBYMzq=@9+cJ{<2K9D%5iA%ZgOGUdgK)9~Fk!50ifb7#n1;T5BNx zq=f7x15=l4uqNiDlg}0Pqu?L9T2kn<{*rxRIYj^@1`>?W2-!d{xX?-9Q#fGe`ybD; zBG3TfOopuKP7?kO2jJd$ScW(A!)aH1)VFgwBiz|5FLin2vy)+=AOIBHAec^qFOTcW z>?dJ|Q|0bz!Q5n*ard|#*`p%dg?A1^)!iQ^>MjamZmcCev50=L$%bY8xTi_TKZX#w zH(2W~)imY!f&iF1_t@{==yB=BqO-{=4E<1VhyQSf@Ds6FWu7;eb8qJHhyI9MCXwqB1xf zX@|o|2VdzX2nMqolKAzzhR5-&rc!A~St;x6oF)Kr3~`Snw1PJ_w|9N=x2JD_zkKz} zEs&n^{eQ$ibbx99%Sj{PVWvpC0jLNWvGk(_(kJ*hPbAU}X7xfrRZ0cX;Z8Z7$`FY9 z0b^mGN1TFD&~K+4CxX?poc4SE2Ns=W=dlBTAAgJ|yqrGb=PF+xa|aMc27RQOqj`1m z%fwgm8Ra?K7FO~)W2Xs#z)-FTUc)-z`t#3sefF!Tg}@)SKU4mf-Tya}Aqo7GV1x7q z04ys*uC#l1Fv~ef6ws{#*AwHCR_XzG$Xx(F{6L(4IReuA{6`#uJ8pd*`*fZ)R0Yt9 z+O4Y31W~!wZh_Qt`ruU!%&4bS;>r@I3V_*82+1;MR*8Tw*LQ#Rw;$gSe@glLIJf_0 z8PR$ooPbpWa5pr{_rOI^t`WR16aazPy$4l=0=Iqn41L{w!Q0H59etg10faY*Eb_9H z6p#$^_hly|P8|Sw7Kmj)PQb^sBXIXx;M3P`eIRDmDgEOPAiV!e4oD}j0NxA0%a^eP zNPjhNd$mTR*{!gyx(41e&@XVJ<4xS-b9TlIfsZ4|QYl*j698$Vx;%@Q(q36TWdJ1l z;SX#=Xee%VohN~>n+E>)+n&3wZejILv4Erg2X;T7v>kw@3_x0F^gV01@KIgxzJcx#IVe!=+2WQUhS?awemw-@R^plfj)yB9QZM6Ee}y zw+|lF{q?the*fc-r%#on@97^u{{GKj`5k||_rAP*$+y1{0f9gW|Izn}2P;JUzmm-9 z1|T!WT6&`r#1N$BsWhXF%c>)_@X3OM@i8u?r-D3ke)7>RxQvLLe*k1~WidLY^Lk0) z>z=>9>^$B$%8>z9bx0(eP@!{OY4kY+Y#%h%o137=s3X}(m*;kOsj6X>8~`(`h4hMh z0{#Jj&z?Qs#)94JQ+fS40^-k{fZPDCkoxzlka|Aevz-TEo`CEv0#Iq*jQb=$(jlK>SX-=4cKv$@xWTy;E3VRb0JA4FE+^6oPjbXK!5O zKLFo)hW{81RilfEpv7P$*;c@=zAnMV5VTyk#Ah*_1F!(y-};`}xV2JC;-@-qys?Vc zyAHpd1F%wCS>c-gHg*ocBgJxoT|x+gAmHPzt!LXWUv90cSCwDe`sEh@kmGNQQEPJZ7yhXm+FZ= z#Q@}K+N&gx5V*blVnY=IXHfehDEs5vUmoZ1_oP(qj^02JRik-p0Q5DtS5$K8Ijz20 z9yhm%8Z`j4xF3z$LoR77Y9C!m3#fO?KYph^ogD0wAhPwv*kB6)NH=W@LJ$=IL|7$z zmEjzKh1kUIY_L}&`_o^#lm(y>O(!ut<$)r!UZ;idj!o`82jJ176(w+CgAF>|b|B9K7rAa*3S1N$aGLM##z0wgY+IdFj!-1rB$AOT1I0KQk<4ki#F zArbbZzj2&#O?Qu`JN29QYWW@jDE0pVuoUwL6kl=(T_yqZ{bQBp)z$o%Wh9Y88%F)j z30h5vvsrd-WoQVMMtoXgXQn27+Alo-;JgdK(*t0^#2g4j#rEpgrU`(a8VZHTQ4Ok{ zl^9Lwp3dBA*kJ&?`r(%!zvA)#t}7gn;&-pSBC$o&!89H6`Bz_k`Tcv>{1b?u`W*Bl z{C$PFUwiW#@P})?a>e6#$!njUUVgX(0Qmn!fMC^Z4B^6+iUM3cGkv@wvVyDm!gJ4k zc4bC+>A5@KiFhKiTe9ebjmBrM`CfZ>znrcyE&({aO8}fl0BBfdD&+F-6eM_Rv_#{5 zsLFEX5GuMbDjn!at(O!`fdmlQEBCxJ;qi3lR>KYhpxnxPdV)0;y+01$K3WxxRWZat zfbc6C5WMEE7gE3Q`u8YzX@d{wa~8hH%9l^Q4EvW;*KsCi&e#x@{VxFI@#%!t2kYT0 zsoLz*izf)osDRzhr&%Foq ze-&rJf;pQ+Tt&FC1Mh}3kp?F{*;8&pf`W+GB0`Py(HS{9GW?+?k0&NaT3d(p8 zh0Q{LGMZON!OPbaTW@{Vdb;*zCQzIXH+fhkSTR{NW(b4|;)o{{TQB@Zp*1OCYl$CuyPeP>wZg7-+ViAO)WDN!m}rCjc&kM3{*csdIKSuOkEoS8GtrLpu{ z&2!gXauH`}ZE_B)&Wp{lLA7J~X9Mu^ix_~H$cnuWQ^`003?y@+K!RY4f)4ZO4e!*5 zKYJ0!fR@tr9y@<=Ixd4tbyM}X;{uTVKVyLCLwai8%;k#3t(~{|^()9r8Gu8b-B-w@5 zSKR^F8qRJ6Q{+0@}EgebOHFEWjk(r zJ-W~%QTmKuBxx2+Pvl=3VzoTF+jJB(T>zc{fe%v@NCMB`7%k!U3JH;(tyky@huj^jez-f$EF-7&zEjk3YM8831Re1RB9Us4q9NgCR3B>LkAATm9*^WJN^ zs`UAZ9HF6e77e+Zflrf!hXE*y$NUL^NBPlu4+HQBb6gjI|IIEH7{r{f3dL zhBDc8fGB4?DE7lqH0Ocj_aX}ZTmZTNJY`Aj9ikky(3fmK3_!*h|H}xF7@Oog_NO-Hp*nO2bNC0W^!!;a0RI~U<#$@rBGE>)qme!Ygf!PdN%8~ul924uk{>4k zpc?_YI;m)SUBn0PzWeTtiS~ON3RX7mzWa`iiO3(EZ~nrJsbkM06YZ|-~cva;KP8POn32t-iUlo*4wq7_a_9Px5F#gKrR3~Mm85xkIN{@K9xX z*EFAb_RYNoI5$$gVLJ5s{i$X#XU;V$p0kpdvGX+s*akp|Fi4A}TQeMZ0gCpAix+-> z3BYq1{<%6Gadqv6Yb^s-2u5+K5GPL!;$Nk_YQP>w(X3lW)|l7k-}Pm)j@Ce|w7wZs zx!j+qZqFqwLxE{bVtgYi%a{sYOU;#xq=M5E;|n!sg4qS&sZ;P^kxc8iU0LPL1)!_{ zO+r^k%z84MfuW;PzjiXnY=ep$Ok>{fQ?M6KyY}uHLr$xPvOBBTia0PZ0H6F(+8_eh zso82#Q^-!nKbsg|V+256+n$@HllwCuU^&~$Ok4oEI;#}e>jKc#aZ_LkK#`rZ0^nDF zpAWR!y*?x`{-+L3X#k?)gUMNP<*_v`1HjFu;fF!Yz`P&Ex6|cnDt+O!my`GkQrMY|=f@`&L22(Xp} z5tTqPV~q}SN|l3+6=}xPHvse7`tE{ChWhbp0{nv!Pyk0$2 z2-GNz?Nh8<(lstUYALa$X4u^3);GAhY&zhUU(~HL7$SMj24q#^3uOU|s)jW>e6xh{S0nmHy zcEY(j4FGaIJyk@ocjXg(N(lpdTo3`#sQECB+wTh`-rUd`@rDN{n@Td^AMhn(2^4JR zbOn|z=M02^{a2z^Gw>-WGYugGG{W;2F8CgrHAiZy$Ce8~S7!)7kJlxjtK*3i@1hTm zCNyPeNGZ;xg-1jpWQQ7@+-eRfMyzC3Q&Ie2(F$ihKDo7G8CV39D_3evTF5Y--6?9x zjG|p*UK;X;GebqQk!QG|Y<2MQ~1hJdb)D=%opgA0YRsnOB#f&(zJ zM+m8@Ms>=ZdhG5AMqZ6%7%24kU}0=@YOZ`ov~40HzqvoPwRPw8Mx2L4FI6>-a5bK4 zY;7&Q`OZefb2gGj4em0S^C%mDSG86_Uk?6Bxe=hNlg)$h=-QLZmAIrDP)APNoblj9 zwz7ss=54EC8XSh=f4~r9Xw0q&PVUjPJq{PZhg!a}{Nx0s$t|6G0ABpN)XrM%5ugh| zSEuGEK~<&g=nwWVJ*`p$UI>7s_EuzQ>vz{wyM73X1ElifT{iO2B98$MTRQImbmaoj zRR^j^s;$Tr|Gizd^+?#+FVTJ)y%81L+8j4&=iGL=0CYpZvjN~aHAHoF8sZ4;z>*$^ zWZplOHF6@k153a*0v#StY=IAQfclT>Jx>61?IE7hV=YV`0He>o&3;z3mx;vxs& z)mPvD?epEM+rGH^>dr{v4=;mZ-E9aBrZLaNL^K)^TnH8=6dpZRg{~Hlas~!cr=rA- z>X}7RLR|=FNZEV20W4bz4onDLsT$DQ_FbD0i+%i_WBZ#65s#}D09kEe-;Bllv!$i-vLM!>T@R)nGvV~Ct&ENg zN1bp_4K7xjnpL+}NB6SahMKPD)4QvQn@Wk*u{7dE87(q4vA14|X|d)~bug$4J0aHN zh4sWuIMN(XMQcJ15k~ce{iYSutW_L2!%h$Zdbakdn zIv^LaPxI`9bGcIKrh2oQ&V!Z2Kh7p@crzD!D2W{pDe9H306;Gbr5-66^8MGf>hGC{^SZL(zq6XmepN2f$tINK= z?Z!(wLWcm@?NcDp?eSG~p}w#$tW~o!A$~+21pZB~Cp7;6WSEV32>gTM4_;e`c_;dn zwKNjM*$~e*%$T3_khQfLVRS*p*HF;{`%~d)9Gluy-FiwS1k3SPOAo;dRUtCv8pwh% z8yu>PCt|QZy#PCeq&X6mLxOyHJfZdV!~7}}sGE~B7<=YIO|4tx8rYBa*wP~Ef9Rao zHm4;2!kKXFCTu09^94vr&jf!BoKqhGY3ZWzy`15@lB^Vr*fWpCPXIvhuR8#E^^E`^ zS9y2J1>jjp#HSN61)VL^@ADNKRBPw2Yv?eZ+D#aWZ{7z2#>~kYV`Rxb_;ei|&}Re& z3~O{#r5KRw=xea}L~o-UE~O(|i*P|M$KaoT;DUd4uA;jHgn*FLwKu`$5ALNtO9}9qg-V1zHX9Mu6 zf2d=~4}Uzq_%T|KBX)bI0`OoRH1EcdeI#2`v4;%UERnRW>qAT&ab&QO(|klVzaPD& z8pmio8mCv$RTZBfA~z?5fP%-%3ByO$?E%`je?yQ`xKMV?%24GC5YVSJH)pzX#Prm~ z^nzsFKmZt1@c&AXraRX5asZ+YCjU*>%A19|TJqzgG*1oG-`rNYP*D>pk@Q`F?~C7; zR7&g1(l~2-*Gh)v>39UiY93|Nd-cKf7yw9Ez2MVw(}FQF(=x4$pWLVeVZXLoI356* zqizDAr&}cf*co^A@G_Vd0K0N(Go+5>06+u_84Lw!xy?&2=YMS;!t+%v5GK+Y0l&}M zy%jYWIXa+~B-c9GF>jh%-~_;B*#SvFWnwxm{XA1WM}(CCK5T4fw@9kN|gpgy;)3r|FBkD>$O zbATFioQ6d;qY^_knP6!?PNyO88|IpqQIS zrodu&X9ZQc=O2=+)8?oq1+QUbDRY6sI?BOHzWS$ z^veoB*EMwJ0uU1V9qT1T)bsNLD2-m98dSLuTwh!w0QS=`o>GGOsfP*j$v0@I5Xu-B zZO}R6G%k_syKuoDKzfVezC0t7)O>kG!%*w|JmSY#ZbWBv|FdJ7A_GVePcz9-n(xRV6{St#FF zH3mrN!^TPjlgPp@RG~-!`uvJ{ui#!DK?h9C4+M-b+QP|~7H3=lN{Qut6!9f6g)^F2 z$jezIayeCeG_?^H6aptl#o%1Y=t5&+f3(G|^? z3T(lOxf{#yTEAOi5~qrx$D7eyF(DMTMl5<_3eDF`{aG z#4OPqF!AqtmCMJc4)5n^8KEx;L;WW?|8I`amtEH3%V1mpo&f-%ZU&&P4?kvV$-ay- zWaY}VAL=LqI;(Tht*$Gs7xK(LE}nk6{*ZyOrIn?)^= zSQ<}9IBNkkRb48Utd(mY-3aoQL12Ef+AM0N+&XrG;F|Jao*%&_Ei1Ram$j#R1!sJs zFx5nBaca84|0@8mask*T7l7R$E_C(D!mg=V&E{w!J0oal=g1^DRbFZqE$yYT%{cSg z4kppy9pg*rszns9pe^;>UfhwYe%Q2%&8717s;Y{Jh(v^*og8awNXpjB3pLh_Ge&14 z4p01hr^g?=dm%2k+#MqK?Z#6hJLR1R7bZYITNFm8M#_7I^m63D77(@vYpKF`xp2pt z&PB@(i_K&=8|CR62IDHX9kn2?FFe@5_Tmj3Nhivc>?~5*ykVy?xgF%k0U%@EE~^RR z0?-BEUn+v+XkoK3U6@Qo854ioRcrad$-+)yGm9SNg@}qGl1)#S%e3uR?%4OpMvneF zJw38G4E#ya*+KNmot??lTEt8CB(5OGIU+IXaMK2oYWG+N7h}+Kb;x<bQrxw1YIp6_;J@kcatBW3qTiu ze=Wgup=a-H~{Ey>TeL(BYP^ht?BSv+agd{v zU=*k$@nLv$LOy^t31Q#2kP7kRih z0;FChIoIARaWbC&k=>p`mi7i*@2|$#`N7plUAfZy9{~t4*7lEel3qbKzDIs&KlHCI z(c3bWZlTaVT^{Q|(~;m%`(I5|rALX7{EwI95Mur&U?J=MP6u}<6!9EvUh*|>6=efuaxKCNbh_A zdb%ZKQs6b>NU04AJ7tL*~RxhOUJ=Rrs!A|2-t)EVGv zv)J~wCl0-yi$^^KC_7taf5jLc!oB_n020GU_#chSO)mBCHD%iHD3KeRr^oiw(2ilkI(^l$JEA0yv7pW`t59s%I#tz;r zbh}kcW0Nl-B!{slneqAf_dA#GkFS1wSJ=_-zWd~ttFGJ?hj4L;f1(WEH>@^EQLJ#{ z#>aP0JtFTdFWy_YM1!t$kGu#9%fA6yGQRhh_tvi7C^Z1GVg#U#aK@QXzF&|S03?yk zdO=|cy5~q|xwMg?!dzW?L5TB3HF+e)aaaKW#i|)*@wc%15~M|&t-MqqNd1N;F@}%C zVk=($**W)>BNNjBUHbw63WUL^8$ikfkj7=Tw$#M2{x;3$MeobeuSp85OiT>>Xe4&M ze3CCP)*p@?Y4ck5Klf-~%|v**M)&?}CzHZiV5kHE$N<3k>mNNmdUAgE-FHDinm}SZ zxrA4&H9!G@ZSD|D^6$0R`+gwD|68F+D5nkVvBT)qedl~0@?-KxlNK&x_u&5V8 zLzqC+$NFQjF%A7lTJLCDV0Z!@P*Jo(vIU02u@okOiB5Up08SwF7DNYU{AwvK(itZbfdOo=V!+UJJJo)dOo(}J~Xxr4Gy+8 z*EBuLjeLQLxz6Olur5it4k+1J>csgLkEi4P<$(7KZtU>EcW`9O`D1z+vyuzO0@Izd z=)bd_69Hc?fZ;qaaeirhaQxidu+LU10{@tAxh3v*JJrl_EM=B*QF(oH%cvTvP9$Ko zT`w+yy}Ye$c(~0{0DtorFg$xaV`ehPFP!%A90Iiote8$z!+)VviQ@t@YR{?YgfO`O96mo#STDh5V&yM@5Ba;;I)XxL|Eqa z)i)fjRb^*Ljb;aQP4p|S4|g6u)D1Th)02jIKF{q>XzM&2OoY_hbbnWlfRfhV>N!N4 zhT|S|z<(KjhO@PPa!$?6G}pT*Ss*{bWo$W-Wgu@ z=>-66nwaS(Q~HoUb9^b{lR$i2>VXeTRjx`TLjGXOfX2jiK6hdDTYJE75y zl9YkLZq*^our4;}v}sNlAH+@BSt-j#X0*3a_$w&Nbhg$ooU~=}(9E2uOU0QInaP}m z7lUj#vFDi1Lqv{@XXFt4(cqKc64CgJ0a*HDfEED1uTa){eg5g&H|{?@h2L%d-p9A! zJ$d)t8@K;)62pBr-o5+R`}gnOxqj-k*Vc~S|BC?NjgODs+5Ot?J5TSguD<>Fh#jas^gkr;;EX$ekNnxidHDP-zm_LhbU1%k3IIBdLoH#E7rO%4ZlkXcP8e`S zHG68rfCEb{bz^UFHFhnA5+ms`j#0{29e`z=FTVYB{@%?8Pv=iP{^aV(wR<=3UtfFj z>4T@ccOQN5>65jO9^5~<`_4zVKDx7Z>(l!H;HNi_uHAj|$>Wo2Pj7zv!@vIZ>Y1x2 z@qn98=TAOH>pTGH66-s+0QmnDV6_xC1^J8Nm9a8F6jd; zK^1;<)UEuUxf+cKrfJO=&4jz63U*AHq^KyunD1cFBtP~&u(S(#mVrtkwh@4mHkL%M zv;bI@$TqqZ0^otH>X0p|wb>LG%Qs>jL1$G}RdqF;pw)_?*TS* zFd}g(e@W#7;QE55>X11YRybJS1XO~5BsnqKtO$fD&7%oI9aMQXnA91@FMPuNo)ii> zjUbgd;9%-fP_?XlaHmEaG){HbV}pL&V>n?zeourmoWAMwrEWtGC92&>!OaWDaGqBf zfO`c1ciPz-Zy%k%cmK?(J69im`{5@iPu+U(cpenIyS8@s{>`Izh#m(W3#-ii%*q)(*hRH_X0h;g$?yl3f7c_Nv4XLO{-4%A^O8o@~jSK@LWF`e{!$ z0T9P+uQsO+6g>d9L85^9X#v3PqOL~*X(*Sti>eQVLWU>{R}CuGb3_Wv6}jZEfEHuKpP!$1?JQ|I7OFt*qnCTuh~Q!e|P@qgR8*Z4cFq$ zdtlior%s-^b@K0jzjO7>$?Nz30_weWd+)=0^B)0#CvScFc>d_ky{Kk+ckRi;hwnbV zckk#|=AYsTuHy-A+`oqikV`_v4#2Wv2B1ry8&zeJYE&W!m{b^MA$-Y^P{novAeDf7 zFUC0;q9y@A2MI^V$HOk_L1i^9W`atR_2JRS!(~($MT>Qq0)S|T&Hnps%vwxg|6By9 zL=LMCItO{*C87&mWsJGHnmq>PUlfv7slp^)V*1>rZU;qx1PY@gR_p*I{?R{70{|=g zM5PY$ByF#kB#v~oR!+!HQLwEV?*Td&D{PhhChBKycT}i@)3^X)=~+4o0OI`zZzIn5 zct4}Q(%)i&e~8raekEt%9nG2IiopuT-;Kdu5Y!($p9i3UbN4x9a)houC;+I>d5}Qk z)OglV=J0aUD-A$v5~Qx~hL{9Ft_uJn9j0Io6#V<&!N5Cz|I^w>55Il?E<(M%Z{I^U z3>I1dT$NS{fDhg}dFS3oM^CL;09@_bO8~sVBvR2wfMvxz3F1j%ZO3jDW3S`~I7MNQ60L=gF z45b1x2*P$z3Y<^}BO2OV81PIaaQ*Os%Q7Cbf-uhE>g?E#aGMffNi-?@gQ^ozT{Y5W zXZ%_t!%d+=El%M(izreJChHkzRFrB&HgG>HP+7D4;+!IGNEkNVM8697pp$Fc4zJ01ImI= zzIEdUs7C-ing`(3J15WJ&`(aSeRA{YJO&CM(C1H1;lHSLzC_jmLd9Gdoi#0Aiqp`z z(}8{@hMUMLxM9?ffw^6MXm@sZgf-g76X?7M03rpeM!0yfHO0k_U_BYccsWIIPCsG| zYGO6-1PuW|Hv*WEPMyCHzp)E(QTzvCjZ+5eT#T`<$l-1$JsMqARtE<(E`}977?`R+ znoct-Er>~r@oIlw93|X>vMhpNSq^3!i7X6_W&$}VJndx=tcGaC;Qy=)cu)d86iw&6 zn4Z@}U`LZ6bf>7!NHl?1 zlP+Ws> zV7XA~0I&%Aq@DF&JLIo~&R|Jlw2X zHm6JYBaW*E!4!qRpcApN^B4UXuG;0Umi^sJ2f7%e zs^HfSb*oN>?;N++t!mh*Q1V09^gp`d#L) zKl$bNnQ!&ud-L;a^Yho={r>BK-R?VQZrpx!Xa4cS)z$ka?+5@A$GG!DJWQo7BoYkXKk`x5k3bt-hb|*X&{fSNccy4 z>s``|N+wJC#I-{v1)vp9@_x6|b}m+bdOYqo2!OKM5z#2vV{EL~gIpUSrNe*dTC8L? zgK)0s4IQ{xPKOyBkLY4oAY)oh!{CUTFi`BgXMoJNg>bdQ9dXk`Z#2U6k5RnVI%-m- zVE>`R5zW5M@;3{oqbd{~89ko@s>J254^vGMJk3Rh4 z;`e{~=;_l(_dj{``yDo@yp&Slq68pnMU2PKLTYrXy`FPxbz0k;CyrSW)%4IpXi1_S z-C7C@p)+bCVMNn0Y7uUmk{(MAdWJs8HtSvaHM71W=RI+BEIhok(FJ_I0Dzq91GB+Q zcXy?m7D97$etfX8)8n-!hWq5`R3u>iM0Q{5peKW#9x^Xpiv&srfVi@*rpbklAx}q3 zYZ$bl?QT>>R3F$sH8eEUv;Tl@6B5=e7@)g&d?`@oE8k|>Qb<0jajqo_qx?(fCYm@< zM^DML{)TMJ;7m(v^Dtk3S^D}rdpZU^9Sh;WItaKH>zwsq&rUi__nvWaDk;3bXKHA$ zqjwtj-u7YuveE}2S0I-Q{he72uP^@b4}YxNK?Wf7e~hy-9Ka=x@9_N8hA*fN#LhS9 z&>gR1f78yoD}TJQSVsr)*OedtvF?pBmrKlSdA9)g|CYBtvM^p->*?4}HH~ska!j9G zcrW^1OSa*N#wF~v7X%C}pPTUvOV8w2wf8NDl(ddkF+Ay3^c&cJHRY^CL9ik zddFhR%M&XSw@l20q(CYbIW|o1DMG?|0tN};NI0c)(V9=T@e{@9=?;s9i1fGJWS zo8?f3?ZB_2yAuF8+sSZw#cLE_0|iJ|b}~t_?v$c0{wWAL(aPnGGANau-dcR%N2ohw)j|qo_ z6$)QUtDGETL?6yJn1qRI%QhZ*Y;KJD+s48!3S(rh1>tUqJ}Ghh$7jv|5Zh5}zVVsO zgpV$9zL~;EA1Bd~ueKeQFzm7ATxvHMQ83|FyY4EB@0mC-?@dM*oc`ML4LP$ToA95- z2NMH;TL9b)^7?#*$&T3MOA?!-3dd@}JYgLDyj?uG@7LR26 zj8he=BsRo7e~Aowp8fOCLGy-@qkMcQT=6Yg{ZXh8fC7OVpV4YA$4CB9jz$V!@HGDx z0Cz$q3qafjXd9`Z7g%4w3b0(X<63Ntjxm@6i8#;-%OPsYU32TeQd4w(i_# zS(bA_6|RqY%%EqXapU||VXrK=^rgsz!@pSKBzAkL19000&-+5&Sp}0e$O}}_C_!FC zt{edQ1^{}Wb2i-k4fMrReW6t+F9aY|q5#aln#ENu&nqA2SpXygZr~pQ5FgLIv(`Vt z_>Hs$z)d20AA5eg=sN2F%*FTk^a5y!X7M8V_u*%~95(y_&s!q!3RF|FlB#l16J(=s z(Vusp82*TSs{n$}*?1zf!Tg>+6`lx>B$R&P>)8%jZdfHf2AEU%1~=NgHDf_#l??zC z`pk=5w9^6WukF%`0E^QSzfkrKRC?acq>jM~nqI6g0l+Wua*)=?^h>5rh&`82a{eq~ z6|R2V=lx80%o!JBd+Vv~dKgY~A>6_vU3L2F!>Dbc|GgC}lG)5>Vs#r8<%9}`0PU0k zb4~MYw*-RE4=LW5(nUy&=&zP-(V}X2+(FP?jW#$LHTNzZC(OiK7pe9Ma3>P zbW{{KK=}W^IQNT>ux6trzA@hP+KO4+H@t#BHN&aYSgK9RbDm>j>h#=+eR$%;!RE+tK$7xhO0bk>x*bPOJag&y4zFtrfAPWq{@@MId`FI*KHVJCfk4cT zZgK#Y*L|n9F29p|H;q;)VHX0pF#&jhgDb`0?2ZykZ-6?`85&gQIb03wmnwz3gP8qFF;#aDGa*cxr7$D?3PZ;ujg= zUauO)p@k+US)R_xTBFh_qxpjdy-SlARR2EwxaDdGc{LyEts?+3rcX|(a>#%gMRaOF zw}J((pPq@Es{gD%6I_aT8Bq=VJ27J#WN;7~N)K}aEo0#9kg)hM%+X}O#zjFs-Y9km zC#n*`+Vd&Sg>TQ~C>(wuY}!#Xo=M*}J7;B0;cQf{!lvzg(Vkcr65vf90kX}*vn>E_ zW^vy{YpqG9z_RK&IL5`W5z}JXk+YRL zOJs&(D_Q}7%882x5F*PkdWbLRRsoO3&f2q;yU3#eo2lD%NsRk7EySJMh1?ZpI{|PT za~}(@Y)fH0zfWBX3UTj0S|JRA9NVjge&b>|H!G{TyszR-(zo^v zWe?Qt*z99~t|DGPzi9!;Sm~v}+SvQGD%?n*ith1AO++QGmGp>gSzJ}C*fq>-FHHyl z8Zt`GH|gSk*Tr z^8noA7-_F_Vg1ie?O<(n#U5&MV>fnZz~`l5z5TV_XPww#4eu=TQnSt&&Xa0|7Xl8H zt6&s871KC(A<<5E8x;2r#;J*G6Urn?%b}&(m9=!_$P6S~QL#=xApt-NA=m9wDS7BU=oU=Nfq%yM1 zr8RgGaz#~@19F-l;LS!D><@U_`M1 zSoh%-kowX_eSOIN!1ZRg`wwETZ=yM+=V8tquLYN%KXy+Gi>l{kJBel2z z$WI(MWC{S?eGW5e6@c^Yk2Y#yCgy0a>;@@eKe_u&(ji$i6CS+v9L2 z%%v3U5WGzXrc6}%>vPHo?c~~}nld=LyJAzOW4jx-4~NSmc>m%)7aX}WNR#Oa9L8C) zGXnsn1`mknc8D{Xo@QMWv(oSm+y~=YI8=1%On6qX`lKq8K^gdmBzUT3amO2PY+3;B zCIA+37u^8>zP2f}0f10xEQDTHxzu((=&Z0rK2;Iqz>JS2YgK1uAN4=C0R}bMUYf`x zp6on{fS_+?TqNLZtaStcl#3jIr;i&BQY8SmKt6rtdxa%(c*A}pVe}3X$)=5bzmw%Nv*s3P4aV0>Mq*CJus8O z&?BNvcz?r>Oi{?pq}_uf9YPgUB!OF#@OTC%*qIqmxv)c97*{VuD{v4(!0#Xj&R%(A zGf#rNw)^SZdl9dES=s;BV*l1bJ7BoFNiJ%s1JGU$^XH&U2^e~jY;?~6w?Ih0Owb@8 zt6!+~8wTnpfIwnsx1QO~4{ zOAJ3ZLxV>K602ws@O$s|>UDLScp1!Bci(w({|{eQKie$&!^fK?1O68PWVVt}xvgo^ zV^VD8Mr2^b-&xVH1esE!jBHQ=vcA5v!G#)bdr2YyN*L~=bs`O$?L_d zQ=8_Jz6gLNQl$c-3OeXP=zb`Rqz*Rg62~72;esDYFrpPBGdS7x(r|C59C)}j=%=Xy zbV_oW7AY`KAqTFgE@A-EZ?^mk^DIJZ)j$p3P9G!M>{JG(qKO2eaPV)T#wAulyOd;5 zRv|gza0&q85|rt^L#kn5tdB?;5Jn?h(P5u$$b`@Y7SS+9rgb}Ol0$Me0EjwEQy5j` zRC@$ha5Ub1mI}he$@!acNQw1~gdA>4!J}CeAeF#m$g3zZPX?7YS>6<*tZTBvPt_1A zs=oKD_AUUhZu0_gOIrZ^x5c}D+(DTYR!CsXyGD~l{SW=brMTaTGD&1#-{^XY5ui;t z@0%ei)q^@e3$zmj;?nYrns62~03}U1(wV-zu#nDPzT7jr>=WDW8Pmh*p#(HCv;P3+ zOax#`LpGbeoKB}N|KxHyCVaNx#doE*Cu;iDsHdf&(FXtuR@OI+2T@eS9PNqdL^}AG zu%=Y+kg2L6btpZlYnD$w_f2=s1T%hB^`yfJod|L%v9xEO8jsg{k|}MyoV~=AuDM^F z;4JS1z{)_to}qovdzXLQRrmVqn|chexV4Ec=qms~=8`6}o}jA6gM$r?3gBm%=PxgL z%EZmNTasCbzav4V`DxY3bfhsRXtqw;r4~gmy@ScUQN_#!5`*o3eN$l``i1yf>pw_ z&gKgreE*&F{(&*C*YbxE6<7xLXVVM4kv1+|e(=E*opvO0ev2TrL_!3h)cr}^p^JzPWU+SkHnaiiX^kG z$%e3(L$;To^_eBkm6}Kru~I`!Z_0ZBQfl11khK-DB;ZOCt6cDj3D%L&PG%GV4eb;Z z7P#Vbacs`4Q<8j2lU8372w1GjSK$C~xNgVa|SWgRfuS zS5x9ZDEHxUIVeKn3AxK9h-!akbR`g5XcAp6kj5D`V#_xOD9jnrQc&nWf3F!1SU+{n z7>$fj>s|-{NOfB&@T;I#1AzEtM8AVTo5F5n6IQ4%Nd=x9IIT#$L?2%V24h8i*~{}_ z+wePEEL)GhtQPAF>oMz%6gh%jcAMDnmJcBF#}vBI;czf)qhXVs9+jsniEcYRioSf2 zZ5cg~juC#SF1WyK0r1sPsjmZE2Ou&eF(@QN-%3_3B2hu&WvL(nB;)r&TWAY^o5`~1 zKaRC&2QPhw1bK4sVqhCDhz&`F?y+RjLqeR+Z~$k8BL{ZI3qv*%y>sPj^gT1r$JxAA znD<#*W3*ecS_OJ3=FGEK0I&>lDY>dho7oIuOaCK3z!C-EdKHO$b&z~XD`Zi*&hfIz zBMSY9C}bUao6NKAON$UB#{0OWakkER%10rN0IM(=g*f+tcI#MU3@wZ%BPhGY)W$j) z2~Hs31_5BwM*4ClDLB7)7(UkP)RDbWVeC(Df&^+`fomF4U<&^*0gV1oM+>2$EdZ9b zo*Mz$OAUZu;Q0ODdpZ#TNsRwXqH>=1g#SE3iutnVjAo@kU}e~+a81m3oH@YE1K84{>I?-wY8<-8_n_n6S7khTqsWHZA&%Q zv}qh@%-;jA0?{@1`3jH5pzv^wj{gB`37jNXmwx3+y+ZKIWx#JNe(lVu*S1u$dL97n zcKRsdp7?)Jc{%YE6@-thpab$80QvI~C}w3~9^WP@{IjzNMZ5tAqYRAkG0d$mEp{;CxTd?D^)Dm~f_3@gpaeBLmINlkKM)=8pLC zkMOL`01(~3zX5$ZD|&z7pqRI~Yl1K-e7V-|k9V7%^GEa?0405*)dN#!HFy}N_Kfhy zc~hXFC1|R$5gqJINsw5aT+=(H8h*byGT4xk@>px^of%2MWO`((S>MUa*8!+4pF4M~ zfPXIKKzc}Z8vfuY{G>H&_E?!ae0Ve(jH}UT?eX)PsP-*!y?tpEKhVB?L&<3`t&Ar_ z)vkf;&_3)!esAhWR|Nm+Fa)^x@YWUpOIXhZ;H#4Y{})9r)8ST6FrG2}!R&xe4tLKj z21z}zesXqbpA6q)PjXr-gyhN(ZAC1mggfGA$-B=T8f}I9s8|D|$7bWOnsQe=%#qd< zV**zC+~JJjhWnqaUQE_B<@q-hfr-+d_Rp~>-4iMn6o3luobU3Oqt_n4Z~>|F#EpVvF2V z$rgWK$0VY^9dCetzq+{vz*5$RS>P=I{^#O>&P#_fs_ge;e{nFKqN-h#(Xx#I6prp8 z0$_E8!(Y3<{uuyWu_6W_kTl@w?sG%<#hfTV&_u7LrijOs$sY#9=?=Dpn>a;pr)&KV zw-79Pmd0EZLBkO&gfdBp3xTnClA=B4LI5cD^&u{#$S|73#S)7-hnEK?vuZrsema8P zAYM!#@&54)&eC_*=&O|dFuG!5BY3arAjweteTiZ6SA)Tf-?>W|GFHm*juicrtm`*$ zg#H!`p?6ihS+Q^7%8t6aH}g;O^rM8iRZXgMM;| zhAJx$c?Oyo-U9-yaRb!|C=7N~0)S$Z;urwv29^-+5dc%Tb^?H8lUQkl0Km)=8q2W; z+IRZ!P*ip&68nY-fH^lEGt}1?f^&4WY-P4N09NDyxS&xR(-&X|E&zz1)AS5TXytk` zBVz~~wS8@pee!h0TRu2Fg zWYLMP4ggMC08{|Lpue~QIO)l_K{Q8SpHqz=j%XBG>4*TS02ImJJs1%HtnaN=W%!v^ z;c#a+Qeg28fLd?Fr3xDHQ?nukW{qha2`@8BfkW|k#`rb@pm$|?p#3t;uzoyntc?o* z@`(#U)g5vhPTT~4?P&o(R@QDh@&F71fba)c4}cu8;voaMvKs^p znH^z8tf6*!kDYG+QPftn;!@Xi7Cwg#zzPvy@SPO5+i7Na@T}Xht1?6YjQ6Az$!qgz zKqZ1;nh0_jwFmVwGPBYfP^SQ(qZrU%+f3z($~mh2s^sSlRU5Sp68FO9;2YcQnoIf3 z=xDP-6D_$Jn0Jnw1|`eznMIiwz7c?lU{d13l6#;-wQ929`j4bj#8g%`*@3C*Tv4R& z{fL$VF7Dm?N16ly0Dt@1mP%4DOo6x70e(pUmU~xPN74Ne0b(77nvH4bna=~Dq@jGz zA=43}F1_6drmt9IfNUG%Wd{!1idX++?_7G@_{uPD&Z#4xOlC5kiAS#6v1KcE>;~V0 zt=NAjc5KUub0tZ0zo}G86cDAP1(k|c6ja)-kdR=(A0$A61t26o04p}^Sg~fop6|f( zp0S;2XjQHfb^O%19nU2>?)mvWx91hQQHOi8pQOy3W()@0FqS^dQV8e6+X51x7!#?m$l07n#M9e(_J zh#ECDWOL~wo&}~&8>JHqX?$VIj1`Va1^{x-TFFB=-9M!@KaF}?cPuFE;+X|cSegZD z?4(sy4%n4*(^<`rrOfk>9>#UBjc{co7NTK_?6mbCZgb`lIGe;;iD%zG=RI=;E+Uz& zycUSX0+c_P6BmV0D_95}Jb*ALS&%p9LQS4gTB^}N7&kXMR#;}~Fhv9$SHAZ;ZVpY} z{W1Xfz#xNnwUORbdrLxw_G;Mnm z9yaXk`e;~|m3sMnN#~;DFlgkOE8pGNuy&iH2~m$Q9P2Ut*owo?|aosiE~@R?w!45FWan4|9o|I^|Xe)aE#fPexe`o zRydfmkV^4-VrRLi^3Gqxpvd`y$CXMhqMCwWB|Q-Bx$VdIo;=y^Z3UKY2*%z{B9U0a z1c>N$tVLugfepQTonEcH7dbvNu8X(qwYXl2C+e9*N#5LnA_!atgH=`4bz3+u30HBS z<(+yWH-}3IFT@~IFXoo($8TDbBy0q^dzb961_111y&HgD?*M@Rs)joauwGwItc6@| z>sRF%*NIZDUQcYV>70s)2%SrKK3)mAmzfLOChQRATzCoz5}BHMtZrF4Y4dzW=Js8Fy)H*0s+k z`#^eJb;{z-`SO;IJ)qkX4aI~(CR@SKXM2WN0|5571_1moOSahIuF>%O-C1dNfN?su zmp2GM^j9W=p2S<0i7pBfc-}gYlgK37T`nOgpMc(9OU`M-xahmgjKte#dwXI;L+OGE z-9|bj2%f0jq)2}m7^3#G-U+~uJT=9CTVDCW`9HdUUX?78eZMQ2;5fwGjnavVx@TP; z|1mp4e*l1tT?V*bM*BJB*Q=roa;Ol%>`JxDRB!G|mE!-vKr+;a+^>|o(jB?7i!eq% zF^NAm)D`TY2LQYV8UXOaBI{ws$m7%<#SpcI-)>a0Bg@&_4Xu}ok+G|>BGt0j-7@7x z`%;VxPGauDvdT@9Gk1jvGLojriqIthLjvVASl3zeEW4}nV0l6JB{^=yh03YZ>`F8s z15@Oo$fzz>TtC)KSGm)Xy#!$dzbH_?c6s;aVo?0uPZ z4emaY&h+A{%-bvc*d3wYFQ!MfFD?>Gb2_^mBw(Sn?Zk3!&EOv4r4nF>iwFu64_+8L z7rl@Wg*g4e3s*0efpJS07Z=+vM43B960>vX%b44Z2(`;Ulru5+0yf-vcmnR0K_s3G}V%Dd6#k?Ij05~(YuAT#Xv3P5|xYd zIo_aTKDhAopLiruwNjR~)r{LjI#~ny z=9B4_Rm)m9p_y=5ESP$nsjg<%Pk(rFE_e@sd(EStuWtOjnkjOQ1IZetm>Bh!strAf?t;)7T@#d_xvA$BV6?Hr-z)3w$%EcP1+xOvU_~wqDIeI3uue^|+c<$V@Ey-5OXa6*6+u8#4+VVZy0G z5eP$-3fdl$!Ukb~AZRs{CZpqoYSg!)uo?5mf-CJ!?l?sYH9iZIm^+K3aEUe?0x~rd z)jEnkYO7qn2Mx6{jcnk~oe?E<_J&f!-5LO}|1|*Mhs5>e*;H1G#lk`BEU7z-DeSq& zFR}C9uN(xOO&<>G&;Wz5Ii0_6Ws=+(6D(tUNK_ji@r@ts*3&pr3j4sKaE=Z<%{E}3 z&ls16(r4Dp(}1U+Bp1IJ?JQaH!OK94ZpB-s5Vqi(hZ~w7Hq8Ox>L{+$sGT4~>9Awe z7YHuw$r#YqbKj($a3k0uJpbKhiNZC;%R7x3T$7w*rc!M{RZgQPUgiU16EH&?yMz)T}36v|*!HmuF};RxL%R{ z{lr9YKThMbx|)9WNb@h=gwHBABkm?u!k^hHM8o7Sb7#~)6+J3R>p-ElHD5;)!NV5w zF!G^jXg-90U;5I>_`&L@lYD0x34wsYT9P6VUXE|g1Qcw>hjrf5XaRAd5M^~| zSAlVIp8*j3GcwuO$OyWY2;u_sF#qC${8+NSo9NdK8(U(5Ck2C(fy->!C_rx#4SG#rFfoCb;pfY$%1v$_ zqi}2t_lMJd@RSPO5g?=;O5=V$`QvB+Cy$Sl8`i<=*5m+y*Fo=2jP4x(uonR?J)HNW zXEcf+1hGofpaG+De0E0j!}bnkW8rAVCcSW#kQAn5o_WxZ*b zoZMKq@_sV;n+i;fOs!T7>I9o{D;%4c002kFl!J}msZO-ri2#XJ0)S5ZjyIroi)KK~R(on3nEn>R^>2M^{B`=)0D#v)0|0)g3w-_(5g_FE zqYoCHPO6NR%ZdG&*aYGa%KsC1)HGV0e1`Y65r`6?#gx@TnbF4JCn^63^`D`UdFw*( z4ge>7juhlc(^1Gbt3gds`fLpF20lW_Yl;4+a&Ryn3j}AE05FCicti713{7>lUW=$) z&}_+ifQAaG2DMZzZ3+PJMJQaSL8j613wv2qCecDWzsB^Ih_y4@COIaRF4@ggb|r_5O5;q z=_AQ^kkENGuVGYRd`j^n-+5Y^udwaeyn>*b_@`}DK?VTqZ%F_m0PKkk0Qi=ec>Ig| z+8vBFVSFyXl~cKZ=6>{xDBOc7siXGj*|{w|(2E~!XbOqUi>q?Q45a{u&9ICBvA(Pj zQ3Xfg((HW=BVA*lWf_FDF6^T;l>YM z%Y}f_6L0{)zSaPM9}r`kKl*O)0PTgsx)Ve742Q4~dgi4e9Zz8;RKsppy89+!xLUFK#^EpP{TgqX>zRJj9eYD(|e!p#6IKPRyt` zV1G{oa|>}BQQ=nsMxMO49}U7ff88n+IfKEev{O7>4F&>JQ`wc~nozlvN{;%d*MMf- z+hiQqiX0a-5j&^PWmaEpKQR6 zA2#{f)$D1;q(aVbV;(*`idcXAdxvi(2LQYtx&lDPs0%!p1$K$+#qaO0hhvJ8-OZF# zA@_3Fp{3`iXukn%y^*kO6hT6bKSQewW`kB0%bPn`G`4FS>zabotML~2N5Yc9qm&j1 z0I7u~gL4Of=|m%|`8<6m#*JL2)@UqDXV$n^0&o~)vJ=gt+1aDQ4)sgDj$fb}**RR; z-K{p4jn0~7oUTTe3ys~~##v&{_OOmI4BxC*8@OgWF3N%msT->&E6-;4QFv^0H(A@Z z`KCU-yE6OmUQy*Cj}$8=>ZB)667@uhb?hpJ)MSP{@n8QKYhZ>30K66&0Pw>K&0Rd( zYV5vl=hCVmV`FDA^W)k=qftcz?D<-u0VWDZjic#$Nmb1rK-Vg@>hA9AdQ#;b01Afv zt<{y;-RXK!mVpWs7-A>vuBZRRxoVV($z)mxMgVlIu7n+W0qcReGD9JiO5E{uvY0Fx zMkjX?mjLCFV)D2+Cp;aeZJAx!NGFrUV*1i!X4vadjm;OuQqoX`rw2e*=Eh!psfbg> zaF5BlFjZB)JSqo`@geOHjN{{U%S3|!0EY$u?0*da_|M3mTU$b_q)~Y(2W*j2GMO~W zZ-hK}OAytI9dw5Y6dWf5jIEgu*aUGXYpclJzE}a(Lwmyt*iJLf< z_y{4{ZF6#Rh~XbJ0N^!{1R!RAFA+EZ;JaO(1t&Pz5#MKFA`ueV0$=dEdk1IG-y(*M-a)d~E zAp+o~K05$l-|KAv;_F~1+&eYgF@U}y(RPU{7XalqZtTswZ&~4g+j<+yZ4+fBAYrc>6Q?YNCdUredBRn zJl&3j%8d1b$xbq`UMz5X0KjXYcLLCJeJ$}h;~_N4w+m4gq83EOu8c=0wL^k=<oC(Z9S>w75h4hxjv#Z21}H=#*Yr3etZI{;u` zivV~R0PLs(z-!tA<^a%ArHQ7RSTbnp5+d&qQGC*zt{pBX9bU;LD?GB4nVzmT6Gfd1 zr)-!$bD6XUkIO7SbK8|>p^(`&M0Ze%_H89j3WdVsoS{06k{p?gV&dMJr_Y3Hgw^X7 zEj(Ub$P{g-2AFBYr@yBKG%eexlynM)>A#$@TwR?ySj}3s?FgrsTka2e(!g4BZQc52 z!Z20&HpJ}nN+av{Kb^Oxb7XPl3@H{1vl}z_!`a;?_8h978=Q->zE-eswia9|EZLnk zM~vsDSAxOd)aq^}0(Js`{KbzRezRJwfwX6bhwWy3auSOp1_11Lbt6D2cFh4uSbDgj z#S}Evx?!3?laTiHN3e9C53gc*Gv|WfW~)gwK)9P|R*j6-Df*Kc-GrE1L$K%Vjo)*9 zt@(1}U`jin%?;d1+|7(!!Aj+|d}4F1*f3U<yra)OhU6D#Y1(Z1RV0sx|JN@rv>I_86O#FUjm2uM)e zJDTy`gvMYqYgK48fSc;lR`38tK7Swpn^~$>s+O%hb`p}IU_jf=sX!q1?bcVquqaz3 z+n8XrWD@>{jC-khI5&Rs$)Zn-f@|IzOz?Em(&UXkSq%T;`I_t#o24^tlwMKbH`x7+ zOmc+AUEl`@hnXLLc>us`p#cD0^M!gG{FA%(v2k~0Sv4uz2tD4Ps9_Xt8AS*pb_YKV#SVdbyR5Q#?^Z4}v8Q=N+ zzJu&a9i*jDCEmzuclv8DFl7`_)tnVXtOuhh5OC(urMqW;0n0`bP+W$~gF07o1X$?#<3W1ro<^ z`Vw0`Y58D{<4<4)cPakkH!@_U$lw1eN78*OW&$*m_G3zP3&%q59W(Yrd z^X16_0I!1v0PJa4%(da%Lh>Vl&-$SO*l}~N77fGS#qURRjUiUiX#{JtHlx7$6rC`H zfcpu90Eh({B2-RJM`3!biq2BN77UFQieKQ}1dpbij$p&o>#I{rfB-lOlg`>6r4I?& z_fq))iah-#0I*^yHzfdprkSl=3(+o5pQXShiV8>k+Wb~r2mgSzJOGILA03NL1sBK; zMsFn>!Pp2y1cP&6$>f}Yb*R-li;D;>M*`Vq#3RTNdSxC^1=AD^Sm2eSxK6EGn#^Y~ zHnw;tY(2I;bZ9026!;qr`0+agSL4of{ZRV*;4cwyeD!#e_%{Gx|7!riO9{YBkqV$E zgq{^JCd~8MAenDcTR{ZUG~mc~@$ETt%w`pLCqxpqL1APZTt{R6ahe3F^@aJc9DvkCb zt~&s$DAq<6%#|GNb(?&%plLn@8bwv-U+(Fsz}DVMn96(-Z22RE;GEeHw(cu30`x8V z0_!l}#%rSPfOYgfqm09N@YNF=|A$Sro}C&Qr~4o@)KZkEfbuLwVbbVFS6jjBY{ebp ztRZ9?(G)1V(d0wW0D#v(Zv)VgmtD_gFbt;5J_XHZiiYgNjbjr*9FM<@YJNq-2Pn8+ zFvzFf+_8d4-~mG`2sVG@z7Dd5P99PIiixS2M=y_uWLTkRQe=qgr*u2M{3|p-T5*AS zNo22(epng+$mqzmT2%3)@p}45Sf(s-qbVQ|oJP^%oXwe31(EN=6q|B#kk8)?QBl_? z4fy$y(YA8Ohko(Hq7dL`X*THhNdV&PXzhiHLbm-90Hnb_nLn->A?MWAjuim^{PI{0 z0Avz?tFf^WveU<*@X6OHPn}VT2FT4D_lI}%etd}PA8OStxI!OfYssMj0I!KI0Z8P# z<^U{yGmk(I=IP*-4>>7J6pFng8W*Gtj{X2efSiWwF|wo}sSmjl`(^qMx#%xaIbA(K z^E(-Ag&?d+zuG^Y>qF%cPpg=P3;UR6Kno z%omZ*;Z~TcfC4~&@Th1CnH9i7{*OhX+DITj9Wia8tF1PwAO_l@Zo-(xkTVvW&(~wb zDwy4CGc=0IQLS^&q69#M;BpQ{P7F`R<$e5q`J!yexQ?qdwE+NS!>0KE*ua8CnBG(iAVQfG$AX}G@m zC`he^02qdOJ8{iS);2V<$fwTP{nHEEBPas2U*wK|ysKqDjUOjFdl@Kzq;`g8J$?}V z;gSTP{lp@Zc*w8i@7FfDoPn;dXt995zh;5ue&6I-ie{EDtPsds6&liA2|%)X z4(=z)+~%sO9#^vp6pP7RQO+igP~zuPWPa}>D1LK~3qk9cFJ{3tj6q;r76el{IaM-< zx4u09U_WaBz^(wM^7ev;loW7U|HKzwIBuC-B5Z#qfUp7|TE4m`*S8?o5vGP?ermp& zb+(B@L9@WZR9l5drwPWWM9?bUWMKonY6>9_G>Tu)|GVuePN%}*(Z$hGtOT^4s2o0b zqFkKLYMRnl0F=7`g}zs%F;B&hx;jjoL>ghjepw69*eW4tj+0Cjt^}v1rec9`bU$O` zxM3l9y7F_)H-Tk<;rshJo$AW#Wp<_!#+so|u#Tk>r-@<4)mCy^<|Kg6EPS@h0wdX= zYVvhf8KqpC;f?1@9g{)$$)=+Qy z1G=_mSme_lc`$vtu4$T8O&Hw`_S{a?tZXW4?VrUv?oHSV61jNxDxb$zj^|4uIv4nZ zQ2yZL@wx5kiIt0)BP+GBj(uPy({u`N>q~{%SJ7zHYP3s?bsSBMz2?hQ%F};hYAJ`^ zfbIG@s%jVjyn%?9v1B51c9=;N?M`(`8`<>s<9kio%&YUB7lK`^w+m+{59V}=)16Jj z+`y*A!)7KI(Yr2-0@2|THWQwqko7z#Odg3pxmP$@F50~3Lc>+#{BiR+HZls{v!3x1 z0U!Lx9+Cj;GH~)wKl#cv(9eGMhd=z`XIBgV0DT9g?lR}dD}^X~f8qbLe)E$zaKM!s zI04c`?q;rXc6RUL1vS;4&2wodLz{W+t`QR;D8!44!uL@)hZ4wbUK|Q}-L|Qr;>Ag` zy^~Z`+18{h0#7eJ{?YTolRZN?UV%6g#?#xGwx=J(xNV0F9rywODO{E{V+$dz?{7%_ zIA0J<+q&D%g#t6ig&~Aa3$%KEr(Ec|VUVFc*)7U?g-}Yi6{6=(Avh4H+vJYmAkiyd zLP3g1`t|<5GcvQa=NN8C>LT#7ckkZ)e820bKYdpj3hD9AC;#EcU%lfP6yxOoM}7Hj zSDzgk0Pw9LtB?)rmY%IJMRvBS8WDKPp@z5wV8_i09x<}15yIRiF#jN7qg8X9GThxE zhYNuNhEO@3Ei0WE$aLZ9L&?089HA}&kSf(-9mL-;+CnB2y=nyADBy!AM3b~4hDzW$ zoadN)TSJq#x=%Xap^QG^DEir{fLnJbZ{6)&0rZgP;B1tUg*Hm$HJ$V6Xy+tby*)HzW85-$Cd^>nGvc3#n*KtJ#8-fMn+(dVAG5q8JSVpXA1<9{=#2(|r0u|A+$m`zDE8 zJpoK0n?py`06r1mBmm{Jt_mUAIA5>aMix0$_kmyLs@{9XfBYKUcFFmf23f3Gwi)*1?;x}6JqL*@s#L}A0x^!Y7C(@E` z$Jge1l}f!@Q{Oy4KQ9?DeR0#)A*{QEnUUi54q4oC;b4=x;Cec_hnq*ZyZalmai6`2 ze%m1+W7ijexAAXss8ve7X(1MbBmjwtW-CdB#Jo#Ts&7iiDE#OGgCC7auj zuBy6lOs>!@iK zzjnU8y=DvCq!<6-R((c5<`FMWYSZw}rUx9CpPkG(z~jlsXN|^IWBT!$?V*qk5+Yfj zUa?MRYl#RzC55-=WTm#d(m482V$&mf?^LDAH)mI7r!zU*;}(x#3d@~oj*AD+w^G@x zwU97$iY0{rRE@-0ZELIX%@eH5>54_RpFiAR*`2OL%-hT>!@+9{K&VyPIefkQ`qLl3 z>2_7I-Nror^l)L}to`FOz}P$TICJ*;H?Ke4c>_p(Q~+dM4Z6U8XYbs8)5z{Pj?M`d z<6(wj21a8PKp?K(auo;&7;G$T$2ZxQ?>AYNY*{NsY3zq6a;%N2B-^KzQfVL3_N7wZ z`qDqK-`^RqiS13AwA*e8-)3oYa%M=*y}x5F&K~6fDYo_G{ncryf*V#!d(+bwVMSvC zJ-u;sx!!I!voSJE;O1waI)&OS@8SmbO?5m_fn;A zmzID-h^hcJ&!Zj*z3a!Env{1zi9QT#_IrkF@m8+rj}~_UwO=EmDY>dxZa@6_=QA24 zcg6JQC&wWiZH!v!L!B`u;d&#SZRb=K)U5NLpM)LVgrsZPElX8puWEu^i`bwS2MT?A z4%o?8%-tV;_+j@?rw1J>pq22>)ZhQ~!}s5Rzq_@U5(bD@gYn0y*+0d8`2L68pXRC~ z|5yGuG{8P_HrYB3seXUd?*}NUaI&G%C{@$90dE=i?y4(0hifpp>*;ju+0Q>epS7lGnNLS*Ev+)lkUq z7%0KpmFka0IhJ%2d!-R6WeDF)G=x<;3Kx@szi*Yf-Jq{Zxgyy2J~s+ayM-OVPyH^S zBv5uzM_@>^v`YSIB!nB{zQu_P(So84In!UBe|X}!9u{-H37>UQRoNeTPWCBqtcxn4 z5WJpHVI7Dv3FWoaoEde2u|MvbiBzfvyiZJxe~Si45pM_S31nE^AHaugrnlZi2DpBk=Unj|YkoaF7B1IOB2+782h+wPqY_Sp>rwANMvU=9SK%jHFJ1Hz}6ncc5{0j;c7;{xr-9`-`MwZ zZVrW{gTL>hl;n2j7QXxLH}TiL+XVEJk0mS*`lb)SU5isr*||v6_h{_VxO=zoG*zQg zq~A%;c)i4P!U%3+LlTe?2z_lYVom}6+?`xkszm4x zpUc6h06rjc1fnpG_T%MQf?Oei0BZURrx}F|Fx3uuWinOIxI3CY(y+yvfZR_Gvw!`Y zwc4D^UQia(Ac*?gJ2~0LVYvvNuh51jt!@^RNR&i8EuYn%X9yr!=IS^E_k$jL)y8Gn zpsB_?`br1}HF*O^*!j|0x_9!E&6&Tfm!T6QUhXWsX{2Y|C&Bpx72gBqsx=l;4? z-2MBX=Pq7p_JLRM=)9-~_Oad949=Y>&PLEv5x>Z}QpR5U)w5|!7D6w!F3&g@lq+13PU^KwmSd&2Keyb)EC@xN#evRiosS% zV^l)vCmJCC`2gjN`oW$HiyUq><>Euck4}V%shy3k0dA%}<369qmBh%3&{v8`D#ub! ztyt_45Ys!`3S|$50Uo9)9}i)s1r1N@8eoXPb&kOk-VJ7G{IPFlCqL4iE?B!tQ(Omh zAK{xP@|;V-PM-lH)4;xfS0Pzj=<#Eeh>u3ADg`)4p;x3?LB%n*db-AF7c^I<-IRKm;(O1o8HgYIN2KV?|2^x#4%+$i@*SB+w<=qu=tLOjwYuu z{z5wkK#o2VV`Yqham$sRCmP*S=`(+D7qmBQDpdl~ zh6;NJd7C=}|Ex}^vd>Na`8aCrY`_2|9;6{~k_^y|x7uQ!i6{TQ06^JemzSP2;lMeD zz+dWspLeT%E3kiVU;R<{#OG)ASqHo+?5}-u(Or+|zkp9I$r$PO4DjGP;^TDwyekUE zVRbR}#}tYf)8=T3T!v5)L*U_ou{NmPS_Z#34fN)pT z-^vp+ez{?8Qcr~#OEr%}@~(@X@C(YnLv9t&v^Dg#zcnvhnjj=73vGFf`Y#O7 zGh-r$x9EdTRx71dpFdLRFhN7X<&;#@8hGEBFEaw-haD~HUu zy^c&fms623|c>_MoQBMT!VB35i-X%U!+Cf&h+`)DZ}V)j6tugtoXd53yphbW)Et-8$)(d>&L1!abQSY zXcphVB8cBFQv|54&V}t&6n%EaHRc{f19URO*nE5bn)VEdW57;_p--QzcquJ#6j?d8 z@d{uR!JT5k9aFGaE-6&RHkg10PW}p3%;8nCmEH?;;fmS@k|=xWq0G#@J<<(ffcRh? z{pE+Z^BwvgA&JJ-emoUgaYt5CNd()Ng9y1Wl6!=dAW!p(JuRtc-{Mt=44z1oL>qHH zmebZJd+Z=-1e1W2q?x8#t=YI@LjyWlQ^f?J7o(xw=7Alzj$lb1UKzvaIJS$Z5X1Z5 zd{Yb^?;eRh6s%=R$Hx=%jP=gk*S1^dMT!>WsAW!PY`22~5{Anko@s~(B@yarO8hBp z?S(v{^ihWK>+>C(=DAr%uk6J?;lqsRM5B>DM@B#LMoP(^8u;5m)=GSevGtp%{XO$zRv;KuPFNqehZ>Mhob*^D;M&=P}SA_1&#aOY|AdrRSBtrjDu+V39}f(}__Fxxt15lHh9Tdl3=mx?Sc|{@Fjc!TK!>(n!IY6) zEauD-5#6s(u1On*@6QNZB8iI;mn7B;GcWKDq|lyA5vUzvoW^$3A6|wHsmExN;DC!u z=)SO2VBT>nu@U&x+06?0&mn~%+UTo7MNTPhv{O@ zZ2}hKQf5Ap$gk-NyFpK5FU)*?A^$4O1R4bUm{>v-Ee;feEK(J$5O-SYbOpZN0; zb&>Zj<9HUS`6uy|W-$BK0&2!4=Qp2kO!AS3y^8qI!t?Qke7R$cDAx|v?^FWI^9wU@ zz2CXjLihbu?2mu774Lg#4Wqx$NWALA314fB!-sJ|ms-jH>IIe+uom$h&dFuTdw+)o~CdY^27(_`T%wp68J=(^oC{(y4 zpwC@VW;lrVfwifvxFUR@k1K|&7^D$lt7m{@cJ{4^EoO6S#hQ~qYcbo1QAw0b9745z z^ggcULLl~h$^e~TX@I29R{V7gkUl?afTS)xmRgW2nE4~P5qI{n6>W3mbP2U%7iCT} zfB2t>q=hH;-}1H--D}X$=M7Nkvn|+ffTY`xZoq&e|49V`oKrvRGpoR;-~du^qM@`$ z{}Vn4iC>QP;oKpH4u`{8kmzXl#S@~F3eOX@@Piy;V2RKiy(r-5w;PB|iQh!g6kKys z7Z2g=K9L)&ptB#WNEcICKb`01WyE?02+_LBsLhm?#JAZFh%##YKAY)Y@d+}c^XqjR z&?VDO{4IxgNf>{ge80rr00Yk9HWk5`m93J|Kjtj)w@`Heu_ee-}uGCd&hI^ z9^>s9&X;@xWWQs&#PVLbc>Rn2d+^Bt<*)BI{onohfvpqPKGf%Ahh<%C@l6~^t76pS z9R1=#y}sJ-Y(o9f&hOFTp}tzEMzd3nTbHBG0BW=gmc4GS-$Q5t3YFo0{AS9P;lzDVDDai$$!K(^fQ`H6xR=GFbEGLnk?&kCpaH)4i95Wf5S>Bqx^fEeH@tu zfskeF#sE>G2vGM36*_OG3l$~U9~UwjQQ!RA@6BKcAazjEC?x$F1GLe>>{m6wUYN1V76Z&50<4{uqEBeL}#AM;ahlBZ+aysmZRE=Lx6u=QD|KqOrNrUk zvt^y%5Tai#pDj;LF27n{1CGCE5K>_N*-^c|P?dOpx{qHRC-8)x zEcbZ_bBMxcc{JRB&R2iCdLVYE#TpuSM~TQ0Y2 zPF&5`80(qcRMT9FoWI?#S9y17*Vvrc`e{pOcE3)53Ma$Rxjffi%BeZCvS2^d-gN$N z$N>M>9?4Tj>n5JiPV;%@W?3E$mrfVbTa`q3=zoJH#QdDkpKj%Hxux~14V_YgP`9k< ziI;CzO>6|5+t&C^1Q(3guU;M^B}FfVu;a46B-Otf?CR6ki>;leLvAl9wqCbtUIgvZ<#!Pf z!+=a5lhwrqX}GL9NOCgcps7YZ;{+Z-qKX4yY)pIdIucSnghrDKmvnMUFiP@mi;n&J zXBt0N4Q`_YH`D&8FAD#3%b|+Sg#mIsYZg3XI4bT3K7%n~2jS^eYd0oC#T?$GWPp+p zZmKfQ96JV3lWVEJEUj$)MPHi~TcJm}^4tVHHueMM3MsBm>jG5|MgcKi{62vCic51C z83!FaGrdZHF%ayNNy~gLNlrSFdbJ{hyMx9ab0Ze%h$jVhG;vcsuCXy0+O4pwbhJ^%qd9)LWt;`K$NKDXCe z+`!9kXn@z^LfTOp3~q>W1o+K_gA6eEKH?pRPz2=VR(?1J9wa$|{q)Hepn zkvT5F0QymySZmR!Olip`65{AR07P@E7}hxkPDZ%(1_S;X%Zi-8Bm+b${_@lFnULR0 z){HUrP@9P9aR>_|}vMH$@GC?j2jKErrHn#fv+$GOgG^K7MC1;chZ*L8l==$t zRoLHytfY*x0_#`;@lZ(;vQC~*>ks|!V*{*Z(~lo}5DnndC7TJ(7~^`W;d=}qKJxp) z0Ne4Q0S=O!Y^~LZx`Z&fcidX0U_*;PB?E*hLTcf(Do*tq6ahw2S*GkgDMJ__+g$Z0 zDNhBuVSx+~^YS&#Hb5}MWzhjKF+~R0kfEZC@39saG(jKcin6dI%Z|a*gFp~zjE+y@ zdN2?aC5rwJQ-%My1a!F30)K^;HVz}v7iUu%DB@ zq}6=o80wCA!VC!vIu?(1)rq*Bj(IBQ^AIPWo|{^EH8jA164MUfz^tG#Sw>oTy&rX7Gdjl^5kD{|dN z8%T@E=`dv=VMccSlt{)UtJdtcU^LMnTA5o>9Rnx&%Z-#@pTC}`zo^LI%dy^M6=T$q zl5W|~R_S!og0JflvUkwb+(aVC$ilS5mgRFpcm-MQJldaeMX#H=BHGmJOUh~`Wiavh zj?y!#KPnP%7FuDH*#?NUX5oOcRUuO(%oApCJ@7wBUaE&3L){VPg9;(MV8mu2b53k| z0fDR;!t0%c!uoI@%z%kMd0p@WXipgMnRY_wL{Z`wCo6anQvL~lXeVxPaco0-_F=~N z*p0Q_A!R2fWsuN+g& zqYSsqQimg?B&VJWsr7A;>^ZW8}xf*jK|XMUe#~}usenaj!Zudx{^_A z5#7rcAjBB3(w>(PR?HpLPJri^mWt$nz;sV6=z`b8`P#cT77W!j{-Q7&=c0%ihghvb zV}}qM9=9|m3YGj;4uZg`QdY%6wiN}KBizf8hLqw;VO zc)%2#Ozbqo#8h;~%<7UP9(ropw6HjAzX>y-I*}y3e)7VH6_3Wr1qFq+0lra-ehXbK zR5+#xgv5<vFvXBU3-u6F8N?e-hdxV-8oM??uIST_fs+{a3UU~I2yrHHS~xL{Tb@p(t~)2! z1L1Hc2!%7m7PM+;=EJUsNj`z4M7A6?E?rWaBjgW0R(jMd7C>6b4{bDNo( zW2k|WeeiTSTdM4r>V$vpQZyt*&mT5t(X9>?aq`zG7)o3VFK=&Gb%can&H-UeGP)ED zPlf~GVBeuRtsIZX*Yt&7Iw^mK>}n z2i0R#Q$i^oQz{c2GU9$wg!ItYQej=I)dV;UvY*=I#q+b0=t<)PoU&mzzE1=!L$EE@ zq57W$jbH@z9`V7jpf%eaj>%oc>6FaCh%;ACCQ=kRSdxG{Ad>mVpGw&2D}EQ4bOH`@uxFedD6^ zZ1jZt43H#DuaEKkl_TuiVpRU^njqt>n^QR;^=e=z*D)oaxyHHd6_0*5qCjE<) zsG$LVa^(slCU7qs6+TFI-YI+xBfvq_XgAASp8jX%>Lx)Q|unj9lv9HANMuNwT_ClPlSOzhqZ4wpp$_2iECk958JzG zyAdEE=hh~dmxFi+H+kVe$q#2HGa9>DQ0XN{95EPlz2T4raB*0=)rvt(w}vOBdpbEZ zG{8?R-jDXbZm!G4e?tQtP@%U>PKG(}cdK9kU1&1MZAa^^j0Bg<$9R0S2n)88RzYFp}U~;m&j7;nO&IwBx#8u$?a$PWv1@}s`S()C@IeDMG;GT&e zwf1K#M^7eEO>{GED4G0R>t(AnRhAeN@%e+vv$JwJ1%!4glS(b0f!7J)0jxc5y>3@Z z^|J?zQ5jt?m7ldPFI!iMHO|>^*f!KqzbM8s`E2FK*~(#FSBRc23i;ZTqf>O%`a#EF zPJ4n$lB%0~O=xOa>&1M$rlsnY{q{ubd5Q>GcK>C(eDUt-)1O;YsbD~42q7AZHea8< zyll?J!y?xlvwQjhEWt6@5>s^Kb>V0GOR8E_t;OssO~lZgX;qNwt( zo7;*stWd$+uV)z9C&!VU4<{$)iD{ZkON%G3pEww9%J^Buq#c`))u$K1hqeJSZKGvc z*z;USx8llRrkx*ZsQ-w#0@C_QQI4vs6LW+a7I`9gxn$-D-<;c;(rbj-M46N?nHHU6 zFq;WoVGfDI|IpV~Bd8fcU(+=^H84Zrn@GBFd~7!3!EOM^!_O{FN^_B($Q~#*dYbXf zR2x|?9D}U~B*ND(>_mz#AR>y^(sY#zuQM`prn>8sWmo9bF0FLqdJkZRWm-9gR3^mkH_e!ei z*+mO|Dh8%{dQb13|Eab>?{m8V$|^2Rg@Y8Au-bepO)yV%%fkACFhCAU^wWq9?|f0% zk86CCj{Vo3y*@`@brbpTX}reidsy(<#7f8us1OVkPRlW3W=x-2REq;igSq2?Xs-N3 zL{1WRB387_y6zOQ-og%1X2r4J1u%P8!`kYbST|KuO#$c888_X z5j}e5_+6$ZQLHzAxgw809!Fo535j1rw8D(-{Rq16z#CvUsat(j1?A73jLAUqU8Yz- z;%GqR6o3IHL8+1>(_t7OGcrvJuNvC`S=a)j(Sst&3GzBW3;~B4>K7zsju1k`NMmDO>qi1TGhVHzMRYVWJGZ=& z?Qp7@pDlPFKO&8Lj!!Oh6!KbpJ%au#%b*8(RC5!t3LG%;x?#y)2mp=a^*Cj~WtrzE zBF_&Qpt=H@6D?(e@YMJw43M@f^KfOw?*aD;8jD5O=Q$Z*YCr8ot`3=A7>KOPG&2Z5 zjtJ{0)j$-{-Wt$X5FU#~xkHlbc}p3wSA~Iz2A&6$ZNaU`Y7ZGV^!k!oOu8Z1ZR2DC z)38GgHPk(lq_t)w>hdL#eFq_+HEV;Ow`VPI>ktCQ#$bRYnucdUvWI|aDsf3=scWTX}^Dci)Tw(vBCV@1;E+AQ6j2 zKS102+l^wtxAeZlppodl6};H zFt;RZ4Q0mszAD=Wh^X+*p$HWb78bl7w;PZ^fS%C-$pE#)+d>h^k3<>;>tq3tL5T&A z-dek=jQ)>`5lVnd$eC$VmA&q7!2mG??rfSN*uR(Z3V3s;8DW5UTcBAf)d$)oozy}o4z&rZ&wskb*N&j_Jq=bwDNx!`a1^kRNeQVXIzMY@k~3V9z{{SgMsvFaG0?3g_b6 z4@x_Q#sDTox-D_cn$@b=HqhIb;`nG@jXXBHUVH7;X4SQ2RE&*eV_R65VuKCBfFX#WK%k~5LQ2$2lmG`5L8Tr@ zdd?w-^j4{VK>x(PH*51F{h?Mp6xZ()iPB*ilbt6|nk#pX zO?i8>TQf5|I9Rr1NN8V)^k03z=hzu%v6NrEISc2XUL6)@oEMj+UENSgNQvUpi>s%F zf^)cpr5;74J_xaU@$tnw=l%7E$%G9a4GOSo#~)w37b5~l>tMg#-k;1^H@PIGQ7rFY zlyV0NpA@M9(oS@7=H`I{J@y4b1*3ZPoxE`bl5G}Ly<93?# z0y~EJYsgh!TF7-1^C0A{AK}~0+{I}(0kkeTP&VyOwoC2Jx`8uquy%9!na6_jMH@ga1!YyWPfU8VC@D_Bu0ts-hT+l5l`l{4{4#!S$d5^NI4sjbuBwuuYV!+*2OK`v4k)mf|7zCh@LbAV; zVg4pmsnORv0Ne|+0XGk7a2tSn>gNFn;;$G4ATlBW7~DIl-xW~U-Fiy3!2kdw?=}HJ zqTCNhga&8#Yjj(IwCP16+_c*BEz2+r+g6`>&OmVkOon;LMCd_Ij>5+@5}|@vTHBMk z{k?8R^j9rB`bO3EHgl&nA0$l+0JS@Lk(=!L&=0@}qOddi@j@=2FaThXb4F&nytz*{ zTZr8M1?F-6$1o3>kPudDFDL&0=wyQoZrUsCI7chr`4Xfcl)t;M^y108_aBe9Ef4`x zZLb_Tg@V&8?OJ%T?iwfjgSi(^&d%OBvnbOErh=6y<4oLIIJcPqalcOspMhhT2TO?h zoFFr!1B`ec7~3n3IgXAN_w3^`V}aWj>wy#97o1}T?WXzoe+gU5x0)fQ-R(7KLRWga%n5|QVFA*bx{wP`e_{;U)mx5uK z2TBOFCj}GrC}I?V)lDZIB|$+Ioe<>M31k!~Eu~ZWh|M(rv2N+;}n>CgL+kUE2Gn^skn&#L?MxcT7q#vOVY-=Ha4u z|N5I-n17=ZfQgl}PBeybg-$Fpd$bM8QxXfnC=teX0ny5wZj}Vx%b9N|*3ch~p6!*4 z6jB)VBeyz1{%lk?Mo;GGh#{y=CxynRr_}TS=K2Xbbs&^pN35PNAnUoQyUuQL+Pukt<*T(#%+x3djWQUynfI(=S+AryH)D zJ*oq524t8A1_dC<)`yvBIR5|d3a5e0r?Ye_hLEh(e1=v(0K0Y*fL~8z0M-p56dW`g z)hSA~>FF3*Y9;2{e0{DO4QtbLI2NzW89@L#DO^=ahBr{C-*|@s=qb;WiMg}R+jOdv zN;R%`<(oHxVVH*nAlo0XP>FssA_15wq(j z`qGX$kqq7eMj!VQQg;>p9zD+p>QCclrDOvI;6XD@Lhe{>BNp$xIJLk-_oAFHm)2j- zG_pUgKfmzA8?FEu=Ai*drsSaccvLDtwMVM@jpP)r`Bs1K_d8GIwy*?5)3$zw%_*Rn z*wrJO(v6OiN%z^NAv`=1r#27Wz;quo8_k*xh>_{xL>++B(ZbRXDmZcMgF%ZRFDPS$ z7?G1U3^Pmsaj=**%@GMe0hwdRjp+!B&aBi85=`{<*;TCfQttcjixAA*{q(+Jrf`2t zwThy98$f9N{bN*jBQf_d2fB9wHKwoN4UC1SQ*JZo>m^@WTv2xB`j=n2lJ`P0%mam* zg}0kK?#Kin{BXSG>g~;sdvz^})t2b>pLbl>OrIRC)THo8@h9MiPuE$uTCMJEEz|*& zR>l~{{xj2j`_?QRO&TKbi`mBHoYQbqDYLLlM?nakmUiaT^~djcBQ(Q2RLBffJa1;R zt{4fFvJ&O>#pUJZ>?Y=)wqsEf%;ILRdDuLf&1E1ky?7B}WnQfuJzHE{$z|px;CsC{ z_$E)T=G!mV)_RjggO+x+sLU|xZTu^j*IuG$8wU{(h_C!sYa~RA3^T;|d(U4t#Yo@@ z1(ug-A>?lHR9^>S8<|>dyPhz>Bl}e#MwQU2*Xym84|o*-CSZgNSwNcTu`v)D{eO6Q z9+{u_MF42WAg_Ed%!B6(;rp#^F%sybzgm710swM|^#QPLkO0&=g;J6JtA~N)+X1A5 z#uzoC91V$eZ~ppF4v|6AGbt_}d)=7V9Fp+t9< zk|IENM0rD^Qwb7u<@cE`J0kQDT@xY#e?A8w!!SdLl0vjRrFScbaA6}vEm0&GMk1p? zVwHCzPYp@%akXS1)7JqA5+LJyfbiok!!W~z0_%tKPghr;a$O}Q1>l=E5j?n--(UIu z>eG2`{?63I_UY`^)ra$%PcwDpC?V4=tt`!!_A-_MAQ*;Wh6gapbIwVplP)w%d0Pr9 z|01GTYC1daNyoX&6|H`QORLyEdXjB4vd-nCB`5&D5K`tB)@DrC-8oz;84F%0vdp>2G%%StpnF*P+YF`jbTt5OOjjPi0iK8`ZLSiD+& zw&z7C0IkhuW<0#Hu`wPtE3YR(3ZV>R0fo|!9zFVMe5&d$)i?kdh8Y$x*8KBA1;x!% zD7JqTPNU^dg0vI8nRqO`F^=NDiD+SVm-Yk7V$V&7ryo7SRv)R3Q?f8A!7k37p!*L& znU?7+c!C3vVVI#|7ww0nIMq%+bGd9w`Q=!Cu@b`o44lsHQ6A7zT=az}01O`-WJOdXWWlh=8v7f_lm=3g@W=xcQUxl0+rFbp#+$l`1v9iugnB=#`s zTp!o~UykiARZs^VcurI9QqUABf0<3krf~>cAen{BqVxoy{JBCCQ2;$XZDwC`05S|S z6odpK)q>ObCQO#+xLG*+ep?zcBooK)&8UvLjZ~*lN?2N+KYNy%p2nQSB@grcb4%iw zU0gb;M8Bf8AhA@#Xn3% zImeA|B$KJs$>BvY2tesyJgubSQDo-m)RIAd7E6!Kcq|#l`tkMTDj$Yp7-lHwSAh0v zd2XvhJzpgC5+j{@rXFNP?Ha!g85Qf`OSs(^-^xv z5(9jD_1pG(Z)JTyZ*l%H3^QcNFQsLvgzC2giRfsQQi8G!MT+QKz%Z2W-_yR3F9xqp z7y!Ot7={@#Fz*0_5}rrjYsm}X7kUx~CGG*>i4fsM?p`k?tDhN$8CF#PWZb=7(w`mX z@F*Y!DN%3j(1PaS5I!|?zYm6ChLcF}m2~(wVrVi$-|LqgWL}Vfg8&Q!`ZyNi0Av_u zD53X#03agBjs00j`axfJPd|tR0f>b3%s~ecoIrAD?)kFwAfPzOpitz2(Qw;aa}=y3%=CDuO2%hGB*P9e~zqap7k(oWx_l@rjwa`l=;DAnp1rD)D1+v|*7a ze^pX9bfdm#j>lqJ5@R;|0f>W*6q*BL;dIA&?tLl#19<---zL6I%x~=7O-~a+90u^o z{JUnRv#;H5vox|z8(UkFB5i0WT8csd3zbj;0)obvXuKHTP6iJilz1}n;K92ez>nxm z>+989H_tC&S*ATdnPq05`JVtR`p&}9HJxbJuiHYX!hFtQmKFN7;XS2C#bC~RquXHg zcP(X54?TS}TW~6TjSfzSq8D%*%DKznOU6Bmmcr zLzW>&KR^dUbO37c(6ppd7~Vf>2O?k5A!q{dHVR>j*#qm6LAjSiZd`a$UFLF@NzSRWcv6maFkTy;c6=Itk=NgTYc(2s z`LtR_=ClKY*`ZgE@) zGr@`cT&dpaZv1II;GAF9JqVXB>))2eCM?quy?t1FdAKh_$p8SRgATy#&ob2UQAp!^ zV=_QG@50Ocuc}ka;y-Wx=}I*TN`xi^0GKY>pT9B&(}+yYP2!Nu-S`6lfD|GriDdSl zkQ?9Yp-K870RbST_;|W!aYi(LuKg2s7Uz62AG8pF0FXjiW@$|NGFS4)fBt$f=G@O| zK5>-Y13)U7#Sc!U+Qa_R;=F0KCxg!#J&3yonO4%$?Zegk52CiFp z|9YQu&NPzE+IgX@U7WovVRs7vq*1ZxJGGT-=Cxnt_CA=CKC(<}r>>~rid%kv zqr?CJQi%NHtyr1nm-fAOR2Wb9h&C41Vm+jUt=vavheaIq0RSmP&U_(J!ql9)$}KN- ziAhP#^@cLU+(5XE#S$?rg8)G4Q0eol&B)8=D}fHY^2#yEq71v|@y`I98w5#z7t0_3 zkU~^?`>GXrIsrXlo1RlnL}C3bZvP3uwJu>D1OU>9n(ME6Isk=ci}>h%NQ}bHdGFT@ za4v}ZUCaOhAcaW2e%w<+H#*xQU%9iCyTmOU3K2DKmk@vekVgLQYS|To zynV%1?$M4zmSvG#*osZhbABM)*7F4)0SEwTM6z}kM?wqS;jNrAu7DwbXJs#LN0lIH zynpRu5f}hciDX;KH|FOb z*1Aq8r5x8hv(Rbotgo-%*y;LM0S17SGS$yMX^e#-$yqrWq%d@RM>-S|%c2eo0MbfI zHbKU(L(_>k{W?DwlRyASsp2I3Bpb_QO+kLPs4x2FMJ9_0AONIRcKq{O#+(-SVzTVP zrA|RK;sZd6S=?fl^(z347drkZB*)aFq7feeQj6s5&3A`S-<2eB^WVQ0mY((T<>h95 z;jpu>#}I%3kW$iV)>cn0E)M!P>LKSk0AIYwW|r%>mR3#*2j{hYUt%9L0HjccF`kpnKZ06+?5vwU{G;0mph&&O-k4Q_G9!se4b zrNm(11?@YhU52B90U&)coDL6qK~QO5jVgA~xSivi7%kTdktgP^4?O+J@byguAONIK zhRr@~B;K6J3n6CgWUC%>;+L9FV$Tx;A@o)4^=~pPgaAPLSU2CALg;~~qt3S7;lelo z>uZ~y88iu~;*|~>p#dO;tliaC;=PH2N?zFF&B-_bH|lGxKnPC=+w%hVY}a7`0I9=s z>y0D`gb6_9md|!M5x-RWTy~Wy$)6EXQeG_i3;-Z?xU+N8b8R8=`M@oI`�}Irm>* z#L6}X(dI?X!4oh5q!4XvoQ@Kq15l{=)!V1Dj7$RVes0AoKO;Qv&7*$DK_xx_q!3*S z>!*d58$_=A;mcu>WzE~boNuodRQ_ruiARgujzjb?^iX0I5WbE?sg;$JOdWx9CsGu=JI4?lUs&imc>V=|6tmbY zIrQr|kgT~7w=Bka=wJsRz>oIsAO(RKhQjcpX@v|3rS1yiN^v!~^a6rM5ZrhN7oNr2 zY7v|}wEqXWLI{Mspm*+)YMqp%R`v@9l+*tJjA40x8PsB-xc~+*j_FHHR7^1@0YK+$ zvo0mO`Sc$Gg9WM95L^ { + it('renders', () => { + const wrapper = shallow(); + + expect(wrapper.find(SetupGuideLayout)).toHaveLength(1); + expect(wrapper.find(SetPageChrome)).toHaveLength(1); + }); +}); diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/setup_guide/setup_guide.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/setup_guide/setup_guide.tsx new file mode 100644 index 0000000000000..fcb3b399c75b0 --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/components/setup_guide/setup_guide.tsx @@ -0,0 +1,62 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React from 'react'; +import { EuiSpacer, EuiTitle, EuiText } from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n/react'; +import { i18n } from '@kbn/i18n'; + +import { ENTERPRISE_SEARCH_PLUGIN } from '../../../../../common/constants'; +import { SetupGuide as SetupGuideLayout } from '../../../shared/setup_guide'; +import { SetEnterpriseSearchChrome as SetPageChrome } from '../../../shared/kibana_chrome'; +import { SendEnterpriseSearchTelemetry as SendTelemetry } from '../../../shared/telemetry'; +import GettingStarted from './assets/getting_started.png'; + +export const SetupGuide: React.FC = () => ( + + + + + + {i18n.translate('xpack.enterpriseSearch.enterpriseSearch.setupGuide.videoAlt', + + + +

    + +

    +     + + +

    + +

    +     + +); diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/index.test.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/index.test.tsx index b2918dac086f6..2c0902163e3d6 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/index.test.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/index.test.tsx @@ -4,7 +4,9 @@ * you may not use this file except in compliance with the Elastic License. */ -import React from 'react'; +import '../__mocks__/shallow_usecontext.mock'; + +import React, { useContext } from 'react'; import { shallow } from 'enzyme'; import { EuiPage } from '@elastic/eui'; @@ -12,54 +14,31 @@ import '../__mocks__/kea.mock'; import { useValues } from 'kea'; import { EnterpriseSearch } from './'; +import { SetupGuide } from './components/setup_guide'; import { ErrorConnecting } from './components/error_connecting'; -import { ProductCard } from './components/product_card'; +import { ProductSelector } from './components/product_selector'; describe('EnterpriseSearch', () => { beforeEach(() => { (useValues as jest.Mock).mockReturnValue({ errorConnecting: false }); + (useContext as jest.Mock).mockImplementationOnce(() => ({ config: { host: 'localhost' } })); }); - it('renders the overview page and product cards', () => { - const wrapper = shallow( - - ); + it('renders the Setup Guide and Product Selector', () => { + const wrapper = shallow(); - expect(wrapper.find(EuiPage).hasClass('enterpriseSearchOverview')).toBe(true); - expect(wrapper.find(ProductCard)).toHaveLength(2); + expect(wrapper.find(SetupGuide)).toHaveLength(1); + expect(wrapper.find(ProductSelector)).toHaveLength(1); }); - it('renders the error connecting prompt', () => { + it('renders the error connecting prompt when host is not configured', () => { (useValues as jest.Mock).mockReturnValueOnce({ errorConnecting: true }); + (useContext as jest.Mock).mockImplementationOnce(() => ({ config: { host: '' } })); + const wrapper = shallow(); expect(wrapper.find(ErrorConnecting)).toHaveLength(1); expect(wrapper.find(EuiPage)).toHaveLength(0); - }); - - describe('access checks', () => { - it('does not render the App Search card if the user does not have access to AS', () => { - const wrapper = shallow( - - ); - - expect(wrapper.find(ProductCard)).toHaveLength(1); - expect(wrapper.find(ProductCard).prop('product').ID).toEqual('workplaceSearch'); - }); - - it('does not render the Workplace Search card if the user does not have access to WS', () => { - const wrapper = shallow( - - ); - - expect(wrapper.find(ProductCard)).toHaveLength(1); - expect(wrapper.find(ProductCard).prop('product').ID).toEqual('appSearch'); - }); - - it('does not render any cards if the user does not have access', () => { - const wrapper = shallow(); - - expect(wrapper.find(ProductCard)).toHaveLength(0); - }); + expect(wrapper.find(ProductSelector)).toHaveLength(0); }); }); diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/index.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/index.tsx index 3a3ba02e07058..e2c05434dd0bb 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/index.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/index.tsx @@ -4,81 +4,37 @@ * you may not use this file except in compliance with the Elastic License. */ -import React from 'react'; +import React, { useContext } from 'react'; +import { Route, Switch } from 'react-router-dom'; import { useValues } from 'kea'; -import { - EuiPage, - EuiPageBody, - EuiPageHeader, - EuiPageHeaderSection, - EuiPageContentBody, - EuiFlexGroup, - EuiFlexItem, - EuiSpacer, - EuiTitle, -} from '@elastic/eui'; -import { i18n } from '@kbn/i18n'; +import { KibanaContext, IKibanaContext } from '../index'; import { IInitialAppData } from '../../../common/types'; -import { APP_SEARCH_PLUGIN, WORKPLACE_SEARCH_PLUGIN } from '../../../common/constants'; import { HttpLogic } from '../shared/http'; -import { SetEnterpriseSearchChrome as SetPageChrome } from '../shared/kibana_chrome'; -import { SendEnterpriseSearchTelemetry as SendTelemetry } from '../shared/telemetry'; + +import { ROOT_PATH, SETUP_GUIDE_PATH } from './routes'; import { ErrorConnecting } from './components/error_connecting'; -import { ProductCard } from './components/product_card'; +import { ProductSelector } from './components/product_selector'; +import { SetupGuide } from './components/setup_guide'; -import AppSearchImage from './assets/app_search.png'; -import WorkplaceSearchImage from './assets/workplace_search.png'; import './index.scss'; export const EnterpriseSearch: React.FC = ({ access = {} }) => { const { errorConnecting } = useValues(HttpLogic); - const { hasAppSearchAccess, hasWorkplaceSearchAccess } = access; - - return errorConnecting ? ( - - ) : ( - - - - - - - - -

    - {i18n.translate('xpack.enterpriseSearch.overview.heading', { - defaultMessage: 'Welcome to Elastic Enterprise Search', - })} -

    -     - -

    - {i18n.translate('xpack.enterpriseSearch.overview.subheading', { - defaultMessage: 'Select a product to get started', - })} -

    -     -     -     - - - {hasAppSearchAccess && ( - - - - )} - {hasWorkplaceSearchAccess && ( - - - - )} - - - -     -     + const { config } = useContext(KibanaContext) as IKibanaContext; + + const showErrorConnecting = config.host && errorConnecting; + + return ( + + + + + + {showErrorConnecting ? : } + + ); }; diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search/routes.ts b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/routes.ts new file mode 100644 index 0000000000000..1f9c06e9683ab --- /dev/null +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search/routes.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export const ROOT_PATH = '/'; +export const SETUP_GUIDE_PATH = '/setup_guide'; From d4232c5b028c6b06232c8f43a85c25f312d7911a Mon Sep 17 00:00:00 2001 From: Spencer Date: Wed, 23 Sep 2020 22:40:03 -0700 Subject: [PATCH 009/120] skip security solution tests that are preventing es snapshot promotion (#78366) Co-authored-by: spalger --- .../apis/epm/install_remove_assets.ts | 3 ++- .../apis/epm/update_assets.ts | 3 ++- .../apps/endpoint/endpoint_list.ts | 9 +++++---- .../apis/artifacts/index.ts | 1 + .../security_solution_endpoint_api_int/apis/metadata.ts | 1 + 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/x-pack/test/ingest_manager_api_integration/apis/epm/install_remove_assets.ts b/x-pack/test/ingest_manager_api_integration/apis/epm/install_remove_assets.ts index 198c129b7482f..492af399d5e30 100644 --- a/x-pack/test/ingest_manager_api_integration/apis/epm/install_remove_assets.ts +++ b/x-pack/test/ingest_manager_api_integration/apis/epm/install_remove_assets.ts @@ -29,7 +29,8 @@ export default function (providerContext: FtrProviderContext) { .send({ force: true }); }; - describe('installs and uninstalls all assets', async () => { + // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/72102 + describe.skip('installs and uninstalls all assets', async () => { describe('installs all assets when installing a package for the first time', async () => { skipIfNoDockerRegistry(providerContext); before(async () => { diff --git a/x-pack/test/ingest_manager_api_integration/apis/epm/update_assets.ts b/x-pack/test/ingest_manager_api_integration/apis/epm/update_assets.ts index 9af27f5f98558..8203b4d183871 100644 --- a/x-pack/test/ingest_manager_api_integration/apis/epm/update_assets.ts +++ b/x-pack/test/ingest_manager_api_integration/apis/epm/update_assets.ts @@ -32,7 +32,8 @@ export default function (providerContext: FtrProviderContext) { .send({ force: true }); }; - describe('updates all assets when updating a package to a different version', async () => { + // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/72102 + describe.skip('updates all assets when updating a package to a different version', async () => { skipIfNoDockerRegistry(providerContext); before(async () => { await installPackage(pkgKey); diff --git a/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_list.ts b/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_list.ts index d46171bbaa49f..c9d2b7a21d0da 100644 --- a/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_list.ts +++ b/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_list.ts @@ -65,7 +65,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { ], ]; - describe('endpoint list', function () { + // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/72102 + describe.skip('endpoint list', function () { this.tags('ciGroup7'); const sleep = (ms = 100) => new Promise((resolve) => setTimeout(resolve, ms)); @@ -86,7 +87,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { await testSubjects.exists('emptyPolicyTable'); }); - it.skip('finds data after load and polling', async () => { + it('finds data after load and polling', async () => { await esArchiver.load('endpoint/metadata/destination_index', { useCreate: true }); await pageObjects.endpoint.waitForTableToHaveData('endpointListTable', 1100); const tableData = await pageObjects.endpointPageUtils.tableData('endpointListTable'); @@ -94,7 +95,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { }); }); - describe.skip('when there is data,', () => { + describe('when there is data,', () => { before(async () => { await esArchiver.load('endpoint/metadata/destination_index', { useCreate: true }); await pageObjects.endpoint.navigateToEndpointList(); @@ -212,7 +213,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { }); }); - describe.skip('displays the correct table data for the kql queries', () => { + describe('displays the correct table data for the kql queries', () => { before(async () => { await esArchiver.load('endpoint/metadata/destination_index', { useCreate: true }); await pageObjects.endpoint.navigateToEndpointList(); diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/artifacts/index.ts b/x-pack/test/security_solution_endpoint_api_int/apis/artifacts/index.ts index 6c225dea5430f..5a4053ee6f0a9 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/artifacts/index.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/artifacts/index.ts @@ -18,6 +18,7 @@ export default function (providerContext: FtrProviderContext) { const supertestWithoutAuth = getSupertestWithoutAuth(providerContext); let agentAccessAPIKey: string; + // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/72102 describe.skip('artifact download', () => { before(async () => { await esArchiver.load('endpoint/artifacts/api_feature', { useCreate: true }); diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/metadata.ts b/x-pack/test/security_solution_endpoint_api_int/apis/metadata.ts index d1e98876596e5..2ab12e1ff3aae 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/metadata.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/metadata.ts @@ -23,6 +23,7 @@ export default function ({ getService }: FtrProviderContext) { const esArchiver = getService('esArchiver'); const supertest = getService('supertest'); + // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/72102 describe.skip('test metadata api', () => { describe(`POST ${METADATA_REQUEST_ROUTE} when index is empty`, () => { it('metadata api should return empty result when index is empty', async () => { From 9b1883d51e85ccda89be42e74368d3b9de69866c Mon Sep 17 00:00:00 2001 From: spalger Date: Wed, 23 Sep 2020 23:30:43 -0700 Subject: [PATCH 010/120] skip flaky suite (#78375) --- .../test/security_solution_endpoint/apps/endpoint/resolver.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/test/security_solution_endpoint/apps/endpoint/resolver.ts b/x-pack/test/security_solution_endpoint/apps/endpoint/resolver.ts index 620eab37f9b46..3e9726bf40073 100644 --- a/x-pack/test/security_solution_endpoint/apps/endpoint/resolver.ts +++ b/x-pack/test/security_solution_endpoint/apps/endpoint/resolver.ts @@ -13,7 +13,8 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { const esArchiver = getService('esArchiver'); const queryBar = getService('queryBar'); - describe('Endpoint Event Resolver', function () { + // FLAKY: https://github.com/elastic/kibana/issues/78375 + describe.skip('Endpoint Event Resolver', function () { before(async () => { await esArchiver.load('endpoint/resolver_tree', { useCreate: true }); await pageObjects.hosts.navigateToSecurityHostsPage(); From c02e42ad01d35753e595c89056df56393bc19c2d Mon Sep 17 00:00:00 2001 From: spalger Date: Wed, 23 Sep 2020 23:35:45 -0700 Subject: [PATCH 011/120] skip flaky suite (#78373) --- test/functional/apps/discover/_doc_navigation.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/functional/apps/discover/_doc_navigation.js b/test/functional/apps/discover/_doc_navigation.js index 5ae799f8756c0..31aef96918ffa 100644 --- a/test/functional/apps/discover/_doc_navigation.js +++ b/test/functional/apps/discover/_doc_navigation.js @@ -28,8 +28,8 @@ export default function ({ getService, getPageObjects }) { const esArchiver = getService('esArchiver'); const retry = getService('retry'); - // Flaky: https://github.com/elastic/kibana/issues/71216 - describe('doc link in discover', function contextSize() { + // FLAKY: https://github.com/elastic/kibana/issues/78373 + describe.skip('doc link in discover', function contextSize() { beforeEach(async function () { log.debug('load kibana index with default index pattern'); await esArchiver.loadIfNeeded('discover'); From 477f6a182ed4d4f97b4555c76a73781f788d22a2 Mon Sep 17 00:00:00 2001 From: Shahzad Date: Thu, 24 Sep 2020 09:10:00 +0200 Subject: [PATCH 012/120] [CSM] Fix pie chart legend (#78253) --- .../Charts/VisitorBreakdownChart.tsx | 11 +++- .../app/RumDashboard/RumDashboard.tsx | 18 +++--- .../lib/rum_client/get_page_view_trends.ts | 4 +- .../lib/rum_client/get_visitor_breakdown.ts | 60 ++++++++++++------- 4 files changed, 59 insertions(+), 34 deletions(-) diff --git a/x-pack/plugins/apm/public/components/app/RumDashboard/Charts/VisitorBreakdownChart.tsx b/x-pack/plugins/apm/public/components/app/RumDashboard/Charts/VisitorBreakdownChart.tsx index 34fcf62178711..dea6525d4be5f 100644 --- a/x-pack/plugins/apm/public/components/app/RumDashboard/Charts/VisitorBreakdownChart.tsx +++ b/x-pack/plugins/apm/public/components/app/RumDashboard/Charts/VisitorBreakdownChart.tsx @@ -10,6 +10,7 @@ import { DARK_THEME, Datum, LIGHT_THEME, + PartialTheme, Partition, PartitionLayout, Settings, @@ -34,6 +35,12 @@ interface Props { loading: boolean; } +const theme: PartialTheme = { + legend: { + verticalWidth: 100, + }, +}; + export function VisitorBreakdownChart({ loading, options }: Props) { const [darkMode] = useUiSetting$('theme:darkMode'); @@ -42,13 +49,13 @@ export function VisitorBreakdownChart({ loading, options }: Props) { : EUI_CHARTS_THEME_LIGHT; return ( - + - - - + + + - - + + + + - - - + + + ); diff --git a/x-pack/plugins/apm/server/lib/rum_client/get_page_view_trends.ts b/x-pack/plugins/apm/server/lib/rum_client/get_page_view_trends.ts index ef4f8b16e0e7b..352a3ecdc3f12 100644 --- a/x-pack/plugins/apm/server/lib/rum_client/get_page_view_trends.ts +++ b/x-pack/plugins/apm/server/lib/rum_client/get_page_view_trends.ts @@ -46,7 +46,7 @@ export async function getPageViewTrends({ terms: { field: breakdownItem.fieldName, size: 9, - missing: 'Other', + missing: 'Others', }, }, } @@ -103,7 +103,7 @@ export async function getPageViewTrends({ }); // Top 9 plus others, get a diff from parent bucket total if (bCount > top9Count) { - res.Other = bCount - top9Count; + res.Others = bCount - top9Count; } } diff --git a/x-pack/plugins/apm/server/lib/rum_client/get_visitor_breakdown.ts b/x-pack/plugins/apm/server/lib/rum_client/get_visitor_breakdown.ts index 1b4388afd7c5d..7345d6acc0f82 100644 --- a/x-pack/plugins/apm/server/lib/rum_client/get_visitor_breakdown.ts +++ b/x-pack/plugins/apm/server/lib/rum_client/get_visitor_breakdown.ts @@ -12,7 +12,6 @@ import { SetupUIFilters, } from '../helpers/setup_request'; import { - USER_AGENT_DEVICE, USER_AGENT_NAME, USER_AGENT_OS, } from '../../../common/elasticsearch_fieldnames'; @@ -32,6 +31,7 @@ export async function getVisitorBreakdown({ const params = mergeProjection(projection, { body: { size: 0, + track_total_hits: true, query: { bool: projection.body.query.bool, }, @@ -39,19 +39,13 @@ export async function getVisitorBreakdown({ browsers: { terms: { field: USER_AGENT_NAME, - size: 10, + size: 9, }, }, os: { terms: { field: USER_AGENT_OS, - size: 10, - }, - }, - devices: { - terms: { - field: USER_AGENT_DEVICE, - size: 10, + size: 9, }, }, }, @@ -61,20 +55,42 @@ export async function getVisitorBreakdown({ const { apmEventClient } = setup; const response = await apmEventClient.search(params); - const { browsers, os, devices } = response.aggregations!; + const { browsers, os } = response.aggregations!; + + const totalItems = response.hits.total.value; + + const browserTotal = browsers.buckets.reduce( + (prevVal, item) => prevVal + item.doc_count, + 0 + ); + + const osTotal = os.buckets.reduce( + (prevVal, item) => prevVal + item.doc_count, + 0 + ); + + const browserItems = browsers.buckets.map((bucket) => ({ + count: bucket.doc_count, + name: bucket.key as string, + })); + + browserItems.push({ + count: totalItems - browserTotal, + name: 'Others', + }); + + const osItems = os.buckets.map((bucket) => ({ + count: bucket.doc_count, + name: bucket.key as string, + })); + + osItems.push({ + count: totalItems - osTotal, + name: 'Others', + }); return { - browsers: browsers.buckets.map((bucket) => ({ - count: bucket.doc_count, - name: bucket.key as string, - })), - os: os.buckets.map((bucket) => ({ - count: bucket.doc_count, - name: bucket.key as string, - })), - devices: devices.buckets.map((bucket) => ({ - count: bucket.doc_count, - name: bucket.key as string, - })), + os: osItems, + browsers: browserItems, }; } From 62ddaa9e205ff49d4deb9912025e510513c49ee5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= Date: Thu, 24 Sep 2020 09:36:22 +0200 Subject: [PATCH 013/120] [Security Solution] Cleanup IP Details graphql (#78318) --- .../security_solution/network/users/index.ts | 6 +- .../public/graphql/introspection.json | 1008 ++++------------- .../security_solution/public/graphql/types.ts | 398 +------ .../components/users_table/columns.tsx | 12 +- .../network/components/users_table/mock.ts | 5 +- .../containers/details/index.gql_query.ts | 91 -- .../containers/users/index.gql_query.ts | 59 - .../security_solution/server/graphql/index.ts | 2 - .../server/graphql/ip_details/index.ts | 8 - .../server/graphql/ip_details/resolvers.ts | 50 - .../server/graphql/ip_details/schema.gql.ts | 97 -- .../security_solution/server/graphql/types.ts | 409 +------ .../security_solution/server/init_server.ts | 2 - .../server/lib/compose/kibana.ts | 2 - .../ip_details/elasticsearch_adapter.test.ts | 53 - .../lib/ip_details/elasticsearch_adapter.ts | 160 --- .../server/lib/ip_details/index.ts | 37 - .../server/lib/ip_details/mock.ts | 430 ------- .../lib/ip_details/query_overview.dsl.ts | 126 --- .../server/lib/ip_details/query_users.dsl.ts | 104 -- .../server/lib/ip_details/types.ts | 135 --- .../security_solution/server/lib/types.ts | 2 - .../apis/security_solution/index.js | 2 +- .../apis/security_solution/network_details.ts | 2 + .../apis/security_solution/users.ts | 3 + 25 files changed, 258 insertions(+), 2945 deletions(-) delete mode 100644 x-pack/plugins/security_solution/public/network/containers/details/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/users/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/ip_details/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/ip_details/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/ip_details/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/query_overview.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/query_users.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/ip_details/types.ts diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts index 196317e7587bf..8c4e19a804148 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/users/index.ts @@ -40,9 +40,9 @@ export interface NetworkUsersNode { export interface NetworkUsersItem { name?: Maybe; - id?: Maybe; - groupId?: Maybe; - groupName?: Maybe; + id?: Maybe; + groupId?: Maybe; + groupName?: Maybe; count?: Maybe; } diff --git a/x-pack/plugins/security_solution/public/graphql/introspection.json b/x-pack/plugins/security_solution/public/graphql/introspection.json index 2f312c461ff8c..ece0712414349 100644 --- a/x-pack/plugins/security_solution/public/graphql/introspection.json +++ b/x-pack/plugins/security_solution/public/graphql/introspection.json @@ -1245,174 +1245,6 @@ "isDeprecated": false, "deprecationReason": null }, - { - "name": "IpOverview", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null - } - ], - "type": { "kind": "OBJECT", "name": "IpOverviewData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "Users", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "UsersSortField", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "flowTarget", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "FlowTarget", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "UsersData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, { "name": "KpiNetwork", "description": "", @@ -6170,594 +6002,32 @@ { "name": "ip", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "LastEventTimeData", - "description": "", - "fields": [ - { - "name": "lastSeen", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "HostsSortField", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "HostsFields", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "HostsFields", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "hostName", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastSeen", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostsData", - "description": "", - "fields": [ - { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostsEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pageInfo", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostsEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "cursor", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostItem", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "cloud", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "endpoint", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "EndpointFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "host", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastSeen", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "CloudFields", - "description": "", - "fields": [ - { - "name": "instance", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudInstance", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "machine", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudMachine", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "provider", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "region", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "CloudInstance", - "description": "", - "fields": [ - { - "name": "id", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "CloudMachine", - "description": "", - "fields": [ - { - "name": "type", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "EndpointFields", - "description": "", - "fields": [ - { - "name": "endpointPolicy", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "sensorVersion", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "policyStatus", - "description": "", - "args": [], - "type": { "kind": "ENUM", "name": "HostPolicyResponseActionStatus", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "HostPolicyResponseActionStatus", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "success", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "failure", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "warning", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "FirstLastSeenHost", - "description": "", - "fields": [ - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "firstSeen", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastSeen", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "IpOverviewData", - "description": "", - "fields": [ - { - "name": "client", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Overview", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Overview", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "host", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "server", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Overview", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Overview", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Overview", - "description": "", - "fields": [ - { - "name": "firstSeen", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastSeen", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "autonomousSystem", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "AutonomousSystem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "geo", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AutonomousSystem", - "description": "", - "fields": [ - { - "name": "number", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "organization", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AutonomousSystemOrganization", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "AutonomousSystemOrganization", + "name": "LastEventTimeData", "description": "", "fields": [ { - "name": "name", + "name": "lastSeen", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "inspect", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -6769,7 +6039,7 @@ }, { "kind": "INPUT_OBJECT", - "name": "UsersSortField", + "name": "HostsSortField", "description": "", "fields": null, "inputFields": [ @@ -6779,7 +6049,7 @@ "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "ENUM", "name": "UsersFields", "ofType": null } + "ofType": { "kind": "ENUM", "name": "HostsFields", "ofType": null } }, "defaultValue": null }, @@ -6800,40 +6070,30 @@ }, { "kind": "ENUM", - "name": "UsersFields", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "name", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "count", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "FlowTarget", + "name": "HostsFields", "description": "", "fields": null, "inputFields": null, "interfaces": null, "enumValues": [ - { "name": "client", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "destination", + "name": "hostName", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "server", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "source", "description": "", "isDeprecated": false, "deprecationReason": null } + { + "name": "lastSeen", + "description": "", + "isDeprecated": false, + "deprecationReason": null + } ], "possibleTypes": null }, { "kind": "OBJECT", - "name": "UsersData", + "name": "HostsData", "description": "", "fields": [ { @@ -6849,7 +6109,7 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "UsersEdges", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "HostsEdges", "ofType": null } } } }, @@ -6896,7 +6156,7 @@ }, { "kind": "OBJECT", - "name": "UsersEdges", + "name": "HostsEdges", "description": "", "fields": [ { @@ -6906,7 +6166,7 @@ "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "UsersNode", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } }, "isDeprecated": false, "deprecationReason": null @@ -6931,7 +6191,7 @@ }, { "kind": "OBJECT", - "name": "UsersNode", + "name": "HostItem", "description": "", "fields": [ { @@ -6943,18 +6203,116 @@ "deprecationReason": null }, { - "name": "timestamp", + "name": "cloud", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "CloudFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "endpoint", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "EndpointFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "host", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "inspect", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "lastSeen", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "CloudFields", + "description": "", + "fields": [ + { + "name": "instance", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "CloudInstance", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "user", + "name": "machine", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "CloudMachine", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "provider", + "description": "", + "args": [], + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "region", + "description": "", + "args": [], + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "CloudInstance", + "description": "", + "fields": [ + { + "name": "id", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "UsersItem", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -6966,11 +6324,34 @@ }, { "kind": "OBJECT", - "name": "UsersItem", + "name": "CloudMachine", "description": "", "fields": [ { - "name": "name", + "name": "type", + "description": "", + "args": [], + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "EndpointFields", + "description": "", + "fields": [ + { + "name": "endpointPolicy", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, @@ -6978,34 +6359,77 @@ "deprecationReason": null }, { - "name": "id", + "name": "sensorVersion", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "groupId", + "name": "policyStatus", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "ENUM", "name": "HostPolicyResponseActionStatus", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "HostPolicyResponseActionStatus", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { + "name": "success", + "description": "", + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "failure", + "description": "", "isDeprecated": false, "deprecationReason": null }, + { "name": "warning", "description": "", "isDeprecated": false, "deprecationReason": null } + ], + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "FirstLastSeenHost", + "description": "", + "fields": [ { - "name": "groupName", + "name": "inspect", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "count", + "name": "firstSeen", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "lastSeen", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -12242,6 +11666,26 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "ENUM", + "name": "FlowTarget", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { "name": "client", "description": "", "isDeprecated": false, "deprecationReason": null }, + { + "name": "destination", + "description": "", + "isDeprecated": false, + "deprecationReason": null + }, + { "name": "server", "description": "", "isDeprecated": false, "deprecationReason": null }, + { "name": "source", "description": "", "isDeprecated": false, "deprecationReason": null } + ], + "possibleTypes": null + }, { "kind": "ENUM", "name": "FlowDirection", diff --git a/x-pack/plugins/security_solution/public/graphql/types.ts b/x-pack/plugins/security_solution/public/graphql/types.ts index bcb580a1a2988..1083583cb133c 100644 --- a/x-pack/plugins/security_solution/public/graphql/types.ts +++ b/x-pack/plugins/security_solution/public/graphql/types.ts @@ -73,12 +73,6 @@ export interface HostsSortField { direction: Direction; } -export interface UsersSortField { - field: UsersFields; - - direction: Direction; -} - export interface NetworkTopTablesSortField { field: NetworkTopTablesFields; @@ -309,18 +303,6 @@ export enum HostPolicyResponseActionStatus { warning = 'warning', } -export enum UsersFields { - name = 'name', - count = 'count', -} - -export enum FlowTarget { - client = 'client', - destination = 'destination', - server = 'server', - source = 'source', -} - export enum HistogramType { authentications = 'authentications', anomalies = 'anomalies', @@ -410,6 +392,13 @@ export enum NetworkHttpFields { statuses = 'statuses', } +export enum FlowTarget { + client = 'client', + destination = 'destination', + server = 'server', + source = 'source', +} + export enum FlowDirection { uniDirectional = 'uniDirectional', biDirectional = 'biDirectional', @@ -535,10 +524,6 @@ export interface Source { HostFirstLastSeen: FirstLastSeenHost; - IpOverview?: Maybe; - - Users: UsersData; - KpiNetwork?: Maybe; KpiHosts: KpiHostsData; @@ -1462,76 +1447,6 @@ export interface FirstLastSeenHost { lastSeen?: Maybe; } -export interface IpOverviewData { - client?: Maybe; - - destination?: Maybe; - - host: HostEcsFields; - - server?: Maybe; - - source?: Maybe; - - inspect?: Maybe; -} - -export interface Overview { - firstSeen?: Maybe; - - lastSeen?: Maybe; - - autonomousSystem: AutonomousSystem; - - geo: GeoEcsFields; -} - -export interface AutonomousSystem { - number?: Maybe; - - organization?: Maybe; -} - -export interface AutonomousSystemOrganization { - name?: Maybe; -} - -export interface UsersData { - edges: UsersEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; - - inspect?: Maybe; -} - -export interface UsersEdges { - node: UsersNode; - - cursor: CursorType; -} - -export interface UsersNode { - _id?: Maybe; - - timestamp?: Maybe; - - user?: Maybe; -} - -export interface UsersItem { - name?: Maybe; - - id?: Maybe; - - groupId?: Maybe; - - groupName?: Maybe; - - count?: Maybe; -} - export interface KpiNetworkData { networkEvents?: Maybe; @@ -2282,34 +2197,6 @@ export interface HostFirstLastSeenSourceArgs { docValueFields: DocValueFieldsInput[]; } -export interface IpOverviewSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface UsersSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - ip: string; - - pagination: PaginationInputPaginated; - - sort: UsersSortField; - - flowTarget: FlowTarget; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} export interface KpiNetworkSourceArgs { id?: Maybe; @@ -3071,185 +2958,6 @@ export namespace GetKpiHostsQuery { }; } -export namespace GetIpOverviewQuery { - export type Variables = { - sourceId: string; - filterQuery?: Maybe; - ip: string; - defaultIndex: string[]; - inspect: boolean; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - IpOverview: Maybe; - }; - - export type IpOverview = { - __typename?: 'IpOverviewData'; - - source: Maybe<_Source>; - - destination: Maybe; - - host: Host; - - inspect: Maybe; - }; - - export type _Source = { - __typename?: 'Overview'; - - firstSeen: Maybe; - - lastSeen: Maybe; - - autonomousSystem: AutonomousSystem; - - geo: Geo; - }; - - export type AutonomousSystem = { - __typename?: 'AutonomousSystem'; - - number: Maybe; - - organization: Maybe; - }; - - export type Organization = { - __typename?: 'AutonomousSystemOrganization'; - - name: Maybe; - }; - - export type Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - city_name: Maybe; - - country_iso_code: Maybe; - - country_name: Maybe; - - location: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Location = { - __typename?: 'Location'; - - lat: Maybe; - - lon: Maybe; - }; - - export type Destination = { - __typename?: 'Overview'; - - firstSeen: Maybe; - - lastSeen: Maybe; - - autonomousSystem: _AutonomousSystem; - - geo: _Geo; - }; - - export type _AutonomousSystem = { - __typename?: 'AutonomousSystem'; - - number: Maybe; - - organization: Maybe<_Organization>; - }; - - export type _Organization = { - __typename?: 'AutonomousSystemOrganization'; - - name: Maybe; - }; - - export type _Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - city_name: Maybe; - - country_iso_code: Maybe; - - country_name: Maybe; - - location: Maybe<_Location>; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type _Location = { - __typename?: 'Location'; - - lat: Maybe; - - lon: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - architecture: Maybe; - - id: Maybe; - - ip: Maybe; - - mac: Maybe; - - name: Maybe; - - os: Maybe; - - type: Maybe; - }; - - export type Os = { - __typename?: 'OsEcsFields'; - - family: Maybe; - - name: Maybe; - - platform: Maybe; - - version: Maybe; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - export namespace GetKpiNetworkQuery { export type Variables = { sourceId: string; @@ -3785,98 +3493,6 @@ export namespace GetNetworkTopNFlowQuery { }; } -export namespace GetUsersQuery { - export type Variables = { - sourceId: string; - filterQuery?: Maybe; - flowTarget: FlowTarget; - ip: string; - pagination: PaginationInputPaginated; - sort: UsersSortField; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Users: Users; - }; - - export type Users = { - __typename?: 'UsersData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'UsersEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'UsersNode'; - - user: Maybe; - }; - - export type User = { - __typename?: 'UsersItem'; - - name: Maybe; - - id: Maybe; - - groupId: Maybe; - - groupName: Maybe; - - count: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - export namespace GetAllTimeline { export type Variables = { pageInfo: PageInfoTimeline; diff --git a/x-pack/plugins/security_solution/public/network/components/users_table/columns.tsx b/x-pack/plugins/security_solution/public/network/components/users_table/columns.tsx index b7f7887342335..afef7fe794939 100644 --- a/x-pack/plugins/security_solution/public/network/components/users_table/columns.tsx +++ b/x-pack/plugins/security_solution/public/network/components/users_table/columns.tsx @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { FlowTarget, UsersItem } from '../../../graphql/types'; +import { FlowTarget, NetworkUsersItem } from '../../../../common/search_strategy'; import { defaultToEmptyTag } from '../../../common/components/empty_value'; import { Columns } from '../../../common/components/paginated_table'; @@ -15,11 +15,11 @@ import { } from '../../../common/components/tables/helpers'; export type UsersColumns = [ - Columns, - Columns, - Columns, - Columns, - Columns + Columns, + Columns, + Columns, + Columns, + Columns ]; export const getUsersColumns = (flowTarget: FlowTarget, tableId: string): UsersColumns => [ diff --git a/x-pack/plugins/security_solution/public/network/components/users_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/users_table/mock.ts index 50bef1867aa3b..9180ee328f988 100644 --- a/x-pack/plugins/security_solution/public/network/components/users_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/users_table/mock.ts @@ -4,9 +4,9 @@ * you may not use this file except in compliance with the Elastic License. */ -import { UsersData } from '../../../graphql/types'; +import { NetworkUsersStrategyResponse } from '../../../../common/search_strategy'; -export const mockUsersData: UsersData = { +export const mockUsersData: NetworkUsersStrategyResponse = { edges: [ { node: { @@ -63,4 +63,5 @@ export const mockUsersData: UsersData = { fakeTotalCount: 3, showMorePagesIndicator: true, }, + rawResponse: {} as NetworkUsersStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/containers/details/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/details/index.gql_query.ts deleted file mode 100644 index 6ebb60ccb4ea6..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/details/index.gql_query.ts +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const ipOverviewQuery = gql` - query GetIpOverviewQuery( - $sourceId: ID! - $filterQuery: String - $ip: String! - $defaultIndex: [String!]! - $inspect: Boolean! - $docValueFields: [docValueFieldsInput!]! - ) { - source(id: $sourceId) { - id - IpOverview( - filterQuery: $filterQuery - ip: $ip - defaultIndex: $defaultIndex - docValueFields: $docValueFields - ) { - source { - firstSeen - lastSeen - autonomousSystem { - number - organization { - name - } - } - geo { - continent_name - city_name - country_iso_code - country_name - location { - lat - lon - } - region_iso_code - region_name - } - } - destination { - firstSeen - lastSeen - autonomousSystem { - number - organization { - name - } - } - geo { - continent_name - city_name - country_iso_code - country_name - location { - lat - lon - } - region_iso_code - region_name - } - } - host { - architecture - id - ip - mac - name - os { - family - name - platform - version - } - type - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/users/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/users/index.gql_query.ts deleted file mode 100644 index 3fc1cdfd160db..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/users/index.gql_query.ts +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const usersQuery = gql` - query GetUsersQuery( - $sourceId: ID! - $filterQuery: String - $flowTarget: FlowTarget! - $ip: String! - $pagination: PaginationInputPaginated! - $sort: UsersSortField! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - Users( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - user { - name - id - groupId - groupName - count - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/index.ts b/x-pack/plugins/security_solution/server/graphql/index.ts index 2de6ef32b5703..d23494e0eeaa6 100644 --- a/x-pack/plugins/security_solution/server/graphql/index.ts +++ b/x-pack/plugins/security_solution/server/graphql/index.ts @@ -11,7 +11,6 @@ import { authenticationsSchema } from './authentications'; import { ecsSchema } from './ecs'; import { eventsSchema } from './events'; import { hostsSchema } from './hosts'; -import { ipDetailsSchemas } from './ip_details'; import { kpiHostsSchema } from './kpi_hosts'; import { kpiNetworkSchema } from './kpi_network'; import { networkSchema } from './network'; @@ -37,7 +36,6 @@ export const schemas = [ toDateSchema, toBooleanSchema, hostsSchema, - ...ipDetailsSchemas, kpiNetworkSchema, kpiHostsSchema, matrixHistogramSchema, diff --git a/x-pack/plugins/security_solution/server/graphql/ip_details/index.ts b/x-pack/plugins/security_solution/server/graphql/ip_details/index.ts deleted file mode 100644 index 186397ea347cb..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/ip_details/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createIpDetailsResolvers } from './resolvers'; -export { ipDetailsSchemas } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/ip_details/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/ip_details/resolvers.ts deleted file mode 100644 index d0e84026de473..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/ip_details/resolvers.ts +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { IpDetails, UsersRequestOptions } from '../../lib/ip_details'; -import { createOptions, createOptionsPaginated } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryIpOverviewResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export type QueryUsersResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface IDetailsResolversDeps { - ipDetails: IpDetails; -} - -export const createIpDetailsResolvers = ( - libs: IDetailsResolversDeps -): { - Source: { - IpOverview: QueryIpOverviewResolver; - Users: QueryUsersResolver; - }; -} => ({ - Source: { - async IpOverview(source, args, { req }, info) { - const options = { ...createOptions(source, args, info), ip: args.ip }; - return libs.ipDetails.getIpOverview(req, options); - }, - async Users(source, args, { req }, info) { - const options: UsersRequestOptions = { - ...createOptionsPaginated(source, args, info), - ip: args.ip, - sort: args.sort, - flowTarget: args.flowTarget, - }; - return libs.ipDetails.getUsers(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/ip_details/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/ip_details/schema.gql.ts deleted file mode 100644 index 2531f8d169327..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/ip_details/schema.gql.ts +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -const ipOverviewSchema = gql` - type AutonomousSystemOrganization { - name: String - } - - type AutonomousSystem { - number: Float - organization: AutonomousSystemOrganization - } - - type Overview { - firstSeen: Date - lastSeen: Date - autonomousSystem: AutonomousSystem! - geo: GeoEcsFields! - } - - type IpOverviewData { - client: Overview - destination: Overview - host: HostEcsFields! - server: Overview - source: Overview - inspect: Inspect - } - - extend type Source { - IpOverview( - id: String - filterQuery: String - ip: String! - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): IpOverviewData - } -`; - -const usersSchema = gql` - enum UsersFields { - name - count - } - - input UsersSortField { - field: UsersFields! - direction: Direction! - } - - type UsersItem { - name: String - id: ToStringArray - groupId: ToStringArray - groupName: ToStringArray - count: Float - } - - type UsersNode { - _id: String - timestamp: Date - user: UsersItem - } - - type UsersEdges { - node: UsersNode! - cursor: CursorType! - } - - type UsersData { - edges: [UsersEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - extend type Source { - Users( - filterQuery: String - id: String - ip: String! - pagination: PaginationInputPaginated! - sort: UsersSortField! - flowTarget: FlowTarget! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): UsersData! - } -`; - -export const ipDetailsSchemas = [ipOverviewSchema, usersSchema]; diff --git a/x-pack/plugins/security_solution/server/graphql/types.ts b/x-pack/plugins/security_solution/server/graphql/types.ts index d10dfb16a9b8a..5f370ab1b8c9f 100644 --- a/x-pack/plugins/security_solution/server/graphql/types.ts +++ b/x-pack/plugins/security_solution/server/graphql/types.ts @@ -75,12 +75,6 @@ export interface HostsSortField { direction: Direction; } -export interface UsersSortField { - field: UsersFields; - - direction: Direction; -} - export interface NetworkTopTablesSortField { field: NetworkTopTablesFields; @@ -311,18 +305,6 @@ export enum HostPolicyResponseActionStatus { warning = 'warning', } -export enum UsersFields { - name = 'name', - count = 'count', -} - -export enum FlowTarget { - client = 'client', - destination = 'destination', - server = 'server', - source = 'source', -} - export enum HistogramType { authentications = 'authentications', anomalies = 'anomalies', @@ -412,6 +394,13 @@ export enum NetworkHttpFields { statuses = 'statuses', } +export enum FlowTarget { + client = 'client', + destination = 'destination', + server = 'server', + source = 'source', +} + export enum FlowDirection { uniDirectional = 'uniDirectional', biDirectional = 'biDirectional', @@ -537,10 +526,6 @@ export interface Source { HostFirstLastSeen: FirstLastSeenHost; - IpOverview?: Maybe; - - Users: UsersData; - KpiNetwork?: Maybe; KpiHosts: KpiHostsData; @@ -1464,76 +1449,6 @@ export interface FirstLastSeenHost { lastSeen?: Maybe; } -export interface IpOverviewData { - client?: Maybe; - - destination?: Maybe; - - host: HostEcsFields; - - server?: Maybe; - - source?: Maybe; - - inspect?: Maybe; -} - -export interface Overview { - firstSeen?: Maybe; - - lastSeen?: Maybe; - - autonomousSystem: AutonomousSystem; - - geo: GeoEcsFields; -} - -export interface AutonomousSystem { - number?: Maybe; - - organization?: Maybe; -} - -export interface AutonomousSystemOrganization { - name?: Maybe; -} - -export interface UsersData { - edges: UsersEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; - - inspect?: Maybe; -} - -export interface UsersEdges { - node: UsersNode; - - cursor: CursorType; -} - -export interface UsersNode { - _id?: Maybe; - - timestamp?: Maybe; - - user?: Maybe; -} - -export interface UsersItem { - name?: Maybe; - - id?: Maybe; - - groupId?: Maybe; - - groupName?: Maybe; - - count?: Maybe; -} - export interface KpiNetworkData { networkEvents?: Maybe; @@ -2284,34 +2199,6 @@ export interface HostFirstLastSeenSourceArgs { docValueFields: DocValueFieldsInput[]; } -export interface IpOverviewSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface UsersSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - ip: string; - - pagination: PaginationInputPaginated; - - sort: UsersSortField; - - flowTarget: FlowTarget; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} export interface KpiNetworkSourceArgs { id?: Maybe; @@ -2838,10 +2725,6 @@ export namespace SourceResolvers { HostFirstLastSeen?: HostFirstLastSeenResolver; - IpOverview?: IpOverviewResolver, TypeParent, TContext>; - - Users?: UsersResolver; - KpiNetwork?: KpiNetworkResolver, TypeParent, TContext>; KpiHosts?: KpiHostsResolver; @@ -3004,47 +2887,6 @@ export namespace SourceResolvers { docValueFields: DocValueFieldsInput[]; } - export type IpOverviewResolver< - R = Maybe, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface IpOverviewArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type UsersResolver = Resolver< - R, - Parent, - TContext, - UsersArgs - >; - export interface UsersArgs { - filterQuery?: Maybe; - - id?: Maybe; - - ip: string; - - pagination: PaginationInputPaginated; - - sort: UsersSortField; - - flowTarget: FlowTarget; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - export type KpiNetworkResolver< R = Maybe, Parent = Source, @@ -6223,235 +6065,6 @@ export namespace FirstLastSeenHostResolvers { > = Resolver; } -export namespace IpOverviewDataResolvers { - export interface Resolvers { - client?: ClientResolver, TypeParent, TContext>; - - destination?: DestinationResolver, TypeParent, TContext>; - - host?: HostResolver; - - server?: ServerResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type ClientResolver< - R = Maybe, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; - export type DestinationResolver< - R = Maybe, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; - export type HostResolver< - R = HostEcsFields, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; - export type ServerResolver< - R = Maybe, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = IpOverviewData, - TContext = SiemContext - > = Resolver; -} - -export namespace OverviewResolvers { - export interface Resolvers { - firstSeen?: FirstSeenResolver, TypeParent, TContext>; - - lastSeen?: LastSeenResolver, TypeParent, TContext>; - - autonomousSystem?: AutonomousSystemResolver; - - geo?: GeoResolver; - } - - export type FirstSeenResolver< - R = Maybe, - Parent = Overview, - TContext = SiemContext - > = Resolver; - export type LastSeenResolver< - R = Maybe, - Parent = Overview, - TContext = SiemContext - > = Resolver; - export type AutonomousSystemResolver< - R = AutonomousSystem, - Parent = Overview, - TContext = SiemContext - > = Resolver; - export type GeoResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace AutonomousSystemResolvers { - export interface Resolvers { - number?: NumberResolver, TypeParent, TContext>; - - organization?: OrganizationResolver, TypeParent, TContext>; - } - - export type NumberResolver< - R = Maybe, - Parent = AutonomousSystem, - TContext = SiemContext - > = Resolver; - export type OrganizationResolver< - R = Maybe, - Parent = AutonomousSystem, - TContext = SiemContext - > = Resolver; -} - -export namespace AutonomousSystemOrganizationResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; - } - - export type NameResolver< - R = Maybe, - Parent = AutonomousSystemOrganization, - TContext = SiemContext - > = Resolver; -} - -export namespace UsersDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = UsersEdges[], - Parent = UsersData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver = Resolver< - R, - Parent, - TContext - >; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = UsersData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = UsersData, - TContext = SiemContext - > = Resolver; -} - -export namespace UsersEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver = Resolver< - R, - Parent, - TContext - >; - export type CursorResolver< - R = CursorType, - Parent = UsersEdges, - TContext = SiemContext - > = Resolver; -} - -export namespace UsersNodeResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - timestamp?: TimestampResolver, TypeParent, TContext>; - - user?: UserResolver, TypeParent, TContext>; - } - - export type _IdResolver, Parent = UsersNode, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type TimestampResolver< - R = Maybe, - Parent = UsersNode, - TContext = SiemContext - > = Resolver; - export type UserResolver< - R = Maybe, - Parent = UsersNode, - TContext = SiemContext - > = Resolver; -} - -export namespace UsersItemResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; - - id?: IdResolver, TypeParent, TContext>; - - groupId?: GroupIdResolver, TypeParent, TContext>; - - groupName?: GroupNameResolver, TypeParent, TContext>; - - count?: CountResolver, TypeParent, TContext>; - } - - export type NameResolver< - R = Maybe, - Parent = UsersItem, - TContext = SiemContext - > = Resolver; - export type IdResolver< - R = Maybe, - Parent = UsersItem, - TContext = SiemContext - > = Resolver; - export type GroupIdResolver< - R = Maybe, - Parent = UsersItem, - TContext = SiemContext - > = Resolver; - export type GroupNameResolver< - R = Maybe, - Parent = UsersItem, - TContext = SiemContext - > = Resolver; - export type CountResolver< - R = Maybe, - Parent = UsersItem, - TContext = SiemContext - > = Resolver; -} - export namespace KpiNetworkDataResolvers { export interface Resolvers { networkEvents?: NetworkEventsResolver, TypeParent, TContext>; @@ -8815,14 +8428,6 @@ export type IResolvers = { CloudMachine?: CloudMachineResolvers.Resolvers; EndpointFields?: EndpointFieldsResolvers.Resolvers; FirstLastSeenHost?: FirstLastSeenHostResolvers.Resolvers; - IpOverviewData?: IpOverviewDataResolvers.Resolvers; - Overview?: OverviewResolvers.Resolvers; - AutonomousSystem?: AutonomousSystemResolvers.Resolvers; - AutonomousSystemOrganization?: AutonomousSystemOrganizationResolvers.Resolvers; - UsersData?: UsersDataResolvers.Resolvers; - UsersEdges?: UsersEdgesResolvers.Resolvers; - UsersNode?: UsersNodeResolvers.Resolvers; - UsersItem?: UsersItemResolvers.Resolvers; KpiNetworkData?: KpiNetworkDataResolvers.Resolvers; KpiNetworkHistogramData?: KpiNetworkHistogramDataResolvers.Resolvers; KpiHostsData?: KpiHostsDataResolvers.Resolvers; diff --git a/x-pack/plugins/security_solution/server/init_server.ts b/x-pack/plugins/security_solution/server/init_server.ts index ac0273ec1770d..3d2833f1c6c60 100644 --- a/x-pack/plugins/security_solution/server/init_server.ts +++ b/x-pack/plugins/security_solution/server/init_server.ts @@ -10,7 +10,6 @@ import { createAuthenticationsResolvers } from './graphql/authentications'; import { createScalarToStringArrayValueResolvers } from './graphql/ecs'; import { createEsValueResolvers, createEventsResolvers } from './graphql/events'; import { createHostsResolvers } from './graphql/hosts'; -import { createIpDetailsResolvers } from './graphql/ip_details'; import { createKpiHostsResolvers } from './graphql/kpi_hosts'; import { createKpiNetworkResolvers } from './graphql/kpi_network'; import { createNetworkResolvers } from './graphql/network'; @@ -35,7 +34,6 @@ export const initServer = (libs: AppBackendLibs) => { createEsValueResolvers() as IResolvers, createEventsResolvers(libs) as IResolvers, createHostsResolvers(libs) as IResolvers, - createIpDetailsResolvers(libs) as IResolvers, createKpiNetworkResolvers(libs) as IResolvers, createMatrixHistogramResolvers(libs) as IResolvers, createNoteResolvers(libs) as IResolvers, diff --git a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts index 3bfb3d9492353..6348ee930a109 100644 --- a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts +++ b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts @@ -16,7 +16,6 @@ import { KpiHosts } from '../kpi_hosts'; import { ElasticsearchKpiHostsAdapter } from '../kpi_hosts/elasticsearch_adapter'; import { ElasticsearchIndexFieldAdapter, IndexFields } from '../index_fields'; -import { ElasticsearchIpDetailsAdapter, IpDetails } from '../ip_details'; import { KpiNetwork } from '../kpi_network'; import { ElasticsearchKpiNetworkAdapter } from '../kpi_network/elasticsearch_adapter'; @@ -45,7 +44,6 @@ export function compose( events: new Events(new ElasticsearchEventsAdapter(framework)), fields: new IndexFields(new ElasticsearchIndexFieldAdapter()), hosts: new Hosts(new ElasticsearchHostsAdapter(framework, endpointContext)), - ipDetails: new IpDetails(new ElasticsearchIpDetailsAdapter(framework)), kpiHosts: new KpiHosts(new ElasticsearchKpiHostsAdapter(framework)), kpiNetwork: new KpiNetwork(new ElasticsearchKpiNetworkAdapter(framework)), matrixHistogram: new MatrixHistogram(new ElasticsearchMatrixHistogramAdapter(framework)), diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.test.ts deleted file mode 100644 index 6249e60d9a2be..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { FlowTarget } from '../../graphql/types'; - -import { getIpOverviewAgg, getIpOverviewHostAgg, getUsersEdges } from './elasticsearch_adapter'; - -import { - formattedDestination, - formattedEmptySource, - formattedHost, - formattedSource, - mockFormattedUsersEdges, - mockUsersData, - responseAggs, -} from './mock'; - -describe('elasticsearch_adapter', () => { - describe('#getIpOverview', () => { - test('will return a destination correctly', () => { - const destination = getIpOverviewAgg( - FlowTarget.destination, - responseAggs.aggregations.destination! - ); - expect(destination).toEqual(formattedDestination); - }); - - test('will return a source correctly', () => { - const source = getIpOverviewAgg(FlowTarget.source, responseAggs.aggregations.source!); - expect(source).toEqual(formattedSource); - }); - - test('will return a host correctly', () => { - const host = getIpOverviewHostAgg(responseAggs.aggregations.host); - expect(host).toEqual(formattedHost); - }); - - test('will return an empty source correctly', () => { - const source = getIpOverviewAgg(FlowTarget.source, {}); - expect(source).toEqual(formattedEmptySource); - }); - }); - - describe('#getUsers', () => { - test('will format edges correctly', () => { - // @ts-expect-error Re-work `DatabaseSearchResponse` types as mock ES Response won't match - const edges = getUsersEdges(mockUsersData); - expect(edges).toEqual(mockFormattedUsersEdges); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.ts deleted file mode 100644 index 90803ca302bd4..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/elasticsearch_adapter.ts +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { get, getOr } from 'lodash/fp'; - -import { - AutonomousSystem, - GeoEcsFields, - HostEcsFields, - IpOverviewData, - UsersData, - UsersEdges, -} from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; -import { DatabaseSearchResponse, FrameworkAdapter, FrameworkRequest } from '../framework'; -import { TermAggregation } from '../types'; -import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; -import { IpOverviewRequestOptions, UsersRequestOptions } from './index'; -import { buildOverviewQuery } from './query_overview.dsl'; -import { buildUsersQuery } from './query_users.dsl'; - -import { - IpDetailsAdapter, - IpOverviewHit, - OverviewHit, - OverviewHostHit, - UsersBucketsItem, -} from './types'; - -export class ElasticsearchIpDetailsAdapter implements IpDetailsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getIpDetails( - request: FrameworkRequest, - options: IpOverviewRequestOptions - ): Promise { - const dsl = buildOverviewQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - - return { - inspect, - ...getIpOverviewAgg('source', getOr({}, 'aggregations.source', response)), - ...getIpOverviewAgg('destination', getOr({}, 'aggregations.destination', response)), - ...getIpOverviewHostAgg(getOr({}, 'aggregations.host', response)), - }; - } - - public async getUsers( - request: FrameworkRequest, - options: UsersRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildUsersQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.user_count.value', response); - const usersEdges = getUsersEdges(response); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = usersEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } -} - -export const getIpOverviewAgg = (type: string, overviewHit: OverviewHit | {}) => { - const firstSeen = getOr(null, `firstSeen.value_as_string`, overviewHit); - const lastSeen = getOr(null, `lastSeen.value_as_string`, overviewHit); - const autonomousSystem: AutonomousSystem | null = getOr( - null, - `as.results.hits.hits[0]._source.${type}.as`, - overviewHit - ); - const geoFields: GeoEcsFields | null = getOr( - null, - `geo.results.hits.hits[0]._source.${type}.geo`, - overviewHit - ); - - return { - [type]: { - firstSeen, - lastSeen, - autonomousSystem: { - ...autonomousSystem, - }, - geo: { - ...geoFields, - }, - }, - }; -}; - -export const getIpOverviewHostAgg = (overviewHostHit: OverviewHostHit | {}) => { - const hostFields: HostEcsFields | null = getOr( - null, - `results.hits.hits[0]._source.host`, - overviewHostHit - ); - return { - host: { - ...hostFields, - }, - }; -}; - -export const getUsersEdges = ( - response: DatabaseSearchResponse -): UsersEdges[] => - getOr([], `aggregations.users.buckets`, response).map((bucket: UsersBucketsItem) => ({ - node: { - _id: bucket.key, - user: { - id: getOr([], 'id.buckets', bucket).map((id: UsersBucketsItem) => id.key), - name: bucket.key, - groupId: getOr([], 'groupId.buckets', bucket).map( - (groupId: UsersBucketsItem) => groupId.key - ), - groupName: getOr([], 'groupName.buckets', bucket).map( - (groupName: UsersBucketsItem) => groupName.key - ), - count: get('doc_count', bucket), - }, - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/index.ts b/x-pack/plugins/security_solution/server/lib/ip_details/index.ts deleted file mode 100644 index ed8824bc284e4..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/index.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FlowTarget, IpOverviewData, UsersData, UsersSortField } from '../../graphql/types'; -import { FrameworkRequest, RequestOptions, RequestOptionsPaginated } from '../framework'; - -import { IpDetailsAdapter } from './types'; - -export * from './elasticsearch_adapter'; - -export interface IpOverviewRequestOptions extends RequestOptions { - ip: string; -} - -export interface UsersRequestOptions extends RequestOptionsPaginated { - ip: string; - sort: UsersSortField; - flowTarget: FlowTarget; -} - -export class IpDetails { - constructor(private readonly adapter: IpDetailsAdapter) {} - - public async getIpOverview( - req: FrameworkRequest, - options: IpOverviewRequestOptions - ): Promise { - return this.adapter.getIpDetails(req, options); - } - - public async getUsers(req: FrameworkRequest, options: UsersRequestOptions): Promise { - return this.adapter.getUsers(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/mock.ts b/x-pack/plugins/security_solution/server/lib/ip_details/mock.ts deleted file mode 100644 index 1db86e7766fcf..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/mock.ts +++ /dev/null @@ -1,430 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { UsersEdges } from '../../graphql/types'; - -import { IpOverviewHit, UsersResponse } from './types'; - -export const responseAggs: IpOverviewHit = { - aggregations: { - destination: { - doc_count: 882307, - geo: { - doc_count: 62089, - results: { - hits: { - total: { - value: 62089, - relation: 'eq', - }, - max_score: null, - hits: [ - { - _source: { - destination: { - geo: { - continent_name: 'Asia', - region_iso_code: 'IN-KA', - city_name: 'Bengaluru', - country_iso_code: 'IN', - region_name: 'Karnataka', - location: { - lon: 77.5833, - lat: 12.9833, - }, - }, - }, - }, - sort: [1553894176003], - }, - ], - }, - }, - }, - lastSeen: { - value: 1553900180003, - value_as_string: '2019-03-29T22:56:20.003Z', - }, - firstSeen: { - value: 1551388820000, - value_as_string: '2019-02-28T21:20:20.000Z', - }, - autonomousSystem: { - doc_count: 0, - results: { - hits: { - total: { - value: 0, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - }, - }, - }, - source: { - doc_count: 1002234, - geo: { - doc_count: 1507, - results: { - hits: { - total: { - value: 1507, - relation: 'eq', - }, - max_score: null, - hits: [ - { - _index: 'filebeat-8.0.0-2019.03.21-000002', - _type: '_doc', - _id: 'dHQ6y2kBCQofM5eXi5OE', - _score: null, - _source: { - source: { - geo: { - continent_name: 'Asia', - region_iso_code: 'IN-KA', - city_name: 'Bengaluru', - country_iso_code: 'IN', - region_name: 'Karnataka', - location: { - lon: 77.5833, - lat: 12.9833, - }, - }, - }, - }, - sort: [1553892804003], - }, - ], - }, - }, - }, - lastSeen: { - value: 1553900180003, - value_as_string: '2019-03-29T22:56:20.003Z', - }, - firstSeen: { - value: 1551388804322, - value_as_string: '2019-02-28T21:20:04.322Z', - }, - autonomousSystem: { - doc_count: 0, - results: { - hits: { - total: { - value: 0, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - }, - }, - }, - host: { - doc_count: 1588091, - results: { - hits: { - total: { - value: 1588091, - relation: 'eq', - }, - max_score: null, - hits: [ - { - _index: 'filebeat-8.0.0-2019.05.20-000004', - _type: '_doc', - _id: 'NU9dD2sB9v5HJNSHMMRc', - _score: null, - _source: { - host: { - hostname: 'suricata-iowa', - os: { - kernel: '4.15.0-1032-gcp', - codename: 'bionic', - name: 'Ubuntu', - family: 'debian', - version: '18.04.2 LTS (Bionic Beaver)', - platform: 'ubuntu', - }, - ip: ['10.128.0.4', 'fe80::4001:aff:fe80:4'], - containerized: false, - name: 'suricata-iowa', - id: 'be1f3d767896212736b880e846876dcb', - mac: ['42:01:0a:80:00:04'], - architecture: 'x86_64', - }, - }, - sort: [1559330892000], - }, - ], - }, - }, - }, - }, - _shards: { - total: 42, - successful: 42, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 71358841, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - took: 392, - timeout: 500, -}; - -export const formattedDestination = { - destination: { - firstSeen: '2019-02-28T21:20:20.000Z', - lastSeen: '2019-03-29T22:56:20.003Z', - autonomousSystem: {}, - geo: { - continent_name: 'Asia', - region_iso_code: 'IN-KA', - city_name: 'Bengaluru', - country_iso_code: 'IN', - region_name: 'Karnataka', - location: { - lon: 77.5833, - lat: 12.9833, - }, - }, - }, -}; - -export const formattedSource = { - source: { - firstSeen: '2019-02-28T21:20:04.322Z', - lastSeen: '2019-03-29T22:56:20.003Z', - autonomousSystem: {}, - geo: { - continent_name: 'Asia', - region_iso_code: 'IN-KA', - city_name: 'Bengaluru', - country_iso_code: 'IN', - region_name: 'Karnataka', - location: { - lon: 77.5833, - lat: 12.9833, - }, - }, - }, -}; - -export const formattedHost = { - host: { - hostname: 'suricata-iowa', - os: { - kernel: '4.15.0-1032-gcp', - codename: 'bionic', - name: 'Ubuntu', - family: 'debian', - version: '18.04.2 LTS (Bionic Beaver)', - platform: 'ubuntu', - }, - ip: ['10.128.0.4', 'fe80::4001:aff:fe80:4'], - containerized: false, - name: 'suricata-iowa', - id: 'be1f3d767896212736b880e846876dcb', - mac: ['42:01:0a:80:00:04'], - architecture: 'x86_64', - }, -}; - -export const formattedEmptySource = { - source: { - firstSeen: null, - lastSeen: null, - autonomousSystem: {}, - geo: {}, - }, -}; - -export const mockUsersData: UsersResponse = { - took: 445, - timed_out: false, - _shards: { - total: 59, - successful: 59, - skipped: 0, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - user_count: { - value: 3, - }, - users: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '_apt', - doc_count: 10, - groupName: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: 'nogroup', - doc_count: 10, - }, - ], - }, - groupId: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '65534', - doc_count: 10, - }, - ], - }, - id: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '104', - doc_count: 10, - }, - ], - }, - }, - { - key: 'root', - doc_count: 109, - groupName: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: 'Debian-exim', - doc_count: 72, - }, - { - key: 'root', - doc_count: 37, - }, - ], - }, - groupId: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '116', - doc_count: 72, - }, - { - key: '0', - doc_count: 37, - }, - ], - }, - id: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '0', - doc_count: 109, - }, - ], - }, - }, - { - key: 'systemd-resolve', - doc_count: 4, - groupName: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [], - }, - groupId: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [], - }, - id: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: '102', - doc_count: 4, - }, - ], - }, - }, - ], - }, - }, -}; - -export const mockFormattedUsersEdges: UsersEdges[] = [ - { - node: { - _id: '_apt', - user: { - id: ['104'], - name: '_apt', - groupId: ['65534'], - groupName: ['nogroup'], - count: 10, - }, - }, - cursor: { - value: '_apt', - tiebreaker: null, - }, - }, - { - node: { - _id: 'root', - user: { - id: ['0'], - name: 'root', - groupId: ['116', '0'], - groupName: ['Debian-exim', 'root'], - count: 109, - }, - }, - cursor: { - value: 'root', - tiebreaker: null, - }, - }, - { - node: { - _id: 'systemd-resolve', - user: { - id: ['102'], - name: 'systemd-resolve', - groupId: [], - groupName: [], - count: 4, - }, - }, - cursor: { - value: 'systemd-resolve', - tiebreaker: null, - }, - }, -]; diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/query_overview.dsl.ts b/x-pack/plugins/security_solution/server/lib/ip_details/query_overview.dsl.ts deleted file mode 100644 index d9c8f32d0b465..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/query_overview.dsl.ts +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isEmpty } from 'lodash/fp'; -import { IpOverviewRequestOptions } from './index'; - -const getAggs = (type: string, ip: string) => { - return { - [type]: { - filter: { - term: { - [`${type}.ip`]: ip, - }, - }, - aggs: { - firstSeen: { - min: { - field: '@timestamp', - }, - }, - lastSeen: { - max: { - field: '@timestamp', - }, - }, - as: { - filter: { - exists: { - field: `${type}.as`, - }, - }, - aggs: { - results: { - top_hits: { - size: 1, - _source: [`${type}.as`], - sort: [ - { - '@timestamp': 'desc', - }, - ], - }, - }, - }, - }, - geo: { - filter: { - exists: { - field: `${type}.geo`, - }, - }, - aggs: { - results: { - top_hits: { - size: 1, - _source: [`${type}.geo`], - sort: [ - { - '@timestamp': 'desc', - }, - ], - }, - }, - }, - }, - }, - }, - }; -}; - -const getHostAggs = (ip: string) => { - return { - host: { - filter: { - term: { - 'host.ip': ip, - }, - }, - aggs: { - results: { - top_hits: { - size: 1, - _source: ['host'], - sort: [ - { - '@timestamp': 'desc', - }, - ], - }, - }, - }, - }, - }; -}; - -export const buildOverviewQuery = ({ - defaultIndex, - docValueFields, - ip, -}: IpOverviewRequestOptions) => { - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggs: { - ...getAggs('source', ip), - ...getAggs('destination', ip), - ...getHostAggs(ip), - }, - query: { - bool: { - should: [], - }, - }, - size: 0, - track_total_hits: false, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/query_users.dsl.ts b/x-pack/plugins/security_solution/server/lib/ip_details/query_users.dsl.ts deleted file mode 100644 index 293a487777fd2..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/query_users.dsl.ts +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { assertUnreachable } from '../../../common/utility_types'; -import { Direction, UsersFields, UsersSortField } from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { UsersRequestOptions } from './index'; - -export const buildUsersQuery = ({ - ip, - sort, - filterQuery, - flowTarget, - pagination: { querySize }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, -}: UsersRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - { term: { [`${flowTarget}.ip`]: ip } }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggs: { - user_count: { - cardinality: { - field: 'user.name', - }, - }, - users: { - terms: { - field: 'user.name', - size: querySize, - order: { - ...getQueryOrder(sort), - }, - }, - aggs: { - id: { - terms: { - field: 'user.id', - }, - }, - groupId: { - terms: { - field: 'user.group.id', - }, - }, - groupName: { - terms: { - field: 'user.group.name', - }, - }, - }, - }, - }, - query: { - bool: { - filter, - must_not: [ - { - term: { - 'event.category': 'authentication', - }, - }, - ], - }, - }, - size: 0, - track_total_hits: false, - }, - }; - - return dslQuery; -}; - -type QueryOrder = { _count: Direction } | { _key: Direction }; - -const getQueryOrder = (sort: UsersSortField): QueryOrder => { - switch (sort.field) { - case UsersFields.name: - return { _key: sort.direction }; - case UsersFields.count: - return { _count: sort.direction }; - default: - return assertUnreachable(sort.field); - } -}; diff --git a/x-pack/plugins/security_solution/server/lib/ip_details/types.ts b/x-pack/plugins/security_solution/server/lib/ip_details/types.ts deleted file mode 100644 index d137d919932f7..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/ip_details/types.ts +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { IpOverviewData, UsersData } from '../../graphql/types'; -import { FrameworkRequest, RequestBasicOptions } from '../framework'; -import { Hit, ShardsResponse, TotalValue } from '../types'; - -export interface IpDetailsAdapter { - getIpDetails(request: FrameworkRequest, options: RequestBasicOptions): Promise; - getUsers(request: FrameworkRequest, options: RequestBasicOptions): Promise; -} - -interface ResultHit { - doc_count: number; - results: { - hits: { - total: TotalValue | number; - max_score: number | null; - hits: Array<{ - _source: T; - sort?: [number]; - _index?: string; - _type?: string; - _id?: string; - _score?: number | null; - }>; - }; - }; -} - -export interface OverviewHit { - took?: number; - timed_out?: boolean; - _scroll_id?: string; - _shards?: ShardsResponse; - timeout?: number; - hits?: { - total: number; - hits: Hit[]; - }; - doc_count: number; - geo: ResultHit; - autonomousSystem: ResultHit; - firstSeen: { - value: number; - value_as_string: string; - }; - lastSeen: { - value: number; - value_as_string: string; - }; -} - -export type OverviewHostHit = ResultHit; - -export interface IpOverviewHit { - aggregations: { - destination?: OverviewHit; - source?: OverviewHit; - host: ResultHit; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - total: { - value: number; - relation: string; - }; - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} - -// Users Table - -export interface UsersResponse { - took: number; - timed_out: boolean; - _shards: UsersShards; - hits: UsersHits; - aggregations: Aggregations; -} -interface UsersShards { - total: number; - successful: number; - skipped: number; - failed: number; -} -interface UsersHits { - max_score: null; - hits: string[]; -} -interface Aggregations { - user_count: UserCount; - users: Users; -} -interface UserCount { - value: number; -} -interface Users { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: UsersBucketsItem[]; -} -export interface UsersBucketsItem { - key: string; - doc_count: number; - groupName?: UsersGroupName; - groupId?: UsersGroupId; - id?: Id; -} -export interface UsersGroupName { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: UsersBucketsItem[]; -} -export interface UsersGroupId { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: UsersBucketsItem[]; -} -interface Id { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: UsersBucketsItem[]; -} diff --git a/x-pack/plugins/security_solution/server/lib/types.ts b/x-pack/plugins/security_solution/server/lib/types.ts index 3c7c1cd3d7cff..6e233f6e49d3b 100644 --- a/x-pack/plugins/security_solution/server/lib/types.ts +++ b/x-pack/plugins/security_solution/server/lib/types.ts @@ -13,7 +13,6 @@ import { Events } from './events'; import { FrameworkAdapter, FrameworkRequest } from './framework'; import { Hosts } from './hosts'; import { IndexFields } from './index_fields'; -import { IpDetails } from './ip_details'; import { KpiHosts } from './kpi_hosts'; import { KpiNetwork } from './kpi_network'; import { Network } from './network'; @@ -31,7 +30,6 @@ export interface AppDomainLibs { events: Events; fields: IndexFields; hosts: Hosts; - ipDetails: IpDetails; matrixHistogram: MatrixHistogram; network: Network; kpiNetwork: KpiNetwork; diff --git a/x-pack/test/api_integration/apis/security_solution/index.js b/x-pack/test/api_integration/apis/security_solution/index.js index a9ddf091245f7..a143d94dde172 100644 --- a/x-pack/test/api_integration/apis/security_solution/index.js +++ b/x-pack/test/api_integration/apis/security_solution/index.js @@ -21,7 +21,7 @@ export default function ({ loadTestFile }) { loadTestFile(require.resolve('./timeline')); loadTestFile(require.resolve('./timeline_details')); // loadTestFile(require.resolve('./uncommon_processes')); - loadTestFile(require.resolve('./users')); + // loadTestFile(require.resolve('./users')); // loadTestFile(require.resolve('./tls')); loadTestFile(require.resolve('./feature_controls')); }); diff --git a/x-pack/test/api_integration/apis/security_solution/network_details.ts b/x-pack/test/api_integration/apis/security_solution/network_details.ts index cffcd790fa19c..7b851e875454d 100644 --- a/x-pack/test/api_integration/apis/security_solution/network_details.ts +++ b/x-pack/test/api_integration/apis/security_solution/network_details.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { ipOverviewQuery } from '../../../../plugins/security_solution/public/network/containers/details/index.gql_query'; +// @ts-expect-error import { GetIpOverviewQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/users.ts b/x-pack/test/api_integration/apis/security_solution/users.ts index abb2c5b2f5bbd..9d42fc0b9788b 100644 --- a/x-pack/test/api_integration/apis/security_solution/users.ts +++ b/x-pack/test/api_integration/apis/security_solution/users.ts @@ -5,11 +5,14 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { usersQuery } from '../../../../plugins/security_solution/public/network/containers/users/index.gql_query'; import { Direction, + // @ts-expect-error UsersFields, FlowTarget, + // @ts-expect-error GetUsersQuery, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; From 839817ca9a7a359ec17ab067cc360c3cff30e3e5 Mon Sep 17 00:00:00 2001 From: Joe Reuter Date: Thu, 24 Sep 2020 09:55:32 +0200 Subject: [PATCH 014/120] [Lens] show meta field data in Lens (#77210) --- .../indexpattern_datasource/datapanel.scss | 21 -- .../datapanel.test.tsx | 35 +- .../indexpattern_datasource/datapanel.tsx | 318 ++++++------------ .../dimension_panel/field_select.tsx | 11 +- .../indexpattern_datasource/field_item.tsx | 5 +- .../indexpattern_datasource/field_list.scss | 20 ++ .../indexpattern_datasource/field_list.tsx | 193 +++++++++++ .../fields_accordion.test.tsx | 10 +- .../fields_accordion.tsx | 4 +- .../indexpattern_datasource/loader.test.ts | 52 ++- .../public/indexpattern_datasource/loader.ts | 1 + .../public/indexpattern_datasource/types.ts | 1 + .../server/routes/existing_fields.test.ts | 32 +- .../lens/server/routes/existing_fields.ts | 32 +- .../apis/lens/existing_fields.ts | 9 + 15 files changed, 493 insertions(+), 251 deletions(-) create mode 100644 x-pack/plugins/lens/public/indexpattern_datasource/field_list.scss create mode 100644 x-pack/plugins/lens/public/indexpattern_datasource/field_list.tsx diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.scss b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.scss index 70fb57ee79ee5..155b954e9cf17 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.scss +++ b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.scss @@ -10,27 +10,6 @@ margin-bottom: $euiSizeS; } -/** - * 1. Don't cut off the shadow of the field items - */ - -.lnsInnerIndexPatternDataPanel__listWrapper { - @include euiOverflowShadow; - @include euiScrollBar; - margin-left: -$euiSize; /* 1 */ - position: relative; - flex-grow: 1; - overflow: auto; -} - -.lnsInnerIndexPatternDataPanel__list { - padding-top: $euiSizeS; - position: absolute; - top: 0; - left: $euiSize; /* 1 */ - right: $euiSizeXS; /* 1 */ -} - .lnsInnerIndexPatternDataPanel__fieldItems { // Quick fix for making sure the shadow and focus rings are visible outside the accordion bounds padding: $euiSizeXS $euiSizeXS 0; diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.test.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.test.tsx index f17bf172b0fb1..7fb64d1613d32 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.test.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.test.tsx @@ -623,11 +623,40 @@ describe('IndexPattern Data Panel', () => { ).toEqual(['client', 'source', 'timestampLabel']); }); + it('should show meta fields accordion', async () => { + const wrapper = mountWithIntl( + + ); + wrapper + .find('[data-test-subj="lnsIndexPatternMetaFields"]') + .find('button') + .first() + .simulate('click'); + expect( + wrapper + .find('[data-test-subj="lnsIndexPatternMetaFields"]') + .find(FieldItem) + .first() + .prop('field').name + ).toEqual('_id'); + }); + it('should display NoFieldsCallout when all fields are empty', async () => { const wrapper = mountWithIntl( ); - expect(wrapper.find(NoFieldsCallout).length).toEqual(1); + expect(wrapper.find(NoFieldsCallout).length).toEqual(2); expect( wrapper .find('[data-test-subj="lnsIndexPatternAvailableFields"]') @@ -654,7 +683,7 @@ describe('IndexPattern Data Panel', () => { .length ).toEqual(1); wrapper.setProps({ existingFields: { idx1: {} } }); - expect(wrapper.find(NoFieldsCallout).length).toEqual(1); + expect(wrapper.find(NoFieldsCallout).length).toEqual(2); }); it('should filter down by name', () => { @@ -699,7 +728,7 @@ describe('IndexPattern Data Panel', () => { expect(wrapper.find(FieldItem).map((fieldItem) => fieldItem.prop('field').name)).toEqual([ 'Records', ]); - expect(wrapper.find(NoFieldsCallout).length).toEqual(2); + expect(wrapper.find(NoFieldsCallout).length).toEqual(3); }); it('should toggle type if clicked again', () => { diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx index f7adf91e307da..4e85cb5b5d46c 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx @@ -5,14 +5,13 @@ */ import './datapanel.scss'; -import { uniq, keyBy, groupBy, throttle } from 'lodash'; -import React, { useState, useEffect, memo, useCallback, useMemo } from 'react'; +import { uniq, keyBy, groupBy } from 'lodash'; +import React, { useState, memo, useCallback, useMemo } from 'react'; import { EuiFlexGroup, EuiFlexItem, EuiContextMenuPanel, EuiContextMenuItem, - EuiContextMenuPanelProps, EuiPopover, EuiCallOut, EuiFormControlLayout, @@ -25,8 +24,6 @@ import { FormattedMessage } from '@kbn/i18n/react'; import { DataPublicPluginStart, EsQueryConfig, Query, Filter } from 'src/plugins/data/public'; import { DatasourceDataPanelProps, DataType, StateSetter } from '../types'; import { ChildDragDropProvider, DragContextState } from '../drag_drop'; -import { FieldItem } from './field_item'; -import { NoFieldsCallout } from './no_fields_callout'; import { IndexPattern, IndexPatternPrivateState, @@ -37,7 +34,6 @@ import { trackUiEvent } from '../lens_ui_telemetry'; import { syncExistingFields } from './loader'; import { fieldExists } from './pure_helpers'; import { Loader } from '../loader'; -import { FieldsAccordion } from './fields_accordion'; import { esQuery, IIndexPattern } from '../../../../../src/plugins/data/public'; export type Props = DatasourceDataPanelProps & { @@ -52,18 +48,13 @@ export type Props = DatasourceDataPanelProps & { import { LensFieldIcon } from './lens_field_icon'; import { ChangeIndexPattern } from './change_indexpattern'; import { ChartsPluginSetup } from '../../../../../src/plugins/charts/public'; - -// TODO the typings for EuiContextMenuPanel are incorrect - watchedItemProps is missing. This can be removed when the types are adjusted -const FixedEuiContextMenuPanel = (EuiContextMenuPanel as unknown) as React.FunctionComponent< - EuiContextMenuPanelProps & { watchedItemProps: string[] } ->; +import { FieldGroups, FieldList } from './field_list'; function sortFields(fieldA: IndexPatternField, fieldB: IndexPatternField) { return fieldA.displayName.localeCompare(fieldB.displayName, undefined, { sensitivity: 'base' }); } const supportedFieldTypes = new Set(['string', 'number', 'boolean', 'date', 'ip', 'document']); -const PAGINATION_SIZE = 50; const fieldTypeNames: Record = { document: i18n.translate('xpack.lens.datatypes.record', { defaultMessage: 'record' }), @@ -212,18 +203,19 @@ interface DataPanelState { isTypeFilterOpen: boolean; isAvailableAccordionOpen: boolean; isEmptyAccordionOpen: boolean; + isMetaAccordionOpen: boolean; } -export interface FieldsGroup { +const defaultFieldGroups: { specialFields: IndexPatternField[]; availableFields: IndexPatternField[]; emptyFields: IndexPatternField[]; -} - -const defaultFieldGroups = { + metaFields: IndexPatternField[]; +} = { specialFields: [], availableFields: [], emptyFields: [], + metaFields: [], }; const fieldFiltersLabel = i18n.translate('xpack.lens.indexPatterns.fieldFiltersLabel', { @@ -261,9 +253,8 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({ isTypeFilterOpen: false, isAvailableAccordionOpen: true, isEmptyAccordionOpen: false, + isMetaAccordionOpen: false, }); - const [pageSize, setPageSize] = useState(PAGINATION_SIZE); - const [scrollContainer, setScrollContainer] = useState(undefined); const currentIndexPattern = indexPatterns[currentIndexPatternId]; const allFields = currentIndexPattern.fields; const clearLocalState = () => setLocalState((s) => ({ ...s, nameFilter: '', typeFilter: [] })); @@ -272,17 +263,11 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({ (type) => type in fieldTypeNames ); - useEffect(() => { - // Reset the scroll if we have made material changes to the field list - if (scrollContainer) { - scrollContainer.scrollTop = 0; - setPageSize(PAGINATION_SIZE); - } - }, [localState.nameFilter, localState.typeFilter, currentIndexPatternId, scrollContainer]); + const fieldInfoUnavailable = existenceFetchFailed || currentIndexPattern.hasRestrictions; - const fieldGroups: FieldsGroup = useMemo(() => { + const unfilteredFieldGroups: FieldGroups = useMemo(() => { + const fieldByName = keyBy(allFields, 'name'); const containsData = (field: IndexPatternField) => { - const fieldByName = keyBy(allFields, 'name'); const overallField = fieldByName[field.name]; return ( @@ -294,32 +279,105 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({ supportedFieldTypes.has(field.type) ); const sorted = allSupportedTypesFields.sort(sortFields); + let groupedFields; // optimization before existingFields are synced if (!hasSyncedExistingFields) { - return { + groupedFields = { ...defaultFieldGroups, ...groupBy(sorted, (field) => { if (field.type === 'document') { return 'specialFields'; + } else if (field.meta) { + return 'metaFields'; } else { return 'emptyFields'; } }), }; } - return { + groupedFields = { ...defaultFieldGroups, ...groupBy(sorted, (field) => { if (field.type === 'document') { return 'specialFields'; + } else if (field.meta) { + return 'metaFields'; } else if (containsData(field)) { return 'availableFields'; } else return 'emptyFields'; }), }; - }, [allFields, existingFields, currentIndexPattern, hasSyncedExistingFields]); - const filteredFieldGroups: FieldsGroup = useMemo(() => { + const fieldGroupDefinitions: FieldGroups = { + SpecialFields: { + fields: groupedFields.specialFields, + fieldCount: 1, + isAffectedByGlobalFilter: false, + isAffectedByTimeFilter: false, + isInitiallyOpen: false, + showInAccordion: false, + title: '', + hideDetails: true, + }, + AvailableFields: { + fields: groupedFields.availableFields, + fieldCount: groupedFields.availableFields.length, + isInitiallyOpen: true, + showInAccordion: true, + title: fieldInfoUnavailable + ? i18n.translate('xpack.lens.indexPattern.allFieldsLabel', { + defaultMessage: 'All fields', + }) + : i18n.translate('xpack.lens.indexPattern.availableFieldsLabel', { + defaultMessage: 'Available fields', + }), + + isAffectedByGlobalFilter: !!filters.length, + isAffectedByTimeFilter: true, + hideDetails: fieldInfoUnavailable, + }, + EmptyFields: { + fields: groupedFields.emptyFields, + fieldCount: groupedFields.emptyFields.length, + isAffectedByGlobalFilter: false, + isAffectedByTimeFilter: false, + isInitiallyOpen: false, + showInAccordion: true, + hideDetails: false, + title: i18n.translate('xpack.lens.indexPattern.emptyFieldsLabel', { + defaultMessage: 'Empty fields', + }), + }, + MetaFields: { + fields: groupedFields.metaFields, + fieldCount: groupedFields.metaFields.length, + isAffectedByGlobalFilter: false, + isAffectedByTimeFilter: false, + isInitiallyOpen: false, + showInAccordion: true, + hideDetails: false, + title: i18n.translate('xpack.lens.indexPattern.metaFieldsLabel', { + defaultMessage: 'Meta fields', + }), + }, + }; + + // do not show empty field accordion if there is no existence information + if (fieldInfoUnavailable) { + delete fieldGroupDefinitions.EmptyFields; + } + + return fieldGroupDefinitions; + }, [ + allFields, + existingFields, + currentIndexPattern, + hasSyncedExistingFields, + fieldInfoUnavailable, + filters.length, + ]); + + const fieldGroups: FieldGroups = useMemo(() => { const filterFieldGroup = (fieldGroup: IndexPatternField[]) => fieldGroup.filter((field) => { if ( @@ -329,76 +387,18 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({ ) { return false; } - if (localState.typeFilter.length > 0) { return localState.typeFilter.includes(field.type as DataType); } return true; }); - - return Object.entries(fieldGroups).reduce((acc, [name, fields]) => { - return { - ...acc, - [name]: filterFieldGroup(fields), - }; - }, defaultFieldGroups); - }, [fieldGroups, localState.nameFilter, localState.typeFilter]); - - const lazyScroll = useCallback(() => { - if (scrollContainer) { - const nearBottom = - scrollContainer.scrollTop + scrollContainer.clientHeight > - scrollContainer.scrollHeight * 0.9; - if (nearBottom) { - const displayedFieldsLength = - (localState.isAvailableAccordionOpen ? filteredFieldGroups.availableFields.length : 0) + - (localState.isEmptyAccordionOpen ? filteredFieldGroups.emptyFields.length : 0); - setPageSize( - Math.max( - PAGINATION_SIZE, - Math.min(pageSize + PAGINATION_SIZE * 0.5, displayedFieldsLength) - ) - ); - } - } - }, [ - scrollContainer, - localState.isAvailableAccordionOpen, - localState.isEmptyAccordionOpen, - filteredFieldGroups, - pageSize, - setPageSize, - ]); - - const [paginatedAvailableFields, paginatedEmptyFields]: [ - IndexPatternField[], - IndexPatternField[] - ] = useMemo(() => { - const { availableFields, emptyFields } = filteredFieldGroups; - const isAvailableAccordionOpen = localState.isAvailableAccordionOpen; - const isEmptyAccordionOpen = localState.isEmptyAccordionOpen; - - if (isAvailableAccordionOpen && isEmptyAccordionOpen) { - if (availableFields.length > pageSize) { - return [availableFields.slice(0, pageSize), []]; - } else { - return [availableFields, emptyFields.slice(0, pageSize - availableFields.length)]; - } - } - if (isAvailableAccordionOpen && !isEmptyAccordionOpen) { - return [availableFields.slice(0, pageSize), []]; - } - - if (!isAvailableAccordionOpen && isEmptyAccordionOpen) { - return [[], emptyFields.slice(0, pageSize)]; - } - return [[], []]; - }, [ - localState.isAvailableAccordionOpen, - localState.isEmptyAccordionOpen, - filteredFieldGroups, - pageSize, - ]); + return Object.fromEntries( + Object.entries(unfilteredFieldGroups).map(([name, group]) => [ + name, + { ...group, fields: filterFieldGroup(group.fields) }, + ]) + ); + }, [unfilteredFieldGroups, localState.nameFilter, localState.typeFilter]); const fieldProps = useMemo( () => ({ @@ -423,8 +423,6 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({ ] ); - const fieldInfoUnavailable = existenceFetchFailed || currentIndexPattern.hasRestrictions; - return ( } > - ( @@ -545,115 +543,21 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({ -
    { - if (el && !el.dataset.dynamicScroll) { - el.dataset.dynamicScroll = 'true'; - setScrollContainer(el); - } + + field.type === 'document' || + fieldExists(existingFields, currentIndexPattern.title, field.name) + } + fieldProps={fieldProps} + fieldGroups={fieldGroups} + hasSyncedExistingFields={!!hasSyncedExistingFields} + filter={{ + nameFilter: localState.nameFilter, + typeFilter: localState.typeFilter, }} - onScroll={throttle(lazyScroll, 100)} - > -
    - {filteredFieldGroups.specialFields.map((field: IndexPatternField) => ( - - ))} - - - { - setLocalState((s) => ({ - ...s, - isAvailableAccordionOpen: open, - })); - const displayedFieldLength = - (open ? filteredFieldGroups.availableFields.length : 0) + - (localState.isEmptyAccordionOpen ? filteredFieldGroups.emptyFields.length : 0); - setPageSize( - Math.max(PAGINATION_SIZE, Math.min(pageSize * 1.5, displayedFieldLength)) - ); - }} - showExistenceFetchError={existenceFetchFailed} - renderCallout={ - - } - /> - - {!fieldInfoUnavailable && ( - { - setLocalState((s) => ({ - ...s, - isEmptyAccordionOpen: open, - })); - const displayedFieldLength = - (localState.isAvailableAccordionOpen - ? filteredFieldGroups.availableFields.length - : 0) + (open ? filteredFieldGroups.emptyFields.length : 0); - setPageSize( - Math.max(PAGINATION_SIZE, Math.min(pageSize * 1.5, displayedFieldLength)) - ); - }} - renderCallout={ - - } - /> - )} - -
    -
    + currentIndexPatternId={currentIndexPatternId} + existenceFetchFailed={existenceFetchFailed} + />     diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/field_select.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/field_select.tsx index 60f60d7cb80c1..e71a85868b855 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/field_select.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/field_select.tsx @@ -116,7 +116,8 @@ export function FieldSelect({ })); } - const [availableFields, emptyFields] = _.partition(normalFields, containsData); + const [metaFields, nonMetaFields] = _.partition(normalFields, (field) => fieldMap[field].meta); + const [availableFields, emptyFields] = _.partition(nonMetaFields, containsData); const constructFieldsOptions = (fieldsArr: string[], label: string) => fieldsArr.length > 0 && { @@ -138,10 +139,18 @@ export function FieldSelect({ }) ); + const metaFieldsOptions = constructFieldsOptions( + metaFields, + i18n.translate('xpack.lens.indexPattern.metaFieldsLabel', { + defaultMessage: 'Meta fields', + }) + ); + return [ ...fieldNamesToOptions(specialFields), availableFieldsOptions, emptyFieldsOptions, + metaFieldsOptions, ].filter(Boolean); }, [ incompatibleSelectedOperationType, diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx index 1f6d7911b3a33..1eeb64127310f 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx @@ -184,7 +184,8 @@ export const InnerFieldItem = function InnerFieldItem(props: FieldItemProps) { defaultMessage: 'Click for a field preview, or drag and drop to visualize.', }) : i18n.translate('xpack.lens.indexPattern.fieldStatsButtonEmptyLabel', { - defaultMessage: "This field doesn't have data. Drag and drop to visualize.", + defaultMessage: + 'This field doesn’t have any data but you can still drag and drop to visualize.', }) } type="iInCircle" @@ -307,7 +308,7 @@ function FieldItemPopoverContents(props: State & FieldItemProps) { {i18n.translate('xpack.lens.indexPattern.fieldStatsNoData', { defaultMessage: - 'This field is empty because it doesn’t exist in the 500 sampled documents.', + 'This field is empty because it doesn’t exist in the 500 sampled documents. Adding this field to the configuration may result in a blank chart.', })} ); diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/field_list.scss b/x-pack/plugins/lens/public/indexpattern_datasource/field_list.scss new file mode 100644 index 0000000000000..f28581b835b07 --- /dev/null +++ b/x-pack/plugins/lens/public/indexpattern_datasource/field_list.scss @@ -0,0 +1,20 @@ +/** + * 1. Don't cut off the shadow of the field items + */ + +.lnsIndexPatternFieldList { + @include euiOverflowShadow; + @include euiScrollBar; + margin-left: -$euiSize; /* 1 */ + position: relative; + flex-grow: 1; + overflow: auto; +} + +.lnsIndexPatternFieldList__accordionContainer { + padding-top: $euiSizeS; + position: absolute; + top: 0; + left: $euiSize; /* 1 */ + right: $euiSizeXS; /* 1 */ +} diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/field_list.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/field_list.tsx new file mode 100644 index 0000000000000..4a9b3a0c63e3f --- /dev/null +++ b/x-pack/plugins/lens/public/indexpattern_datasource/field_list.tsx @@ -0,0 +1,193 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import './field_list.scss'; +import { throttle } from 'lodash'; +import React, { useState, Fragment, useCallback, useMemo, useEffect } from 'react'; +import { EuiSpacer } from '@elastic/eui'; +import { FieldItem } from './field_item'; +import { NoFieldsCallout } from './no_fields_callout'; +import { IndexPatternField } from './types'; +import { FieldItemSharedProps, FieldsAccordion } from './fields_accordion'; +const PAGINATION_SIZE = 50; + +export interface FieldsGroup { + specialFields: IndexPatternField[]; + availableFields: IndexPatternField[]; + emptyFields: IndexPatternField[]; + metaFields: IndexPatternField[]; +} + +export type FieldGroups = Record< + string, + { + fields: IndexPatternField[]; + fieldCount: number; + showInAccordion: boolean; + isInitiallyOpen: boolean; + title: string; + isAffectedByGlobalFilter: boolean; + isAffectedByTimeFilter: boolean; + hideDetails?: boolean; + } +>; + +function getDisplayedFieldsLength( + fieldGroups: FieldGroups, + accordionState: Partial> +) { + return Object.entries(fieldGroups) + .filter(([key]) => accordionState[key]) + .reduce((allFieldCount, [, { fields }]) => allFieldCount + fields.length, 0); +} + +export function FieldList({ + exists, + fieldGroups, + existenceFetchFailed, + fieldProps, + hasSyncedExistingFields, + filter, + currentIndexPatternId, +}: { + exists: (field: IndexPatternField) => boolean; + fieldGroups: FieldGroups; + fieldProps: FieldItemSharedProps; + hasSyncedExistingFields: boolean; + existenceFetchFailed?: boolean; + filter: { + nameFilter: string; + typeFilter: string[]; + }; + currentIndexPatternId: string; +}) { + const [pageSize, setPageSize] = useState(PAGINATION_SIZE); + const [scrollContainer, setScrollContainer] = useState(undefined); + const [accordionState, setAccordionState] = useState>>(() => + Object.fromEntries( + Object.entries(fieldGroups) + .filter(([, { showInAccordion }]) => showInAccordion) + .map(([key, { isInitiallyOpen }]) => [key, isInitiallyOpen]) + ) + ); + + const isAffectedByFieldFilter = !!(filter.typeFilter.length || filter.nameFilter.length); + + useEffect(() => { + // Reset the scroll if we have made material changes to the field list + if (scrollContainer) { + scrollContainer.scrollTop = 0; + setPageSize(PAGINATION_SIZE); + } + }, [filter.nameFilter, filter.typeFilter, currentIndexPatternId, scrollContainer]); + + const lazyScroll = useCallback(() => { + if (scrollContainer) { + const nearBottom = + scrollContainer.scrollTop + scrollContainer.clientHeight > + scrollContainer.scrollHeight * 0.9; + if (nearBottom) { + setPageSize( + Math.max( + PAGINATION_SIZE, + Math.min( + pageSize + PAGINATION_SIZE * 0.5, + getDisplayedFieldsLength(fieldGroups, accordionState) + ) + ) + ); + } + } + }, [scrollContainer, pageSize, setPageSize, fieldGroups, accordionState]); + + const paginatedFields = useMemo(() => { + let remainingItems = pageSize; + return Object.fromEntries( + Object.entries(fieldGroups) + .filter(([, { showInAccordion }]) => showInAccordion) + .map(([key, fieldGroup]) => { + if (!accordionState[key] || remainingItems <= 0) { + return [key, []]; + } + const slicedFieldList = fieldGroup.fields.slice(0, remainingItems); + remainingItems = remainingItems - slicedFieldList.length; + return [key, slicedFieldList]; + }) + ); + }, [pageSize, fieldGroups, accordionState]); + + return ( +
    { + if (el && !el.dataset.dynamicScroll) { + el.dataset.dynamicScroll = 'true'; + setScrollContainer(el); + } + }} + onScroll={throttle(lazyScroll, 100)} + > +
    + {Object.entries(fieldGroups) + .filter(([, { showInAccordion }]) => !showInAccordion) + .flatMap(([, { fields }]) => + fields.map((field) => ( + + )) + )} + + {Object.entries(fieldGroups) + .filter(([, { showInAccordion }]) => showInAccordion) + .map(([key, fieldGroup]) => ( + + { + setAccordionState((s) => ({ + ...s, + [key]: open, + })); + const displayedFieldLength = getDisplayedFieldsLength(fieldGroups, { + ...accordionState, + [key]: open, + }); + setPageSize( + Math.max(PAGINATION_SIZE, Math.min(pageSize * 1.5, displayedFieldLength)) + ); + }} + showExistenceFetchError={existenceFetchFailed} + renderCallout={ + + } + /> + + + ))} +
    +
    + ); +} diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/fields_accordion.test.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/fields_accordion.test.tsx index b0604efff7b89..7d1c80e5a7f6a 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/fields_accordion.test.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/fields_accordion.test.tsx @@ -71,11 +71,19 @@ describe('Fields Accordion', () => { paginatedFields: indexPattern.fields, fieldProps, renderCallout:
    Callout
    , - exists: true, + exists: () => true, }; }); it('renders correct number of Field Items', () => { + const wrapper = mountWithIntl( + field.name === 'timestamp'} /> + ); + expect(wrapper.find(FieldItem).at(0).prop('exists')).toEqual(true); + expect(wrapper.find(FieldItem).at(1).prop('exists')).toEqual(false); + }); + + it('passed correct exists flag to each field', () => { const wrapper = mountWithIntl(); expect(wrapper.find(FieldItem).length).toEqual(2); }); diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/fields_accordion.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/fields_accordion.tsx index 30a92c21ff661..e531eb72f94ca 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/fields_accordion.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/fields_accordion.tsx @@ -45,7 +45,7 @@ export interface FieldsAccordionProps { paginatedFields: IndexPatternField[]; fieldProps: FieldItemSharedProps; renderCallout: JSX.Element; - exists: boolean; + exists: (field: IndexPatternField) => boolean; showExistenceFetchError?: boolean; hideDetails?: boolean; } @@ -71,7 +71,7 @@ export const InnerFieldsAccordion = function InnerFieldsAccordion({ {...fieldProps} key={field.name} field={field} - exists={exists} + exists={exists(field)} hideDetails={hideDetails} /> ), diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/loader.test.ts b/x-pack/plugins/lens/public/indexpattern_datasource/loader.test.ts index 19213d4afc9bc..ef6abbec9a34d 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/loader.test.ts +++ b/x-pack/plugins/lens/public/indexpattern_datasource/loader.test.ts @@ -197,7 +197,7 @@ function mockClient() { function mockIndexPatternsService() { return ({ get: jest.fn(async (id: '1' | '2') => { - return sampleIndexPatternsFromService[id]; + return { ...sampleIndexPatternsFromService[id], metaFields: [] }; }), } as unknown) as Pick; } @@ -248,6 +248,7 @@ describe('loader', () => { get: jest.fn(async () => ({ id: 'foo', title: 'Foo index', + metaFields: [], typeMeta: { aggs: { date_histogram: { @@ -295,6 +296,55 @@ describe('loader', () => { date_histogram: { agg: 'date_histogram', fixed_interval: 'm' }, }); }); + + it('should map meta flag', async () => { + const cache = await loadIndexPatterns({ + cache: {}, + patterns: ['foo'], + indexPatternsService: ({ + get: jest.fn(async () => ({ + id: 'foo', + title: 'Foo index', + metaFields: ['timestamp'], + typeMeta: { + aggs: { + date_histogram: { + timestamp: { + agg: 'date_histogram', + fixed_interval: 'm', + }, + }, + sum: { + bytes: { + agg: 'sum', + }, + }, + }, + }, + fields: [ + { + name: 'timestamp', + displayName: 'timestampLabel', + type: 'date', + aggregatable: true, + searchable: true, + }, + { + name: 'bytes', + displayName: 'bytes', + type: 'number', + aggregatable: true, + searchable: true, + }, + ], + })), + } as unknown) as Pick, + }); + + expect(cache.foo.fields.find((f: IndexPatternField) => f.name === 'timestamp')!.meta).toEqual( + true + ); + }); }); describe('loadInitialState', () => { diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/loader.ts b/x-pack/plugins/lens/public/indexpattern_datasource/loader.ts index 0ab658b961336..c4b1eb9e0c4c4 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/loader.ts +++ b/x-pack/plugins/lens/public/indexpattern_datasource/loader.ts @@ -63,6 +63,7 @@ export async function loadIndexPatterns({ type: field.type, aggregatable: field.aggregatable, searchable: field.searchable, + meta: indexPattern.metaFields.includes(field.name), esTypes: field.esTypes, scripted: field.scripted, }; diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/types.ts b/x-pack/plugins/lens/public/indexpattern_datasource/types.ts index b691c5b5c4c40..a3c0e8aed7421 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/types.ts +++ b/x-pack/plugins/lens/public/indexpattern_datasource/types.ts @@ -26,6 +26,7 @@ export interface IndexPattern { export type IndexPatternField = IFieldType & { displayName: string; aggregationRestrictions?: Partial; + meta?: boolean; }; export interface IndexPatternLayer { diff --git a/x-pack/plugins/lens/server/routes/existing_fields.test.ts b/x-pack/plugins/lens/server/routes/existing_fields.test.ts index 728b78c8e97bc..9799dcf92ae41 100644 --- a/x-pack/plugins/lens/server/routes/existing_fields.test.ts +++ b/x-pack/plugins/lens/server/routes/existing_fields.test.ts @@ -15,6 +15,7 @@ describe('existingFields', () => { name, isScript: false, isAlias: false, + isMeta: false, path: name.split('.'), ...obj, }; @@ -101,6 +102,15 @@ describe('existingFields', () => { expect(result).toEqual(['baz']); }); + + it('supports meta fields', () => { + const result = existingFields( + [{ _mymeta: 'abc', ...indexPattern({}, { bar: 'scriptvalue' }) }], + [field({ name: '_mymeta', isMeta: true, path: ['_mymeta'] })] + ); + + expect(result).toEqual(['_mymeta']); + }); }); describe('buildFieldList', () => { @@ -116,6 +126,7 @@ describe('buildFieldList', () => { { name: 'bar' }, { name: '@bar' }, { name: 'baz' }, + { name: '_mymeta' }, ]), }, references: [], @@ -142,7 +153,7 @@ describe('buildFieldList', () => { ]; it('uses field descriptors to determine the path', () => { - const fields = buildFieldList(indexPattern, mappings, fieldDescriptors); + const fields = buildFieldList(indexPattern, mappings, fieldDescriptors, []); expect(fields.find((f) => f.name === 'baz')).toMatchObject({ isAlias: false, isScript: false, @@ -152,7 +163,7 @@ describe('buildFieldList', () => { }); it('uses aliases to determine the path', () => { - const fields = buildFieldList(indexPattern, mappings, fieldDescriptors); + const fields = buildFieldList(indexPattern, mappings, fieldDescriptors, []); expect(fields.find((f) => f.isAlias)).toMatchObject({ isAlias: true, isScript: false, @@ -162,7 +173,7 @@ describe('buildFieldList', () => { }); it('supports scripted fields', () => { - const fields = buildFieldList(indexPattern, mappings, fieldDescriptors); + const fields = buildFieldList(indexPattern, mappings, fieldDescriptors, []); expect(fields.find((f) => f.isScript)).toMatchObject({ isAlias: false, isScript: true, @@ -173,13 +184,24 @@ describe('buildFieldList', () => { }); }); + it('supports meta fields', () => { + const fields = buildFieldList(indexPattern, mappings, fieldDescriptors, ['_mymeta']); + expect(fields.find((f) => f.isMeta)).toMatchObject({ + isAlias: false, + isScript: false, + isMeta: true, + name: '_mymeta', + path: ['_mymeta'], + }); + }); + it('handles missing mappings', () => { - const fields = buildFieldList(indexPattern, {}, fieldDescriptors); + const fields = buildFieldList(indexPattern, {}, fieldDescriptors, []); expect(fields.every((f) => f.isAlias === false)).toEqual(true); }); it('handles empty fieldDescriptors by skipping multi-mappings', () => { - const fields = buildFieldList(indexPattern, mappings, []); + const fields = buildFieldList(indexPattern, mappings, [], []); expect(fields.find((f) => f.name === 'baz')).toMatchObject({ isAlias: false, isScript: false, diff --git a/x-pack/plugins/lens/server/routes/existing_fields.ts b/x-pack/plugins/lens/server/routes/existing_fields.ts index 7ab3cdceb2145..33fcafacfad73 100644 --- a/x-pack/plugins/lens/server/routes/existing_fields.ts +++ b/x-pack/plugins/lens/server/routes/existing_fields.ts @@ -12,6 +12,7 @@ import { BASE_API_URL } from '../../common'; import { IndexPatternsFetcher, IndexPatternAttributes, + UI_SETTINGS, } from '../../../../../src/plugins/data/server'; /** @@ -36,13 +37,12 @@ export interface Field { name: string; isScript: boolean; isAlias: boolean; + isMeta: boolean; path: string[]; lang?: string; script?: string; } -const metaFields = ['_source', '_type']; - export async function existingFieldsRoute(setup: CoreSetup) { const router = setup.http.createRouter(); @@ -104,14 +104,15 @@ async function fetchFieldExistence({ toDate?: string; timeFieldName?: string; }) { + const metaFields: string[] = await context.core.uiSettings.client.get(UI_SETTINGS.META_FIELDS); const { indexPattern, indexPatternTitle, mappings, fieldDescriptors, - } = await fetchIndexPatternDefinition(indexPatternId, context); + } = await fetchIndexPatternDefinition(indexPatternId, context, metaFields); - const fields = buildFieldList(indexPattern, mappings, fieldDescriptors); + const fields = buildFieldList(indexPattern, mappings, fieldDescriptors, metaFields); const docs = await fetchIndexPatternStats({ fromDate, toDate, @@ -128,7 +129,11 @@ async function fetchFieldExistence({ }; } -async function fetchIndexPatternDefinition(indexPatternId: string, context: RequestHandlerContext) { +async function fetchIndexPatternDefinition( + indexPatternId: string, + context: RequestHandlerContext, + metaFields: string[] +) { const savedObjectsClient = context.core.savedObjects.client; const requestClient = context.core.elasticsearch.legacy.client; const indexPattern = await savedObjectsClient.get( @@ -178,7 +183,8 @@ async function fetchIndexPatternDefinition(indexPatternId: string, context: Requ export function buildFieldList( indexPattern: SavedObject, mappings: MappingResult | {}, - fieldDescriptors: FieldDescriptor[] + fieldDescriptors: FieldDescriptor[], + metaFields: string[] ): Field[] { const aliasMap = Object.entries(Object.values(mappings)[0]?.mappings.properties ?? {}) .map(([name, v]) => ({ ...v, name })) @@ -204,6 +210,9 @@ export function buildFieldList( path: path.split('.'), lang: field.lang, script: field.script, + // id is a special case - it doesn't show up in the meta field list, + // but as it's not part of source, it has to be handled separately. + isMeta: metaFields.includes(field.name) || field.name === '_id', }; } ); @@ -312,7 +321,7 @@ function exists(obj: unknown, path: string[], i = 0): boolean { * Exported only for unit tests. */ export function existingFields( - docs: Array<{ _source: unknown; fields: unknown }>, + docs: Array<{ _source: unknown; fields: unknown; [key: string]: unknown }>, fields: Field[] ): string[] { const missingFields = new Set(fields); @@ -323,7 +332,14 @@ export function existingFields( } missingFields.forEach((field) => { - if (exists(field.isScript ? doc.fields : doc._source, field.path)) { + let fieldStore = doc._source; + if (field.isScript) { + fieldStore = doc.fields; + } + if (field.isMeta) { + fieldStore = doc; + } + if (exists(fieldStore, field.path)) { missingFields.delete(field); } }); diff --git a/x-pack/test/api_integration/apis/lens/existing_fields.ts b/x-pack/test/api_integration/apis/lens/existing_fields.ts index 92336f2892f43..10ee7bc9b48ea 100644 --- a/x-pack/test/api_integration/apis/lens/existing_fields.ts +++ b/x-pack/test/api_integration/apis/lens/existing_fields.ts @@ -20,6 +20,9 @@ const fieldsWithData = [ '@tags', '@tags.raw', '@timestamp', + '_id', + '_index', + '_source', 'agent', 'agent.raw', 'bytes', @@ -96,6 +99,9 @@ const fieldsWithData = [ const metricBeatData = [ '@timestamp', + '_id', + '_index', + '_source', 'agent.ephemeral_id', 'agent.hostname', 'agent.id', @@ -185,6 +191,9 @@ export default ({ getService }: FtrProviderContext) => { '@tags', '@tags.raw', '@timestamp', + '_id', + '_index', + '_source', 'agent', 'agent.raw', 'bytes', From 29bc00c04cf3725deca930399becab6f360993b2 Mon Sep 17 00:00:00 2001 From: Mikhail Shustov Date: Thu, 24 Sep 2020 12:15:25 +0300 Subject: [PATCH 015/120] disable incremental build for x-pack tests (#78131) Co-authored-by: Elastic Machine --- x-pack/test/tsconfig.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/test/tsconfig.json b/x-pack/test/tsconfig.json index e8af79b9e84e0..3736d957a55a6 100644 --- a/x-pack/test/tsconfig.json +++ b/x-pack/test/tsconfig.json @@ -1,7 +1,8 @@ { "extends": "../../tsconfig.base.json", "compilerOptions": { - "tsBuildInfoFile": "../../build/tsbuildinfo/x-pack/test", + // overhead is too significant + "incremental": false, "types": [ "mocha", "node", From 5d5ce401680412dc4aefcb2bd0cab16b3ce76fda Mon Sep 17 00:00:00 2001 From: Joe Reuter Date: Thu, 24 Sep 2020 11:42:35 +0200 Subject: [PATCH 016/120] fix drilldown in tsvb (#78005) --- .../application/components/vis_types/table/vis.js | 11 ++++++++--- .../application/components/vis_types/top_n/vis.js | 4 +++- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/plugins/vis_type_timeseries/public/application/components/vis_types/table/vis.js b/src/plugins/vis_type_timeseries/public/application/components/vis_types/table/vis.js index d55afeda62e70..1341cf02202a0 100644 --- a/src/plugins/vis_type_timeseries/public/application/components/vis_types/table/vis.js +++ b/src/plugins/vis_type_timeseries/public/application/components/vis_types/table/vis.js @@ -20,6 +20,7 @@ import _, { isArray, last, get } from 'lodash'; import React, { Component } from 'react'; import PropTypes from 'prop-types'; +import { RedirectAppLinks } from '../../../../../../kibana_react/public'; import { createTickFormatter } from '../../lib/tick_formatter'; import { calculateLabel } from '../../../../../../../plugins/vis_type_timeseries/common/calculate_label'; import { isSortable } from './is_sortable'; @@ -27,7 +28,7 @@ import { EuiToolTip, EuiIcon } from '@elastic/eui'; import { replaceVars } from '../../lib/replace_vars'; import { fieldFormats } from '../../../../../../../plugins/data/public'; import { FormattedMessage } from '@kbn/i18n/react'; -import { getFieldFormats } from '../../../../services'; +import { getFieldFormats, getCoreStart } from '../../../../services'; import { METRIC_TYPES } from '../../../../../../../plugins/vis_type_timeseries/common/metric_types'; @@ -231,12 +232,16 @@ export class TableVis extends Component { ); } return ( -
    + {header}{rows}
    -
    + ); } } diff --git a/src/plugins/vis_type_timeseries/public/application/components/vis_types/top_n/vis.js b/src/plugins/vis_type_timeseries/public/application/components/vis_types/top_n/vis.js index a4fe6f796bc0b..e9f64c93d337f 100644 --- a/src/plugins/vis_type_timeseries/public/application/components/vis_types/top_n/vis.js +++ b/src/plugins/vis_type_timeseries/public/application/components/vis_types/top_n/vis.js @@ -17,6 +17,7 @@ * under the License. */ +import { getCoreStart } from '../../../../services'; import { createTickFormatter } from '../../lib/tick_formatter'; import { TopN } from '../../../visualizations/views/top_n'; import { getLastValue } from '../../../../../../../plugins/vis_type_timeseries/common/get_last_value'; @@ -89,7 +90,8 @@ export function TopNVisualization(props) { if (model.drilldown_url) { params.onClick = (item) => { - window.location = replaceVars(model.drilldown_url, {}, { key: item.label }); + const url = replaceVars(model.drilldown_url, {}, { key: item.label }); + getCoreStart().application.navigateToUrl(url); }; } From 88b03d943b7631161136dd0bf8201e3eff919c7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Fern=C3=A1ndez=20Haro?= Date: Thu, 24 Sep 2020 10:49:31 +0100 Subject: [PATCH 017/120] [Usage Collection] [schema] `static_telemetry` (#77902) Co-authored-by: Elastic Machine --- .telemetryrc.json | 3 +- src/plugins/telemetry/schema/oss_plugins.json | 115 ++++++++++++++++++ .../server/collectors/usage/schema.ts | 58 +++++++++ .../usage/telemetry_usage_collector.ts | 49 +++++++- 4 files changed, 219 insertions(+), 6 deletions(-) create mode 100644 src/plugins/telemetry/server/collectors/usage/schema.ts diff --git a/.telemetryrc.json b/.telemetryrc.json index 818f9805628e1..13bb6e3ae88c0 100644 --- a/.telemetryrc.json +++ b/.telemetryrc.json @@ -8,8 +8,7 @@ "src/plugins/kibana_utils/", "src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts", "src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts", - "src/plugins/kibana_usage_collection/server/collectors/ui_metric/telemetry_ui_metric_collector.ts", - "src/plugins/telemetry/server/collectors/usage/telemetry_usage_collector.ts" + "src/plugins/kibana_usage_collection/server/collectors/ui_metric/telemetry_ui_metric_collector.ts" ] } ] diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json index 5bce03a292760..6662482402fc5 100644 --- a/src/plugins/telemetry/schema/oss_plugins.json +++ b/src/plugins/telemetry/schema/oss_plugins.json @@ -1310,6 +1310,121 @@ } } }, + "static_telemetry": { + "properties": { + "ece": { + "properties": { + "kb_uuid": { + "type": "keyword" + }, + "es_uuid": { + "type": "keyword" + }, + "account_id": { + "type": "keyword" + }, + "license": { + "properties": { + "uuid": { + "type": "keyword" + }, + "type": { + "type": "keyword" + }, + "issued_to": { + "type": "text" + }, + "issuer": { + "type": "text" + }, + "issue_date_in_millis": { + "type": "long" + }, + "start_date_in_millis": { + "type": "long" + }, + "expiry_date_in_millis": { + "type": "long" + }, + "max_resource_units": { + "type": "long" + } + } + } + } + }, + "ess": { + "properties": { + "kb_uuid": { + "type": "keyword" + }, + "es_uuid": { + "type": "keyword" + }, + "account_id": { + "type": "keyword" + }, + "license": { + "properties": { + "uuid": { + "type": "keyword" + }, + "type": { + "type": "keyword" + }, + "issued_to": { + "type": "text" + }, + "issuer": { + "type": "text" + }, + "issue_date_in_millis": { + "type": "long" + }, + "start_date_in_millis": { + "type": "long" + }, + "expiry_date_in_millis": { + "type": "long" + }, + "max_resource_units": { + "type": "long" + } + } + } + } + }, + "eck": { + "properties": { + "operator_uuid": { + "type": "keyword" + }, + "operator_roles": { + "type": "keyword" + }, + "custom_operator_namespace": { + "type": "boolean" + }, + "distribution": { + "type": "text" + }, + "build": { + "properties": { + "hash": { + "type": "text" + }, + "date": { + "type": "date" + }, + "version": { + "type": "keyword" + } + } + } + } + } + } + }, "tsvb-validation": { "properties": { "failed_validations": { diff --git a/src/plugins/telemetry/server/collectors/usage/schema.ts b/src/plugins/telemetry/server/collectors/usage/schema.ts new file mode 100644 index 0000000000000..8f4d555d75c49 --- /dev/null +++ b/src/plugins/telemetry/server/collectors/usage/schema.ts @@ -0,0 +1,58 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import { MakeSchemaFrom } from 'src/plugins/usage_collection/server'; +import { LicenseUsage, StaticTelemetryUsage } from './telemetry_usage_collector'; + +const licenseSchema: MakeSchemaFrom = { + uuid: { type: 'keyword' }, + type: { type: 'keyword' }, + issued_to: { type: 'text' }, + issuer: { type: 'text' }, + issue_date_in_millis: { type: 'long' }, + start_date_in_millis: { type: 'long' }, + expiry_date_in_millis: { type: 'long' }, + max_resource_units: { type: 'long' }, +}; + +export const staticTelemetrySchema: MakeSchemaFrom> = { + ece: { + kb_uuid: { type: 'keyword' }, + es_uuid: { type: 'keyword' }, + account_id: { type: 'keyword' }, + license: licenseSchema, + }, + ess: { + kb_uuid: { type: 'keyword' }, + es_uuid: { type: 'keyword' }, + account_id: { type: 'keyword' }, + license: licenseSchema, + }, + eck: { + operator_uuid: { type: 'keyword' }, + operator_roles: { type: 'keyword' }, + custom_operator_namespace: { type: 'boolean' }, + distribution: { type: 'text' }, + build: { + hash: { type: 'text' }, + date: { type: 'date' }, + version: { type: 'keyword' }, + }, + }, +}; diff --git a/src/plugins/telemetry/server/collectors/usage/telemetry_usage_collector.ts b/src/plugins/telemetry/server/collectors/usage/telemetry_usage_collector.ts index bde7cfa5c4445..39f8ef0151a0b 100644 --- a/src/plugins/telemetry/server/collectors/usage/telemetry_usage_collector.ts +++ b/src/plugins/telemetry/server/collectors/usage/telemetry_usage_collector.ts @@ -29,6 +29,7 @@ import { TelemetryConfigType } from '../../config'; // look for telemetry.yml in the same places we expect kibana.yml import { ensureDeepObject } from './ensure_deep_object'; +import { staticTelemetrySchema } from './schema'; /** * The maximum file size before we ignore it (note: this limit is arbitrary). @@ -60,10 +61,12 @@ export function isFileReadable(path: string): boolean { * @param configPath The config file path. * @returns The unmodified JSON object if the file exists and is a valid YAML file. */ -export async function readTelemetryFile(path: string): Promise { +export async function readTelemetryFile( + configPath: string +): Promise { try { - if (isFileReadable(path)) { - const yaml = readFileSync(path); + if (isFileReadable(configPath)) { + const yaml = readFileSync(configPath); const data = safeLoad(yaml.toString()); // don't bother returning empty objects @@ -79,11 +82,48 @@ export async function readTelemetryFile(path: string): Promise Promise ) { - return usageCollection.makeUsageCollector({ + return usageCollection.makeUsageCollector({ type: 'static_telemetry', isReady: () => true, fetch: async () => { @@ -91,6 +131,7 @@ export function createTelemetryUsageCollector( const telemetryPath = join(dirname(configPath), 'telemetry.yml'); return await readTelemetryFile(telemetryPath); }, + schema: staticTelemetrySchema, }); } From 9ca22382fb9f4aca147e07ac9a42bdb1e9d737e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Fern=C3=A1ndez=20Haro?= Date: Thu, 24 Sep 2020 10:51:42 +0100 Subject: [PATCH 018/120] [Usage Collection] [Schema] "kibana" collector (#77893) Co-authored-by: Elastic Machine --- .telemetryrc.json | 1 - .../kibana/get_saved_object_counts.ts | 11 +++-- .../kibana/kibana_usage_collector.ts | 17 ++++++- src/plugins/telemetry/schema/oss_plugins.json | 49 +++++++++++++++++++ 4 files changed, 71 insertions(+), 7 deletions(-) diff --git a/.telemetryrc.json b/.telemetryrc.json index 13bb6e3ae88c0..7d9743b20ff68 100644 --- a/.telemetryrc.json +++ b/.telemetryrc.json @@ -6,7 +6,6 @@ "src/plugins/kibana_react/", "src/plugins/testbed/", "src/plugins/kibana_utils/", - "src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts", "src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts", "src/plugins/kibana_usage_collection/server/collectors/ui_metric/telemetry_ui_metric_collector.ts" ] diff --git a/src/plugins/kibana_usage_collection/server/collectors/kibana/get_saved_object_counts.ts b/src/plugins/kibana_usage_collection/server/collectors/kibana/get_saved_object_counts.ts index 1adc0dc6896fd..e88d90fe5b24b 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/kibana/get_saved_object_counts.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/kibana/get_saved_object_counts.ts @@ -39,9 +39,12 @@ const TYPES = [ ]; export interface KibanaSavedObjectCounts { - [pluginName: string]: { - total: number; - }; + dashboard: { total: number }; + visualization: { total: number }; + search: { total: number }; + index_pattern: { total: number }; + graph_workspace: { total: number }; + timelion_sheet: { total: number }; } export async function getSavedObjectsCounts( @@ -71,7 +74,7 @@ export async function getSavedObjectsCounts( // Initialise the object with all zeros for all the types const allZeros: KibanaSavedObjectCounts = TYPES.reduce( (acc, type) => ({ ...acc, [snakeCase(type)]: { total: 0 } }), - {} + {} as KibanaSavedObjectCounts ); // Add the doc_count from each bucket diff --git a/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts b/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts index 9cc079a9325d5..5b56e1a9b596f 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts @@ -22,15 +22,28 @@ import { take } from 'rxjs/operators'; import { SharedGlobalConfig } from 'kibana/server'; import { UsageCollectionSetup } from 'src/plugins/usage_collection/server'; import { KIBANA_STATS_TYPE } from '../../../common/constants'; -import { getSavedObjectsCounts } from './get_saved_object_counts'; +import { getSavedObjectsCounts, KibanaSavedObjectCounts } from './get_saved_object_counts'; + +interface KibanaUsage extends KibanaSavedObjectCounts { + index: string; +} export function getKibanaUsageCollector( usageCollection: UsageCollectionSetup, legacyConfig$: Observable ) { - return usageCollection.makeUsageCollector({ + return usageCollection.makeUsageCollector({ type: 'kibana', isReady: () => true, + schema: { + index: { type: 'keyword' }, + dashboard: { total: { type: 'long' } }, + visualization: { total: { type: 'long' } }, + search: { total: { type: 'long' } }, + index_pattern: { total: { type: 'long' } }, + graph_workspace: { total: { type: 'long' } }, + timelion_sheet: { total: { type: 'long' } }, + }, async fetch(callCluster) { const { kibana: { index }, diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json index 6662482402fc5..a83cd5a562ff6 100644 --- a/src/plugins/telemetry/schema/oss_plugins.json +++ b/src/plugins/telemetry/schema/oss_plugins.json @@ -1297,6 +1297,55 @@ } } }, + "kibana": { + "properties": { + "index": { + "type": "keyword" + }, + "dashboard": { + "properties": { + "total": { + "type": "long" + } + } + }, + "visualization": { + "properties": { + "total": { + "type": "long" + } + } + }, + "search": { + "properties": { + "total": { + "type": "long" + } + } + }, + "index_pattern": { + "properties": { + "total": { + "type": "long" + } + } + }, + "graph_workspace": { + "properties": { + "total": { + "type": "long" + } + } + }, + "timelion_sheet": { + "properties": { + "total": { + "type": "long" + } + } + } + } + }, "telemetry": { "properties": { "opt_in_status": { From 8ad53d52037bc9c5842e5a74766ec6fc08fd5c94 Mon Sep 17 00:00:00 2001 From: Matthias Wilhelm Date: Thu, 24 Sep 2020 12:29:29 +0200 Subject: [PATCH 019/120] [Discover] Context - Fix bug when document id contains a slash (#77435) --- .../public/application/angular/context.js | 30 +++++++------------ src/plugins/discover/public/plugin.ts | 8 +++++ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/plugins/discover/public/application/angular/context.js b/src/plugins/discover/public/application/angular/context.js index 6223090aa9f97..bb9d71c8671a2 100644 --- a/src/plugins/discover/public/application/angular/context.js +++ b/src/plugins/discover/public/application/angular/context.js @@ -45,26 +45,18 @@ const k7Breadcrumbs = ($route) => { }; getAngularModule().config(($routeProvider) => { - $routeProvider - // deprecated route, kept for compatibility - // should be removed in the future - .when('/context/:indexPatternId/:type/:id*', { - redirectTo: '/context/:indexPatternId/:id', - }) - .when('/context/:indexPatternId/:id*', { - controller: ContextAppRouteController, - k7Breadcrumbs, - controllerAs: 'contextAppRoute', - resolve: { - indexPattern: ($route, Promise) => { - const indexPattern = getServices().indexPatterns.get( - $route.current.params.indexPatternId - ); - return Promise.props({ ip: indexPattern }); - }, + $routeProvider.when('/context/:indexPatternId/:id*', { + controller: ContextAppRouteController, + k7Breadcrumbs, + controllerAs: 'contextAppRoute', + resolve: { + indexPattern: ($route, Promise) => { + const indexPattern = getServices().indexPatterns.get($route.current.params.indexPatternId); + return Promise.props({ ip: indexPattern }); }, - template: contextAppRouteTemplate, - }); + }, + template: contextAppRouteTemplate, + }); }); function ContextAppRouteController($routeParams, $scope, $route) { diff --git a/src/plugins/discover/public/plugin.ts b/src/plugins/discover/public/plugin.ts index 440bd3fdf86d3..b1bbc89b62d9d 100644 --- a/src/plugins/discover/public/plugin.ts +++ b/src/plugins/discover/public/plugin.ts @@ -277,6 +277,14 @@ export class DiscoverPlugin return `#${path}`; }); plugins.urlForwarding.forwardApp('context', 'discover', (path) => { + const urlParts = path.split('/'); + // take care of urls containing legacy url, those split in the following way + // ["", "context", indexPatternId, _type, id + params] + if (urlParts[4]) { + // remove _type part + const newPath = [...urlParts.slice(0, 3), ...urlParts.slice(4)].join('/'); + return `#${newPath}`; + } return `#${path}`; }); plugins.urlForwarding.forwardApp('discover', 'discover', (path) => { From 4d08763af7ec6a1381ab8a9c2c29866d2e7a7923 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Fern=C3=A1ndez=20Haro?= Date: Thu, 24 Sep 2020 11:40:59 +0100 Subject: [PATCH 020/120] [Usage Collection] [schema] `lens` (#77929) Co-authored-by: Elastic Machine --- .../__fixture__/parsed_working_collector.ts | 8 +- .../extract_collectors.test.ts.snap | 26 +- .../src/tools/serializer.test.ts | 26 +- .../src/tools/serializer.ts | 27 +- .../kbn-telemetry-tools/src/tools/utils.ts | 2 +- .../telemetry_collectors/constants.ts | 4 + x-pack/.telemetryrc.json | 1 - .../plugins/lens/server/usage/collectors.ts | 6 +- x-pack/plugins/lens/server/usage/schema.ts | 83 ++++ .../schema/xpack_plugins.json | 374 ++++++++++++++++++ 10 files changed, 528 insertions(+), 29 deletions(-) create mode 100644 x-pack/plugins/lens/server/usage/schema.ts diff --git a/packages/kbn-telemetry-tools/src/tools/__fixture__/parsed_working_collector.ts b/packages/kbn-telemetry-tools/src/tools/__fixture__/parsed_working_collector.ts index b238c5aa346ad..54983278726eb 100644 --- a/packages/kbn-telemetry-tools/src/tools/__fixture__/parsed_working_collector.ts +++ b/packages/kbn-telemetry-tools/src/tools/__fixture__/parsed_working_collector.ts @@ -75,11 +75,9 @@ export const parsedWorkingCollector: ParsedUsageCollection = [ type: 'StringKeyword', }, my_index_signature_prop: { - '': { - '@@INDEX@@': { - kind: SyntaxKind.NumberKeyword, - type: 'NumberKeyword', - }, + '@@INDEX@@': { + kind: SyntaxKind.NumberKeyword, + type: 'NumberKeyword', }, }, my_objects: { diff --git a/packages/kbn-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap b/packages/kbn-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap index 68b068b0cfe06..9868a7d31d498 100644 --- a/packages/kbn-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap +++ b/packages/kbn-telemetry-tools/src/tools/__snapshots__/extract_collectors.test.ts.snap @@ -96,16 +96,14 @@ Array [ "collectorName": "indexed_interface_with_not_matching_schema", "fetch": Object { "typeDescriptor": Object { - "": Object { - "@@INDEX@@": Object { - "count_1": Object { - "kind": 143, - "type": "NumberKeyword", - }, - "count_2": Object { - "kind": 143, - "type": "NumberKeyword", - }, + "@@INDEX@@": Object { + "count_1": Object { + "kind": 143, + "type": "NumberKeyword", + }, + "count_2": Object { + "kind": 143, + "type": "NumberKeyword", }, }, }, @@ -165,11 +163,9 @@ Array [ }, }, "my_index_signature_prop": Object { - "": Object { - "@@INDEX@@": Object { - "kind": 143, - "type": "NumberKeyword", - }, + "@@INDEX@@": Object { + "kind": 143, + "type": "NumberKeyword", }, }, "my_objects": Object { diff --git a/packages/kbn-telemetry-tools/src/tools/serializer.test.ts b/packages/kbn-telemetry-tools/src/tools/serializer.test.ts index 9475574a44219..6742117226368 100644 --- a/packages/kbn-telemetry-tools/src/tools/serializer.test.ts +++ b/packages/kbn-telemetry-tools/src/tools/serializer.test.ts @@ -44,13 +44,13 @@ export function loadFixtureProgram(fixtureName: string) { } describe('getDescriptor', () => { - const usageInterfaces = new Map(); + const usageInterfaces = new Map(); let tsProgram: ts.Program; beforeAll(() => { const { program, sourceFile } = loadFixtureProgram('constants'); tsProgram = program; for (const node of traverseNodes(sourceFile)) { - if (ts.isInterfaceDeclaration(node)) { + if (ts.isInterfaceDeclaration(node) || ts.isTypeAliasDeclaration(node)) { const interfaceName = node.name.getText(); usageInterfaces.set(interfaceName, node); } @@ -102,4 +102,26 @@ describe('getDescriptor', () => { 'Mapping does not support conflicting union types.' ); }); + + it('serializes TypeAliasDeclaration', () => { + const usageInterface = usageInterfaces.get('TypeAliasWithUnion')!; + const descriptor = getDescriptor(usageInterface, tsProgram); + expect(descriptor).toEqual({ + locale: { kind: ts.SyntaxKind.StringKeyword, type: 'StringKeyword' }, + prop1: { kind: ts.SyntaxKind.StringKeyword, type: 'StringKeyword' }, + prop2: { kind: ts.SyntaxKind.StringKeyword, type: 'StringKeyword' }, + prop3: { kind: ts.SyntaxKind.StringKeyword, type: 'StringKeyword' }, + prop4: { kind: ts.SyntaxKind.StringLiteral, type: 'StringLiteral' }, + prop5: { kind: ts.SyntaxKind.FirstLiteralToken, type: 'FirstLiteralToken' }, + }); + }); + + it('serializes Record entries', () => { + const usageInterface = usageInterfaces.get('TypeAliasWithRecord')!; + const descriptor = getDescriptor(usageInterface, tsProgram); + expect(descriptor).toEqual({ + locale: { kind: ts.SyntaxKind.StringKeyword, type: 'StringKeyword' }, + '@@INDEX@@': { kind: ts.SyntaxKind.NumberKeyword, type: 'NumberKeyword' }, + }); + }); }); diff --git a/packages/kbn-telemetry-tools/src/tools/serializer.ts b/packages/kbn-telemetry-tools/src/tools/serializer.ts index 7afe828298b4b..6fe02e3824ba7 100644 --- a/packages/kbn-telemetry-tools/src/tools/serializer.ts +++ b/packages/kbn-telemetry-tools/src/tools/serializer.ts @@ -79,9 +79,13 @@ export function getDescriptor(node: ts.Node, program: ts.Program): Descriptor | } if (ts.isTypeLiteralNode(node) || ts.isInterfaceDeclaration(node)) { return node.members.reduce((acc, m) => { - acc[m.name?.getText() || ''] = getDescriptor(m, program); - return acc; - }, {} as any); + const key = m.name?.getText(); + if (key) { + return { ...acc, [key]: getDescriptor(m, program) }; + } else { + return { ...acc, ...getDescriptor(m, program) }; + } + }, {}); } // If it's defined as signature { [key: string]: OtherInterface } @@ -114,6 +118,10 @@ export function getDescriptor(node: ts.Node, program: ts.Program): Descriptor | if (symbolName === 'Date') { return { kind: TelemetryKinds.Date, type: 'Date' }; } + // Support `Record` + if (symbolName === 'Record' && node.typeArguments![0].kind === ts.SyntaxKind.StringKeyword) { + return { '@@INDEX@@': getDescriptor(node.typeArguments![1], program) }; + } const declaration = (symbol?.getDeclarations() || [])[0]; if (declaration) { return getDescriptor(declaration, program); @@ -157,6 +165,19 @@ export function getDescriptor(node: ts.Node, program: ts.Program): Descriptor | return uniqueKinds[0]; } + // Support `type MyUsageType = SomethingElse` + if (ts.isTypeAliasDeclaration(node)) { + return getDescriptor(node.type, program); + } + + // Support `&` unions + if (ts.isIntersectionTypeNode(node)) { + return node.types.reduce( + (acc, unionNode) => ({ ...acc, ...getDescriptor(unionNode, program) }), + {} + ); + } + switch (node.kind) { case ts.SyntaxKind.NumberKeyword: case ts.SyntaxKind.BooleanKeyword: diff --git a/packages/kbn-telemetry-tools/src/tools/utils.ts b/packages/kbn-telemetry-tools/src/tools/utils.ts index 3d6764117374c..e8e1b3fed1aef 100644 --- a/packages/kbn-telemetry-tools/src/tools/utils.ts +++ b/packages/kbn-telemetry-tools/src/tools/utils.ts @@ -249,7 +249,7 @@ export function difference(actual: any, expected: any) { function (result, value, key) { if (key && /@@INDEX@@/.test(`${key}`)) { // The type definition is an Index Signature, fuzzy searching for similar keys - const regexp = new RegExp(`${key}`.replace(/@@INDEX@@/g, '(.+)?')); + const regexp = new RegExp(`^${key}`.replace(/@@INDEX@@/g, '(.+)?')); const keysInBase = Object.keys(base) .map((k) => { const match = k.match(regexp); diff --git a/src/fixtures/telemetry_collectors/constants.ts b/src/fixtures/telemetry_collectors/constants.ts index 4aac9e66cdbdb..d4c9a1f85c4d7 100644 --- a/src/fixtures/telemetry_collectors/constants.ts +++ b/src/fixtures/telemetry_collectors/constants.ts @@ -51,3 +51,7 @@ export const externallyDefinedSchema: MakeSchemaFrom<{ locale: string }> = { type: 'keyword', }, }; + +export type TypeAliasWithUnion = Usage & WithUnion; + +export type TypeAliasWithRecord = Usage & Record; diff --git a/x-pack/.telemetryrc.json b/x-pack/.telemetryrc.json index 2c16491c1096b..30b2178259d68 100644 --- a/x-pack/.telemetryrc.json +++ b/x-pack/.telemetryrc.json @@ -7,7 +7,6 @@ "plugins/apm/server/lib/apm_telemetry/index.ts", "plugins/canvas/server/collectors/collector.ts", "plugins/infra/server/usage/usage_collector.ts", - "plugins/lens/server/usage/collectors.ts", "plugins/reporting/server/usage/reporting_usage_collector.ts", "plugins/maps/server/maps_telemetry/collectors/register.ts" ] diff --git a/x-pack/plugins/lens/server/usage/collectors.ts b/x-pack/plugins/lens/server/usage/collectors.ts index 3f033bd3b03d0..c32fc0371ed8a 100644 --- a/x-pack/plugins/lens/server/usage/collectors.ts +++ b/x-pack/plugins/lens/server/usage/collectors.ts @@ -10,6 +10,7 @@ import { UsageCollectionSetup } from 'src/plugins/usage_collection/server'; import { TaskManagerStartContract } from '../../../task_manager/server'; import { LensUsage, LensTelemetryState } from './types'; +import { lensUsageSchema } from './schema'; export function registerLensUsageCollector( usageCollection: UsageCollectionSetup, @@ -20,9 +21,9 @@ export function registerLensUsageCollector( // mark lensUsageCollector as ready to collect when the TaskManager is ready isCollectorReady = true; }); - const lensUsageCollector = usageCollection.makeUsageCollector({ + const lensUsageCollector = usageCollection.makeUsageCollector({ type: 'lens', - fetch: async (): Promise => { + async fetch() { try { const docs = await getLatestTaskState(await taskManager); // get the accumulated state from the recurring task @@ -55,6 +56,7 @@ export function registerLensUsageCollector( } }, isReady: () => isCollectorReady, + schema: lensUsageSchema, }); usageCollection.registerCollector(lensUsageCollector); diff --git a/x-pack/plugins/lens/server/usage/schema.ts b/x-pack/plugins/lens/server/usage/schema.ts new file mode 100644 index 0000000000000..a35d4d91845ee --- /dev/null +++ b/x-pack/plugins/lens/server/usage/schema.ts @@ -0,0 +1,83 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { MakeSchemaFrom } from 'src/plugins/usage_collection/server'; +import { LensUsage } from './types'; + +const eventsSchema: MakeSchemaFrom = { + app_query_change: { type: 'long' }, + indexpattern_field_info_click: { type: 'long' }, + loaded: { type: 'long' }, + app_filters_updated: { type: 'long' }, + app_date_change: { type: 'long' }, + save_failed: { type: 'long' }, + loaded_404: { type: 'long' }, + drop_total: { type: 'long' }, + chart_switch: { type: 'long' }, + suggestion_confirmed: { type: 'long' }, + suggestion_clicked: { type: 'long' }, + drop_onto_workspace: { type: 'long' }, + drop_non_empty: { type: 'long' }, + drop_empty: { type: 'long' }, + indexpattern_changed: { type: 'long' }, + indexpattern_filters_cleared: { type: 'long' }, + indexpattern_type_filter_toggled: { type: 'long' }, + indexpattern_existence_toggled: { type: 'long' }, + indexpattern_show_all_fields_clicked: { type: 'long' }, + drop_onto_dimension: { type: 'long' }, + indexpattern_dimension_removed: { type: 'long' }, + indexpattern_dimension_field_changed: { type: 'long' }, + xy_change_layer_display: { type: 'long' }, + xy_layer_removed: { type: 'long' }, + xy_layer_added: { type: 'long' }, + indexpattern_dimension_operation_terms: { type: 'long' }, + indexpattern_dimension_operation_date_histogram: { type: 'long' }, + indexpattern_dimension_operation_avg: { type: 'long' }, + indexpattern_dimension_operation_min: { type: 'long' }, + indexpattern_dimension_operation_max: { type: 'long' }, + indexpattern_dimension_operation_sum: { type: 'long' }, + indexpattern_dimension_operation_count: { type: 'long' }, + indexpattern_dimension_operation_cardinality: { type: 'long' }, + indexpattern_dimension_operation_filters: { type: 'long' }, +}; + +const suggestionEventsSchema: MakeSchemaFrom = { + back_to_current: { type: 'long' }, + reload: { type: 'long' }, +}; + +const savedSchema: MakeSchemaFrom = { + bar: { type: 'long' }, + bar_horizontal: { type: 'long' }, + line: { type: 'long' }, + area: { type: 'long' }, + bar_stacked: { type: 'long' }, + bar_percentage_stacked: { type: 'long' }, + bar_horizontal_stacked: { type: 'long' }, + bar_horizontal_percentage_stacked: { type: 'long' }, + area_stacked: { type: 'long' }, + area_percentage_stacked: { type: 'long' }, + lnsDatatable: { type: 'long' }, + lnsPie: { type: 'long' }, + lnsMetric: { type: 'long' }, +}; + +export const lensUsageSchema: MakeSchemaFrom = { + // LensClickUsage + events_30_days: eventsSchema, + events_90_days: eventsSchema, + suggestion_events_30_days: suggestionEventsSchema, + suggestion_events_90_days: suggestionEventsSchema, + + // LensVisualizationUsage + saved_overall_total: { type: 'long' }, + saved_30_days_total: { type: 'long' }, + saved_90_days_total: { type: 'long' }, + + saved_overall: savedSchema, + saved_30_days: savedSchema, + saved_90_days: savedSchema, +}; diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json index 904b14a7459ad..86b7889957c9f 100644 --- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json +++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @@ -155,6 +155,380 @@ } } }, + "lens": { + "properties": { + "events_30_days": { + "properties": { + "app_query_change": { + "type": "long" + }, + "indexpattern_field_info_click": { + "type": "long" + }, + "loaded": { + "type": "long" + }, + "app_filters_updated": { + "type": "long" + }, + "app_date_change": { + "type": "long" + }, + "save_failed": { + "type": "long" + }, + "loaded_404": { + "type": "long" + }, + "drop_total": { + "type": "long" + }, + "chart_switch": { + "type": "long" + }, + "suggestion_confirmed": { + "type": "long" + }, + "suggestion_clicked": { + "type": "long" + }, + "drop_onto_workspace": { + "type": "long" + }, + "drop_non_empty": { + "type": "long" + }, + "drop_empty": { + "type": "long" + }, + "indexpattern_changed": { + "type": "long" + }, + "indexpattern_filters_cleared": { + "type": "long" + }, + "indexpattern_type_filter_toggled": { + "type": "long" + }, + "indexpattern_existence_toggled": { + "type": "long" + }, + "indexpattern_show_all_fields_clicked": { + "type": "long" + }, + "drop_onto_dimension": { + "type": "long" + }, + "indexpattern_dimension_removed": { + "type": "long" + }, + "indexpattern_dimension_field_changed": { + "type": "long" + }, + "xy_change_layer_display": { + "type": "long" + }, + "xy_layer_removed": { + "type": "long" + }, + "xy_layer_added": { + "type": "long" + }, + "indexpattern_dimension_operation_terms": { + "type": "long" + }, + "indexpattern_dimension_operation_date_histogram": { + "type": "long" + }, + "indexpattern_dimension_operation_avg": { + "type": "long" + }, + "indexpattern_dimension_operation_min": { + "type": "long" + }, + "indexpattern_dimension_operation_max": { + "type": "long" + }, + "indexpattern_dimension_operation_sum": { + "type": "long" + }, + "indexpattern_dimension_operation_count": { + "type": "long" + }, + "indexpattern_dimension_operation_cardinality": { + "type": "long" + }, + "indexpattern_dimension_operation_filters": { + "type": "long" + } + } + }, + "events_90_days": { + "properties": { + "app_query_change": { + "type": "long" + }, + "indexpattern_field_info_click": { + "type": "long" + }, + "loaded": { + "type": "long" + }, + "app_filters_updated": { + "type": "long" + }, + "app_date_change": { + "type": "long" + }, + "save_failed": { + "type": "long" + }, + "loaded_404": { + "type": "long" + }, + "drop_total": { + "type": "long" + }, + "chart_switch": { + "type": "long" + }, + "suggestion_confirmed": { + "type": "long" + }, + "suggestion_clicked": { + "type": "long" + }, + "drop_onto_workspace": { + "type": "long" + }, + "drop_non_empty": { + "type": "long" + }, + "drop_empty": { + "type": "long" + }, + "indexpattern_changed": { + "type": "long" + }, + "indexpattern_filters_cleared": { + "type": "long" + }, + "indexpattern_type_filter_toggled": { + "type": "long" + }, + "indexpattern_existence_toggled": { + "type": "long" + }, + "indexpattern_show_all_fields_clicked": { + "type": "long" + }, + "drop_onto_dimension": { + "type": "long" + }, + "indexpattern_dimension_removed": { + "type": "long" + }, + "indexpattern_dimension_field_changed": { + "type": "long" + }, + "xy_change_layer_display": { + "type": "long" + }, + "xy_layer_removed": { + "type": "long" + }, + "xy_layer_added": { + "type": "long" + }, + "indexpattern_dimension_operation_terms": { + "type": "long" + }, + "indexpattern_dimension_operation_date_histogram": { + "type": "long" + }, + "indexpattern_dimension_operation_avg": { + "type": "long" + }, + "indexpattern_dimension_operation_min": { + "type": "long" + }, + "indexpattern_dimension_operation_max": { + "type": "long" + }, + "indexpattern_dimension_operation_sum": { + "type": "long" + }, + "indexpattern_dimension_operation_count": { + "type": "long" + }, + "indexpattern_dimension_operation_cardinality": { + "type": "long" + }, + "indexpattern_dimension_operation_filters": { + "type": "long" + } + } + }, + "suggestion_events_30_days": { + "properties": { + "back_to_current": { + "type": "long" + }, + "reload": { + "type": "long" + } + } + }, + "suggestion_events_90_days": { + "properties": { + "back_to_current": { + "type": "long" + }, + "reload": { + "type": "long" + } + } + }, + "saved_overall_total": { + "type": "long" + }, + "saved_30_days_total": { + "type": "long" + }, + "saved_90_days_total": { + "type": "long" + }, + "saved_overall": { + "properties": { + "bar": { + "type": "long" + }, + "bar_horizontal": { + "type": "long" + }, + "line": { + "type": "long" + }, + "area": { + "type": "long" + }, + "bar_stacked": { + "type": "long" + }, + "bar_percentage_stacked": { + "type": "long" + }, + "bar_horizontal_stacked": { + "type": "long" + }, + "bar_horizontal_percentage_stacked": { + "type": "long" + }, + "area_stacked": { + "type": "long" + }, + "area_percentage_stacked": { + "type": "long" + }, + "lnsDatatable": { + "type": "long" + }, + "lnsPie": { + "type": "long" + }, + "lnsMetric": { + "type": "long" + } + } + }, + "saved_30_days": { + "properties": { + "bar": { + "type": "long" + }, + "bar_horizontal": { + "type": "long" + }, + "line": { + "type": "long" + }, + "area": { + "type": "long" + }, + "bar_stacked": { + "type": "long" + }, + "bar_percentage_stacked": { + "type": "long" + }, + "bar_horizontal_stacked": { + "type": "long" + }, + "bar_horizontal_percentage_stacked": { + "type": "long" + }, + "area_stacked": { + "type": "long" + }, + "area_percentage_stacked": { + "type": "long" + }, + "lnsDatatable": { + "type": "long" + }, + "lnsPie": { + "type": "long" + }, + "lnsMetric": { + "type": "long" + } + } + }, + "saved_90_days": { + "properties": { + "bar": { + "type": "long" + }, + "bar_horizontal": { + "type": "long" + }, + "line": { + "type": "long" + }, + "area": { + "type": "long" + }, + "bar_stacked": { + "type": "long" + }, + "bar_percentage_stacked": { + "type": "long" + }, + "bar_horizontal_stacked": { + "type": "long" + }, + "bar_horizontal_percentage_stacked": { + "type": "long" + }, + "area_stacked": { + "type": "long" + }, + "area_percentage_stacked": { + "type": "long" + }, + "lnsDatatable": { + "type": "long" + }, + "lnsPie": { + "type": "long" + }, + "lnsMetric": { + "type": "long" + } + } + } + } + }, "mlTelemetry": { "properties": { "file_data_visualizer": { From 3618cef1a4a921ae73dfcee2785585beda2220c7 Mon Sep 17 00:00:00 2001 From: Shahzad Date: Thu, 24 Sep 2020 13:26:00 +0200 Subject: [PATCH 021/120] [UX] Update csm app name to UX (#78179) --- .../support/step_definitions/csm/csm_dashboard.ts | 2 +- x-pack/plugins/apm/public/application/csmApp.tsx | 6 +++--- .../apm/public/components/app/RumDashboard/RumHome.tsx | 10 +++++----- .../ClientSideMonitoringCallout.tsx | 4 ++-- x-pack/plugins/apm/public/plugin.ts | 4 ++-- x-pack/plugins/apm/server/feature.ts | 8 ++++---- .../apps/apm/feature_controls/apm_security.ts | 4 ++-- 7 files changed, 19 insertions(+), 19 deletions(-) diff --git a/x-pack/plugins/apm/e2e/cypress/support/step_definitions/csm/csm_dashboard.ts b/x-pack/plugins/apm/e2e/cypress/support/step_definitions/csm/csm_dashboard.ts index 461e2960c5e02..28af4fd5d8a56 100644 --- a/x-pack/plugins/apm/e2e/cypress/support/step_definitions/csm/csm_dashboard.ts +++ b/x-pack/plugins/apm/e2e/cypress/support/step_definitions/csm/csm_dashboard.ts @@ -16,7 +16,7 @@ Given(`a user browses the APM UI application for RUM Data`, () => { const RANGE_FROM = 'now-24h'; const RANGE_TO = 'now'; loginAndWaitForPage( - `/app/csm`, + `/app/ux`, { from: RANGE_FROM, to: RANGE_TO, diff --git a/x-pack/plugins/apm/public/application/csmApp.tsx b/x-pack/plugins/apm/public/application/csmApp.tsx index c63ec3700c877..5ebe14b663f56 100644 --- a/x-pack/plugins/apm/public/application/csmApp.tsx +++ b/x-pack/plugins/apm/public/application/csmApp.tsx @@ -20,7 +20,7 @@ import { import { APMRouteDefinition } from '../application/routes'; import { renderAsRedirectTo } from '../components/app/Main/route_config'; import { ScrollToTopOnPathChange } from '../components/app/Main/ScrollToTopOnPathChange'; -import { RumHome } from '../components/app/RumDashboard/RumHome'; +import { RumHome, UX_LABEL } from '../components/app/RumDashboard/RumHome'; import { ApmPluginContext } from '../context/ApmPluginContext'; import { LoadingIndicatorProvider } from '../context/LoadingIndicatorContext'; import { UrlParamsProvider } from '../context/UrlParamsContext'; @@ -39,8 +39,8 @@ export const rumRoutes: APMRouteDefinition[] = [ { exact: true, path: '/', - render: renderAsRedirectTo('/csm'), - breadcrumb: 'Client Side Monitoring', + render: renderAsRedirectTo('/ux'), + breadcrumb: UX_LABEL, }, ]; diff --git a/x-pack/plugins/apm/public/components/app/RumDashboard/RumHome.tsx b/x-pack/plugins/apm/public/components/app/RumDashboard/RumHome.tsx index 24da5e9ef3897..9abf792d7a0cf 100644 --- a/x-pack/plugins/apm/public/components/app/RumDashboard/RumHome.tsx +++ b/x-pack/plugins/apm/public/components/app/RumDashboard/RumHome.tsx @@ -10,6 +10,10 @@ import { i18n } from '@kbn/i18n'; import { RumOverview } from '../RumDashboard'; import { RumHeader } from './RumHeader'; +export const UX_LABEL = i18n.translate('xpack.apm.ux.title', { + defaultMessage: 'User Experience', +}); + export function RumHome() { return (
    @@ -17,11 +21,7 @@ export function RumHome() { -

    - {i18n.translate('xpack.apm.csm.title', { - defaultMessage: 'Client Side Monitoring', - })} -

    +

    {UX_LABEL}

         diff --git a/x-pack/plugins/apm/public/components/app/TransactionOverview/ClientSideMonitoringCallout.tsx b/x-pack/plugins/apm/public/components/app/TransactionOverview/ClientSideMonitoringCallout.tsx index b6938b211994d..becae4d7eb5d7 100644 --- a/x-pack/plugins/apm/public/components/app/TransactionOverview/ClientSideMonitoringCallout.tsx +++ b/x-pack/plugins/apm/public/components/app/TransactionOverview/ClientSideMonitoringCallout.tsx @@ -11,14 +11,14 @@ import { useApmPluginContext } from '../../../hooks/useApmPluginContext'; export function ClientSideMonitoringCallout() { const { core } = useApmPluginContext(); - const clientSideMonitoringHref = core.http.basePath.prepend(`/app/csm`); + const clientSideMonitoringHref = core.http.basePath.prepend(`/app/ux`); return ( diff --git a/x-pack/plugins/apm/public/plugin.ts b/x-pack/plugins/apm/public/plugin.ts index ab3f1026a92dd..dd9659a4cd1be 100644 --- a/x-pack/plugins/apm/public/plugin.ts +++ b/x-pack/plugins/apm/public/plugin.ts @@ -120,8 +120,8 @@ export class ApmPlugin implements Plugin { }); core.application.register({ - id: 'csm', - title: 'Client Side Monitoring', + id: 'ux', + title: 'User Experience', order: 8500, euiIconType: 'logoObservability', category: DEFAULT_APP_CATEGORIES.observability, diff --git a/x-pack/plugins/apm/server/feature.ts b/x-pack/plugins/apm/server/feature.ts index 14d8e2c3a4d50..75d8842d4843b 100644 --- a/x-pack/plugins/apm/server/feature.ts +++ b/x-pack/plugins/apm/server/feature.ts @@ -16,13 +16,13 @@ import { export const APM_FEATURE = { id: 'apm', name: i18n.translate('xpack.apm.featureRegistry.apmFeatureName', { - defaultMessage: 'APM and Client Side Monitoring', + defaultMessage: 'APM and User Experience', }), order: 900, category: DEFAULT_APP_CATEGORIES.observability, icon: 'apmApp', navLinkId: 'apm', - app: ['apm', 'csm', 'kibana'], + app: ['apm', 'ux', 'kibana'], catalogue: ['apm'], management: { insightsAndAlerting: ['triggersActions'], @@ -31,7 +31,7 @@ export const APM_FEATURE = { // see x-pack/plugins/features/common/feature_kibana_privileges.ts privileges: { all: { - app: ['apm', 'csm', 'kibana'], + app: ['apm', 'ux', 'kibana'], api: ['apm', 'apm_write'], catalogue: ['apm'], savedObject: { @@ -47,7 +47,7 @@ export const APM_FEATURE = { ui: ['show', 'save', 'alerting:show', 'alerting:save'], }, read: { - app: ['apm', 'csm', 'kibana'], + app: ['apm', 'ux', 'kibana'], api: ['apm'], catalogue: ['apm'], savedObject: { diff --git a/x-pack/test/functional/apps/apm/feature_controls/apm_security.ts b/x-pack/test/functional/apps/apm/feature_controls/apm_security.ts index b93039c8fb0e4..3099057f65b80 100644 --- a/x-pack/test/functional/apps/apm/feature_controls/apm_security.ts +++ b/x-pack/test/functional/apps/apm/feature_controls/apm_security.ts @@ -63,7 +63,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { expect(navLinks.map((link) => link.text)).to.eql([ 'Overview', 'APM', - 'Client Side Monitoring', + 'User Experience', 'Stack Management', ]); }); @@ -114,7 +114,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows apm navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'APM', 'Client Side Monitoring', 'Stack Management']); + expect(navLinks).to.eql(['Overview', 'APM', 'User Experience', 'Stack Management']); }); it('can navigate to APM app', async () => { From 89e1f087a23f82de2b5fb85dabc32cde2555885d Mon Sep 17 00:00:00 2001 From: Anton Dosov Date: Thu, 24 Sep 2020 15:02:59 +0200 Subject: [PATCH 022/120] bump @testing-library (#78270) --- package.json | 13 +- src/dev/jest/setup/react_testing_library.js | 2 +- x-pack/package.json | 11 +- .../apm/public/hooks/useFetcher.test.tsx | 19 +- .../hooks/use_metrics_explorer_data.test.tsx | 15 +- .../user_action_tree/index.test.tsx | 26 +-- .../components/open_timeline/index.test.tsx | 18 +- .../step_define/step_define_form.test.tsx | 5 +- .../action_wizard/action_wizard.test.tsx | 2 +- ...onnected_flyout_manage_drilldowns.test.tsx | 6 +- yarn.lock | 205 +++++++++++------- 11 files changed, 198 insertions(+), 124 deletions(-) diff --git a/package.json b/package.json index 57f5ac16059c9..69df2818bb242 100644 --- a/package.json +++ b/package.json @@ -248,8 +248,11 @@ "@microsoft/api-documenter": "7.7.2", "@microsoft/api-extractor": "7.7.0", "@percy/agent": "^0.26.0", - "@testing-library/react": "^9.3.2", - "@testing-library/react-hooks": "^3.2.1", + "@testing-library/dom": "^7.24.2", + "@testing-library/jest-dom": "^5.11.4", + "@testing-library/react": "^11.0.4", + "@testing-library/react-hooks": "^3.4.1", + "@testing-library/user-event": "^12.1.6", "@types/accept": "3.1.1", "@types/angular": "^1.6.56", "@types/angular-mocks": "^1.7.0", @@ -329,10 +332,8 @@ "@types/supertest": "^2.0.5", "@types/supertest-as-promised": "^2.0.38", "@types/tar": "^4.0.3", - "@types/testing-library__dom": "^6.10.0", - "@types/testing-library__jest-dom": "^5.7.0", - "@types/testing-library__react": "^9.1.2", - "@types/testing-library__react-hooks": "^3.1.0", + "@types/testing-library__jest-dom": "^5.9.2", + "@types/testing-library__react-hooks": "^3.4.0", "@types/type-detect": "^4.0.1", "@types/uuid": "^3.4.4", "@types/vinyl": "^2.0.4", diff --git a/src/dev/jest/setup/react_testing_library.js b/src/dev/jest/setup/react_testing_library.js index 41f58354844a3..84b5b6096e79b 100644 --- a/src/dev/jest/setup/react_testing_library.js +++ b/src/dev/jest/setup/react_testing_library.js @@ -29,4 +29,4 @@ import '@testing-library/jest-dom'; import { configure } from '@testing-library/react/pure'; // instead of default 'data-testid', use kibana's 'data-test-subj' -configure({ testIdAttribute: 'data-test-subj' }); +configure({ testIdAttribute: 'data-test-subj', asyncUtilTimeout: 4500 }); diff --git a/x-pack/package.json b/x-pack/package.json index 3af97ed16ed6f..806b4cd5e2ee8 100644 --- a/x-pack/package.json +++ b/x-pack/package.json @@ -50,9 +50,11 @@ "@storybook/addon-storyshots": "^5.3.19", "@storybook/react": "^5.3.19", "@storybook/theming": "^5.3.19", - "@testing-library/jest-dom": "^5.8.0", - "@testing-library/react": "^9.3.2", - "@testing-library/react-hooks": "^3.2.1", + "@testing-library/dom": "^7.24.2", + "@testing-library/jest-dom": "^5.11.4", + "@testing-library/react": "^11.0.4", + "@testing-library/react-hooks": "^3.4.1", + "@testing-library/user-event": "^12.1.6", "@turf/bbox": "6.0.1", "@turf/bbox-polygon": "6.0.1", "@turf/boolean-contains": "6.0.1", @@ -126,7 +128,8 @@ "@types/styled-components": "^5.1.0", "@types/supertest": "^2.0.5", "@types/tar-fs": "^1.16.1", - "@types/testing-library__jest-dom": "^5.7.0", + "@types/testing-library__jest-dom": "^5.9.2", + "@types/testing-library__react-hooks": "^3.4.0", "@types/tinycolor2": "^1.4.1", "@types/use-resize-observer": "^6.0.0", "@types/uuid": "^3.4.4", diff --git a/x-pack/plugins/apm/public/hooks/useFetcher.test.tsx b/x-pack/plugins/apm/public/hooks/useFetcher.test.tsx index 2db4659c83603..59dd9455c724c 100644 --- a/x-pack/plugins/apm/public/hooks/useFetcher.test.tsx +++ b/x-pack/plugins/apm/public/hooks/useFetcher.test.tsx @@ -4,17 +4,23 @@ * you may not use this file except in compliance with the Elastic License. */ -import { renderHook } from '@testing-library/react-hooks'; +import { renderHook, RenderHookResult } from '@testing-library/react-hooks'; import { delay } from '../utils/testHelpers'; -import { useFetcher } from './useFetcher'; +import { FetcherResult, useFetcher } from './useFetcher'; import { MockApmPluginContextWrapper } from '../context/ApmPluginContext/MockApmPluginContext'; +import { ApmPluginContextValue } from '../context/ApmPluginContext'; // Wrap the hook with a provider so it can useApmPluginContext const wrapper = MockApmPluginContextWrapper; describe('useFetcher', () => { describe('when resolving after 500ms', () => { - let hook: ReturnType; + let hook: RenderHookResult< + { children?: React.ReactNode; value?: ApmPluginContextValue }, + FetcherResult & { + refetch: () => void; + } + >; beforeEach(() => { jest.useFakeTimers(); async function fn() { @@ -58,7 +64,12 @@ describe('useFetcher', () => { }); describe('when throwing after 500ms', () => { - let hook: ReturnType; + let hook: RenderHookResult< + { children?: React.ReactNode; value?: ApmPluginContextValue }, + FetcherResult & { + refetch: () => void; + } + >; beforeEach(() => { jest.useFakeTimers(); async function fn() { diff --git a/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/hooks/use_metrics_explorer_data.test.tsx b/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/hooks/use_metrics_explorer_data.test.tsx index b33fe5c232f01..f566e5253c615 100644 --- a/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/hooks/use_metrics_explorer_data.test.tsx +++ b/x-pack/plugins/infra/public/pages/metrics/metrics_explorer/hooks/use_metrics_explorer_data.test.tsx @@ -18,6 +18,10 @@ import { resp, createSeries, } from '../../../../utils/fixtures/metrics_explorer'; +import { MetricsExplorerOptions, MetricsExplorerTimeOptions } from './use_metrics_explorer_options'; +import { SourceQuery } from '../../../../../common/graphql/types'; +import { IIndexPattern } from '../../../../../../../../src/plugins/data/public'; +import { HttpHandler } from 'kibana/public'; const mockedFetch = jest.fn(); @@ -31,7 +35,16 @@ const renderUseMetricsExplorerDataHook = () => { return {children}; }; return renderHook( - (props) => + (props: { + options: MetricsExplorerOptions; + source: SourceQuery.Query['source']['configuration'] | undefined; + derivedIndexPattern: IIndexPattern; + timeRange: MetricsExplorerTimeOptions; + afterKey: string | null | Record; + signal: any; + fetch?: HttpHandler; + shouldLoadImmediately?: boolean; + }) => useMetricsExplorerData( props.options, props.source, diff --git a/x-pack/plugins/security_solution/public/cases/components/user_action_tree/index.test.tsx b/x-pack/plugins/security_solution/public/cases/components/user_action_tree/index.test.tsx index d2bb2fb243458..0b376f26a1ae0 100644 --- a/x-pack/plugins/security_solution/public/cases/components/user_action_tree/index.test.tsx +++ b/x-pack/plugins/security_solution/public/cases/components/user_action_tree/index.test.tsx @@ -6,8 +6,7 @@ import React from 'react'; import { mount } from 'enzyme'; -// we don't have the types for waitFor just yet, so using "as waitFor" until when we do -import { wait as waitFor } from '@testing-library/react'; +import { waitFor } from '@testing-library/react'; import { act } from 'react-dom/test-utils'; import { Router, routeData, mockHistory, mockLocation } from '../__mock__/router'; @@ -364,12 +363,12 @@ describe('UserActionTree ', () => { await waitFor(() => { wrapper.update(); - }); - wrapper - .find(`[data-test-subj="description-action"] [data-test-subj="property-actions-quote"]`) - .first() - .simulate('click'); + wrapper + .find(`[data-test-subj="description-action"] [data-test-subj="property-actions-quote"]`) + .first() + .simulate('click'); + }); expect(setFieldValue).toBeCalledWith('comment', `> ${props.data.description} \n`); }); @@ -396,14 +395,13 @@ describe('UserActionTree ', () => { await waitFor(() => { wrapper.update(); + expect( + wrapper + .find(`[data-test-subj="comment-create-action-${commentId}"]`) + .first() + .hasClass('outlined') + ).toBeTruthy(); }); - - expect( - wrapper - .find(`[data-test-subj="comment-create-action-${commentId}"]`) - .first() - .hasClass('outlined') - ).toBeTruthy(); }); }); }); diff --git a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/index.test.tsx index facdc392ff7ba..64b9db59467e1 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/open_timeline/index.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/open_timeline/index.test.tsx @@ -10,8 +10,7 @@ import React from 'react'; import { renderHook, act } from '@testing-library/react-hooks'; import { mount } from 'enzyme'; import { MockedProvider } from 'react-apollo/test-utils'; -// we don't have the types for waitFor just yet, so using "as waitFor" until when we do -import { wait as waitFor } from '@testing-library/react'; +import { waitFor } from '@testing-library/react'; import { useHistory, useParams } from 'react-router-dom'; import '../../../common/mock/match_media'; @@ -533,18 +532,15 @@ describe('StatefulOpenTimeline', () => { ); - await waitFor(() => { - wrapper.update(); + wrapper.update(); - expect( - wrapper - .find('[data-test-subj="open-timeline"]') - .last() - .prop('itemIdToExpandedNotesRowMap') - ).toEqual({}); + expect( + wrapper.find('[data-test-subj="open-timeline"]').last().prop('itemIdToExpandedNotesRowMap') + ).toEqual({}); - wrapper.find('[data-test-subj="expand-notes"]').first().simulate('click'); + wrapper.find('[data-test-subj="expand-notes"]').first().simulate('click'); + await waitFor(() => { expect( wrapper .find('[data-test-subj="open-timeline"]') diff --git a/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/step_define_form.test.tsx b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/step_define_form.test.tsx index 986ac0a212e8a..d6526fd1db05e 100644 --- a/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/step_define_form.test.tsx +++ b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/step_define_form.test.tsx @@ -66,7 +66,7 @@ describe('Transform: ', () => { storage: createMockStorage(), }; - const { getByLabelText } = render( + const { getByText } = render( @@ -76,7 +76,8 @@ describe('Transform: ', () => { // Act // Assert - expect(getByLabelText('Index pattern')).toBeInTheDocument(); + expect(getByText('Index pattern')).toBeInTheDocument(); + expect(getByText(searchItems.indexPattern.title)).toBeInTheDocument(); await wait(); done(); }); diff --git a/x-pack/plugins/ui_actions_enhanced/public/components/action_wizard/action_wizard.test.tsx b/x-pack/plugins/ui_actions_enhanced/public/components/action_wizard/action_wizard.test.tsx index fcea8caf9090e..26033b7f020ad 100644 --- a/x-pack/plugins/ui_actions_enhanced/public/components/action_wizard/action_wizard.test.tsx +++ b/x-pack/plugins/ui_actions_enhanced/public/components/action_wizard/action_wizard.test.tsx @@ -80,7 +80,7 @@ test('If not enough license, button is disabled', () => { // check that all factories are displayed to pick expect(screen.getAllByTestId(new RegExp(TEST_SUBJ_ACTION_FACTORY_ITEM))).toHaveLength(2); - expect(screen.getByText(/Go to URL/i)).toBeDisabled(); + expect(screen.getByTestId(/actionFactoryItem-Url/i)).toBeDisabled(); }); test('if action is beta, beta badge is shown', () => { diff --git a/x-pack/plugins/ui_actions_enhanced/public/drilldowns/components/connected_flyout_manage_drilldowns/connected_flyout_manage_drilldowns.test.tsx b/x-pack/plugins/ui_actions_enhanced/public/drilldowns/components/connected_flyout_manage_drilldowns/connected_flyout_manage_drilldowns.test.tsx index c4b07fa05c3c1..a546fabfbbc01 100644 --- a/x-pack/plugins/ui_actions_enhanced/public/drilldowns/components/connected_flyout_manage_drilldowns/connected_flyout_manage_drilldowns.test.tsx +++ b/x-pack/plugins/ui_actions_enhanced/public/drilldowns/components/connected_flyout_manage_drilldowns/connected_flyout_manage_drilldowns.test.tsx @@ -56,7 +56,8 @@ test('Allows to manage drilldowns', async () => { fireEvent.click(screen.getByText(/Create new/i)); - let [createHeading, createButton] = screen.getAllByText(/Create Drilldown/i); + let [createHeading] = screen.getAllByText(/Create Drilldown/i); + let createButton = screen.getByRole('button', { name: /Create Drilldown/i }); expect(createHeading).toBeVisible(); expect(screen.getByLabelText(/Back/i)).toBeVisible(); @@ -77,7 +78,8 @@ test('Allows to manage drilldowns', async () => { target: { value: URL }, }); - [createHeading, createButton] = screen.getAllByText(/Create Drilldown/i); + [createHeading] = screen.getAllByText(/Create Drilldown/i); + createButton = screen.getByRole('button', { name: /Create Drilldown/i }); expect(createButton).toBeEnabled(); fireEvent.click(createButton); diff --git a/yarn.lock b/yarn.lock index 3549c79970bff..afb302e17fd2c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -990,6 +990,14 @@ core-js "^2.6.5" regenerator-runtime "^0.13.4" +"@babel/runtime-corejs3@^7.10.2": + version "7.11.2" + resolved "https://registry.yarnpkg.com/@babel/runtime-corejs3/-/runtime-corejs3-7.11.2.tgz#02c3029743150188edeb66541195f54600278419" + integrity sha512-qh5IR+8VgFz83VBa6OkaET6uN/mJOhHONuy3m1sgF0CV6mXdPSEBdA7e1eUbVvyNtANjMbg22JUv71BaDXLY6A== + dependencies: + core-js-pure "^3.0.0" + regenerator-runtime "^0.13.4" + "@babel/runtime@7.3.4": version "7.3.4" resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.3.4.tgz#73d12ba819e365fcf7fd152aed56d6df97d21c83" @@ -997,7 +1005,7 @@ dependencies: regenerator-runtime "^0.12.0" -"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.11.2", "@babel/runtime@^7.3.1", "@babel/runtime@^7.4.4", "@babel/runtime@^7.4.5", "@babel/runtime@^7.5.0", "@babel/runtime@^7.5.4", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.0", "@babel/runtime@^7.6.2", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.7.6", "@babel/runtime@^7.8.4", "@babel/runtime@^7.8.7", "@babel/runtime@^7.9.2": +"@babel/runtime@^7.0.0", "@babel/runtime@^7.1.2", "@babel/runtime@^7.10.2", "@babel/runtime@^7.10.3", "@babel/runtime@^7.11.2", "@babel/runtime@^7.3.1", "@babel/runtime@^7.4.4", "@babel/runtime@^7.4.5", "@babel/runtime@^7.5.0", "@babel/runtime@^7.5.4", "@babel/runtime@^7.5.5", "@babel/runtime@^7.6.2", "@babel/runtime@^7.6.3", "@babel/runtime@^7.7.2", "@babel/runtime@^7.7.6", "@babel/runtime@^7.8.4", "@babel/runtime@^7.8.7", "@babel/runtime@^7.9.2": version "7.11.2" resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.11.2.tgz#f549c13c754cc40b87644b9fa9f09a6a95fe0736" integrity sha512-TeWkU52so0mPtDcaCTxNBI/IHiz0pZgr8VEFqXFtZWpYD08ZB6FaSwVAS8MKRQAP3bYKiVjwysOJgMFY28o6Tw== @@ -1844,6 +1852,17 @@ "@types/yargs" "^15.0.0" chalk "^3.0.0" +"@jest/types@^26.3.0": + version "26.3.0" + resolved "https://registry.yarnpkg.com/@jest/types/-/types-26.3.0.tgz#97627bf4bdb72c55346eef98e3b3f7ddc4941f71" + integrity sha512-BDPG23U0qDeAvU4f99haztXwdAg3hz4El95LkAM+tHAqqhiVzRpEGHHU8EDxT/AnxOrA65YjLBwDahdJ9pTLJQ== + dependencies: + "@types/istanbul-lib-coverage" "^2.0.0" + "@types/istanbul-reports" "^3.0.0" + "@types/node" "*" + "@types/yargs" "^15.0.0" + chalk "^4.0.0" + "@jimp/bmp@^0.14.0": version "0.14.0" resolved "https://registry.yarnpkg.com/@jimp/bmp/-/bmp-0.14.0.tgz#6df246026554f276f7b354047c6fff9f5b2b5182" @@ -2720,11 +2739,6 @@ dependencies: url-pattern "^1.0.3" -"@sheerun/mutationobserver-shim@^0.3.2": - version "0.3.2" - resolved "https://registry.yarnpkg.com/@sheerun/mutationobserver-shim/-/mutationobserver-shim-0.3.2.tgz#8013f2af54a2b7d735f71560ff360d3a8176a87b" - integrity sha512-vTCdPp/T/Q3oSqwHmZ5Kpa9oI7iLtGl3RQaA/NyLHikvcrPxACkkKVr/XzkSPJWXHRhKGzVvb0urJsbMlRxi1Q== - "@sindresorhus/is@^0.14.0": version "0.14.0" resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-0.14.0.tgz#9fb3a3cf3132328151f353de4632e01e52102bea" @@ -3342,49 +3356,55 @@ resolved "https://registry.yarnpkg.com/@testim/chrome-version/-/chrome-version-1.0.7.tgz#0cd915785ec4190f08a3a6acc9b61fc38fb5f1a9" integrity sha512-8UT/J+xqCYfn3fKtOznAibsHpiuDshCb0fwgWxRazTT19Igp9ovoXMPhXyLD6m3CKQGTMHgqoxaFfMWaL40Rnw== -"@testing-library/dom@^6.3.0": - version "6.10.1" - resolved "https://registry.yarnpkg.com/@testing-library/dom/-/dom-6.10.1.tgz#da5bf5065d3f9e484aef4cc495f4e1a5bea6df2e" - integrity sha512-5BPKxaO+zSJDUbVZBRNf9KrmDkm/EcjjaHSg3F9+031VZyPACKXlwLBjVzZxheunT9m72DoIq7WvyE457/Xweg== +"@testing-library/dom@^7.24.2": + version "7.24.2" + resolved "https://registry.yarnpkg.com/@testing-library/dom/-/dom-7.24.2.tgz#6d2b7dd21efbd5358b98c2777fc47c252f3ae55e" + integrity sha512-ERxcZSoHx0EcN4HfshySEWmEf5Kkmgi+J7O79yCJ3xggzVlBJ2w/QjJUC+EBkJJ2OeSw48i3IoePN4w8JlVUIA== dependencies: - "@babel/runtime" "^7.6.2" - "@sheerun/mutationobserver-shim" "^0.3.2" - "@types/testing-library__dom" "^6.0.0" - aria-query "3.0.0" - pretty-format "^24.9.0" - wait-for-expect "^3.0.0" + "@babel/code-frame" "^7.10.4" + "@babel/runtime" "^7.10.3" + "@types/aria-query" "^4.2.0" + aria-query "^4.2.2" + chalk "^4.1.0" + dom-accessibility-api "^0.5.1" + pretty-format "^26.4.2" -"@testing-library/jest-dom@^5.8.0": - version "5.8.0" - resolved "https://registry.yarnpkg.com/@testing-library/jest-dom/-/jest-dom-5.8.0.tgz#815e830129c4dda6c8e9a725046397acec523669" - integrity sha512-9Y4FxYIxfwHpUyJVqI8EOfDP2LlEBqKwXE3F+V8ightji0M2rzQB+9kqZ5UJxNs+9oXJIgvYj7T3QaXLNHVDMw== +"@testing-library/jest-dom@^5.11.4": + version "5.11.4" + resolved "https://registry.yarnpkg.com/@testing-library/jest-dom/-/jest-dom-5.11.4.tgz#f325c600db352afb92995c2576022b35621ddc99" + integrity sha512-6RRn3epuweBODDIv3dAlWjOEHQLpGJHB2i912VS3JQtsD22+ENInhdDNl4ZZQiViLlIfFinkSET/J736ytV9sw== dependencies: "@babel/runtime" "^7.9.2" - "@types/testing-library__jest-dom" "^5.0.2" + "@types/testing-library__jest-dom" "^5.9.1" + aria-query "^4.2.2" chalk "^3.0.0" - css "^2.2.4" + css "^3.0.0" css.escape "^1.5.1" - jest-diff "^25.1.0" - jest-matcher-utils "^25.1.0" lodash "^4.17.15" redent "^3.0.0" -"@testing-library/react-hooks@^3.2.1": - version "3.2.1" - resolved "https://registry.yarnpkg.com/@testing-library/react-hooks/-/react-hooks-3.2.1.tgz#19b6caa048ef15faa69d439c469033873ea01294" - integrity sha512-1OB6Ksvlk6BCJA1xpj8/WWz0XVd1qRcgqdaFAq+xeC6l61Ucj0P6QpA5u+Db/x9gU4DCX8ziR5b66Mlfg0M2RA== +"@testing-library/react-hooks@^3.4.1": + version "3.4.1" + resolved "https://registry.yarnpkg.com/@testing-library/react-hooks/-/react-hooks-3.4.1.tgz#1f8ccd21208086ec228d9743fe40b69d0efcd7e5" + integrity sha512-LbzvE7oKsVzuW1cxA/aOeNgeVvmHWG2p/WSzalIGyWuqZT3jVcNDT5KPEwy36sUYWde0Qsh32xqIUFXukeywXg== dependencies: "@babel/runtime" "^7.5.4" - "@types/testing-library__react-hooks" "^3.0.0" + "@types/testing-library__react-hooks" "^3.3.0" -"@testing-library/react@^9.3.2": - version "9.3.2" - resolved "https://registry.yarnpkg.com/@testing-library/react/-/react-9.3.2.tgz#418000daa980dafd2d9420cc733d661daece9aa0" - integrity sha512-J6ftWtm218tOLS175MF9eWCxGp+X+cUXCpkPIin8KAXWtyZbr9CbqJ8M8QNd6spZxJDAGlw+leLG4MJWLlqVgg== +"@testing-library/react@^11.0.4": + version "11.0.4" + resolved "https://registry.yarnpkg.com/@testing-library/react/-/react-11.0.4.tgz#c84082bfe1593d8fcd475d46baee024452f31dee" + integrity sha512-U0fZO2zxm7M0CB5h1+lh31lbAwMSmDMEMGpMT3BUPJwIjDEKYWOV4dx7lb3x2Ue0Pyt77gmz/VropuJnSz/Iew== + dependencies: + "@babel/runtime" "^7.11.2" + "@testing-library/dom" "^7.24.2" + +"@testing-library/user-event@^12.1.6": + version "12.1.6" + resolved "https://registry.yarnpkg.com/@testing-library/user-event/-/user-event-12.1.6.tgz#f550b138dfdc20387b89cbe3e9f3d969ab10c2bd" + integrity sha512-BdSe6cmzDEapTBH3s1NKbzu+GyX5bJKraKwVpM2vZF1+EEWxZr0EiA0z9bA5Nux8P+6nKMOZKsXQrj5q/kicfQ== dependencies: - "@babel/runtime" "^7.6.0" - "@testing-library/dom" "^6.3.0" - "@types/testing-library__react" "^9.1.0" + "@babel/runtime" "^7.10.2" "@turf/bbox-polygon@6.0.1": version "6.0.1" @@ -3510,6 +3530,11 @@ resolved "https://registry.yarnpkg.com/@types/argparse/-/argparse-1.0.33.tgz#2728669427cdd74a99e53c9f457ca2866a37c52d" integrity sha512-VQgHxyPMTj3hIlq9SY1mctqx+Jj8kpQfoLvDlVSDNOyuYs8JYfkuY3OW/4+dO657yPmNhHpePRx0/Tje5ImNVQ== +"@types/aria-query@^4.2.0": + version "4.2.0" + resolved "https://registry.yarnpkg.com/@types/aria-query/-/aria-query-4.2.0.tgz#14264692a9d6e2fa4db3df5e56e94b5e25647ac0" + integrity sha512-iIgQNzCm0v7QMhhe4Jjn9uRh+I6GoPmt03CbEtwx3ao8/EfoQcmgtqH4vQ5Db/lxiIGaWDv6nwvunuh0RyX0+A== + "@types/async@2.0.49": version "2.0.49" resolved "https://registry.yarnpkg.com/@types/async/-/async-2.0.49.tgz#92e33d13f74c895cb9a7f38ba97db8431ed14bc0" @@ -4105,6 +4130,13 @@ "@types/istanbul-lib-coverage" "*" "@types/istanbul-lib-report" "*" +"@types/istanbul-reports@^3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@types/istanbul-reports/-/istanbul-reports-3.0.0.tgz#508b13aa344fa4976234e75dddcc34925737d821" + integrity sha512-nwKNbvnwJ2/mndE9ItP/zc2TCzw6uuodnF4EHYWD+gCQDVBuRQL5UzbZD0/ezy1iKsFU2ZQiDqg4M9dN4+wZgA== + dependencies: + "@types/istanbul-lib-report" "*" + "@types/jest-specific-snapshot@^0.5.3", "@types/jest-specific-snapshot@^0.5.4": version "0.5.4" resolved "https://registry.yarnpkg.com/@types/jest-specific-snapshot/-/jest-specific-snapshot-0.5.4.tgz#997364c39a59ddeff0ee790a19415e79dd061d1e" @@ -4564,7 +4596,7 @@ dependencies: "@types/react" "*" -"@types/react-dom@*", "@types/react-dom@^16.9.8": +"@types/react-dom@^16.9.8": version "16.9.8" resolved "https://registry.yarnpkg.com/@types/react-dom/-/react-dom-16.9.8.tgz#fe4c1e11dfc67155733dfa6aa65108b4971cb423" integrity sha512-ykkPQ+5nFknnlU6lDd947WbQ6TE3NNzbQAkInC2EKY1qeYdTKp7onFusmYZb+ityzx2YviqT6BXSu+LyWWJwcA== @@ -4880,43 +4912,20 @@ resolved "https://registry.yarnpkg.com/@types/tempy/-/tempy-0.2.0.tgz#8b7a93f6912aef25cc0b8d8a80ff974151478685" integrity sha512-YaX74QljqR45Xu7dd22wMvzTS+ItUiSyDl9XJl6WTgYNE09r2TF+mV2FDjWRM5Sdzf9C9dXRTUdz9J5SoEYxXg== -"@types/testing-library__dom@*", "@types/testing-library__dom@^6.0.0": - version "6.10.0" - resolved "https://registry.yarnpkg.com/@types/testing-library__dom/-/testing-library__dom-6.10.0.tgz#590d76e3875a7c536dc744eb530cbf51b6483404" - integrity sha512-mL/GMlyQxiZplbUuFNwA0vAI3k3uJNSf6slr5AVve9TXmfLfyefNT0uHHnxwdYuPMxYD5gI/+dgAvc/5opW9JQ== - dependencies: - pretty-format "^24.3.0" - -"@types/testing-library__dom@^6.10.0": - version "6.14.0" - resolved "https://registry.yarnpkg.com/@types/testing-library__dom/-/testing-library__dom-6.14.0.tgz#1aede831cb4ed4a398448df5a2c54b54a365644e" - integrity sha512-sMl7OSv0AvMOqn1UJ6j1unPMIHRXen0Ita1ujnMX912rrOcawe4f7wu0Zt9GIQhBhJvH2BaibqFgQ3lP+Pj2hA== - dependencies: - pretty-format "^24.3.0" - -"@types/testing-library__jest-dom@^5.0.2", "@types/testing-library__jest-dom@^5.7.0": - version "5.7.0" - resolved "https://registry.yarnpkg.com/@types/testing-library__jest-dom/-/testing-library__jest-dom-5.7.0.tgz#078790bf4dc89152a74428591a228ec5f9433251" - integrity sha512-LoZ3uonlnAbJUz4bg6UoeFl+frfndXngmkCItSjJ8DD5WlRfVqPC5/LgJASsY/dy7AHH2YJ7PcsdASOydcVeFA== +"@types/testing-library__jest-dom@^5.9.1", "@types/testing-library__jest-dom@^5.9.2": + version "5.9.2" + resolved "https://registry.yarnpkg.com/@types/testing-library__jest-dom/-/testing-library__jest-dom-5.9.2.tgz#59e4771a1cf87d51e89a5cc8195cd3b647cba322" + integrity sha512-K7nUSpH/5i8i0NagTJ+uFUDRueDlnMNhJtMjMwTGPPSqyImbWC/hgKPDCKt6Phu2iMJg2kWqlax+Ucj2DKMwpA== dependencies: "@types/jest" "*" -"@types/testing-library__react-hooks@^3.0.0", "@types/testing-library__react-hooks@^3.1.0": - version "3.1.0" - resolved "https://registry.yarnpkg.com/@types/testing-library__react-hooks/-/testing-library__react-hooks-3.1.0.tgz#04d174ce767fbcce3ccb5021d7f156e1b06008a9" - integrity sha512-QJc1sgH9DD6jbfybzugnP0sY8wPzzIq8sHDBuThzCr2ZEbyHIaAvN9ytx/tHzcWL5MqmeZJqiUm/GsythaGx3g== +"@types/testing-library__react-hooks@^3.3.0", "@types/testing-library__react-hooks@^3.4.0": + version "3.4.0" + resolved "https://registry.yarnpkg.com/@types/testing-library__react-hooks/-/testing-library__react-hooks-3.4.0.tgz#be148b7fa7d19cd3349c4ef9d9534486bc582fcc" + integrity sha512-QYLZipqt1hpwYsBU63Ssa557v5wWbncqL36No59LI7W3nCMYKrLWTnYGn2griZ6v/3n5nKXNYkTeYpqPHY7Ukg== dependencies: - "@types/react" "*" "@types/react-test-renderer" "*" -"@types/testing-library__react@^9.1.0", "@types/testing-library__react@^9.1.2": - version "9.1.2" - resolved "https://registry.yarnpkg.com/@types/testing-library__react/-/testing-library__react-9.1.2.tgz#e33af9124c60a010fc03a34eff8f8a34a75c4351" - integrity sha512-CYaMqrswQ+cJACy268jsLAw355DZtPZGt3Jwmmotlcu8O/tkoXBI6AeZ84oZBJsIsesozPKzWzmv/0TIU+1E9Q== - dependencies: - "@types/react-dom" "*" - "@types/testing-library__dom" "*" - "@types/through@*": version "0.0.30" resolved "https://registry.yarnpkg.com/@types/through/-/through-0.0.30.tgz#e0e42ce77e897bd6aead6f6ea62aeb135b8a3895" @@ -6291,7 +6300,7 @@ aria-hidden@^1.1.1: dependencies: tslib "^1.0.0" -aria-query@3.0.0, aria-query@^3.0.0: +aria-query@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/aria-query/-/aria-query-3.0.0.tgz#65b3fcc1ca1155a8c9ae64d6eee297f15d5133cc" integrity sha1-ZbP8wcoRVajJrmTW7uKX8V1RM8w= @@ -6299,6 +6308,14 @@ aria-query@3.0.0, aria-query@^3.0.0: ast-types-flow "0.0.7" commander "^2.11.0" +aria-query@^4.2.2: + version "4.2.2" + resolved "https://registry.yarnpkg.com/aria-query/-/aria-query-4.2.2.tgz#0d2ca6c9aceb56b8977e9fed6aed7e15bbd2f83b" + integrity sha512-o/HelwhuKpTj/frsOsbNLNgnNGVIFsVP/SW2BSF14gVl7kAfMOJ6/8wUAUvG1R1NHKrfG+2sHZTu0yauT1qBrA== + dependencies: + "@babel/runtime" "^7.10.2" + "@babel/runtime-corejs3" "^7.10.2" + arr-diff@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-4.0.0.tgz#d6461074febfec71e7e15235761a329a5dc7c520" @@ -6702,7 +6719,7 @@ atob-lite@^2.0.0: resolved "https://registry.yarnpkg.com/atob-lite/-/atob-lite-2.0.0.tgz#0fef5ad46f1bd7a8502c65727f0367d5ee43d696" integrity sha1-D+9a1G8b16hQLGVyfwNn1e5D1pY= -atob@^2.1.1: +atob@^2.1.1, atob@^2.1.2: version "2.1.2" resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9" integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg== @@ -9572,6 +9589,11 @@ core-js-compat@^3.6.2: browserslist "^4.8.3" semver "7.0.0" +core-js-pure@^3.0.0: + version "3.6.5" + resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.6.5.tgz#c79e75f5e38dbc85a662d91eea52b8256d53b813" + integrity sha512-lacdXOimsiD0QyNf9BC/mxivNJ/ybBGJXQFKzRekp1WTHoVUWsUHEn+2T8GJAzzIhyOuXA+gOxCVN3l+5PLPUA== + core-js-pure@^3.0.1: version "3.2.1" resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.2.1.tgz#879a23699cff46175bfd2d09158b5c50645a3c45" @@ -9995,6 +10017,15 @@ css@2.X, css@^2.2.1, css@^2.2.4: source-map-resolve "^0.5.2" urix "^0.1.0" +css@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/css/-/css-3.0.0.tgz#4447a4d58fdd03367c516ca9f64ae365cee4aa5d" + integrity sha512-DG9pFfwOrzc+hawpmqX/dHYHJG+Bsdb0klhyi1sDneOgGOXy9wQIC8hzyVp1e4NRYDBdxcylvywPkkXCHAzTyQ== + dependencies: + inherits "^2.0.4" + source-map "^0.6.1" + source-map-resolve "^0.6.0" + csscolorparser@~1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/csscolorparser/-/csscolorparser-1.0.3.tgz#b34f391eea4da8f3e98231e2ccd8df9c041f171b" @@ -11086,6 +11117,11 @@ doctrine@^3.0.0: dependencies: esutils "^2.0.2" +dom-accessibility-api@^0.5.1: + version "0.5.2" + resolved "https://registry.yarnpkg.com/dom-accessibility-api/-/dom-accessibility-api-0.5.2.tgz#ef3cdb5d3f0d599d8f9c8b18df2fb63c9793739d" + integrity sha512-k7hRNKAiPJXD2aBqfahSo4/01cTsKWXf+LqJgglnkN2Nz8TsxXKQBXHhKe0Ye9fEfHEZY49uSA5Sr3AqP/sWKA== + dom-converter@~0.2: version "0.2.0" resolved "https://registry.yarnpkg.com/dom-converter/-/dom-converter-0.2.0.tgz#6721a9daee2e293682955b6afe416771627bb768" @@ -17395,7 +17431,7 @@ jest-diff@^24.3.0, jest-diff@^24.9.0: jest-get-type "^24.9.0" pretty-format "^24.9.0" -jest-diff@^25.1.0, jest-diff@^25.2.1, jest-diff@^25.5.0: +jest-diff@^25.2.1, jest-diff@^25.5.0: version "25.5.0" resolved "https://registry.yarnpkg.com/jest-diff/-/jest-diff-25.5.0.tgz#1dd26ed64f96667c068cef026b677dfa01afcfa9" integrity sha512-z1kygetuPiREYdNIumRpAHY6RXiGmp70YHptjdaxTWGmA085W3iCnXNx0DhflK3vwrKmrRWyY1wUpkPMVxMK7A== @@ -17546,7 +17582,7 @@ jest-matcher-utils@^24.9.0: jest-get-type "^24.9.0" pretty-format "^24.9.0" -jest-matcher-utils@^25.1.0, jest-matcher-utils@^25.5.0: +jest-matcher-utils@^25.5.0: version "25.5.0" resolved "https://registry.yarnpkg.com/jest-matcher-utils/-/jest-matcher-utils-25.5.0.tgz#fbc98a12d730e5d2453d7f1ed4a4d948e34b7867" integrity sha512-VWI269+9JS5cpndnpCwm7dy7JtGQT30UHfrnM3mXl22gHGt/b7NkjBqXfbhZ8V4B7ANUsjK18PlSBmG0YH7gjw== @@ -22815,7 +22851,7 @@ pretty-error@^2.1.1: renderkid "^2.0.1" utila "~0.4" -pretty-format@^24.3.0, pretty-format@^24.9.0: +pretty-format@^24.9.0: version "24.9.0" resolved "https://registry.yarnpkg.com/pretty-format/-/pretty-format-24.9.0.tgz#12fac31b37019a4eea3c11aa9a959eb7628aa7c9" integrity sha512-00ZMZUiHaJrNfk33guavqgvfJS30sLYf0f8+Srklv0AMPodGGHcoHgksZ3OThYnIvOd+8yMCn0YiEOogjlgsnA== @@ -22835,6 +22871,16 @@ pretty-format@^25.2.1, pretty-format@^25.5.0: ansi-styles "^4.0.0" react-is "^16.12.0" +pretty-format@^26.4.2: + version "26.4.2" + resolved "https://registry.yarnpkg.com/pretty-format/-/pretty-format-26.4.2.tgz#d081d032b398e801e2012af2df1214ef75a81237" + integrity sha512-zK6Gd8zDsEiVydOCGLkoBoZuqv8VTiHyAbKznXe/gaph/DAeZOmit9yMfgIz5adIgAMMs5XfoYSwAX3jcCO1tA== + dependencies: + "@jest/types" "^26.3.0" + ansi-regex "^5.0.0" + ansi-styles "^4.0.0" + react-is "^16.12.0" + pretty-hrtime@^1.0.0, pretty-hrtime@^1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz#b7e3ea42435a4c9b2759d99e0f201eb195802ee1" @@ -26342,6 +26388,14 @@ source-map-resolve@^0.5.0, source-map-resolve@^0.5.2: source-map-url "^0.4.0" urix "^0.1.0" +source-map-resolve@^0.6.0: + version "0.6.0" + resolved "https://registry.yarnpkg.com/source-map-resolve/-/source-map-resolve-0.6.0.tgz#3d9df87e236b53f16d01e58150fc7711138e5ed2" + integrity sha512-KXBr9d/fO/bWo97NXsPIAW1bFSBOuCnjbNTBMO7N59hsv5i9yzRDfcYwwt0l04+VqnKC+EwzvJZIP/qkuMgR/w== + dependencies: + atob "^2.1.2" + decode-uri-component "^0.2.0" + source-map-support@^0.3.2: version "0.3.3" resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.3.3.tgz#34900977d5ba3f07c7757ee72e73bb1a9b53754f" @@ -29887,11 +29941,6 @@ w3c-xmlserializer@^1.0.1, w3c-xmlserializer@^1.1.2: webidl-conversions "^4.0.2" xml-name-validator "^3.0.0" -wait-for-expect@^3.0.0: - version "3.0.1" - resolved "https://registry.yarnpkg.com/wait-for-expect/-/wait-for-expect-3.0.1.tgz#ec204a76b0038f17711e575720aaf28505ac7185" - integrity sha512-3Ha7lu+zshEG/CeHdcpmQsZnnZpPj/UsG3DuKO8FskjuDbkx3jE3845H+CuwZjA2YWYDfKMU2KhnCaXMLd3wVw== - walk@2.3.x: version "2.3.9" resolved "https://registry.yarnpkg.com/walk/-/walk-2.3.9.tgz#31b4db6678f2ae01c39ea9fb8725a9031e558a7b" From 18f7f042c1b6bd36c0cf09c9fed4396e7484e0a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Fern=C3=A1ndez=20Haro?= Date: Thu, 24 Sep 2020 14:05:19 +0100 Subject: [PATCH 023/120] [Usage Collection] Add schema to `stack_management` (#77897) Co-authored-by: Elastic Machine --- .telemetryrc.json | 1 - .../src/tools/check_collector_integrity.ts | 2 + .../server/collectors/management/schema.ts | 116 ++++++++ .../telemetry_management_collector.ts | 10 +- src/plugins/telemetry/schema/oss_plugins.json | 271 ++++++++++++++++++ 5 files changed, 397 insertions(+), 3 deletions(-) create mode 100644 src/plugins/kibana_usage_collection/server/collectors/management/schema.ts diff --git a/.telemetryrc.json b/.telemetryrc.json index 7d9743b20ff68..d3446b45033ee 100644 --- a/.telemetryrc.json +++ b/.telemetryrc.json @@ -6,7 +6,6 @@ "src/plugins/kibana_react/", "src/plugins/testbed/", "src/plugins/kibana_utils/", - "src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts", "src/plugins/kibana_usage_collection/server/collectors/ui_metric/telemetry_ui_metric_collector.ts" ] } diff --git a/packages/kbn-telemetry-tools/src/tools/check_collector_integrity.ts b/packages/kbn-telemetry-tools/src/tools/check_collector_integrity.ts index 3205edb87aa29..8a5752f77d7fc 100644 --- a/packages/kbn-telemetry-tools/src/tools/check_collector_integrity.ts +++ b/packages/kbn-telemetry-tools/src/tools/check_collector_integrity.ts @@ -47,6 +47,7 @@ export function checkCompatibleTypeDescriptor( const typeDescriptorKinds = reduce( typeDescriptorTypes, (acc: any, type: number, key: string) => { + key = key.replace(/'/g, ''); try { acc[key] = kindToDescriptorName(type); } catch (err) { @@ -61,6 +62,7 @@ export function checkCompatibleTypeDescriptor( const transformedMappingKinds = reduce( schemaTypes, (acc: any, type: string, key: string) => { + key = key.replace(/'/g, ''); try { acc[key.replace(/.type$/, '.kind')] = compatibleSchemaTypes(type as any); } catch (err) { diff --git a/src/plugins/kibana_usage_collection/server/collectors/management/schema.ts b/src/plugins/kibana_usage_collection/server/collectors/management/schema.ts new file mode 100644 index 0000000000000..792ac24b4de3d --- /dev/null +++ b/src/plugins/kibana_usage_collection/server/collectors/management/schema.ts @@ -0,0 +1,116 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import { MakeSchemaFrom } from 'src/plugins/usage_collection/server'; +import { UsageStats } from './telemetry_management_collector'; + +// Retrieved by changing all the current settings in Kibana (we'll need to revisit it in the future). +// I would suggest we use flattened type for the mappings of this collector. +export const stackManagementSchema: MakeSchemaFrom = { + 'visualize:enableLabs': { type: 'boolean' }, + 'visualization:heatmap:maxBuckets': { type: 'long' }, + 'visualization:colorMapping': { type: 'text' }, + 'visualization:regionmap:showWarnings': { type: 'boolean' }, + 'visualization:dimmingOpacity': { type: 'float' }, + 'visualization:tileMap:maxPrecision': { type: 'long' }, + 'securitySolution:ipReputationLinks': { type: 'text' }, + 'csv:separator': { type: 'keyword' }, + 'visualization:tileMap:WMSdefaults': { type: 'text' }, + 'timelion:target_buckets': { type: 'long' }, + 'timelion:max_buckets': { type: 'long' }, + 'timelion:es.timefield': { type: 'keyword' }, + 'timelion:min_interval': { type: 'keyword' }, + 'timelion:default_rows': { type: 'long' }, + 'timelion:default_columns': { type: 'long' }, + 'timelion:quandl.key': { type: 'keyword' }, + 'timelion:es.default_index': { type: 'keyword' }, + 'timelion:showTutorial': { type: 'boolean' }, + 'securitySolution:timeDefaults': { type: 'keyword' }, + 'securitySolution:defaultAnomalyScore': { type: 'long' }, + 'securitySolution:defaultIndex': { type: 'keyword' }, // it's an array + 'securitySolution:refreshIntervalDefaults': { type: 'keyword' }, + 'securitySolution:newsFeedUrl': { type: 'keyword' }, + 'securitySolution:enableNewsFeed': { type: 'boolean' }, + 'search:includeFrozen': { type: 'boolean' }, + 'courier:maxConcurrentShardRequests': { type: 'long' }, + 'courier:batchSearches': { type: 'boolean' }, + 'courier:setRequestPreference': { type: 'keyword' }, + 'courier:customRequestPreference': { type: 'keyword' }, + 'courier:ignoreFilterIfFieldNotInIndex': { type: 'boolean' }, + 'rollups:enableIndexPatterns': { type: 'boolean' }, + 'xpackReporting:customPdfLogo': { type: 'text' }, + 'notifications:lifetime:warning': { type: 'long' }, + 'notifications:lifetime:banner': { type: 'long' }, + 'notifications:lifetime:info': { type: 'long' }, + 'notifications:banner': { type: 'text' }, + 'notifications:lifetime:error': { type: 'long' }, + 'doc_table:highlight': { type: 'boolean' }, + 'discover:searchOnPageLoad': { type: 'boolean' }, + // eslint-disable-next-line @typescript-eslint/naming-convention + 'doc_table:hideTimeColumn': { type: 'boolean' }, + 'discover:sampleSize': { type: 'long' }, + defaultColumns: { type: 'keyword' }, // it's an array + 'context:defaultSize': { type: 'long' }, + 'discover:aggs:terms:size': { type: 'long' }, + 'context:tieBreakerFields': { type: 'keyword' }, // it's an array + 'discover:sort:defaultOrder': { type: 'keyword' }, + 'context:step': { type: 'long' }, + 'accessibility:disableAnimations': { type: 'boolean' }, + 'ml:fileDataVisualizerMaxFileSize': { type: 'keyword' }, + 'ml:anomalyDetection:results:enableTimeDefaults': { type: 'boolean' }, + 'ml:anomalyDetection:results:timeDefaults': { type: 'keyword' }, + 'truncate:maxHeight': { type: 'long' }, + 'timepicker:timeDefaults': { type: 'keyword' }, + 'timepicker:refreshIntervalDefaults': { type: 'keyword' }, + 'timepicker:quickRanges': { type: 'keyword' }, + 'theme:version': { type: 'keyword' }, + 'theme:darkMode': { type: 'boolean' }, + 'state:storeInSessionStorage': { type: 'boolean' }, + 'savedObjects:perPage': { type: 'long' }, + 'search:queryLanguage': { type: 'keyword' }, + 'shortDots:enable': { type: 'boolean' }, + 'sort:options': { type: 'keyword' }, + 'savedObjects:listingLimit': { type: 'long' }, + 'query:queryString:options': { type: 'keyword' }, + pageNavigation: { type: 'keyword' }, + 'metrics:max_buckets': { type: 'long' }, + 'query:allowLeadingWildcards': { type: 'boolean' }, + metaFields: { type: 'keyword' }, // it's an array + 'indexPattern:placeholder': { type: 'keyword' }, + 'histogram:barTarget': { type: 'long' }, + 'histogram:maxBars': { type: 'long' }, + 'format:number:defaultLocale': { type: 'keyword' }, + 'format:percent:defaultPattern': { type: 'keyword' }, + 'format:number:defaultPattern': { type: 'keyword' }, + 'history:limit': { type: 'long' }, + 'format:defaultTypeMap': { type: 'keyword' }, + 'format:currency:defaultPattern': { type: 'keyword' }, + defaultIndex: { type: 'keyword' }, + 'format:bytes:defaultPattern': { type: 'keyword' }, + 'filters:pinnedByDefault': { type: 'boolean' }, + 'filterEditor:suggestValues': { type: 'boolean' }, + 'fields:popularLimit': { type: 'long' }, + dateNanosFormat: { type: 'keyword' }, + defaultRoute: { type: 'keyword' }, + 'dateFormat:tz': { type: 'keyword' }, + 'dateFormat:scaled': { type: 'keyword' }, + 'csv:quoteValues': { type: 'boolean' }, + 'dateFormat:dow': { type: 'keyword' }, + dateFormat: { type: 'keyword' }, +}; diff --git a/src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts b/src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts index 3a777beebd90a..612b1714020ef 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/management/telemetry_management_collector.ts @@ -19,8 +19,13 @@ import { IUiSettingsClient } from 'kibana/server'; import { UsageCollectionSetup } from 'src/plugins/usage_collection/server'; +import { stackManagementSchema } from './schema'; -export type UsageStats = Record; +export interface UsageStats extends Record { + // We don't support `type` yet. Only interfaces. So I added at least 1 known key to the generic + // Record extension to avoid eslint reverting it back to a `type` + 'visualize:enableLabs': boolean; +} export function createCollectorFetch(getUiSettingsClient: () => IUiSettingsClient | undefined) { return async function fetchUsageStats(): Promise { @@ -45,10 +50,11 @@ export function registerManagementUsageCollector( usageCollection: UsageCollectionSetup, getUiSettingsClient: () => IUiSettingsClient | undefined ) { - const collector = usageCollection.makeUsageCollector({ + const collector = usageCollection.makeUsageCollector({ type: 'stack_management', isReady: () => typeof getUiSettingsClient() !== 'undefined', fetch: createCollectorFetch(getUiSettingsClient), + schema: stackManagementSchema, }); usageCollection.registerCollector(collector); diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json index a83cd5a562ff6..3ee0c181203aa 100644 --- a/src/plugins/telemetry/schema/oss_plugins.json +++ b/src/plugins/telemetry/schema/oss_plugins.json @@ -1346,6 +1346,277 @@ } } }, + "stack_management": { + "properties": { + "visualize:enableLabs": { + "type": "boolean" + }, + "visualization:heatmap:maxBuckets": { + "type": "long" + }, + "visualization:colorMapping": { + "type": "text" + }, + "visualization:regionmap:showWarnings": { + "type": "boolean" + }, + "visualization:dimmingOpacity": { + "type": "float" + }, + "visualization:tileMap:maxPrecision": { + "type": "long" + }, + "securitySolution:ipReputationLinks": { + "type": "text" + }, + "csv:separator": { + "type": "keyword" + }, + "visualization:tileMap:WMSdefaults": { + "type": "text" + }, + "timelion:target_buckets": { + "type": "long" + }, + "timelion:max_buckets": { + "type": "long" + }, + "timelion:es.timefield": { + "type": "keyword" + }, + "timelion:min_interval": { + "type": "keyword" + }, + "timelion:default_rows": { + "type": "long" + }, + "timelion:default_columns": { + "type": "long" + }, + "timelion:quandl.key": { + "type": "keyword" + }, + "timelion:es.default_index": { + "type": "keyword" + }, + "timelion:showTutorial": { + "type": "boolean" + }, + "securitySolution:timeDefaults": { + "type": "keyword" + }, + "securitySolution:defaultAnomalyScore": { + "type": "long" + }, + "securitySolution:defaultIndex": { + "type": "keyword" + }, + "securitySolution:refreshIntervalDefaults": { + "type": "keyword" + }, + "securitySolution:newsFeedUrl": { + "type": "keyword" + }, + "securitySolution:enableNewsFeed": { + "type": "boolean" + }, + "search:includeFrozen": { + "type": "boolean" + }, + "courier:maxConcurrentShardRequests": { + "type": "long" + }, + "courier:batchSearches": { + "type": "boolean" + }, + "courier:setRequestPreference": { + "type": "keyword" + }, + "courier:customRequestPreference": { + "type": "keyword" + }, + "courier:ignoreFilterIfFieldNotInIndex": { + "type": "boolean" + }, + "rollups:enableIndexPatterns": { + "type": "boolean" + }, + "xpackReporting:customPdfLogo": { + "type": "text" + }, + "notifications:lifetime:warning": { + "type": "long" + }, + "notifications:lifetime:banner": { + "type": "long" + }, + "notifications:lifetime:info": { + "type": "long" + }, + "notifications:banner": { + "type": "text" + }, + "notifications:lifetime:error": { + "type": "long" + }, + "doc_table:highlight": { + "type": "boolean" + }, + "discover:searchOnPageLoad": { + "type": "boolean" + }, + "doc_table:hideTimeColumn": { + "type": "boolean" + }, + "discover:sampleSize": { + "type": "long" + }, + "defaultColumns": { + "type": "keyword" + }, + "context:defaultSize": { + "type": "long" + }, + "discover:aggs:terms:size": { + "type": "long" + }, + "context:tieBreakerFields": { + "type": "keyword" + }, + "discover:sort:defaultOrder": { + "type": "keyword" + }, + "context:step": { + "type": "long" + }, + "accessibility:disableAnimations": { + "type": "boolean" + }, + "ml:fileDataVisualizerMaxFileSize": { + "type": "keyword" + }, + "ml:anomalyDetection:results:enableTimeDefaults": { + "type": "boolean" + }, + "ml:anomalyDetection:results:timeDefaults": { + "type": "keyword" + }, + "truncate:maxHeight": { + "type": "long" + }, + "timepicker:timeDefaults": { + "type": "keyword" + }, + "timepicker:refreshIntervalDefaults": { + "type": "keyword" + }, + "timepicker:quickRanges": { + "type": "keyword" + }, + "theme:version": { + "type": "keyword" + }, + "theme:darkMode": { + "type": "boolean" + }, + "state:storeInSessionStorage": { + "type": "boolean" + }, + "savedObjects:perPage": { + "type": "long" + }, + "search:queryLanguage": { + "type": "keyword" + }, + "shortDots:enable": { + "type": "boolean" + }, + "sort:options": { + "type": "keyword" + }, + "savedObjects:listingLimit": { + "type": "long" + }, + "query:queryString:options": { + "type": "keyword" + }, + "pageNavigation": { + "type": "keyword" + }, + "metrics:max_buckets": { + "type": "long" + }, + "query:allowLeadingWildcards": { + "type": "boolean" + }, + "metaFields": { + "type": "keyword" + }, + "indexPattern:placeholder": { + "type": "keyword" + }, + "histogram:barTarget": { + "type": "long" + }, + "histogram:maxBars": { + "type": "long" + }, + "format:number:defaultLocale": { + "type": "keyword" + }, + "format:percent:defaultPattern": { + "type": "keyword" + }, + "format:number:defaultPattern": { + "type": "keyword" + }, + "history:limit": { + "type": "long" + }, + "format:defaultTypeMap": { + "type": "keyword" + }, + "format:currency:defaultPattern": { + "type": "keyword" + }, + "defaultIndex": { + "type": "keyword" + }, + "format:bytes:defaultPattern": { + "type": "keyword" + }, + "filters:pinnedByDefault": { + "type": "boolean" + }, + "filterEditor:suggestValues": { + "type": "boolean" + }, + "fields:popularLimit": { + "type": "long" + }, + "dateNanosFormat": { + "type": "keyword" + }, + "defaultRoute": { + "type": "keyword" + }, + "dateFormat:tz": { + "type": "keyword" + }, + "dateFormat:scaled": { + "type": "keyword" + }, + "csv:quoteValues": { + "type": "boolean" + }, + "dateFormat:dow": { + "type": "keyword" + }, + "dateFormat": { + "type": "keyword" + } + } + }, "telemetry": { "properties": { "opt_in_status": { From cfad030ed13b25ac47128ab4453d3f4e52658423 Mon Sep 17 00:00:00 2001 From: Tim Roes Date: Thu, 24 Sep 2020 15:21:17 +0200 Subject: [PATCH 024/120] Change CODEOWNERS of visualizations plugin (#78419) --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 8a8cc5c5e448c..2d1317e040de4 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -25,6 +25,7 @@ /src/plugins/vis_type_vislib/ @elastic/kibana-app /src/plugins/vis_type_xy/ @elastic/kibana-app /src/plugins/visualize/ @elastic/kibana-app +/src/plugins/visualizations/ @elastic/kibana-app # App Architecture /examples/bfetch_explorer/ @elastic/kibana-app-arch @@ -51,7 +52,6 @@ /src/plugins/navigation/ @elastic/kibana-app-arch /src/plugins/share/ @elastic/kibana-app-arch /src/plugins/ui_actions/ @elastic/kibana-app-arch -/src/plugins/visualizations/ @elastic/kibana-app-arch /x-pack/examples/ui_actions_enhanced_examples/ @elastic/kibana-app-arch /x-pack/plugins/data_enhanced/ @elastic/kibana-app-arch /x-pack/plugins/embeddable_enhanced/ @elastic/kibana-app-arch From ba635340bee7535a53f441ec70b40a81d11d0f44 Mon Sep 17 00:00:00 2001 From: Caroline Horn <549577+cchaos@users.noreply.github.com> Date: Thu, 24 Sep 2020 09:46:18 -0400 Subject: [PATCH 025/120] [Lens] Add a better drag/drop illustration (#78245) Fixes #76021 --- .../lens/public/assets/drop_illustration.tsx | 48 +++++++++ .../_workspace_panel_wrapper.scss | 89 ++++++++++++++- .../workspace_panel/workspace_panel.tsx | 102 +++++++++--------- .../indexpattern_datasource/field_item.tsx | 1 - .../lens/public/visualization_container.scss | 3 +- 5 files changed, 190 insertions(+), 53 deletions(-) create mode 100644 x-pack/plugins/lens/public/assets/drop_illustration.tsx diff --git a/x-pack/plugins/lens/public/assets/drop_illustration.tsx b/x-pack/plugins/lens/public/assets/drop_illustration.tsx new file mode 100644 index 0000000000000..1076f4875d60c --- /dev/null +++ b/x-pack/plugins/lens/public/assets/drop_illustration.tsx @@ -0,0 +1,48 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import * as React from 'react'; +import { EuiIconProps } from '@elastic/eui'; + +export const DropIllustration = ({ title, titleId, ...props }: Omit) => ( + + {title ? {title} : null} + + + + + + + + +); diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_workspace_panel_wrapper.scss b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_workspace_panel_wrapper.scss index a4d8288d5e600..7f7385f029ed4 100644 --- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_workspace_panel_wrapper.scss +++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_workspace_panel_wrapper.scss @@ -6,6 +6,7 @@ margin-bottom: $euiSize; display: flex; flex-direction: column; + position: relative; // For positioning the dnd overlay .lnsWorkspacePanelWrapper__pageContentHeader { @include euiTitle('xs'); @@ -24,8 +25,7 @@ display: flex; align-items: stretch; justify-content: stretch; - overflow: auto; - position: relative; + overflow: hidden; > * { flex: 1 1 100%; @@ -37,6 +37,91 @@ } } +.lnsWorkspacePanel__dragDrop { + // Disable the coloring of the DnD for this element as we'll + // Color the whole panel instead + background-color: transparent !important; // sass-lint:disable-line no-important +} + +.lnsExpressionRenderer { + .lnsDragDrop-isDropTarget & { + transition: filter $euiAnimSpeedNormal ease-in-out, opacity $euiAnimSpeedNormal ease-in-out; + filter: blur($euiSizeXS); + opacity: .25; + } +} + +.lnsWorkspacePanel__emptyContent { + position: absolute; + left: 0; + right: 0; + bottom: 0; + top: 0; + display: flex; + justify-content: center; + align-items: center; + transition: background-color $euiAnimSpeedNormal ease-in-out; + + .lnsDragDrop-isDropTarget & { + background-color: transparentize($euiColorSecondary, .9); + + p { + transition: filter $euiAnimSpeedNormal ease-in-out; + filter: blur(5px); + } + } + + .lnsDragDrop-isActiveDropTarget & { + background-color: transparentize($euiColorSecondary, .75); + + .lnsDropIllustration__hand { + animation: pulseArrowContinuous 1.5s ease-in-out 0s infinite normal forwards; + } + } + + &.lnsWorkspacePanel__emptyContent-onTop p { + display: none; + } +} + .lnsWorkspacePanelWrapper__toolbar { margin-bottom: 0; } + +.lnsDropIllustration__adjustFill { + fill: $euiColorFullShade; +} + +.lnsWorkspacePanel__dropIllustration { + overflow: visible; // Shows arrow animation when it gets out of bounds + margin-top: $euiSizeL; + margin-bottom: $euiSizeXXL; + // Drop shadow values is a dupe of @euiBottomShadowMedium but used as a filter + // Hard-coded px values OK (@cchaos) + // sass-lint:disable-block indentation + filter: + drop-shadow(0 6px 12px transparentize($euiShadowColor, .8)) + drop-shadow(0 4px 4px transparentize($euiShadowColor, .8)) + drop-shadow(0 2px 2px transparentize($euiShadowColor, .8)); +} + +.lnsDropIllustration__hand { + animation: pulseArrow 5s ease-in-out 0s infinite normal forwards; +} + +@keyframes pulseArrow { + 0% { transform: translateY(0%); } + 65% { transform: translateY(0%); } + 72% { transform: translateY(10%); } + 79% { transform: translateY(7%); } + 86% { transform: translateY(10%); } + 95% { transform: translateY(0); } +} + +@keyframes pulseArrowContinuous { + 0% { transform: translateY(10%); } + 25% { transform: translateY(15%); } + 50% { transform: translateY(10%); } + 75% { transform: translateY(15%); } + 100% { transform: translateY(10%); } +} diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx index 06cd858eda210..e56e55fdd5d6c 100644 --- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx +++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx @@ -5,17 +5,10 @@ */ import React, { useState, useEffect, useMemo, useContext, useCallback } from 'react'; +import classNames from 'classnames'; import { FormattedMessage } from '@kbn/i18n/react'; import { i18n } from '@kbn/i18n'; -import { - EuiFlexGroup, - EuiFlexItem, - EuiIcon, - EuiImage, - EuiText, - EuiButtonEmpty, - EuiLink, -} from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiIcon, EuiText, EuiButtonEmpty, EuiLink } from '@elastic/eui'; import { CoreStart, CoreSetup } from 'kibana/public'; import { ExecutionContextSearch } from 'src/plugins/expressions'; import { @@ -39,6 +32,7 @@ import { UiActionsStart } from '../../../../../../../src/plugins/ui_actions/publ import { VIS_EVENT_TO_TRIGGER } from '../../../../../../../src/plugins/visualizations/public'; import { DataPublicPluginStart } from '../../../../../../../src/plugins/data/public'; import { WorkspacePanelWrapper } from './workspace_panel_wrapper'; +import { DropIllustration } from '../../../assets/drop_illustration'; export interface WorkspacePanelProps { activeVisualizationId: string | null; @@ -78,11 +72,6 @@ export function InnerWorkspacePanel({ ExpressionRenderer: ExpressionRendererComponent, title, }: WorkspacePanelProps) { - const IS_DARK_THEME = core.uiSettings.get('theme:darkMode'); - const emptyStateGraphicURL = IS_DARK_THEME - ? '/plugins/lens/assets/lens_app_graphic_dark_2x.png' - : '/plugins/lens/assets/lens_app_graphic_light_2x.png'; - const dragDropContext = useContext(DragContext); const suggestionForDraggedField = useMemo( @@ -210,41 +199,54 @@ export function InnerWorkspacePanel({ function renderEmptyWorkspace() { return ( -
    - -

    - -

    - -

    - -

    -

    - - - - - -

    -     -
    + +

    + + {expression === null ? ( + + ) : ( + + )} + +

    + + {expression === null && ( + <> +

    + +

    +

    + + + + + +

    + + )} +     ); } @@ -330,12 +332,14 @@ export function InnerWorkspacePanel({ visualizationMap={visualizationMap} > {renderVisualization()} + {Boolean(suggestionForDraggedField) && expression !== null && renderEmptyWorkspace()} ); diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx index 1eeb64127310f..f141d3f8ecb9e 100644 --- a/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx +++ b/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx @@ -196,7 +196,6 @@ export const InnerFieldItem = function InnerFieldItem(props: FieldItemProps) { return ( ('.application') || undefined} diff --git a/x-pack/plugins/lens/public/visualization_container.scss b/x-pack/plugins/lens/public/visualization_container.scss index e5c359112fe4b..59ddbf4bf6478 100644 --- a/x-pack/plugins/lens/public/visualization_container.scss +++ b/x-pack/plugins/lens/public/visualization_container.scss @@ -1,3 +1,4 @@ .lnsVisualizationContainer { + @include euiScrollBar; overflow: auto; -} \ No newline at end of file +} From 38e63d1029226e958cffc73dbe443fd1e4f48dab Mon Sep 17 00:00:00 2001 From: Jean-Louis Leysens Date: Thu, 24 Sep 2020 16:02:14 +0200 Subject: [PATCH 026/120] [ES UI Shared] Remove 'brace' from es_ui_shared public (#78033) * major wip * major wip * fix worker creation leak * just copy the file over for now * Remove xjson from static and from es_ui_shared entirely - moved expand and collapse logic back to es_ui_shared. It has nothing to do with ace - refactor the useXJson hook which bundled XJsonMode with it. This was convenient but ultimately inflates the amount of code Kibana needs to first load up in the client. Users will need to import XJsonMode and instantiate it when they want to use it. Updated existing usage. - Cleaned up Monaco namespace from es_ui_shared because of how useXJsonMode was refactored -- no longer exporting an editor specific instance means this code does not know about anything to do with code editors so it is decoupled from ace and monaco. * fix export of collapse and expand string literals Co-authored-by: Elastic Machine --- .github/CODEOWNERS | 2 + package.json | 2 + packages/kbn-ace/README.md | 5 ++ packages/kbn-ace/package.json | 20 ++++++ packages/kbn-ace/scripts/build.js | 65 +++++++++++++++++++ .../kbn-ace/src}/ace/modes/index.ts | 0 .../elasticsearch_sql_highlight_rules.ts | 0 .../src}/ace/modes/lexer_rules/index.ts | 0 .../lexer_rules/script_highlight_rules.ts | 0 .../lexer_rules/x_json_highlight_rules.ts | 0 .../kbn-ace/src}/ace/modes/x_json/index.ts | 0 .../src}/ace/modes/x_json/worker/index.ts | 0 .../src}/ace/modes/x_json/worker/worker.d.ts | 0 .../modes/x_json/worker/x_json.ace.worker.js | 0 .../kbn-ace/src}/ace/modes/x_json/x_json.ts | 0 .../monaco => packages/kbn-ace/src}/index.ts | 9 ++- packages/kbn-ace/tsconfig.json | 15 +++++ packages/kbn-ace/yarn.lock | 1 + .../legacy/console_editor/editor_output.tsx | 2 +- .../send_request_to_es.ts | 3 +- .../mode/input_highlight_rules.js | 2 +- .../mode/output_highlight_rules.js | 2 +- .../models/legacy_core_editor/mode/script.js | 2 +- .../__tests__/sense_editor.test.js | 4 +- .../models/sense_editor/sense_editor.ts | 4 +- src/plugins/console/public/lib/utils/index.ts | 4 +- src/plugins/console/public/shared_imports.ts | 6 +- .../monaco/use_xjson_mode.ts | 32 --------- .../__packages_do_not_import__/xjson/index.ts | 2 + .../json_xjson_translation_tools.test.ts | 0 .../__tests__/utils_string_collapsing.txt | 0 .../__tests__/utils_string_expanding.txt | 0 .../json_xjson_translation_tools/index.ts | 0 .../json_xjson_translation_tools/parser.ts | 0 .../xjson/use_xjson_mode.ts | 3 +- src/plugins/es_ui_shared/kibana.json | 1 - .../es_ui_shared/public/console_lang/index.ts | 32 --------- .../public/console_lang/lib/index.ts | 20 ------ src/plugins/es_ui_shared/public/index.ts | 15 +---- .../monaco => public/xjson}/index.ts | 2 +- .../static/ace_x_json/hooks/index.ts | 20 ------ .../static/ace_x_json/hooks/use_x_json.ts | 33 ---------- .../field_components/xjson_editor.tsx | 6 +- .../ingest_pipelines/public/shared_imports.ts | 2 +- .../use_create_analytics_form/reducer.ts | 2 +- x-pack/plugins/ml/shared_imports.ts | 9 ++- .../public/application/editor/init_editor.ts | 2 +- .../utils/check_for_json_errors.ts | 4 +- .../hooks/use_advanced_pivot_editor.ts | 7 +- .../transform/public/shared_imports.ts | 13 ++-- .../json_editor_with_message_variables.tsx | 9 ++- .../json_watch_edit/json_watch_edit_form.tsx | 8 ++- .../json_watch_edit_simulate.tsx | 11 +++- .../public/application/shared_imports.ts | 3 +- 54 files changed, 191 insertions(+), 193 deletions(-) create mode 100644 packages/kbn-ace/README.md create mode 100644 packages/kbn-ace/package.json create mode 100644 packages/kbn-ace/scripts/build.js rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/index.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/lexer_rules/elasticsearch_sql_highlight_rules.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/lexer_rules/index.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/lexer_rules/script_highlight_rules.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/lexer_rules/x_json_highlight_rules.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/x_json/index.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/x_json/worker/index.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/x_json/worker/worker.d.ts (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/x_json/worker/x_json.ace.worker.js (100%) rename {src/plugins/es_ui_shared/public/console_lang => packages/kbn-ace/src}/ace/modes/x_json/x_json.ts (100%) rename {src/plugins/es_ui_shared/public/monaco => packages/kbn-ace/src}/index.ts (82%) create mode 100644 packages/kbn-ace/tsconfig.json create mode 120000 packages/kbn-ace/yarn.lock delete mode 100644 src/plugins/es_ui_shared/__packages_do_not_import__/monaco/use_xjson_mode.ts rename src/plugins/es_ui_shared/{public/console_lang/lib => __packages_do_not_import__/xjson}/json_xjson_translation_tools/__tests__/json_xjson_translation_tools.test.ts (100%) rename src/plugins/es_ui_shared/{public/console_lang/lib => __packages_do_not_import__/xjson}/json_xjson_translation_tools/__tests__/utils_string_collapsing.txt (100%) rename src/plugins/es_ui_shared/{public/console_lang/lib => __packages_do_not_import__/xjson}/json_xjson_translation_tools/__tests__/utils_string_expanding.txt (100%) rename src/plugins/es_ui_shared/{public/console_lang/lib => __packages_do_not_import__/xjson}/json_xjson_translation_tools/index.ts (100%) rename src/plugins/es_ui_shared/{public/console_lang/lib => __packages_do_not_import__/xjson}/json_xjson_translation_tools/parser.ts (100%) delete mode 100644 src/plugins/es_ui_shared/public/console_lang/index.ts delete mode 100644 src/plugins/es_ui_shared/public/console_lang/lib/index.ts rename src/plugins/es_ui_shared/{__packages_do_not_import__/monaco => public/xjson}/index.ts (93%) delete mode 100644 src/plugins/es_ui_shared/static/ace_x_json/hooks/index.ts delete mode 100644 src/plugins/es_ui_shared/static/ace_x_json/hooks/use_x_json.ts diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 2d1317e040de4..2f5e14f1f1599 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -246,6 +246,8 @@ x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @elastic/kib /x-pack/plugins/upgrade_assistant/ @elastic/es-ui /x-pack/plugins/watcher/ @elastic/es-ui /x-pack/plugins/ingest_pipelines/ @elastic/es-ui +/packages/kbn-ace/ @elastic/es-ui +/packages/kbn-monaco/ @elastic/es-ui # Endpoint /x-pack/plugins/endpoint/ @elastic/endpoint-app-team @elastic/siem diff --git a/package.json b/package.json index 69df2818bb242..7102112a29b4f 100644 --- a/package.json +++ b/package.json @@ -138,6 +138,8 @@ "@kbn/telemetry-tools": "1.0.0", "@kbn/test-subj-selector": "0.2.1", "@kbn/ui-framework": "1.0.0", + "@kbn/ace": "1.0.0", + "@kbn/monaco": "1.0.0", "@kbn/ui-shared-deps": "1.0.0", "@types/yauzl": "^2.9.1", "JSONStream": "1.3.5", diff --git a/packages/kbn-ace/README.md b/packages/kbn-ace/README.md new file mode 100644 index 0000000000000..54c422a72c6f8 --- /dev/null +++ b/packages/kbn-ace/README.md @@ -0,0 +1,5 @@ +# @kbn/ace + +Contains all Kibana-specific brace related code. Excluding the code that still inside of Console because that code is only used inside of console at the moment. + +This package enables plugins to use this functionality and import it as needed -- behind an async import so that brace does not bloat the JS code needed for first page load of Kibana. diff --git a/packages/kbn-ace/package.json b/packages/kbn-ace/package.json new file mode 100644 index 0000000000000..cf74d745f4cae --- /dev/null +++ b/packages/kbn-ace/package.json @@ -0,0 +1,20 @@ +{ + "name": "@kbn/ace", + "version": "1.0.0", + "private": true, + "main": "./target/index.js", + "license": "Apache-2.0", + "scripts": { + "build": "node ./scripts/build.js", + "kbn:bootstrap": "yarn build --dev" + }, + "dependencies": { + "brace": "0.11.1" + }, + "devDependencies": { + "@kbn/dev-utils": "1.0.0", + "@kbn/babel-preset": "1.0.0", + "raw-loader": "3.1.0", + "typescript": "4.0.2" + } +} diff --git a/packages/kbn-ace/scripts/build.js b/packages/kbn-ace/scripts/build.js new file mode 100644 index 0000000000000..2f570ffba1fc6 --- /dev/null +++ b/packages/kbn-ace/scripts/build.js @@ -0,0 +1,65 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +const path = require('path'); +const del = require('del'); +const fs = require('fs'); +const supportsColor = require('supports-color'); +const { run } = require('@kbn/dev-utils'); + +const TARGET_BUILD_DIR = path.resolve(__dirname, '../target'); +const ROOT_DIR = path.resolve(__dirname, '../'); +const WORKER_PATH_SECTION = 'ace/modes/x_json/worker/x_json.ace.worker.js'; + +run( + async ({ procRunner, log }) => { + log.info('Deleting old output'); + + await del(TARGET_BUILD_DIR); + + const cwd = ROOT_DIR; + const env = { ...process.env }; + + if (supportsColor.stdout) { + env.FORCE_COLOR = 'true'; + } + + await procRunner.run('tsc ', { + cmd: 'tsc', + args: [], + wait: true, + env, + cwd, + }); + + log.success('Copying worker file to target.'); + + fs.copyFileSync( + path.resolve(__dirname, '..', 'src', WORKER_PATH_SECTION), + path.resolve(__dirname, '..', 'target', WORKER_PATH_SECTION) + ); + + log.success('Complete'); + }, + { + flags: { + boolean: ['dev'], + }, + } +); diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/index.ts b/packages/kbn-ace/src/ace/modes/index.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/index.ts rename to packages/kbn-ace/src/ace/modes/index.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/elasticsearch_sql_highlight_rules.ts b/packages/kbn-ace/src/ace/modes/lexer_rules/elasticsearch_sql_highlight_rules.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/elasticsearch_sql_highlight_rules.ts rename to packages/kbn-ace/src/ace/modes/lexer_rules/elasticsearch_sql_highlight_rules.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/index.ts b/packages/kbn-ace/src/ace/modes/lexer_rules/index.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/index.ts rename to packages/kbn-ace/src/ace/modes/lexer_rules/index.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/script_highlight_rules.ts b/packages/kbn-ace/src/ace/modes/lexer_rules/script_highlight_rules.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/script_highlight_rules.ts rename to packages/kbn-ace/src/ace/modes/lexer_rules/script_highlight_rules.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/x_json_highlight_rules.ts b/packages/kbn-ace/src/ace/modes/lexer_rules/x_json_highlight_rules.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/lexer_rules/x_json_highlight_rules.ts rename to packages/kbn-ace/src/ace/modes/lexer_rules/x_json_highlight_rules.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/index.ts b/packages/kbn-ace/src/ace/modes/x_json/index.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/index.ts rename to packages/kbn-ace/src/ace/modes/x_json/index.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/index.ts b/packages/kbn-ace/src/ace/modes/x_json/worker/index.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/index.ts rename to packages/kbn-ace/src/ace/modes/x_json/worker/index.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/worker.d.ts b/packages/kbn-ace/src/ace/modes/x_json/worker/worker.d.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/worker.d.ts rename to packages/kbn-ace/src/ace/modes/x_json/worker/worker.d.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/x_json.ace.worker.js b/packages/kbn-ace/src/ace/modes/x_json/worker/x_json.ace.worker.js similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/worker/x_json.ace.worker.js rename to packages/kbn-ace/src/ace/modes/x_json/worker/x_json.ace.worker.js diff --git a/src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/x_json.ts b/packages/kbn-ace/src/ace/modes/x_json/x_json.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/ace/modes/x_json/x_json.ts rename to packages/kbn-ace/src/ace/modes/x_json/x_json.ts diff --git a/src/plugins/es_ui_shared/public/monaco/index.ts b/packages/kbn-ace/src/index.ts similarity index 82% rename from src/plugins/es_ui_shared/public/monaco/index.ts rename to packages/kbn-ace/src/index.ts index 23ba93e913234..62a6dbb948997 100644 --- a/src/plugins/es_ui_shared/public/monaco/index.ts +++ b/packages/kbn-ace/src/index.ts @@ -17,4 +17,11 @@ * under the License. */ -export { useXJsonMode } from '../../__packages_do_not_import__/monaco'; +export { + ElasticsearchSqlHighlightRules, + ScriptHighlightRules, + XJsonHighlightRules, + addXJsonToRules, + XJsonMode, + installXJsonMode, +} from './ace/modes'; diff --git a/packages/kbn-ace/tsconfig.json b/packages/kbn-ace/tsconfig.json new file mode 100644 index 0000000000000..6d3f433c6a6d1 --- /dev/null +++ b/packages/kbn-ace/tsconfig.json @@ -0,0 +1,15 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "outDir": "./target", + "declaration": true, + "sourceMap": true, + "types": [ + "jest", + "node" + ] + }, + "include": [ + "src/**/*" + ] +} diff --git a/packages/kbn-ace/yarn.lock b/packages/kbn-ace/yarn.lock new file mode 120000 index 0000000000000..3f82ebc9cdbae --- /dev/null +++ b/packages/kbn-ace/yarn.lock @@ -0,0 +1 @@ +../../yarn.lock \ No newline at end of file diff --git a/src/plugins/console/public/application/containers/editor/legacy/console_editor/editor_output.tsx b/src/plugins/console/public/application/containers/editor/legacy/console_editor/editor_output.tsx index dd5ef5209a244..44ed5f4b8051e 100644 --- a/src/plugins/console/public/application/containers/editor/legacy/console_editor/editor_output.tsx +++ b/src/plugins/console/public/application/containers/editor/legacy/console_editor/editor_output.tsx @@ -20,7 +20,7 @@ import { EuiScreenReaderOnly } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import React, { useEffect, useRef } from 'react'; -import { expandLiteralStrings } from '../../../../../../../es_ui_shared/public'; +import { expandLiteralStrings } from '../../../../../shared_imports'; import { useEditorReadContext, useRequestReadContext, diff --git a/src/plugins/console/public/application/hooks/use_send_current_request_to_es/send_request_to_es.ts b/src/plugins/console/public/application/hooks/use_send_current_request_to_es/send_request_to_es.ts index cfbd5691bc22b..d01adf332e24a 100644 --- a/src/plugins/console/public/application/hooks/use_send_current_request_to_es/send_request_to_es.ts +++ b/src/plugins/console/public/application/hooks/use_send_current_request_to_es/send_request_to_es.ts @@ -18,7 +18,8 @@ */ import { extractDeprecationMessages } from '../../../lib/utils'; -import { collapseLiteralStrings } from '../../../../../es_ui_shared/public'; +import { XJson } from '../../../../../es_ui_shared/public'; +const { collapseLiteralStrings } = XJson; // @ts-ignore import * as es from '../../../lib/es/es'; import { BaseResponseType } from '../../../types'; diff --git a/src/plugins/console/public/application/models/legacy_core_editor/mode/input_highlight_rules.js b/src/plugins/console/public/application/models/legacy_core_editor/mode/input_highlight_rules.js index 1558cf0cb5554..bc0129850f299 100644 --- a/src/plugins/console/public/application/models/legacy_core_editor/mode/input_highlight_rules.js +++ b/src/plugins/console/public/application/models/legacy_core_editor/mode/input_highlight_rules.js @@ -18,7 +18,7 @@ */ import ace from 'brace'; -import { addXJsonToRules } from '../../../../../../es_ui_shared/public'; +import { addXJsonToRules } from '@kbn/ace'; export function addEOL(tokens, reg, nextIfEOL, normalNext) { if (typeof reg === 'object') { diff --git a/src/plugins/console/public/application/models/legacy_core_editor/mode/output_highlight_rules.js b/src/plugins/console/public/application/models/legacy_core_editor/mode/output_highlight_rules.js index 448fd847aeacd..2f39689319389 100644 --- a/src/plugins/console/public/application/models/legacy_core_editor/mode/output_highlight_rules.js +++ b/src/plugins/console/public/application/models/legacy_core_editor/mode/output_highlight_rules.js @@ -19,7 +19,7 @@ import ace from 'brace'; import 'brace/mode/json'; -import { addXJsonToRules } from '../../../../../../es_ui_shared/public'; +import { addXJsonToRules } from '@kbn/ace'; const oop = ace.acequire('ace/lib/oop'); const JsonHighlightRules = ace.acequire('ace/mode/json_highlight_rules').JsonHighlightRules; diff --git a/src/plugins/console/public/application/models/legacy_core_editor/mode/script.js b/src/plugins/console/public/application/models/legacy_core_editor/mode/script.js index 6079c9db40eef..03d5b10f82d01 100644 --- a/src/plugins/console/public/application/models/legacy_core_editor/mode/script.js +++ b/src/plugins/console/public/application/models/legacy_core_editor/mode/script.js @@ -18,7 +18,7 @@ */ import ace from 'brace'; -import { ScriptHighlightRules } from '../../../../../../es_ui_shared/public'; +import { ScriptHighlightRules } from '@kbn/ace'; const oop = ace.acequire('ace/lib/oop'); const TextMode = ace.acequire('ace/mode/text').Mode; diff --git a/src/plugins/console/public/application/models/sense_editor/__tests__/sense_editor.test.js b/src/plugins/console/public/application/models/sense_editor/__tests__/sense_editor.test.js index c3fb879f2eeeb..04d3cd1a724e1 100644 --- a/src/plugins/console/public/application/models/sense_editor/__tests__/sense_editor.test.js +++ b/src/plugins/console/public/application/models/sense_editor/__tests__/sense_editor.test.js @@ -22,9 +22,11 @@ import $ from 'jquery'; import _ from 'lodash'; import { create } from '../create'; -import { collapseLiteralStrings } from '../../../../../../es_ui_shared/public'; +import { XJson } from '../../../../../../es_ui_shared/public'; import editorInput1 from './editor_input1.txt'; +const { collapseLiteralStrings } = XJson; + describe('Editor', () => { let input; diff --git a/src/plugins/console/public/application/models/sense_editor/sense_editor.ts b/src/plugins/console/public/application/models/sense_editor/sense_editor.ts index dbf4f1adcba0a..66324050bc2fa 100644 --- a/src/plugins/console/public/application/models/sense_editor/sense_editor.ts +++ b/src/plugins/console/public/application/models/sense_editor/sense_editor.ts @@ -19,7 +19,7 @@ import _ from 'lodash'; import RowParser from '../../../lib/row_parser'; -import { collapseLiteralStrings } from '../../../../../es_ui_shared/public'; +import { XJson } from '../../../../../es_ui_shared/public'; import * as utils from '../../../lib/utils'; // @ts-ignore @@ -30,6 +30,8 @@ import { createTokenIterator } from '../../factories'; import Autocomplete from '../../../lib/autocomplete/autocomplete'; +const { collapseLiteralStrings } = XJson; + export class SenseEditor { currentReqRange: (Range & { markerRef: any }) | null; parser: any; diff --git a/src/plugins/console/public/lib/utils/index.ts b/src/plugins/console/public/lib/utils/index.ts index 917988e0e811b..b95680e5df47e 100644 --- a/src/plugins/console/public/lib/utils/index.ts +++ b/src/plugins/console/public/lib/utils/index.ts @@ -18,7 +18,9 @@ */ import _ from 'lodash'; -import { expandLiteralStrings, collapseLiteralStrings } from '../../../../es_ui_shared/public'; +import { XJson } from '../../../../es_ui_shared/public'; + +const { collapseLiteralStrings, expandLiteralStrings } = XJson; export function textFromRequest(request: any) { let data = request.data; diff --git a/src/plugins/console/public/shared_imports.ts b/src/plugins/console/public/shared_imports.ts index aa64091903fb7..36c50f9c51e0d 100644 --- a/src/plugins/console/public/shared_imports.ts +++ b/src/plugins/console/public/shared_imports.ts @@ -17,6 +17,8 @@ * under the License. */ -import { sendRequest } from '../../es_ui_shared/public'; +import { sendRequest, XJson } from '../../es_ui_shared/public'; -export { sendRequest }; +const { collapseLiteralStrings, expandLiteralStrings } = XJson; + +export { sendRequest, collapseLiteralStrings, expandLiteralStrings }; diff --git a/src/plugins/es_ui_shared/__packages_do_not_import__/monaco/use_xjson_mode.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/monaco/use_xjson_mode.ts deleted file mode 100644 index b783045492f05..0000000000000 --- a/src/plugins/es_ui_shared/__packages_do_not_import__/monaco/use_xjson_mode.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import { XJsonLang } from '@kbn/monaco'; -import { useXJsonMode as useBaseXJsonMode } from '../xjson'; - -interface ReturnValue extends ReturnType { - XJsonLang: typeof XJsonLang; -} - -export const useXJsonMode = (json: Parameters[0]): ReturnValue => { - return { - ...useBaseXJsonMode(json), - XJsonLang, - }; -}; diff --git a/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/index.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/index.ts index a9c6ea1e01d54..adbdbe97c4a07 100644 --- a/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/index.ts +++ b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/index.ts @@ -18,3 +18,5 @@ */ export { useXJsonMode } from './use_xjson_mode'; + +export { collapseLiteralStrings, expandLiteralStrings } from './json_xjson_translation_tools'; diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/json_xjson_translation_tools.test.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/json_xjson_translation_tools.test.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/json_xjson_translation_tools.test.ts rename to src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/json_xjson_translation_tools.test.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/utils_string_collapsing.txt b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/utils_string_collapsing.txt similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/utils_string_collapsing.txt rename to src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/utils_string_collapsing.txt diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/utils_string_expanding.txt b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/utils_string_expanding.txt similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/__tests__/utils_string_expanding.txt rename to src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/__tests__/utils_string_expanding.txt diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/index.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/index.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/index.ts rename to src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/index.ts diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/parser.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/parser.ts similarity index 100% rename from src/plugins/es_ui_shared/public/console_lang/lib/json_xjson_translation_tools/parser.ts rename to src/plugins/es_ui_shared/__packages_do_not_import__/xjson/json_xjson_translation_tools/parser.ts diff --git a/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/use_xjson_mode.ts b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/use_xjson_mode.ts index 7dcc7c9ed83bc..1d4c473ed14e4 100644 --- a/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/use_xjson_mode.ts +++ b/src/plugins/es_ui_shared/__packages_do_not_import__/xjson/use_xjson_mode.ts @@ -18,7 +18,8 @@ */ import { useState, Dispatch } from 'react'; -import { collapseLiteralStrings, expandLiteralStrings } from '../../public'; + +import { collapseLiteralStrings, expandLiteralStrings } from './json_xjson_translation_tools'; interface ReturnValue { xJson: string; diff --git a/src/plugins/es_ui_shared/kibana.json b/src/plugins/es_ui_shared/kibana.json index eab7355d66f09..d442bfb93d5af 100644 --- a/src/plugins/es_ui_shared/kibana.json +++ b/src/plugins/es_ui_shared/kibana.json @@ -4,7 +4,6 @@ "ui": true, "server": true, "extraPublicDirs": [ - "static/ace_x_json/hooks", "static/validators/string", "static/forms/hook_form_lib", "static/forms/helpers", diff --git a/src/plugins/es_ui_shared/public/console_lang/index.ts b/src/plugins/es_ui_shared/public/console_lang/index.ts deleted file mode 100644 index 7d83191569622..0000000000000 --- a/src/plugins/es_ui_shared/public/console_lang/index.ts +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -// Lib is intentionally not included in this barrel export file to separate worker logic -// from being imported with pure functions - -export { - ElasticsearchSqlHighlightRules, - ScriptHighlightRules, - XJsonHighlightRules, - addXJsonToRules, - XJsonMode, - installXJsonMode, -} from './ace/modes'; - -export { expandLiteralStrings, collapseLiteralStrings } from './lib'; diff --git a/src/plugins/es_ui_shared/public/console_lang/lib/index.ts b/src/plugins/es_ui_shared/public/console_lang/lib/index.ts deleted file mode 100644 index bf7f0290d4158..0000000000000 --- a/src/plugins/es_ui_shared/public/console_lang/lib/index.ts +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -export { collapseLiteralStrings, expandLiteralStrings } from './json_xjson_translation_tools'; diff --git a/src/plugins/es_ui_shared/public/index.ts b/src/plugins/es_ui_shared/public/index.ts index 5a1c13658604a..94b084e7d3f20 100644 --- a/src/plugins/es_ui_shared/public/index.ts +++ b/src/plugins/es_ui_shared/public/index.ts @@ -22,9 +22,9 @@ * In the future, each top level folder should be exported like that to avoid naming collision */ import * as Forms from './forms'; -import * as Monaco from './monaco'; import * as ace from './ace'; import * as GlobalFlyout from './global_flyout'; +import * as XJson from './xjson'; export { JsonEditor, OnJsonEditorUpdateHandler, JsonEditorState } from './components/json_editor'; @@ -43,17 +43,6 @@ export { export { indices } from './indices'; -export { - installXJsonMode, - XJsonMode, - ElasticsearchSqlHighlightRules, - addXJsonToRules, - ScriptHighlightRules, - XJsonHighlightRules, - collapseLiteralStrings, - expandLiteralStrings, -} from './console_lang'; - export { AuthorizationContext, AuthorizationProvider, @@ -66,7 +55,7 @@ export { useAuthorizationContext, } from './authorization'; -export { Monaco, Forms, ace, GlobalFlyout }; +export { Forms, ace, GlobalFlyout, XJson }; export { extractQueryParams } from './url'; diff --git a/src/plugins/es_ui_shared/__packages_do_not_import__/monaco/index.ts b/src/plugins/es_ui_shared/public/xjson/index.ts similarity index 93% rename from src/plugins/es_ui_shared/__packages_do_not_import__/monaco/index.ts rename to src/plugins/es_ui_shared/public/xjson/index.ts index a9c6ea1e01d54..d505cbe0c6348 100644 --- a/src/plugins/es_ui_shared/__packages_do_not_import__/monaco/index.ts +++ b/src/plugins/es_ui_shared/public/xjson/index.ts @@ -17,4 +17,4 @@ * under the License. */ -export { useXJsonMode } from './use_xjson_mode'; +export * from '../../__packages_do_not_import__/xjson'; diff --git a/src/plugins/es_ui_shared/static/ace_x_json/hooks/index.ts b/src/plugins/es_ui_shared/static/ace_x_json/hooks/index.ts deleted file mode 100644 index 1d2c33a9f0f47..0000000000000 --- a/src/plugins/es_ui_shared/static/ace_x_json/hooks/index.ts +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -export { useXJsonMode } from './use_x_json'; diff --git a/src/plugins/es_ui_shared/static/ace_x_json/hooks/use_x_json.ts b/src/plugins/es_ui_shared/static/ace_x_json/hooks/use_x_json.ts deleted file mode 100644 index 3a093ac6869d0..0000000000000 --- a/src/plugins/es_ui_shared/static/ace_x_json/hooks/use_x_json.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -import { XJsonMode } from '../../../public'; -import { useXJsonMode as useBaseXJsonMode } from '../../../__packages_do_not_import__/xjson'; - -const xJsonMode = new XJsonMode(); - -interface ReturnValue extends ReturnType { - xJsonMode: typeof xJsonMode; -} - -export const useXJsonMode = (json: Parameters[0]): ReturnValue => { - return { - ...useBaseXJsonMode(json), - xJsonMode, - }; -}; diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/xjson_editor.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/xjson_editor.tsx index e00f9c002e5bc..f482e6f08c2c6 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/xjson_editor.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/xjson_editor.tsx @@ -5,7 +5,9 @@ */ import { XJsonLang } from '@kbn/monaco'; import React, { FunctionComponent, useCallback } from 'react'; -import { FieldHook, Monaco } from '../../../../../../shared_imports'; +import { FieldHook, XJson } from '../../../../../../shared_imports'; + +const { useXJsonMode } = XJson; import { TextEditor } from './text_editor'; @@ -21,7 +23,7 @@ const defaultEditorOptions = { export const XJsonEditor: FunctionComponent = ({ field, editorProps }) => { const { value, setValue } = field; - const { xJson, setXJson, convertToJson } = Monaco.useXJsonMode(value); + const { xJson, setXJson, convertToJson } = useXJsonMode(value); const onChange = useCallback( (s) => { diff --git a/x-pack/plugins/ingest_pipelines/public/shared_imports.ts b/x-pack/plugins/ingest_pipelines/public/shared_imports.ts index abdbdf2140400..026e0d97fe988 100644 --- a/x-pack/plugins/ingest_pipelines/public/shared_imports.ts +++ b/x-pack/plugins/ingest_pipelines/public/shared_imports.ts @@ -21,7 +21,7 @@ export { useRequest, UseRequestConfig, WithPrivileges, - Monaco, + XJson, JsonEditor, OnJsonEditorUpdateHandler, } from '../../../../src/plugins/es_ui_shared/public/'; diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/reducer.ts b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/reducer.ts index 178638322bacd..59c6f7249408d 100644 --- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/reducer.ts +++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/reducer.ts @@ -10,7 +10,7 @@ import { memoize } from 'lodash'; import numeral from '@elastic/numeral'; import { isValidIndexName } from '../../../../../../../common/util/es_utils'; -import { collapseLiteralStrings } from '../../../../../../../../../../src/plugins/es_ui_shared/public'; +import { collapseLiteralStrings } from '../../../../../../../shared_imports'; import { Action, ACTION } from './actions'; import { diff --git a/x-pack/plugins/ml/shared_imports.ts b/x-pack/plugins/ml/shared_imports.ts index a82ed5387818d..33669a082f7f0 100644 --- a/x-pack/plugins/ml/shared_imports.ts +++ b/x-pack/plugins/ml/shared_imports.ts @@ -3,9 +3,8 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ +import { XJson } from '../../../src/plugins/es_ui_shared/public'; +const { collapseLiteralStrings, expandLiteralStrings } = XJson; -export { - XJsonMode, - collapseLiteralStrings, - expandLiteralStrings, -} from '../../../src/plugins/es_ui_shared/public'; +export { XJsonMode } from '@kbn/ace'; +export { collapseLiteralStrings, expandLiteralStrings }; diff --git a/x-pack/plugins/searchprofiler/public/application/editor/init_editor.ts b/x-pack/plugins/searchprofiler/public/application/editor/init_editor.ts index 3ad92531e4367..b43506e1323da 100644 --- a/x-pack/plugins/searchprofiler/public/application/editor/init_editor.ts +++ b/x-pack/plugins/searchprofiler/public/application/editor/init_editor.ts @@ -5,7 +5,7 @@ */ import ace from 'brace'; -import { installXJsonMode } from '../../../../../../src/plugins/es_ui_shared/public'; +import { installXJsonMode } from '@kbn/ace'; export function initializeEditor({ el, diff --git a/x-pack/plugins/searchprofiler/public/application/utils/check_for_json_errors.ts b/x-pack/plugins/searchprofiler/public/application/utils/check_for_json_errors.ts index 58a62c4636c25..7832d7bcb63f7 100644 --- a/x-pack/plugins/searchprofiler/public/application/utils/check_for_json_errors.ts +++ b/x-pack/plugins/searchprofiler/public/application/utils/check_for_json_errors.ts @@ -4,7 +4,9 @@ * you may not use this file except in compliance with the Elastic License. */ -import { collapseLiteralStrings } from '../../../../../../src/plugins/es_ui_shared/public'; +import { XJson } from '../../../../../../src/plugins/es_ui_shared/public'; + +const { collapseLiteralStrings } = XJson; export function checkForParseErrors(json: string) { const sanitizedJson = collapseLiteralStrings(json); diff --git a/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/hooks/use_advanced_pivot_editor.ts b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/hooks/use_advanced_pivot_editor.ts index 41b84f04db852..d13376cf838f8 100644 --- a/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/hooks/use_advanced_pivot_editor.ts +++ b/x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/hooks/use_advanced_pivot_editor.ts @@ -5,13 +5,17 @@ */ import { useEffect, useState } from 'react'; +import { XJsonMode } from '@kbn/ace'; -import { useXJsonMode } from '../../../../../../../../../../src/plugins/es_ui_shared/static/ace_x_json/hooks'; +import { XJson } from '../../../../../../../../../../src/plugins/es_ui_shared/public'; import { PostTransformsPreviewRequestSchema } from '../../../../../../../common/api_schemas/transforms'; import { StepDefineExposedState } from '../common'; +const { useXJsonMode } = XJson; +const xJsonMode = new XJsonMode(); + export const useAdvancedPivotEditor = ( defaults: StepDefineExposedState, previewRequest: PostTransformsPreviewRequestSchema @@ -38,7 +42,6 @@ export const useAdvancedPivotEditor = ( convertToJson, setXJson: setAdvancedEditorConfig, xJson: advancedEditorConfig, - xJsonMode, } = useXJsonMode(stringifiedPivotConfig); useEffect(() => { diff --git a/x-pack/plugins/transform/public/shared_imports.ts b/x-pack/plugins/transform/public/shared_imports.ts index 4737787dbd9ee..b977c657b4a5a 100644 --- a/x-pack/plugins/transform/public/shared_imports.ts +++ b/x-pack/plugins/transform/public/shared_imports.ts @@ -5,13 +5,8 @@ */ export { createSavedSearchesLoader } from '../../../../src/plugins/discover/public'; -export { - XJsonMode, - collapseLiteralStrings, - expandLiteralStrings, - UseRequestConfig, - useRequest, -} from '../../../../src/plugins/es_ui_shared/public'; +export { XJsonMode } from '@kbn/ace'; +export { UseRequestConfig, useRequest } from '../../../../src/plugins/es_ui_shared/public'; export { getFieldType, @@ -31,3 +26,7 @@ export { UseIndexDataReturnType, INDEX_STATUS, } from '../../ml/public'; + +import { XJson } from '../../../../src/plugins/es_ui_shared/public'; +const { expandLiteralStrings, collapseLiteralStrings } = XJson; +export { expandLiteralStrings, collapseLiteralStrings }; diff --git a/x-pack/plugins/triggers_actions_ui/public/application/components/json_editor_with_message_variables.tsx b/x-pack/plugins/triggers_actions_ui/public/application/components/json_editor_with_message_variables.tsx index 5ea15deb53161..e1f368a3f5028 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/components/json_editor_with_message_variables.tsx +++ b/x-pack/plugins/triggers_actions_ui/public/application/components/json_editor_with_message_variables.tsx @@ -5,8 +5,10 @@ */ import React, { useState } from 'react'; import { EuiCodeEditor, EuiFormRow } from '@elastic/eui'; +import { XJsonMode } from '@kbn/ace'; + import './add_message_variables.scss'; -import { useXJsonMode } from '../../../../../../src/plugins/es_ui_shared/static/ace_x_json/hooks'; +import { XJson } from '../../../../../../src/plugins/es_ui_shared/public'; import { AddMessageVariables } from './add_message_variables'; import { ActionVariable } from '../../types'; @@ -23,6 +25,9 @@ interface Props { onBlur?: () => void; } +const { useXJsonMode } = XJson; +const xJsonMode = new XJsonMode(); + export const JsonEditorWithMessageVariables: React.FunctionComponent = ({ messageVariables, paramsProperty, @@ -36,7 +41,7 @@ export const JsonEditorWithMessageVariables: React.FunctionComponent = ({ }) => { const [cursorPosition, setCursorPosition] = useState(null); - const { xJsonMode, convertToJson, setXJson, xJson } = useXJsonMode(inputTargetValue ?? null); + const { convertToJson, setXJson, xJson } = useXJsonMode(inputTargetValue ?? null); const onSelectMessageVariable = (variable: string) => { const templatedVar = `{{${variable}}}`; diff --git a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_form.tsx b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_form.tsx index f2ae4d5533393..1dc3a9e3a8279 100644 --- a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_form.tsx +++ b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_form.tsx @@ -20,16 +20,20 @@ import { } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; +import { XJsonMode } from '@kbn/ace'; import { serializeJsonWatch } from '../../../../../../common/lib/serialization'; import { ErrableFormRow, SectionError, Error as ServerError } from '../../../../components'; -import { useXJsonMode } from '../../../../shared_imports'; +import { XJson } from '../../../../shared_imports'; import { onWatchSave } from '../../watch_edit_actions'; import { WatchContext } from '../../watch_context'; import { goToWatchList } from '../../../../lib/navigation'; import { RequestFlyout } from '../request_flyout'; import { useAppContext } from '../../../../app_context'; +const xJsonMode = new XJsonMode(); +const { useXJsonMode } = XJson; + export const JsonWatchEditForm = () => { const { links: { putWatchApiUrl }, @@ -37,7 +41,7 @@ export const JsonWatchEditForm = () => { } = useAppContext(); const { watch, setWatchProperty } = useContext(WatchContext); - const { xJsonMode, convertToJson, setXJson, xJson } = useXJsonMode(watch.watchString); + const { convertToJson, setXJson, xJson } = useXJsonMode(watch.watchString); const { errors } = watch.validate(); const hasErrors = !!Object.keys(errors).find((errorKey) => errors[errorKey].length >= 1); diff --git a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_simulate.tsx b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_simulate.tsx index 043e2e598bd02..23027e512c64c 100644 --- a/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_simulate.tsx +++ b/x-pack/plugins/watcher/public/application/sections/watch_edit/components/json_watch_edit/json_watch_edit_simulate.tsx @@ -24,6 +24,9 @@ import { } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; +import { XJsonMode } from '@kbn/ace'; + +const xJsonMode = new XJsonMode(); import { WatchHistoryItem } from '../../../../models/watch_history_item'; @@ -33,14 +36,16 @@ import { ExecutedWatchDetails, ExecutedWatchResults, } from '../../../../../../common/types/watch_types'; -import { ErrableFormRow } from '../../../../components/form_errors'; +import { ErrableFormRow } from '../../../../components'; import { executeWatch } from '../../../../lib/api'; import { WatchContext } from '../../watch_context'; import { JsonWatchEditSimulateResults } from './json_watch_edit_simulate_results'; import { getTimeUnitLabel } from '../../../../lib/get_time_unit_label'; import { useAppContext } from '../../../../app_context'; -import { useXJsonMode } from '../../../../shared_imports'; +import { XJson } from '../../../../shared_imports'; + +const { useXJsonMode } = XJson; const actionModeOptions = Object.keys(ACTION_MODES).map((mode) => ({ text: ACTION_MODES[mode], @@ -96,7 +101,7 @@ export const JsonWatchEditSimulate = ({ ignoreCondition, } = executeDetails; - const { setXJson, convertToJson, xJsonMode, xJson } = useXJsonMode(alternativeInput); + const { setXJson, convertToJson, xJson } = useXJsonMode(alternativeInput); const columns = [ { diff --git a/x-pack/plugins/watcher/public/application/shared_imports.ts b/x-pack/plugins/watcher/public/application/shared_imports.ts index 766e8e659c8ae..ad42b94bc837f 100644 --- a/x-pack/plugins/watcher/public/application/shared_imports.ts +++ b/x-pack/plugins/watcher/public/application/shared_imports.ts @@ -10,6 +10,5 @@ export { UseRequestConfig, sendRequest, useRequest, + XJson, } from '../../../../../src/plugins/es_ui_shared/public'; - -export { useXJsonMode } from '../../../../../src/plugins/es_ui_shared/static/ace_x_json/hooks'; From 1dd0c6a5700f609ca6b7e89ab2632c880570df7d Mon Sep 17 00:00:00 2001 From: Oliver Gupte Date: Thu, 24 Sep 2020 07:48:24 -0700 Subject: [PATCH 027/120] [APM] Service maps grouped external resource nodes (#78136) * Closes #78135 by implementing node grouping on service map data before it's rendered in the Cytoscape. * Truncates resource list items and updates api test snapshot * Added type for ConnectionElement rather using an ad hoc type, removed some unneeded ts-ignores --- x-pack/plugins/apm/common/service_map.ts | 34 ++ .../app/ServiceMap/Popover/Info.tsx | 63 ++- .../app/ServiceMap/cytoscapeOptions.ts | 2 +- .../service_map/group_resource_nodes.test.ts | 24 + .../lib/service_map/group_resource_nodes.ts | 139 +++++ .../group_resource_nodes_grouped.json | 140 ++++++ .../group_resource_nodes_pregrouped.json | 204 ++++++++ .../transform_service_map_responses.test.ts | 6 +- .../transform_service_map_responses.ts | 9 +- .../__snapshots__/service_maps.snap | 476 +++++++++--------- 10 files changed, 847 insertions(+), 250 deletions(-) create mode 100644 x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.test.ts create mode 100644 x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.ts create mode 100644 x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_grouped.json create mode 100644 x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_pregrouped.json diff --git a/x-pack/plugins/apm/common/service_map.ts b/x-pack/plugins/apm/common/service_map.ts index 1dc4d598cd2ee..02456f9b2050f 100644 --- a/x-pack/plugins/apm/common/service_map.ts +++ b/x-pack/plugins/apm/common/service_map.ts @@ -22,15 +22,30 @@ export interface ServiceConnectionNode extends cytoscape.NodeDataDefinition { [SERVICE_ENVIRONMENT]: string | null; [AGENT_NAME]: string; serviceAnomalyStats?: ServiceAnomalyStats; + label?: string; } export interface ExternalConnectionNode extends cytoscape.NodeDataDefinition { [SPAN_DESTINATION_SERVICE_RESOURCE]: string; [SPAN_TYPE]: string; [SPAN_SUBTYPE]: string; + label?: string; } export type ConnectionNode = ServiceConnectionNode | ExternalConnectionNode; +export interface ConnectionEdge { + id: string; + source: ConnectionNode['id']; + target: ConnectionNode['id']; + label?: string; + bidirectional?: boolean; + isInverseEdge?: boolean; +} + +export interface ConnectionElement { + data: ConnectionNode | ConnectionEdge; +} + export interface Connection { source: ConnectionNode; destination: ConnectionNode; @@ -57,3 +72,22 @@ export const invalidLicenseMessage = i18n.translate( "In order to access Service Maps, you must be subscribed to an Elastic Platinum license. With it, you'll have the ability to visualize your entire application stack along with your APM data.", } ); + +const NONGROUPED_SPANS: Record = { + aws: ['servicename'], + cache: ['all'], + db: ['all'], + external: ['graphql', 'grpc', 'websocket'], + messaging: ['all'], + template: ['handlebars'], +}; + +export function isSpanGroupingSupported(type?: string, subtype?: string) { + if (!type || !(type in NONGROUPED_SPANS)) { + return true; + } + return !NONGROUPED_SPANS[type].some( + (nongroupedSubType) => + nongroupedSubType === 'all' || nongroupedSubType === subtype + ); +} diff --git a/x-pack/plugins/apm/public/components/app/ServiceMap/Popover/Info.tsx b/x-pack/plugins/apm/public/components/app/ServiceMap/Popover/Info.tsx index 094cf032c4c9d..7771a232a5c9e 100644 --- a/x-pack/plugins/apm/public/components/app/ServiceMap/Popover/Info.tsx +++ b/x-pack/plugins/apm/public/components/app/ServiceMap/Popover/Info.tsx @@ -3,7 +3,11 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ - +import { + EuiDescriptionList, + EuiDescriptionListTitle, + EuiDescriptionListDescription, +} from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import cytoscape from 'cytoscape'; import React from 'react'; @@ -12,20 +16,27 @@ import { SPAN_SUBTYPE, SPAN_TYPE, } from '../../../../../common/elasticsearch_fieldnames'; +import { ExternalConnectionNode } from '../../../../../common/service_map'; const ItemRow = styled.div` line-height: 2; `; -const ItemTitle = styled.dt` - color: ${({ theme }) => theme.eui.textColors.subdued}; +const SubduedDescriptionListTitle = styled(EuiDescriptionListTitle)` + &&& { + color: ${({ theme }) => theme.eui.textColors.subdued}; + } `; -const ItemDescription = styled.dd``; +const ExternalResourcesList = styled.section` + max-height: 360px; + overflow: auto; +`; interface InfoProps extends cytoscape.NodeDataDefinition { type?: string; subtype?: string; + className?: string; } export function Info(data: InfoProps) { @@ -51,15 +62,51 @@ export function Info(data: InfoProps) { }, ]; + if (data.groupedConnections) { + return ( + + + {data.groupedConnections.map((resource: ExternalConnectionNode) => { + const title = + resource.label || resource['span.destination.service.resource']; + const desc = `${resource['span.type']} (${resource['span.subtype']})`; + return ( + <> + + {title} + + + {desc} + + + ); + })} + + + ); + } + return ( <> {listItems.map( ({ title, description }) => description && ( - - {title} - {description} - +
    + + + {title} + + + {description} + + +
    ) )} diff --git a/x-pack/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts b/x-pack/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts index 61ac9bd7cd54c..136be1c7d947c 100644 --- a/x-pack/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts +++ b/x-pack/plugins/apm/public/components/app/ServiceMap/cytoscapeOptions.ts @@ -136,7 +136,7 @@ const getStyle = (theme: EuiTheme): cytoscape.Stylesheet[] => { label: (el: cytoscape.NodeSingular) => isService(el) ? el.data(SERVICE_NAME) - : el.data(SPAN_DESTINATION_SERVICE_RESOURCE), + : el.data('label') || el.data(SPAN_DESTINATION_SERVICE_RESOURCE), 'min-zoomed-font-size': parseInt(theme.eui.euiSizeS, 10), 'overlay-opacity': 0, shape: (el: cytoscape.NodeSingular) => diff --git a/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.test.ts b/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.test.ts new file mode 100644 index 0000000000000..2a9a2daf1fe47 --- /dev/null +++ b/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.test.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { groupResourceNodes } from './group_resource_nodes'; +import preGroupedData from './mock_responses/group_resource_nodes_pregrouped.json'; +import expectedGroupedData from './mock_responses/group_resource_nodes_grouped.json'; + +describe('groupResourceNodes', () => { + it('should group external nodes', () => { + const responseWithGroups = groupResourceNodes(preGroupedData); + expect(responseWithGroups.elements).toHaveLength( + expectedGroupedData.elements.length + ); + for (const element of responseWithGroups.elements) { + const expectedElement = expectedGroupedData.elements.find( + ({ data: { id } }: { data: { id: string } }) => id === element.data.id + ); + expect(element).toMatchObject(expectedElement); + } + }); +}); diff --git a/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.ts b/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.ts new file mode 100644 index 0000000000000..37ddcdfcff719 --- /dev/null +++ b/x-pack/plugins/apm/server/lib/service_map/group_resource_nodes.ts @@ -0,0 +1,139 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import { i18n } from '@kbn/i18n'; +import { groupBy } from 'lodash'; +import { ValuesType } from 'utility-types'; +import { + SPAN_TYPE, + SPAN_SUBTYPE, +} from '../../../common/elasticsearch_fieldnames'; +import { + ConnectionElement, + isSpanGroupingSupported, +} from '../../../common/service_map'; + +const MINIMUM_GROUP_SIZE = 4; + +export function groupResourceNodes(responseData: { + elements: ConnectionElement[]; +}) { + type ElementDefinition = ValuesType; + const isEdge = (el: ElementDefinition) => + Boolean(el.data.source && el.data.target); + const isNode = (el: ElementDefinition) => !isEdge(el); + const isElligibleGroupNode = (el: ElementDefinition) => { + if (isNode(el) && 'span.type' in el.data) { + return isSpanGroupingSupported(el.data[SPAN_TYPE], el.data[SPAN_SUBTYPE]); + } + return false; + }; + const nodes = responseData.elements.filter(isNode); + const edges = responseData.elements.filter(isEdge); + + // create adjacency list by targets + const groupNodeCandidates = responseData.elements + .filter(isElligibleGroupNode) + .map(({ data: { id } }) => id); + const adjacencyListByTargetMap = new Map(); + edges.forEach(({ data: { source, target } }) => { + if (groupNodeCandidates.includes(target)) { + const sources = adjacencyListByTargetMap.get(target); + if (sources) { + sources.push(source); + } else { + adjacencyListByTargetMap.set(target, [source]); + } + } + }); + const adjacencyListByTarget = [...adjacencyListByTargetMap.entries()].map( + ([target, sources]) => ({ + target, + sources, + groupId: `resourceGroup{${sources.sort().join(';')}}`, + }) + ); + + // group by members + const nodeGroupsById = groupBy(adjacencyListByTarget, 'groupId'); + const nodeGroups = Object.keys(nodeGroupsById) + .map((id) => ({ + id, + sources: nodeGroupsById[id][0].sources, + targets: nodeGroupsById[id].map(({ target }) => target), + })) + .filter(({ targets }) => targets.length > MINIMUM_GROUP_SIZE - 1); + const ungroupedEdges = [...edges]; + const ungroupedNodes = [...nodes]; + nodeGroups.forEach(({ sources, targets }) => { + targets.forEach((target) => { + // removes grouped nodes from original node set: + const groupedNodeIndex = ungroupedNodes.findIndex( + ({ data }) => data.id === target + ); + ungroupedNodes.splice(groupedNodeIndex, 1); + sources.forEach((source) => { + // removes edges of grouped nodes from original edge set: + const groupedEdgeIndex = ungroupedEdges.findIndex( + ({ data }) => data.source === source && data.target === target + ); + ungroupedEdges.splice(groupedEdgeIndex, 1); + }); + }); + }); + + // add in a composite node for each new group + const groupedNodes = nodeGroups.map(({ id, targets }) => ({ + data: { + id, + 'span.type': 'external', + label: i18n.translate('xpack.apm.serviceMap.resourceCountLabel', { + defaultMessage: '{count} resources', + values: { count: targets.length }, + }), + groupedConnections: targets + .map((targetId) => { + const targetElement = nodes.find( + (element) => element.data.id === targetId + ); + if (!targetElement) { + return; + } + const { data } = targetElement; + return { label: data.label || data.id, ...data }; + }) + .filter((node) => !!node), + }, + })); + + // add new edges from source to new groups + const groupedEdges: Array<{ + data: { + id: string; + source: string; + target: string; + }; + }> = []; + nodeGroups.forEach(({ id, sources }) => { + sources.forEach((source) => { + groupedEdges.push({ + data: { + id: `${source}~>${id}`, + source, + target: id, + }, + }); + }); + }); + + return { + elements: [ + ...ungroupedNodes, + ...groupedNodes, + ...ungroupedEdges, + ...groupedEdges, + ], + }; +} diff --git a/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_grouped.json b/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_grouped.json new file mode 100644 index 0000000000000..e7bba585de180 --- /dev/null +++ b/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_grouped.json @@ -0,0 +1,140 @@ +{ + "elements": [ + { + "data": { + "id": "opbeans-rum", + "service.environment": "testing", + "service.name": "opbeans-rum", + "agent.name": "rum-js" + } + }, + { + "data": { + "source": "opbeans-rum", + "target": "opbeans-node", + "id": "opbeans-rum~>opbeans-node" + } + }, + { + "data": { + "id": "opbeans-node", + "service.environment": "testing", + "service.name": "opbeans-node", + "agent.name": "nodejs" + } + }, + { + "data": { + "source": "opbeans-node", + "target": "postgresql", + "id": "opbeans-node~>postgresql" + } + }, + { + "data": { + "id": "postgresql", + "span.subtype": "postgresql", + "span.destination.service.resource": "postgresql", + "span.type": "db", + "label": "postgresql" + } + }, + { + "data": { + "id": "elastic-co-rum-test", + "service.name": "elastic-co-rum-test", + "agent.name": "rum-js" + } + }, + { + "data": { + "id": "elastic-co-frontend", + "service.name": "elastic-co-frontend", + "agent.name": "rum-js" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "0.cdn.example.com:443", + "id": "elastic-co-frontend~>0.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "resourceGroup{elastic-co-frontend;elastic-co-rum-test}", + "id": "elastic-co-frontend~>resourceGroup{elastic-co-frontend;elastic-co-rum-test}" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "resourceGroup{elastic-co-frontend;elastic-co-rum-test}", + "id": "elastic-co-rum-test~>resourceGroup{elastic-co-frontend;elastic-co-rum-test}" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "6.cdn.example.com:443", + "id": "elastic-co-rum-test~>6.cdn.example.com:443" + } + }, + { + "data": { + "id": "resourceGroup{elastic-co-frontend;elastic-co-rum-test}", + "span.type": "external", + "label": "5 resources", + "groupedConnections": [ + { + "label": "1.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "1.cdn.example.com:443" + }, + { + "label": "2.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "2.cdn.example.com:443" + }, + { + "label": "3.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "3.cdn.example.com:443" + }, + { + "label": "4.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "4.cdn.example.com:443" + }, + { + "label": "5.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "5.cdn.example.com:443" + } + ] + } + }, + { + "data": { + "id": "0.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "0.cdn.example.com:443" + } + }, + { + "data": { + "id": "6.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "6.cdn.example.com:443" + } + } + ] +} diff --git a/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_pregrouped.json b/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_pregrouped.json new file mode 100644 index 0000000000000..22c5c50de7472 --- /dev/null +++ b/x-pack/plugins/apm/server/lib/service_map/mock_responses/group_resource_nodes_pregrouped.json @@ -0,0 +1,204 @@ +{ + "elements": [ + { + "data": { + "id": "opbeans-rum", + "service.environment": "testing", + "service.name": "opbeans-rum", + "agent.name": "rum-js" + } + }, + { + "data": { + "source": "opbeans-rum", + "target": "opbeans-node", + "id": "opbeans-rum~>opbeans-node" + } + }, + { + "data": { + "id": "opbeans-node", + "service.environment": "testing", + "service.name": "opbeans-node", + "agent.name": "nodejs" + } + }, + { + "data": { + "source": "opbeans-node", + "target": "postgresql", + "id": "opbeans-node~>postgresql" + } + }, + { + "data": { + "id": "postgresql", + "span.subtype": "postgresql", + "span.destination.service.resource": "postgresql", + "span.type": "db", + "label": "postgresql" + } + }, + { + "data": { + "id": "elastic-co-rum-test", + "service.name": "elastic-co-rum-test", + "agent.name": "rum-js" + } + }, + { + "data": { + "id": "elastic-co-frontend", + "service.name": "elastic-co-frontend", + "agent.name": "rum-js" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "0.cdn.example.com:443", + "id": "elastic-co-frontend~>0.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "1.cdn.example.com:443", + "id": "elastic-co-frontend~>1.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "2.cdn.example.com:443", + "id": "elastic-co-frontend~>2.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "3.cdn.example.com:443", + "id": "elastic-co-frontend~>3.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "4.cdn.example.com:443", + "id": "elastic-co-frontend~>4.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-frontend", + "target": "5.cdn.example.com:443", + "id": "elastic-co-frontend~>5.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "1.cdn.example.com:443", + "id": "elastic-co-rum-test~>1.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "2.cdn.example.com:443", + "id": "elastic-co-rum-test~>2.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "3.cdn.example.com:443", + "id": "elastic-co-rum-test~>3.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "4.cdn.example.com:443", + "id": "elastic-co-rum-test~>4.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "5.cdn.example.com:443", + "id": "elastic-co-rum-test~>5.cdn.example.com:443" + } + }, + { + "data": { + "source": "elastic-co-rum-test", + "target": "6.cdn.example.com:443", + "id": "elastic-co-rum-test~>6.cdn.example.com:443" + } + }, + { + "data": { + "id": "0.cdn.example.com:443", + "label": "0.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "0.cdn.example.com:443" + } + }, + { + "data": { + "id": "1.cdn.example.com:443", + "label": "1.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "1.cdn.example.com:443" + } + }, + { + "data": { + "id": "2.cdn.example.com:443", + "label": "2.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "2.cdn.example.com:443" + } + }, + { + "data": { + "id": "3.cdn.example.com:443", + "label": "3.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "3.cdn.example.com:443" + } + }, + { + "data": { + "id": "4.cdn.example.com:443", + "label": "4.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "4.cdn.example.com:443" + } + }, + { + "data": { + "id": "5.cdn.example.com:443", + "label": "5.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "5.cdn.example.com:443" + } + }, + { + "data": { + "id": "6.cdn.example.com:443", + "label": "6.cdn.example.com:443", + "span.type": "external", + "span.subtype": "http", + "span.destination.service.resource": "6.cdn.example.com:443" + } + } + ] +} diff --git a/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.test.ts b/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.test.ts index f30b80feda302..7d832c91022e5 100644 --- a/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.test.ts +++ b/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.test.ts @@ -75,7 +75,11 @@ describe('transformServiceMapResponses', () => { (element) => 'source' in element.data && 'target' in element.data ); - expect(connection?.data.target).toBe('opbeans-node'); + expect(connection).toHaveProperty('data'); + expect(connection?.data).toHaveProperty('target'); + if (connection?.data && 'target' in connection.data) { + expect(connection.data.target).toBe('opbeans-node'); + } expect( elements.find((element) => element.data.id === '>opbeans-node') diff --git a/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.ts b/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.ts index 7f5e34f68f922..e2af4315e41a1 100644 --- a/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.ts +++ b/x-pack/plugins/apm/server/lib/service_map/transform_service_map_responses.ts @@ -16,9 +16,11 @@ import { ConnectionNode, ServiceConnectionNode, ExternalConnectionNode, + ConnectionElement, } from '../../../common/service_map'; import { ConnectionsResponse, ServicesResponse } from './get_service_map'; import { ServiceAnomaliesResponse } from './get_service_anomalies'; +import { groupResourceNodes } from './group_resource_nodes'; function getConnectionNodeId(node: ConnectionNode): string { if ('span.destination.service.resource' in node) { @@ -213,9 +215,12 @@ export function transformServiceMapResponses(response: ServiceMapResponse) { }, []); // Put everything together in elements, with everything in the "data" property - const elements = [...dedupedConnections, ...dedupedNodes].map((element) => ({ + const elements: ConnectionElement[] = [ + ...dedupedConnections, + ...dedupedNodes, + ].map((element) => ({ data: element, })); - return { elements }; + return groupResourceNodes({ elements }); } diff --git a/x-pack/test/apm_api_integration/trial/tests/service_maps/__snapshots__/service_maps.snap b/x-pack/test/apm_api_integration/trial/tests/service_maps/__snapshots__/service_maps.snap index 8a3929f1e9ba6..320ffd5a98696 100644 --- a/x-pack/test/apm_api_integration/trial/tests/service_maps/__snapshots__/service_maps.snap +++ b/x-pack/test/apm_api_integration/trial/tests/service_maps/__snapshots__/service_maps.snap @@ -65,6 +65,130 @@ Object { exports[`Service Maps with a trial license /api/apm/service-map when there is data returns the correct data 3`] = ` Array [ + Object { + "data": Object { + "agent.name": "rum-js", + "id": "opbeans-rum", + "service.environment": "testing", + "service.name": "opbeans-rum", + "serviceAnomalyStats": Object { + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-environment_not_defined-7ed6-high_mean_transaction_duration", + "transactionType": "page-load", + }, + }, + }, + Object { + "data": Object { + "agent.name": "python", + "id": "opbeans-python", + "service.environment": "production", + "service.name": "opbeans-python", + "serviceAnomalyStats": Object { + "actualValue": 66218.0833333333, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, + }, + }, + Object { + "data": Object { + "agent.name": "java", + "id": "opbeans-java", + "service.environment": "production", + "service.name": "opbeans-java", + "serviceAnomalyStats": Object { + "actualValue": 14901.32, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, + }, + }, + Object { + "data": Object { + "agent.name": "nodejs", + "id": "opbeans-node", + "service.environment": "testing", + "service.name": "opbeans-node", + "serviceAnomalyStats": Object { + "actualValue": 32226.649122807, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-testing-d457-high_mean_transaction_duration", + "transactionType": "request", + }, + }, + }, + Object { + "data": Object { + "agent.name": "go", + "id": "opbeans-go", + "service.environment": "testing", + "service.name": "opbeans-go", + "serviceAnomalyStats": Object { + "actualValue": 3933482.17647059, + "anomalyScore": 2.61017027514827, + "healthStatus": "healthy", + "jobId": "apm-testing-d457-high_mean_transaction_duration", + "transactionType": "request", + }, + }, + }, + Object { + "data": Object { + "agent.name": "ruby", + "id": "opbeans-ruby", + "service.environment": "production", + "service.name": "opbeans-ruby", + "serviceAnomalyStats": Object { + "actualValue": 684716.581395349, + "anomalyScore": 0.204989077199074, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, + }, + }, + Object { + "data": Object { + "id": ">postgresql", + "label": "postgresql", + "span.destination.service.resource": "postgresql", + "span.subtype": "postgresql", + "span.type": "db", + }, + }, + Object { + "data": Object { + "id": ">elasticsearch", + "label": "elasticsearch", + "span.destination.service.resource": "elasticsearch", + "span.subtype": "elasticsearch", + "span.type": "db", + }, + }, + Object { + "data": Object { + "id": ">redis", + "label": "redis", + "span.destination.service.resource": "redis", + "span.subtype": "redis", + "span.type": "db", + }, + }, + Object { + "data": Object { + "agent.name": "dotnet", + "id": "opbeans-dotnet", + "service.environment": null, + "service.name": "opbeans-dotnet", + }, + }, Object { "data": Object { "id": "opbeans-go~>postgresql", @@ -921,136 +1045,136 @@ Array [ }, }, }, - Object { - "data": Object { - "agent.name": "rum-js", - "id": "opbeans-rum", - "service.environment": "testing", - "service.name": "opbeans-rum", - "serviceAnomalyStats": Object { - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-environment_not_defined-7ed6-high_mean_transaction_duration", - "transactionType": "page-load", +] +`; + +exports[`Service Maps with a trial license when there is data with anomalies returns the correct anomaly stats 3`] = ` +Object { + "elements": Array [ + Object { + "data": Object { + "agent.name": "rum-js", + "id": "opbeans-rum", + "service.environment": "testing", + "service.name": "opbeans-rum", + "serviceAnomalyStats": Object { + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-environment_not_defined-7ed6-high_mean_transaction_duration", + "transactionType": "page-load", + }, }, }, - }, - Object { - "data": Object { - "agent.name": "python", - "id": "opbeans-python", - "service.environment": "production", - "service.name": "opbeans-python", - "serviceAnomalyStats": Object { - "actualValue": 66218.0833333333, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", + Object { + "data": Object { + "agent.name": "python", + "id": "opbeans-python", + "service.environment": "production", + "service.name": "opbeans-python", + "serviceAnomalyStats": Object { + "actualValue": 66218.0833333333, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, }, }, - }, - Object { - "data": Object { - "agent.name": "java", - "id": "opbeans-java", - "service.environment": "production", - "service.name": "opbeans-java", - "serviceAnomalyStats": Object { - "actualValue": 14901.32, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", + Object { + "data": Object { + "agent.name": "java", + "id": "opbeans-java", + "service.environment": "production", + "service.name": "opbeans-java", + "serviceAnomalyStats": Object { + "actualValue": 14901.32, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, }, }, - }, - Object { - "data": Object { - "agent.name": "nodejs", - "id": "opbeans-node", - "service.environment": "testing", - "service.name": "opbeans-node", - "serviceAnomalyStats": Object { - "actualValue": 32226.649122807, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-testing-d457-high_mean_transaction_duration", - "transactionType": "request", + Object { + "data": Object { + "agent.name": "nodejs", + "id": "opbeans-node", + "service.environment": "testing", + "service.name": "opbeans-node", + "serviceAnomalyStats": Object { + "actualValue": 32226.649122807, + "anomalyScore": 0, + "healthStatus": "healthy", + "jobId": "apm-testing-d457-high_mean_transaction_duration", + "transactionType": "request", + }, }, }, - }, - Object { - "data": Object { - "agent.name": "go", - "id": "opbeans-go", - "service.environment": "testing", - "service.name": "opbeans-go", - "serviceAnomalyStats": Object { - "actualValue": 3933482.17647059, - "anomalyScore": 2.61017027514827, - "healthStatus": "healthy", - "jobId": "apm-testing-d457-high_mean_transaction_duration", - "transactionType": "request", + Object { + "data": Object { + "agent.name": "go", + "id": "opbeans-go", + "service.environment": "testing", + "service.name": "opbeans-go", + "serviceAnomalyStats": Object { + "actualValue": 3933482.17647059, + "anomalyScore": 2.61017027514827, + "healthStatus": "healthy", + "jobId": "apm-testing-d457-high_mean_transaction_duration", + "transactionType": "request", + }, }, }, - }, - Object { - "data": Object { - "agent.name": "ruby", - "id": "opbeans-ruby", - "service.environment": "production", - "service.name": "opbeans-ruby", - "serviceAnomalyStats": Object { - "actualValue": 684716.581395349, - "anomalyScore": 0.204989077199074, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", + Object { + "data": Object { + "agent.name": "ruby", + "id": "opbeans-ruby", + "service.environment": "production", + "service.name": "opbeans-ruby", + "serviceAnomalyStats": Object { + "actualValue": 684716.581395349, + "anomalyScore": 0.204989077199074, + "healthStatus": "healthy", + "jobId": "apm-production-229a-high_mean_transaction_duration", + "transactionType": "request", + }, }, }, - }, - Object { - "data": Object { - "id": ">postgresql", - "label": "postgresql", - "span.destination.service.resource": "postgresql", - "span.subtype": "postgresql", - "span.type": "db", + Object { + "data": Object { + "id": ">postgresql", + "label": "postgresql", + "span.destination.service.resource": "postgresql", + "span.subtype": "postgresql", + "span.type": "db", + }, }, - }, - Object { - "data": Object { - "id": ">elasticsearch", - "label": "elasticsearch", - "span.destination.service.resource": "elasticsearch", - "span.subtype": "elasticsearch", - "span.type": "db", + Object { + "data": Object { + "id": ">elasticsearch", + "label": "elasticsearch", + "span.destination.service.resource": "elasticsearch", + "span.subtype": "elasticsearch", + "span.type": "db", + }, }, - }, - Object { - "data": Object { - "id": ">redis", - "label": "redis", - "span.destination.service.resource": "redis", - "span.subtype": "redis", - "span.type": "db", + Object { + "data": Object { + "id": ">redis", + "label": "redis", + "span.destination.service.resource": "redis", + "span.subtype": "redis", + "span.type": "db", + }, }, - }, - Object { - "data": Object { - "agent.name": "dotnet", - "id": "opbeans-dotnet", - "service.environment": null, - "service.name": "opbeans-dotnet", + Object { + "data": Object { + "agent.name": "dotnet", + "id": "opbeans-dotnet", + "service.environment": null, + "service.name": "opbeans-dotnet", + }, }, - }, -] -`; - -exports[`Service Maps with a trial license when there is data with anomalies returns the correct anomaly stats 3`] = ` -Object { - "elements": Array [ Object { "data": Object { "id": "opbeans-go~>postgresql", @@ -1907,130 +2031,6 @@ Object { }, }, }, - Object { - "data": Object { - "agent.name": "rum-js", - "id": "opbeans-rum", - "service.environment": "testing", - "service.name": "opbeans-rum", - "serviceAnomalyStats": Object { - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-environment_not_defined-7ed6-high_mean_transaction_duration", - "transactionType": "page-load", - }, - }, - }, - Object { - "data": Object { - "agent.name": "python", - "id": "opbeans-python", - "service.environment": "production", - "service.name": "opbeans-python", - "serviceAnomalyStats": Object { - "actualValue": 66218.0833333333, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", - }, - }, - }, - Object { - "data": Object { - "agent.name": "java", - "id": "opbeans-java", - "service.environment": "production", - "service.name": "opbeans-java", - "serviceAnomalyStats": Object { - "actualValue": 14901.32, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", - }, - }, - }, - Object { - "data": Object { - "agent.name": "nodejs", - "id": "opbeans-node", - "service.environment": "testing", - "service.name": "opbeans-node", - "serviceAnomalyStats": Object { - "actualValue": 32226.649122807, - "anomalyScore": 0, - "healthStatus": "healthy", - "jobId": "apm-testing-d457-high_mean_transaction_duration", - "transactionType": "request", - }, - }, - }, - Object { - "data": Object { - "agent.name": "go", - "id": "opbeans-go", - "service.environment": "testing", - "service.name": "opbeans-go", - "serviceAnomalyStats": Object { - "actualValue": 3933482.17647059, - "anomalyScore": 2.61017027514827, - "healthStatus": "healthy", - "jobId": "apm-testing-d457-high_mean_transaction_duration", - "transactionType": "request", - }, - }, - }, - Object { - "data": Object { - "agent.name": "ruby", - "id": "opbeans-ruby", - "service.environment": "production", - "service.name": "opbeans-ruby", - "serviceAnomalyStats": Object { - "actualValue": 684716.581395349, - "anomalyScore": 0.204989077199074, - "healthStatus": "healthy", - "jobId": "apm-production-229a-high_mean_transaction_duration", - "transactionType": "request", - }, - }, - }, - Object { - "data": Object { - "id": ">postgresql", - "label": "postgresql", - "span.destination.service.resource": "postgresql", - "span.subtype": "postgresql", - "span.type": "db", - }, - }, - Object { - "data": Object { - "id": ">elasticsearch", - "label": "elasticsearch", - "span.destination.service.resource": "elasticsearch", - "span.subtype": "elasticsearch", - "span.type": "db", - }, - }, - Object { - "data": Object { - "id": ">redis", - "label": "redis", - "span.destination.service.resource": "redis", - "span.subtype": "redis", - "span.type": "db", - }, - }, - Object { - "data": Object { - "agent.name": "dotnet", - "id": "opbeans-dotnet", - "service.environment": null, - "service.name": "opbeans-dotnet", - }, - }, ], } `; From 6345acaf3551da2bf02573d0b225b0dcaedbf48c Mon Sep 17 00:00:00 2001 From: Jean-Louis Leysens Date: Thu, 24 Sep 2020 16:51:26 +0200 Subject: [PATCH 028/120] [Ingest Node Pipelines] New patterns component for Grok processor (#76533) * wip, issues with use fields getting cleared somehow * New drag and drop text list component - updated use array to add its own field so that we hook into form - added new drag and drop list component - wip on validation (empty lists validate immediately, which it should not) * remove box shadow from editor fields * Style grok patterns based on drag and drop in component templates - still have the issue with validation - need to get some design review at this point * fix i18n * update use_array - maintain the same API though * Grok processor should use the new use array interface - also fix the documentation using links in the processor type description. react was unhappy about hook order changing * fix patterns field validation to check validity of pattern entires * fix drag item styling * fix use of form in use effect and update behaviour of submit button * added smoke test for grok component * fix i18n * Implement PR feedback * Implemented design feedback - decreased spacing between list items and button - fixed a11y issue between label and first text field - moved help text to under label - refactored all of the field layout logic into drag and drop text list component. Co-authored-by: Elastic Machine --- .../processor_form/add_processor_form.tsx | 1 + .../processor_form/edit_processor_form.tsx | 1 + .../drag_and_drop_text_list.scss | 28 +++ .../drag_and_drop_text_list.tsx | 210 ++++++++++++++++++ .../processor_form/field_components/index.ts | 1 + .../field_components/text_editor.scss | 5 + .../field_components/text_editor.tsx | 8 +- .../processor_form.container.tsx | 10 +- .../common_fields/processor_type_field.tsx | 7 +- .../processor_form/processors/grok.test.tsx | 56 +++++ .../processor_form/processors/grok.tsx | 57 ++++- .../shared/map_processor_type_to_form.tsx | 15 +- .../ingest_pipelines/public/shared_imports.ts | 4 + 13 files changed, 370 insertions(+), 33 deletions(-) create mode 100644 x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.scss create mode 100644 x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.tsx create mode 100644 x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.scss create mode 100644 x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/grok.test.tsx diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/add_processor_form.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/add_processor_form.tsx index 5231a3d17811b..b663daedd9b9c 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/add_processor_form.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/add_processor_form.tsx @@ -118,6 +118,7 @@ export const AddProcessorForm: FunctionComponent = ({ { await handleSubmit(); diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/edit_processor_form.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/edit_processor_form.tsx index e449ed75b6343..d9feaaffa5aec 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/edit_processor_form.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/edit_processor_form.tsx @@ -234,6 +234,7 @@ export const EditProcessorForm: FunctionComponent = ({ { if (activeTab === 'output') { diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.scss b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.scss new file mode 100644 index 0000000000000..2f563d86a6d4a --- /dev/null +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.scss @@ -0,0 +1,28 @@ +.pipelineProcessorsEditor__form__dragAndDropList { + &__panel { + background-color: $euiColorLightestShade; + padding: $euiSizeM; + } + + &__grabIcon { + margin-right: $euiSizeS; + } + + &__removeButton { + margin-left: $euiSizeS; + } + + &__errorIcon { + margin-left: -$euiSizeXL; + } + + &__item { + background-color: $euiColorLightestShade; + padding-top: $euiSizeS; + padding-bottom: $euiSizeS; + } + + &__labelContainer { + margin-bottom: $euiSizeXS; + } +} diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.tsx new file mode 100644 index 0000000000000..63e1fdaa9a8f0 --- /dev/null +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/drag_and_drop_text_list.tsx @@ -0,0 +1,210 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { i18n } from '@kbn/i18n'; +import React, { useState, useCallback, memo } from 'react'; +import uuid from 'uuid'; +import { + EuiButtonEmpty, + EuiButtonIcon, + EuiDragDropContext, + EuiDraggable, + EuiDroppable, + EuiFlexGroup, + EuiFlexItem, + EuiIcon, + EuiFieldText, + EuiIconTip, + EuiFormRow, + EuiText, +} from '@elastic/eui'; + +import { + UseField, + ArrayItem, + ValidationFunc, + getFieldValidityAndErrorMessage, +} from '../../../../../../shared_imports'; + +import './drag_and_drop_text_list.scss'; + +interface Props { + label: string; + helpText: React.ReactNode; + error: string | null; + value: ArrayItem[]; + onMove: (sourceIdx: number, destinationIdx: number) => void; + onAdd: () => void; + onRemove: (id: number) => void; + addLabel: string; + /** + * Validation to be applied to every text item + */ + textValidation?: ValidationFunc; +} + +const i18nTexts = { + removeItemButtonAriaLabel: i18n.translate( + 'xpack.ingestPipelines.pipelineEditor.dragAndDropList.removeItemLabel', + { defaultMessage: 'Remove item' } + ), +}; + +function DragAndDropTextListComponent({ + label, + helpText, + error, + value, + onMove, + onAdd, + onRemove, + addLabel, + textValidation, +}: Props): JSX.Element { + const [droppableId] = useState(() => uuid.v4()); + const [firstItemId] = useState(() => uuid.v4()); + + const onDragEnd = useCallback( + ({ source, destination }) => { + if (source && destination) { + onMove(source.index, destination.index); + } + }, + [onMove] + ); + return ( + + <> + {/* Label and help text. Also wire up the htmlFor so the label points to the first text field. */} + + + + + + + + +

    {helpText}

    +     +     +     + + {/* The processor panel */} +
    + + + {value.map((item, idx) => { + return ( + + {(provided) => { + return ( + + +
    + +
    +     + + + path={item.path} + config={{ + validations: textValidation + ? [{ validator: textValidation }] + : undefined, + }} + readDefaultValueOnForm={!item.isNew} + > + {(field) => { + const { isInvalid, errorMessage } = getFieldValidityAndErrorMessage( + field + ); + return ( + + + + + {typeof errorMessage === 'string' && ( + +
    + +
    +     + )} +     + ); + }} + +     + + {value.length > 1 ? ( + onRemove(item.id)} + /> + ) : ( + // Render a no-op placeholder button + + )} + +     + ); + }} +     + ); + })} +     +     + + {addLabel} + +
    + +     + ); +} + +export const DragAndDropTextList = memo( + DragAndDropTextListComponent +) as typeof DragAndDropTextListComponent; diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/index.ts b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/index.ts index 6ce9eefd26445..605568f90ce9f 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/index.ts +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/index.ts @@ -4,5 +4,6 @@ * you may not use this file except in compliance with the Elastic License. */ +export { DragAndDropTextList } from './drag_and_drop_text_list'; export { XJsonEditor } from './xjson_editor'; export { TextEditor } from './text_editor'; diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.scss b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.scss new file mode 100644 index 0000000000000..f48e19fd0e635 --- /dev/null +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.scss @@ -0,0 +1,5 @@ +.pipelineProcessorsEditor__form__textEditor { + &__panel { + box-shadow: none; + } +} diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.tsx index 1d0e36c0d526c..88b4a0aa2be06 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/field_components/text_editor.tsx @@ -13,6 +13,8 @@ import { getFieldValidityAndErrorMessage, } from '../../../../../../shared_imports'; +import './text_editor.scss'; + interface Props { field: FieldHook; editorProps: { [key: string]: any }; @@ -30,7 +32,11 @@ export const TextEditor: FunctionComponent = ({ field, editorProps }) => error={errorMessage} fullWidth > - + diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processor_form.container.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processor_form.container.tsx index c3b1799ac2a28..25c9579e3c48e 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processor_form.container.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processor_form.container.tsx @@ -60,6 +60,7 @@ export const ProcessorFormContainer: FunctionComponent = ({ const { form } = useForm({ defaultValue: { fields: getProcessor().options }, }); + const { subscribe } = form; const handleSubmit = useCallback( async (shouldCloseFlyout: boolean = true) => { @@ -92,14 +93,9 @@ export const ProcessorFormContainer: FunctionComponent = ({ }, [onSubmit, processor]); useEffect(() => { - const subscription = form.subscribe(onFormUpdate); + const subscription = subscribe(onFormUpdate); return subscription.unsubscribe; - - // TODO: Address this issue - // For some reason adding `form` object to the dependencies array here is causing an - // infinite update loop. - // eslint-disable-next-line react-hooks/exhaustive-deps - }, [onFormUpdate]); + }, [onFormUpdate, subscribe]); if (processor) { return ( diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/common_fields/processor_type_field.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/common_fields/processor_type_field.tsx index 3264923442886..5b3df63a11294 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/common_fields/processor_type_field.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/common_fields/processor_type_field.tsx @@ -14,6 +14,7 @@ import { FieldConfig, UseField, fieldValidators, + useKibana, } from '../../../../../../../shared_imports'; import { getProcessorDescriptor, mapProcessorTypeToDescriptor } from '../../../shared'; @@ -64,6 +65,10 @@ const typeConfig: FieldConfig = { }; export const ProcessorTypeField: FunctionComponent = ({ initialType }) => { + const { + services: { documentation }, + } = useKibana(); + const esDocUrl = documentation.getEsDocsBasePath(); return ( config={typeConfig} defaultValue={initialType} path="type"> {(typeField) => { @@ -107,7 +112,7 @@ export const ProcessorTypeField: FunctionComponent = ({ initialType }) => {}; + (this as any).terminate = () => {}; +}; + +describe('', () => { + const setup = (props?: { defaultValue: Record }) => { + function MyComponent() { + const { form } = useForm({ defaultValue: props?.defaultValue }); + const i18n = i18nServiceMock.createStartContract(); + return ( + + +
    + + +
    +     + ); + } + return mount(); + }; + + beforeAll(() => { + // disable all react-beautiful-dnd development warnings + (window as any)['__react-beautiful-dnd-disable-dev-warnings'] = true; + }); + + afterAll(() => { + // enable all react-beautiful-dnd development warnings + (window as any)['__react-beautiful-dnd-disable-dev-warnings'] = false; + }); + test('smoke', () => { + setup({ defaultValue: { type: 'grok', fields: { patterns: ['test'] } } }); + }); +}); diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/grok.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/grok.tsx index c5c6adbe2a7a8..5df30be3407a2 100644 --- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/grok.tsx +++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processor_form/processors/grok.tsx @@ -10,24 +10,46 @@ import { i18n } from '@kbn/i18n'; import { FIELD_TYPES, UseField, - ComboBoxField, + UseArray, ToggleField, fieldValidators, + ValidationFunc, + ArrayItem, } from '../../../../../../shared_imports'; -import { XJsonEditor } from '../field_components'; +import { XJsonEditor, DragAndDropTextList } from '../field_components'; import { FieldNameField } from './common_fields/field_name_field'; import { IgnoreMissingField } from './common_fields/ignore_missing_field'; import { FieldsConfig, to, from, EDITOR_PX_HEIGHT } from './shared'; -const { emptyField, isJsonField } = fieldValidators; +const { isJsonField, emptyField } = fieldValidators; + +const i18nTexts = { + addPatternLabel: i18n.translate( + 'xpack.ingestPipelines.pipelineEditor.grokForm.patternsAddPatternLabel', + { defaultMessage: 'Add pattern' } + ), +}; + +const valueRequiredMessage = i18n.translate( + 'xpack.ingestPipelines.pipelineEditor.grokForm.patternsValueRequiredError', + { defaultMessage: 'A value is required.' } +); + +const patternsValidation: ValidationFunc = ({ value, formData }) => { + if (value.length === 0) { + return { + message: valueRequiredMessage, + }; + } +}; + +const patternValidation = emptyField(valueRequiredMessage); const fieldsConfig: FieldsConfig = { /* Required field configs */ patterns: { - type: FIELD_TYPES.COMBO_BOX, - deserializer: to.arrayOfStrings, label: i18n.translate('xpack.ingestPipelines.pipelineEditor.grokForm.patternsFieldLabel', { defaultMessage: 'Patterns', }), @@ -37,12 +59,7 @@ const fieldsConfig: FieldsConfig = { }), validations: [ { - validator: emptyField( - i18n.translate( - 'xpack.ingestPipelines.pipelineEditor.grokForm.patternsValueRequiredError', - { defaultMessage: 'A value is required.' } - ) - ), + validator: patternsValidation as ValidationFunc, }, ], }, @@ -103,7 +120,23 @@ export const Grok: FunctionComponent = () => { )} /> - + + {({ items, addItem, removeItem, moveItem, error }) => { + return ( + + ); + }} + ReactNode); } type MapProcessorTypeToDescriptor = Record; @@ -176,11 +175,7 @@ export const mapProcessorTypeToDescriptor: MapProcessorTypeToDescriptor = { label: i18n.translate('xpack.ingestPipelines.processors.label.enrich', { defaultMessage: 'Enrich', }), - description: function Description() { - const { - services: { documentation }, - } = useKibana(); - const esDocUrl = documentation.getEsDocsBasePath(); + description: (esDocUrl) => { return ( { return ( _useKibana(); From d5713582541eaabfe3a597969479bca789caeec0 Mon Sep 17 00:00:00 2001 From: Josh Dover Date: Thu, 24 Sep 2020 08:54:46 -0600 Subject: [PATCH 029/120] Add more robust error handling to OsCgroupMetricsCollector (#78213) Co-authored-by: Elastic Machine --- .../server/metrics/collectors/cgroup.test.ts | 27 +++++++++++++++++-- src/core/server/metrics/collectors/cgroup.ts | 21 ++++++++++----- src/core/server/metrics/collectors/os.test.ts | 3 ++- src/core/server/metrics/collectors/os.ts | 9 +++++-- src/core/server/metrics/metrics_service.ts | 5 +++- .../metrics/ops_metrics_collector.test.ts | 3 ++- 6 files changed, 55 insertions(+), 13 deletions(-) diff --git a/src/core/server/metrics/collectors/cgroup.test.ts b/src/core/server/metrics/collectors/cgroup.test.ts index 39f917b9f0ba1..163646bf55424 100644 --- a/src/core/server/metrics/collectors/cgroup.test.ts +++ b/src/core/server/metrics/collectors/cgroup.test.ts @@ -18,6 +18,7 @@ */ import mockFs from 'mock-fs'; +import { loggerMock } from '@kbn/logging/target/mocks'; import { OsCgroupMetricsCollector } from './cgroup'; describe('OsCgroupMetricsCollector', () => { @@ -30,8 +31,10 @@ describe('OsCgroupMetricsCollector', () => { }, }); - const collector = new OsCgroupMetricsCollector({}); + const logger = loggerMock.create(); + const collector = new OsCgroupMetricsCollector({ logger }); expect(await collector.collect()).toEqual({}); + expect(logger.error).not.toHaveBeenCalled(); }); it('collects default cgroup data', async () => { @@ -51,7 +54,7 @@ throttled_time 666 `, }); - const collector = new OsCgroupMetricsCollector({}); + const collector = new OsCgroupMetricsCollector({ logger: loggerMock.create() }); expect(await collector.collect()).toMatchInlineSnapshot(` Object { "cpu": Object { @@ -90,6 +93,7 @@ throttled_time 666 }); const collector = new OsCgroupMetricsCollector({ + logger: loggerMock.create(), cpuAcctPath: 'xxcustomcpuacctxx', cpuPath: 'xxcustomcpuxx', }); @@ -112,4 +116,23 @@ throttled_time 666 } `); }); + + it('returns empty object and logs error on an EACCES error', async () => { + mockFs({ + '/proc/self/cgroup': ` +123:memory:/groupname +123:cpu:/groupname +123:cpuacct:/groupname + `, + '/sys/fs/cgroup': mockFs.directory({ mode: parseInt('0000', 8) }), + }); + + const logger = loggerMock.create(); + + const collector = new OsCgroupMetricsCollector({ logger }); + expect(await collector.collect()).toEqual({}); + expect(logger.error).toHaveBeenCalledWith( + "cgroup metrics could not be read due to error: [Error: EACCES, permission denied '/sys/fs/cgroup/cpuacct/groupname/cpuacct.usage']" + ); + }); }); diff --git a/src/core/server/metrics/collectors/cgroup.ts b/src/core/server/metrics/collectors/cgroup.ts index 867ea44dff1ae..42f5d30d115fe 100644 --- a/src/core/server/metrics/collectors/cgroup.ts +++ b/src/core/server/metrics/collectors/cgroup.ts @@ -19,11 +19,13 @@ import fs from 'fs'; import { join as joinPath } from 'path'; +import { Logger } from '@kbn/logging'; import { MetricsCollector, OpsOsMetrics } from './types'; type OsCgroupMetrics = Pick; interface OsCgroupMetricsCollectorOptions { + logger: Logger; cpuPath?: string; cpuAcctPath?: string; } @@ -38,8 +40,12 @@ export class OsCgroupMetricsCollector implements MetricsCollector { try { + if (this.noCgroupPresent) { + return {}; + } + await this.initializePaths(); - if (this.noCgroupPresent || !this.cpuAcctPath || !this.cpuPath) { + if (!this.cpuAcctPath || !this.cpuPath) { return {}; } @@ -64,12 +70,15 @@ export class OsCgroupMetricsCollector implements MetricsCollector (cb: Function) => cb(null, { dist: 'distrib', release: 'release' })); +import { loggerMock } from '@kbn/logging/target/mocks'; import os from 'os'; import { cgroupCollectorMock } from './os.test.mocks'; import { OsMetricsCollector } from './os'; @@ -27,7 +28,7 @@ describe('OsMetricsCollector', () => { let collector: OsMetricsCollector; beforeEach(() => { - collector = new OsMetricsCollector(); + collector = new OsMetricsCollector({ logger: loggerMock.create() }); cgroupCollectorMock.collect.mockReset(); cgroupCollectorMock.reset.mockReset(); }); diff --git a/src/core/server/metrics/collectors/os.ts b/src/core/server/metrics/collectors/os.ts index eae49278405a9..a9d727e57aaf9 100644 --- a/src/core/server/metrics/collectors/os.ts +++ b/src/core/server/metrics/collectors/os.ts @@ -20,12 +20,14 @@ import os from 'os'; import getosAsync, { LinuxOs } from 'getos'; import { promisify } from 'util'; +import { Logger } from '@kbn/logging'; import { OpsOsMetrics, MetricsCollector } from './types'; import { OsCgroupMetricsCollector } from './cgroup'; const getos = promisify(getosAsync); export interface OpsMetricsCollectorOptions { + logger: Logger; cpuPath?: string; cpuAcctPath?: string; } @@ -33,8 +35,11 @@ export interface OpsMetricsCollectorOptions { export class OsMetricsCollector implements MetricsCollector { private readonly cgroupCollector: OsCgroupMetricsCollector; - constructor(options: OpsMetricsCollectorOptions = {}) { - this.cgroupCollector = new OsCgroupMetricsCollector(options); + constructor(options: OpsMetricsCollectorOptions) { + this.cgroupCollector = new OsCgroupMetricsCollector({ + ...options, + logger: options.logger.get('cgroup'), + }); } public async collect(): Promise { diff --git a/src/core/server/metrics/metrics_service.ts b/src/core/server/metrics/metrics_service.ts index ab58a75d49a98..d3495f2748c71 100644 --- a/src/core/server/metrics/metrics_service.ts +++ b/src/core/server/metrics/metrics_service.ts @@ -50,7 +50,10 @@ export class MetricsService .pipe(first()) .toPromise(); - this.metricsCollector = new OpsMetricsCollector(http.server, config.cGroupOverrides); + this.metricsCollector = new OpsMetricsCollector(http.server, { + logger: this.logger, + ...config.cGroupOverrides, + }); await this.refreshMetrics(); diff --git a/src/core/server/metrics/ops_metrics_collector.test.ts b/src/core/server/metrics/ops_metrics_collector.test.ts index 7aa3f7cd3baf0..c748d1cce12e4 100644 --- a/src/core/server/metrics/ops_metrics_collector.test.ts +++ b/src/core/server/metrics/ops_metrics_collector.test.ts @@ -17,6 +17,7 @@ * under the License. */ +import { loggerMock } from '@kbn/logging/target/mocks'; import { mockOsCollector, mockProcessCollector, @@ -30,7 +31,7 @@ describe('OpsMetricsCollector', () => { beforeEach(() => { const hapiServer = httpServiceMock.createInternalSetupContract().server; - collector = new OpsMetricsCollector(hapiServer, {}); + collector = new OpsMetricsCollector(hapiServer, { logger: loggerMock.create() }); mockOsCollector.collect.mockResolvedValue('osMetrics'); }); From 5ff0c0052907167848f8e1244cf1ab1134e6c8f7 Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Thu, 24 Sep 2020 07:56:36 -0700 Subject: [PATCH 030/120] docs: typo fix (#77927) --- .../server/tutorial/instructions/apm_agent_instructions.ts | 2 +- x-pack/plugins/translations/translations/ja-JP.json | 1 - x-pack/plugins/translations/translations/zh-CN.json | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/plugins/apm_oss/server/tutorial/instructions/apm_agent_instructions.ts b/src/plugins/apm_oss/server/tutorial/instructions/apm_agent_instructions.ts index d2a4ee8297a11..a74223f28dd03 100644 --- a/src/plugins/apm_oss/server/tutorial/instructions/apm_agent_instructions.ts +++ b/src/plugins/apm_oss/server/tutorial/instructions/apm_agent_instructions.ts @@ -37,7 +37,7 @@ export const createNodeAgentInstructions = (apmServerUrl = '', secretToken = '') defaultMessage: 'Agents are libraries that run inside of your application process. \ APM services are created programmatically based on the `serviceName`. \ -This agent supports a vararity of frameworks but can also be used with your custom stack.', +This agent supports a variety of frameworks but can also be used with your custom stack.', }), commands: `// ${i18n.translate( 'apmOss.tutorial.nodeClient.configure.commands.addThisToTheFileTopComment', diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index ed66d56d552a5..d395b635fed2b 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -207,7 +207,6 @@ "apmOss.tutorial.nodeClient.configure.commands.setRequiredServiceNameComment": "package.json からサービス名を上書きします", "apmOss.tutorial.nodeClient.configure.commands.useIfApmRequiresTokenComment": "APM Server にトークンが必要な場合に使います", "apmOss.tutorial.nodeClient.configure.textPost": "[Babel/ES モジュール]({babelEsModulesLink}) との使用を含む高度な用途に関しては、 [ドキュメンテーション]({documentationLink}) をご覧ください。", - "apmOss.tutorial.nodeClient.configure.textPre": "エージェントとは、アプリケーションプロセス内で実行されるライブラリです。APM サービスは「serviceName」に基づいてプログラムで作成されます。このエージェントは様々なフレームワークをサポートしていますが、カスタムスタックで使用することもできます。", "apmOss.tutorial.nodeClient.configure.title": "エージェントの構成", "apmOss.tutorial.nodeClient.install.textPre": "Node.js 用の APM エージェントをアプリケーションに依存関係としてインストール。", "apmOss.tutorial.nodeClient.install.title": "APM エージェントのインストール", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 103ff4ab146a4..f9c18bcf4e51f 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -207,7 +207,6 @@ "apmOss.tutorial.nodeClient.configure.commands.setRequiredServiceNameComment": "覆盖来自 package.json 的服务名", "apmOss.tutorial.nodeClient.configure.commands.useIfApmRequiresTokenComment": "APM Server 需要令牌时使用", "apmOss.tutorial.nodeClient.configure.textPost": "请参阅[文档]({documentationLink})以了解高级用法,包括如何用于 [Babel/ES 模块]({babelEsModulesLink})。", - "apmOss.tutorial.nodeClient.configure.textPre": "代理是在您的应用程序进程内运行的库。APM 服务是基于 `serviceName` 以编程方式创建的。此代理支持各种框架,而且还可以与您的定制堆栈配合使用。", "apmOss.tutorial.nodeClient.configure.title": "配置代理", "apmOss.tutorial.nodeClient.install.textPre": "将 Node.js 的 APM 代理安装为您的应用程序的依赖项。", "apmOss.tutorial.nodeClient.install.title": "安装 APM 代理", From 3f2e9f770593397c958c606afb72c22408732723 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20St=C3=BCrmer?= Date: Thu, 24 Sep 2020 17:02:23 +0200 Subject: [PATCH 031/120] [Logs UI] Add dataset-specific categorization warnings (#75351) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This adds dataset-specific categorization warnings for the categorization module. The warnings are displayed in call-outs on the relevant tabs as well as the job setup screens if a prior job with warnings exists. To that end this also changes the categorization job configuration to enable the partitioned categorization mode. Co-authored-by: Alejandro Fernández Gómez --- src/dev/storybook/aliases.ts | 2 +- .../http_api/log_analysis/results/index.ts | 1 + .../log_entry_category_datasets_stats.ts | 72 ++++++++++ .../infra/common/log_analysis/index.ts | 1 + .../log_analysis/log_analysis_quality.ts | 42 ++++++ .../job_configuration_outdated_callout.tsx | 1 + .../job_definition_outdated_callout.tsx | 1 + .../notices_section.tsx | 8 +- .../quality_warning_notices.stories.tsx | 68 +++++++++ .../quality_warning_notices.tsx | 110 ++++++++++----- .../recreate_job_callout.tsx | 2 +- .../analysis_setup_indices_form.tsx | 4 + .../index_setup_dataset_filter.tsx | 30 +++- .../index_setup_row.tsx | 62 ++++++-- .../initial_configuration_step.stories.tsx | 104 ++++++++++++++ .../initial_configuration_step.tsx | 5 +- .../log_entry_categories_setup_view.tsx | 9 ++ .../setup_flyout/setup_flyout.tsx | 68 ++++++--- .../setup_flyout/setup_flyout_state.ts | 2 + .../get_latest_categories_datasets_stats.ts | 47 +++++++ .../api/ml_get_jobs_summary_api.ts | 14 ++ .../log_analysis/log_analysis_module_types.ts | 40 ------ .../use_log_entry_categories_quality.ts | 107 ++++++++++++-- .../use_log_entry_categories_setup.tsx | 4 + .../log_entry_categories/page_content.tsx | 24 ++-- .../log_entry_categories/page_providers.tsx | 3 +- .../log_entry_categories/setup_flyout.tsx | 128 ----------------- x-pack/plugins/infra/server/infra_server.ts | 2 + .../infra/server/lib/log_analysis/common.ts | 2 +- .../infra/server/lib/log_analysis/index.ts | 1 + .../log_entry_categories_datasets_stats.ts | 94 +++++++++++++ .../server/lib/log_analysis/queries/common.ts | 15 +- ...est_log_entry_categories_datasets_stats.ts | 133 ++++++++++++++++++ .../routes/log_analysis/results/index.ts | 1 + .../log_entry_category_datasets_stats.ts | 79 +++++++++++ .../ml/log_entry_categories_count.json | 8 +- .../translations/translations/ja-JP.json | 3 - .../translations/translations/zh-CN.json | 3 - 38 files changed, 1027 insertions(+), 273 deletions(-) create mode 100644 x-pack/plugins/infra/common/http_api/log_analysis/results/log_entry_category_datasets_stats.ts create mode 100644 x-pack/plugins/infra/common/log_analysis/log_analysis_quality.ts create mode 100644 x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.stories.tsx create mode 100644 x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.stories.tsx create mode 100644 x-pack/plugins/infra/public/containers/logs/log_analysis/api/get_latest_categories_datasets_stats.ts delete mode 100644 x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx create mode 100644 x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_datasets_stats.ts create mode 100644 x-pack/plugins/infra/server/lib/log_analysis/queries/latest_log_entry_categories_datasets_stats.ts create mode 100644 x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets_stats.ts diff --git a/src/dev/storybook/aliases.ts b/src/dev/storybook/aliases.ts index 9d9f5616b5a33..d31a408e98c67 100644 --- a/src/dev/storybook/aliases.ts +++ b/src/dev/storybook/aliases.ts @@ -23,7 +23,7 @@ export const storybookAliases = { codeeditor: 'src/plugins/kibana_react/public/code_editor/scripts/storybook.ts', dashboard_enhanced: 'x-pack/plugins/dashboard_enhanced/scripts/storybook.js', embeddable: 'src/plugins/embeddable/scripts/storybook.js', - infra: 'x-pack/legacy/plugins/infra/scripts/storybook.js', + infra: 'x-pack/plugins/infra/scripts/storybook.js', security_solution: 'x-pack/plugins/security_solution/scripts/storybook.js', ui_actions_enhanced: 'x-pack/plugins/ui_actions_enhanced/scripts/storybook.js', observability: 'x-pack/plugins/observability/scripts/storybook.js', diff --git a/x-pack/plugins/infra/common/http_api/log_analysis/results/index.ts b/x-pack/plugins/infra/common/http_api/log_analysis/results/index.ts index a01042616a872..e696477253823 100644 --- a/x-pack/plugins/infra/common/http_api/log_analysis/results/index.ts +++ b/x-pack/plugins/infra/common/http_api/log_analysis/results/index.ts @@ -6,6 +6,7 @@ export * from './log_entry_categories'; export * from './log_entry_category_datasets'; +export * from './log_entry_category_datasets_stats'; export * from './log_entry_category_examples'; export * from './log_entry_rate'; export * from './log_entry_examples'; diff --git a/x-pack/plugins/infra/common/http_api/log_analysis/results/log_entry_category_datasets_stats.ts b/x-pack/plugins/infra/common/http_api/log_analysis/results/log_entry_category_datasets_stats.ts new file mode 100644 index 0000000000000..4511678242f1c --- /dev/null +++ b/x-pack/plugins/infra/common/http_api/log_analysis/results/log_entry_category_datasets_stats.ts @@ -0,0 +1,72 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import * as rt from 'io-ts'; + +import { timeRangeRT, routeTimingMetadataRT } from '../../shared'; + +export const LOG_ANALYSIS_GET_LATEST_LOG_ENTRY_CATEGORY_DATASETS_STATS_PATH = + '/api/infra/log_analysis/results/latest_log_entry_category_datasets_stats'; + +const categorizerStatusRT = rt.keyof({ + ok: null, + warn: null, +}); + +export type CategorizerStatus = rt.TypeOf; + +/** + * request + */ + +export const getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT = rt.type({ + data: rt.type({ + // the ids of the categorization jobs + jobIds: rt.array(rt.string), + // the time range to fetch the category datasets stats for + timeRange: timeRangeRT, + // the categorizer statuses to include stats for, empty means all + includeCategorizerStatuses: rt.array(categorizerStatusRT), + }), +}); + +export type GetLatestLogEntryCategoryDatasetsStatsRequestPayload = rt.TypeOf< + typeof getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT +>; + +/** + * response + */ + +const logEntryCategoriesDatasetStatsRT = rt.type({ + categorization_status: categorizerStatusRT, + categorized_doc_count: rt.number, + dataset: rt.string, + dead_category_count: rt.number, + failed_category_count: rt.number, + frequent_category_count: rt.number, + job_id: rt.string, + log_time: rt.number, + rare_category_count: rt.number, + total_category_count: rt.number, +}); + +export type LogEntryCategoriesDatasetStats = rt.TypeOf; + +export const getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT = rt.intersection([ + rt.type({ + data: rt.type({ + datasetStats: rt.array(logEntryCategoriesDatasetStatsRT), + }), + }), + rt.partial({ + timing: routeTimingMetadataRT, + }), +]); + +export type GetLatestLogEntryCategoryDatasetsStatsSuccessResponsePayload = rt.TypeOf< + typeof getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT +>; diff --git a/x-pack/plugins/infra/common/log_analysis/index.ts b/x-pack/plugins/infra/common/log_analysis/index.ts index 22137e63ab7e7..0b4fa374a5da9 100644 --- a/x-pack/plugins/infra/common/log_analysis/index.ts +++ b/x-pack/plugins/infra/common/log_analysis/index.ts @@ -5,6 +5,7 @@ */ export * from './log_analysis'; +export * from './log_analysis_quality'; export * from './log_analysis_results'; export * from './log_entry_rate_analysis'; export * from './log_entry_categories_analysis'; diff --git a/x-pack/plugins/infra/common/log_analysis/log_analysis_quality.ts b/x-pack/plugins/infra/common/log_analysis/log_analysis_quality.ts new file mode 100644 index 0000000000000..7ffa6c172886b --- /dev/null +++ b/x-pack/plugins/infra/common/log_analysis/log_analysis_quality.ts @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +interface ManyCategoriesWarningReason { + type: 'manyCategories'; + categoriesDocumentRatio: number; +} +interface ManyDeadCategoriesWarningReason { + type: 'manyDeadCategories'; + deadCategoriesRatio: number; +} +interface ManyRareCategoriesWarningReason { + type: 'manyRareCategories'; + rareCategoriesRatio: number; +} +interface NoFrequentCategoriesWarningReason { + type: 'noFrequentCategories'; +} +interface SingleCategoryWarningReason { + type: 'singleCategory'; +} + +export type CategoryQualityWarningReason = + | ManyCategoriesWarningReason + | ManyDeadCategoriesWarningReason + | ManyRareCategoriesWarningReason + | NoFrequentCategoriesWarningReason + | SingleCategoryWarningReason; + +export type CategoryQualityWarningReasonType = CategoryQualityWarningReason['type']; + +export interface CategoryQualityWarning { + type: 'categoryQualityWarning'; + jobId: string; + dataset: string; + reasons: CategoryQualityWarningReason[]; +} + +export type QualityWarning = CategoryQualityWarning; diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx index 0489bd7d9929a..5b2ce862f7a81 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx @@ -31,6 +31,7 @@ export const JobConfigurationOutdatedCallout: React.FC<{ values={{ moduleName, }} + tagName="p" /> ); diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx index df9de49ea0445..b9e68b25482b6 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx @@ -31,6 +31,7 @@ export const JobDefinitionOutdatedCallout: React.FC<{ values={{ moduleName, }} + tagName="p" /> ); diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/notices_section.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/notices_section.tsx index 2535058322cba..3785d0e8d9423 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/notices_section.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/notices_section.tsx @@ -5,7 +5,7 @@ */ import React from 'react'; -import { QualityWarning } from '../../../containers/logs/log_analysis/log_analysis_module_types'; +import { QualityWarning } from '../../../../common/log_analysis'; import { LogAnalysisJobProblemIndicator } from './log_analysis_job_problem_indicator'; import { CategoryQualityWarnings } from './quality_warning_notices'; @@ -41,6 +41,10 @@ export const CategoryJobNoticesSection: React.FC<{ onRecreateMlJobForReconfiguration={onRecreateMlJobForReconfiguration} onRecreateMlJobForUpdate={onRecreateMlJobForUpdate} /> - + ); diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.stories.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.stories.tsx new file mode 100644 index 0000000000000..7caf75417091a --- /dev/null +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.stories.tsx @@ -0,0 +1,68 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { action } from '@storybook/addon-actions'; +import { storiesOf } from '@storybook/react'; +import React from 'react'; +import { EuiThemeProvider } from '../../../../../observability/public'; +import { QualityWarning } from '../../../../common/log_analysis'; +import { CategoryQualityWarnings } from './quality_warning_notices'; + +storiesOf('infra/logAnalysis/CategoryQualityWarnings', module) + .addDecorator((renderStory) => {renderStory()}) + .add('Partitioned warnings', () => { + return ( + + ); + }) + .add('Unpartitioned warnings', () => { + return ( + + ); + }); + +const partitionedQualityWarnings: QualityWarning[] = [ + { + type: 'categoryQualityWarning', + jobId: 'theMlJobId', + dataset: 'first.dataset', + reasons: [ + { type: 'singleCategory' }, + { type: 'manyRareCategories', rareCategoriesRatio: 0.95 }, + { type: 'manyCategories', categoriesDocumentRatio: 0.7 }, + ], + }, + { + type: 'categoryQualityWarning', + jobId: 'theMlJobId', + dataset: 'second.dataset', + reasons: [ + { type: 'noFrequentCategories' }, + { type: 'manyDeadCategories', deadCategoriesRatio: 0.7 }, + ], + }, +]; + +const unpartitionedQualityWarnings: QualityWarning[] = [ + { + type: 'categoryQualityWarning', + jobId: 'theMlJobId', + dataset: '', + reasons: [ + { type: 'singleCategory' }, + { type: 'manyRareCategories', rareCategoriesRatio: 0.95 }, + { type: 'manyCategories', categoriesDocumentRatio: 0.7 }, + ], + }, +]; diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.tsx index 0d93ead5a82c6..928c9738c4761 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.tsx @@ -4,43 +4,89 @@ * you may not use this file except in compliance with the Elastic License. */ -import { EuiCallOut } from '@elastic/eui'; +import { + EuiAccordion, + EuiDescriptionList, + EuiDescriptionListDescription, + EuiDescriptionListTitle, + EuiSpacer, + htmlIdGenerator, +} from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; -import React from 'react'; -import type { +import groupBy from 'lodash/groupBy'; +import React, { Fragment, useState } from 'react'; +import { euiStyled } from '../../../../../observability/public'; +import { + CategoryQualityWarning, CategoryQualityWarningReason, - QualityWarning, -} from '../../../containers/logs/log_analysis/log_analysis_module_types'; + getFriendlyNameForPartitionId, +} from '../../../../common/log_analysis'; +import { RecreateJobCallout } from './recreate_job_callout'; -export const CategoryQualityWarnings: React.FC<{ qualityWarnings: QualityWarning[] }> = ({ - qualityWarnings, -}) => ( - <> - {qualityWarnings.map((qualityWarning, qualityWarningIndex) => ( - -

    +export const CategoryQualityWarnings: React.FC<{ + hasSetupCapabilities: boolean; + onRecreateMlJob: () => void; + qualityWarnings: CategoryQualityWarning[]; +}> = ({ hasSetupCapabilities, onRecreateMlJob, qualityWarnings }) => { + const [detailAccordionId] = useState(htmlIdGenerator()()); + + const categoryQualityWarningsByJob = groupBy(qualityWarnings, 'jobId'); + + return ( + <> + {Object.entries(categoryQualityWarningsByJob).map(([jobId, qualityWarningsForJob]) => ( + -

    -
      - {qualityWarning.reasons.map((reason, reasonIndex) => ( -
    • - -
      • - ))} -
    -     - ))} - -); + + } + paddingSize="m" + > + + {qualityWarningsForJob.flatMap((qualityWarning) => ( + + + {getFriendlyNameForPartitionId(qualityWarning.dataset)} + + {qualityWarning.reasons.map((reason) => ( + + + + ))} + + ))} + + + + + ))} + + ); +}; + +const QualityWarningReasonDescription = euiStyled(EuiDescriptionListDescription)` + display: list-item; + list-style-type: disc; + margin-left: ${(props) => props.theme.eui.paddingSizes.m}; +`; const categoryQualityWarningCalloutTitle = i18n.translate( 'xpack.infra.logs.logEntryCategories.categoryQUalityWarningCalloutTitle', @@ -49,7 +95,7 @@ const categoryQualityWarningCalloutTitle = i18n.translate( } ); -const CategoryQualityWarningReasonDescription: React.FC<{ +export const CategoryQualityWarningReasonDescription: React.FC<{ reason: CategoryQualityWarningReason; }> = ({ reason }) => { switch (reason.type) { @@ -57,7 +103,7 @@ const CategoryQualityWarningReasonDescription: React.FC<{ return ( ); case 'manyRareCategories': diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/recreate_job_callout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/recreate_job_callout.tsx index cdf030a849fa1..2a0337bd99767 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/recreate_job_callout.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/recreate_job_callout.tsx @@ -14,7 +14,7 @@ export const RecreateJobCallout: React.FC<{ title?: React.ReactNode; }> = ({ children, hasSetupCapabilities, onRecreateMlJob, title }) => ( -

    {children}

    + {children} void; + previousQualityWarnings?: QualityWarning[]; validationErrors?: ValidationIndicesError[]; }> = ({ disabled = false, indices, isValidating, onChangeSelectedIndices, + previousQualityWarnings = [], validationErrors = [], }) => { const changeIsIndexSelected = useCallback( @@ -81,6 +84,7 @@ export const AnalysisSetupIndicesForm: React.FunctionComponent<{ key={index.name} onChangeIsSelected={changeIsIndexSelected} onChangeDatasetFilter={changeDatasetFilter} + previousQualityWarnings={previousQualityWarnings} /> ))} diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_dataset_filter.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_dataset_filter.tsx index d3ed8aeaf6155..481cc6071864c 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_dataset_filter.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_dataset_filter.tsx @@ -7,6 +7,7 @@ import { EuiFilterButton, EuiFilterGroup, + EuiIconTip, EuiPopover, EuiPopoverTitle, EuiSelectable, @@ -14,11 +15,15 @@ import { } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import React, { useCallback, useMemo } from 'react'; -import { DatasetFilter } from '../../../../../common/log_analysis'; +import { DatasetFilter, QualityWarning } from '../../../../../common/log_analysis'; import { useVisibilityState } from '../../../../utils/use_visibility_state'; +import { CategoryQualityWarningReasonDescription } from '../../log_analysis_job_status/quality_warning_notices'; export const IndexSetupDatasetFilter: React.FC<{ - availableDatasets: string[]; + availableDatasets: Array<{ + dataset: string; + warnings: QualityWarning[]; + }>; datasetFilter: DatasetFilter; isDisabled?: boolean; onChangeDatasetFilter: (datasetFilter: DatasetFilter) => void; @@ -40,12 +45,13 @@ export const IndexSetupDatasetFilter: React.FC<{ [onChangeDatasetFilter] ); - const selectableOptions: EuiSelectableOption[] = useMemo( + const selectableOptions = useMemo( () => - availableDatasets.map((datasetName) => ({ - label: datasetName, + availableDatasets.map(({ dataset, warnings }) => ({ + label: dataset, + append: warnings.length > 0 ? : null, checked: - datasetFilter.type === 'includeSome' && datasetFilter.datasets.includes(datasetName) + datasetFilter.type === 'includeSome' && datasetFilter.datasets.includes(dataset) ? 'on' : undefined, })), @@ -86,3 +92,15 @@ export const IndexSetupDatasetFilter: React.FC<{ ); }; + +const DatasetWarningMarker: React.FC<{ warnings: QualityWarning[] }> = ({ warnings }) => { + const warningDescriptions = warnings.flatMap((warning) => + warning.type === 'categoryQualityWarning' + ? warning.reasons.map((reason) => ( + + )) + : [] + ); + + return ; +}; diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_row.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_row.tsx index 92774dbd6838b..b101b9b0cab0c 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_row.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/index_setup_row.tsx @@ -4,10 +4,10 @@ * you may not use this file except in compliance with the Elastic License. */ -import { EuiCheckbox, EuiCode, EuiFlexGroup, EuiFlexItem, EuiIcon, EuiToolTip } from '@elastic/eui'; +import { EuiCheckbox, EuiCode, EuiFlexGroup, EuiFlexItem, EuiIconTip } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; -import React, { useCallback } from 'react'; -import { DatasetFilter } from '../../../../../common/log_analysis'; +import React, { useCallback, useMemo } from 'react'; +import { DatasetFilter, QualityWarning } from '../../../../../common/log_analysis'; import { IndexSetupDatasetFilter } from './index_setup_dataset_filter'; import { AvailableIndex, ValidationUIError } from './validation'; @@ -16,7 +16,14 @@ export const IndexSetupRow: React.FC<{ isDisabled: boolean; onChangeDatasetFilter: (indexName: string, datasetFilter: DatasetFilter) => void; onChangeIsSelected: (indexName: string, isSelected: boolean) => void; -}> = ({ index, isDisabled, onChangeDatasetFilter, onChangeIsSelected }) => { + previousQualityWarnings: QualityWarning[]; +}> = ({ + index, + isDisabled, + onChangeDatasetFilter, + onChangeIsSelected, + previousQualityWarnings, +}) => { const changeIsSelected = useCallback( (event: React.ChangeEvent) => { onChangeIsSelected(index.name, event.currentTarget.checked); @@ -29,6 +36,29 @@ export const IndexSetupRow: React.FC<{ [index.name, onChangeDatasetFilter] ); + const datasets = useMemo( + () => + index.validity === 'valid' + ? index.availableDatasets.map((availableDataset) => ({ + dataset: availableDataset, + warnings: previousQualityWarnings.filter(({ dataset }) => dataset === availableDataset), + })) + : [], + [index, previousQualityWarnings] + ); + + const datasetIndependentQualityWarnings = useMemo( + () => previousQualityWarnings.filter(({ dataset }) => dataset === ''), + [previousQualityWarnings] + ); + + const hasWarnings = useMemo( + () => + datasetIndependentQualityWarnings.length > 0 || + datasets.some(({ warnings }) => warnings.length > 0), + [datasetIndependentQualityWarnings, datasets] + ); + const isSelected = index.validity === 'valid' && index.isSelected; return ( @@ -37,7 +67,23 @@ export const IndexSetupRow: React.FC<{ {index.name}} + label={ + <> + {index.name}{' '} + {index.validity === 'valid' && hasWarnings ? ( + + } + type="alert" + color="warning" + /> + ) : null} + + } onChange={changeIsSelected} checked={isSelected} disabled={isDisabled || index.validity === 'invalid'} @@ -45,12 +91,10 @@ export const IndexSetupRow: React.FC<{     {index.validity === 'invalid' ? ( - - - + ) : index.validity === 'valid' ? ( ( + +
    {renderStory()}
    +     + )) + .add('Reconfiguration with partitioned warnings', () => { + return ( + + ); + }) + .add('Reconfiguration with unpartitioned warnings', () => { + return ( + + ); + }); + +const storyActions = actions('setStartTime', 'setEndTime', 'setValidatedIndices'); diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx index d4c3c727bd34e..1ea972335d8fc 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx @@ -9,7 +9,7 @@ import { EuiContainedStepProps } from '@elastic/eui/src/components/steps/steps'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; import React, { useMemo } from 'react'; -import { SetupStatus } from '../../../../../common/log_analysis'; +import { QualityWarning, SetupStatus } from '../../../../../common/log_analysis'; import { AnalysisSetupIndicesForm } from './analysis_setup_indices_form'; import { AnalysisSetupTimerangeForm } from './analysis_setup_timerange_form'; import { @@ -31,6 +31,7 @@ interface InitialConfigurationStepProps { setupStatus: SetupStatus; setValidatedIndices: (selectedIndices: AvailableIndex[]) => void; validationErrors?: ValidationUIError[]; + previousQualityWarnings?: QualityWarning[]; } export const createInitialConfigurationStep = ( @@ -50,6 +51,7 @@ export const InitialConfigurationStep: React.FunctionComponent { const disabled = useMemo(() => !editableFormStatus.includes(setupStatus.type), [setupStatus]); @@ -75,6 +77,7 @@ export const InitialConfigurationStep: React.FunctionComponent diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_categories_setup_view.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_categories_setup_view.tsx index 2bc5b08a1016a..e7961a11a4d52 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_categories_setup_view.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_categories_setup_view.tsx @@ -6,6 +6,7 @@ import { EuiSpacer, EuiSteps, EuiText, EuiTitle } from '@elastic/eui'; import React, { useCallback, useMemo } from 'react'; +import { useMount } from 'react-use'; import { useLogEntryCategoriesSetup } from '../../../../containers/logs/log_analysis/modules/log_entry_categories'; import { createInitialConfigurationStep } from '../initial_configuration_step'; import { createProcessStep } from '../process_step'; @@ -14,8 +15,10 @@ export const LogEntryCategoriesSetupView: React.FC<{ onClose: () => void; }> = ({ onClose }) => { const { + categoryQualityWarnings, cleanUpAndSetUp, endTime, + fetchJobStatus, isValidating, lastSetupErrorMessages, moduleDescriptor, @@ -30,6 +33,10 @@ export const LogEntryCategoriesSetupView: React.FC<{ viewResults, } = useLogEntryCategoriesSetup(); + useMount(() => { + fetchJobStatus(); + }); + const viewResultsAndClose = useCallback(() => { viewResults(); onClose(); @@ -47,6 +54,7 @@ export const LogEntryCategoriesSetupView: React.FC<{ setupStatus, setValidatedIndices, validationErrors, + previousQualityWarnings: categoryQualityWarnings, }), createProcessStep({ cleanUpAndSetUp, @@ -58,6 +66,7 @@ export const LogEntryCategoriesSetupView: React.FC<{ }), ], [ + categoryQualityWarnings, cleanUpAndSetUp, endTime, isValidating, diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout.tsx index 8e00254431438..407c851f2de95 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout.tsx +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout.tsx @@ -15,14 +15,16 @@ import { } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import React from 'react'; -import { LogEntryRateSetupView } from './log_entry_rate_setup_view'; import { LogEntryCategoriesSetupView } from './log_entry_categories_setup_view'; +import { LogEntryRateSetupView } from './log_entry_rate_setup_view'; import { LogAnalysisModuleList } from './module_list'; -import { useLogAnalysisSetupFlyoutStateContext } from './setup_flyout_state'; +import { ModuleId, moduleIds, useLogAnalysisSetupFlyoutStateContext } from './setup_flyout_state'; const FLYOUT_HEADING_ID = 'logAnalysisSetupFlyoutHeading'; -export const LogAnalysisSetupFlyout: React.FC = () => { +export const LogAnalysisSetupFlyout: React.FC<{ + allowedModules?: ModuleId[]; +}> = ({ allowedModules = moduleIds }) => { const { closeFlyout, flyoutView, @@ -49,32 +51,58 @@ export const LogAnalysisSetupFlyout: React.FC = () => { {flyoutView.view === 'moduleList' ? ( - ) : flyoutView.view === 'moduleSetup' && flyoutView.module === 'logs_ui_analysis' ? ( - - - - ) : flyoutView.view === 'moduleSetup' && flyoutView.module === 'logs_ui_categories' ? ( - - - + ) : flyoutView.view === 'moduleSetup' && allowedModules.includes(flyoutView.module) ? ( + 1 ? showModuleList : undefined} + /> ) : null} ); }; +const ModuleSetupView: React.FC<{ + moduleId: ModuleId; + onClose: () => void; + onViewModuleList?: () => void; +}> = ({ moduleId, onClose, onViewModuleList }) => { + switch (moduleId) { + case 'logs_ui_analysis': + return ( + + + + ); + case 'logs_ui_categories': + return ( + + + + ); + } +}; + const LogAnalysisSetupFlyoutSubPage: React.FC<{ - onViewModuleList: () => void; + onViewModuleList?: () => void; }> = ({ children, onViewModuleList }) => ( - - - - - + {onViewModuleList ? ( + + + + + + ) : null} {children} ); diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout_state.ts b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout_state.ts index 7a64584df4303..5f131daf952bf 100644 --- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout_state.ts +++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout_state.ts @@ -9,6 +9,8 @@ import { useState, useCallback } from 'react'; export type ModuleId = 'logs_ui_analysis' | 'logs_ui_categories'; +export const moduleIds = ['logs_ui_analysis', 'logs_ui_categories'] as const; + type FlyoutView = | { view: 'hidden' } | { view: 'moduleList' } diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/api/get_latest_categories_datasets_stats.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/api/get_latest_categories_datasets_stats.ts new file mode 100644 index 0000000000000..c095c7000f031 --- /dev/null +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/api/get_latest_categories_datasets_stats.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { HttpHandler } from 'src/core/public'; +import { + CategorizerStatus, + getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT, + getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT, + LogEntryCategoriesDatasetStats, + LOG_ANALYSIS_GET_LATEST_LOG_ENTRY_CATEGORY_DATASETS_STATS_PATH, +} from '../../../../../common/http_api'; +import { decodeOrThrow } from '../../../../../common/runtime_types'; + +export { LogEntryCategoriesDatasetStats }; + +export const callGetLatestCategoriesDatasetsStatsAPI = async ( + { + jobIds, + startTime, + endTime, + includeCategorizerStatuses, + }: { + jobIds: string[]; + startTime: number; + endTime: number; + includeCategorizerStatuses: CategorizerStatus[]; + }, + fetch: HttpHandler +) => { + const response = await fetch(LOG_ANALYSIS_GET_LATEST_LOG_ENTRY_CATEGORY_DATASETS_STATS_PATH, { + method: 'POST', + body: JSON.stringify( + getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT.encode({ + data: { + jobIds, + timeRange: { startTime, endTime }, + includeCategorizerStatuses, + }, + }) + ), + }); + + return decodeOrThrow(getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT)(response); +}; diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts index dbd75a646b532..7441c0ab7d34c 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts @@ -54,6 +54,17 @@ const jobStateRT = rt.keyof({ opening: null, }); +const jobAnalysisConfigRT = rt.partial({ + per_partition_categorization: rt.intersection([ + rt.type({ + enabled: rt.boolean, + }), + rt.partial({ + stop_on_warn: rt.boolean, + }), + ]), +}); + const jobCategorizationStatusRT = rt.keyof({ ok: null, warn: null, @@ -64,6 +75,7 @@ const jobModelSizeStatsRT = rt.type({ categorized_doc_count: rt.number, dead_category_count: rt.number, frequent_category_count: rt.number, + log_time: rt.number, rare_category_count: rt.number, total_category_count: rt.number, }); @@ -79,6 +91,8 @@ export const jobSummaryRT = rt.intersection([ datafeedIndices: rt.array(rt.string), datafeedState: datafeedStateRT, fullJob: rt.partial({ + analysis_config: jobAnalysisConfigRT, + create_time: rt.number, custom_settings: jobCustomSettingsRT, finished_time: rt.number, model_size_stats: jobModelSizeStatsRT, diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts index 4930c8b478a9c..ba355ad195b11 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts @@ -50,43 +50,3 @@ export interface ModuleSourceConfiguration { spaceId: string; timestampField: string; } - -interface ManyCategoriesWarningReason { - type: 'manyCategories'; - categoriesDocumentRatio: number; -} - -interface ManyDeadCategoriesWarningReason { - type: 'manyDeadCategories'; - deadCategoriesRatio: number; -} - -interface ManyRareCategoriesWarningReason { - type: 'manyRareCategories'; - rareCategoriesRatio: number; -} - -interface NoFrequentCategoriesWarningReason { - type: 'noFrequentCategories'; -} - -interface SingleCategoryWarningReason { - type: 'singleCategory'; -} - -export type CategoryQualityWarningReason = - | ManyCategoriesWarningReason - | ManyDeadCategoriesWarningReason - | ManyRareCategoriesWarningReason - | NoFrequentCategoriesWarningReason - | SingleCategoryWarningReason; - -export type CategoryQualityWarningReasonType = CategoryQualityWarningReason['type']; - -export interface CategoryQualityWarning { - type: 'categoryQualityWarning'; - jobId: string; - reasons: CategoryQualityWarningReason[]; -} - -export type QualityWarning = CategoryQualityWarning; diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_quality.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_quality.ts index 346281fa94e1b..6bad94ec49f87 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_quality.ts +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_quality.ts @@ -4,43 +4,124 @@ * you may not use this file except in compliance with the Elastic License. */ -import { useMemo } from 'react'; +import { useMemo, useState } from 'react'; +import { useDeepCompareEffect } from 'react-use'; import { - JobModelSizeStats, - JobSummary, - QualityWarning, CategoryQualityWarningReason, -} from '../../log_analysis_module_types'; + QualityWarning, +} from '../../../../../../common/log_analysis'; +import { useKibanaContextForPlugin } from '../../../../../hooks/use_kibana'; +import { useTrackedPromise } from '../../../../../utils/use_tracked_promise'; +import { + callGetLatestCategoriesDatasetsStatsAPI, + LogEntryCategoriesDatasetStats, +} from '../../api/get_latest_categories_datasets_stats'; +import { JobModelSizeStats, JobSummary } from '../../log_analysis_module_types'; export const useLogEntryCategoriesQuality = ({ jobSummaries }: { jobSummaries: JobSummary[] }) => { + const { + services: { + http: { fetch }, + }, + } = useKibanaContextForPlugin(); + + const [lastestWarnedDatasetsStats, setLatestWarnedDatasetsStats] = useState< + LogEntryCategoriesDatasetStats[] + >([]); + + const jobSummariesWithCategoryWarnings = useMemo( + () => jobSummaries.filter(isJobWithCategoryWarnings), + [jobSummaries] + ); + + const jobSummariesWithPartitionedCategoryWarnings = useMemo( + () => jobSummariesWithCategoryWarnings.filter(isJobWithPartitionedCategories), + [jobSummariesWithCategoryWarnings] + ); + + const [fetchLatestWarnedDatasetsStatsRequest, fetchLatestWarnedDatasetsStats] = useTrackedPromise( + { + cancelPreviousOn: 'creation', + createPromise: ( + statsIntervals: Array<{ jobId: string; startTime: number; endTime: number }> + ) => + Promise.all( + statsIntervals.map(({ jobId, startTime, endTime }) => + callGetLatestCategoriesDatasetsStatsAPI( + { jobIds: [jobId], startTime, endTime, includeCategorizerStatuses: ['warn'] }, + fetch + ) + ) + ), + onResolve: (results) => { + setLatestWarnedDatasetsStats(results.flatMap(({ data: { datasetStats } }) => datasetStats)); + }, + }, + [] + ); + + useDeepCompareEffect(() => { + fetchLatestWarnedDatasetsStats( + jobSummariesWithPartitionedCategoryWarnings.map((jobSummary) => ({ + jobId: jobSummary.id, + startTime: jobSummary.fullJob?.create_time ?? 0, + endTime: jobSummary.fullJob?.model_size_stats?.log_time ?? Date.now(), + })) + ); + }, [jobSummariesWithPartitionedCategoryWarnings]); + const categoryQualityWarnings: QualityWarning[] = useMemo( - () => - jobSummaries - .filter( - (jobSummary) => jobSummary.fullJob?.model_size_stats?.categorization_status === 'warn' - ) + () => [ + ...jobSummariesWithCategoryWarnings + .filter((jobSummary) => !isJobWithPartitionedCategories(jobSummary)) .map((jobSummary) => ({ - type: 'categoryQualityWarning', + type: 'categoryQualityWarning' as const, jobId: jobSummary.id, + dataset: '', reasons: jobSummary.fullJob?.model_size_stats ? getCategoryQualityWarningReasons(jobSummary.fullJob.model_size_stats) : [], })), - [jobSummaries] + ...lastestWarnedDatasetsStats.map((datasetStats) => ({ + type: 'categoryQualityWarning' as const, + jobId: datasetStats.job_id, + dataset: datasetStats.dataset, + reasons: getCategoryQualityWarningReasons(datasetStats), + })), + ], + [jobSummariesWithCategoryWarnings, lastestWarnedDatasetsStats] ); return { categoryQualityWarnings, + lastLatestWarnedDatasetsStatsRequestErrors: + fetchLatestWarnedDatasetsStatsRequest.state === 'rejected' + ? fetchLatestWarnedDatasetsStatsRequest.value + : null, + isLoadingCategoryQualityWarnings: fetchLatestWarnedDatasetsStatsRequest.state === 'pending', }; }; +const isJobWithCategoryWarnings = (jobSummary: JobSummary) => + jobSummary.fullJob?.model_size_stats?.categorization_status === 'warn'; + +const isJobWithPartitionedCategories = (jobSummary: JobSummary) => + jobSummary.fullJob?.analysis_config?.per_partition_categorization ?? false; + const getCategoryQualityWarningReasons = ({ categorized_doc_count: categorizedDocCount, dead_category_count: deadCategoryCount, frequent_category_count: frequentCategoryCount, rare_category_count: rareCategoryCount, total_category_count: totalCategoryCount, -}: JobModelSizeStats): CategoryQualityWarningReason[] => { +}: Pick< + JobModelSizeStats, + | 'categorized_doc_count' + | 'dead_category_count' + | 'frequent_category_count' + | 'rare_category_count' + | 'total_category_count' +>): CategoryQualityWarningReason[] => { const rareCategoriesRatio = rareCategoryCount / totalCategoryCount; const categoriesDocumentRatio = totalCategoryCount / categorizedDocCount; const deadCategoriesRatio = deadCategoryCount / totalCategoryCount; diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_setup.tsx b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_setup.tsx index 399c30cf47e71..269b64c6f4076 100644 --- a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_setup.tsx +++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_setup.tsx @@ -9,7 +9,9 @@ import { useLogEntryCategoriesModuleContext } from './use_log_entry_categories_m export const useLogEntryCategoriesSetup = () => { const { + categoryQualityWarnings, cleanUpAndSetUpModule, + fetchJobStatus, lastSetupErrorMessages, moduleDescriptor, setUpModule, @@ -37,8 +39,10 @@ export const useLogEntryCategoriesSetup = () => { }); return { + categoryQualityWarnings, cleanUpAndSetUp, endTime, + fetchJobStatus, isValidating, lastSetupErrorMessages, moduleDescriptor, diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx index 2880b1b794443..b5765942e9f10 100644 --- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx +++ b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx @@ -5,7 +5,7 @@ */ import { i18n } from '@kbn/i18n'; -import React, { useCallback, useEffect, useState } from 'react'; +import React, { useCallback, useEffect } from 'react'; import { isJobStatusWithResults } from '../../../../common/log_analysis'; import { LoadingPage } from '../../../components/loading_page'; import { @@ -14,6 +14,10 @@ import { MissingSetupPrivilegesPrompt, SubscriptionSplashContent, } from '../../../components/logging/log_analysis_setup'; +import { + LogAnalysisSetupFlyout, + useLogAnalysisSetupFlyoutStateContext, +} from '../../../components/logging/log_analysis_setup/setup_flyout'; import { SourceErrorPage } from '../../../components/source_error_page'; import { SourceLoadingPage } from '../../../components/source_loading_page'; import { useLogAnalysisCapabilitiesContext } from '../../../containers/logs/log_analysis'; @@ -21,7 +25,6 @@ import { useLogEntryCategoriesModuleContext } from '../../../containers/logs/log import { useLogSourceContext } from '../../../containers/logs/log_source'; import { LogEntryCategoriesResultsContent } from './page_results_content'; import { LogEntryCategoriesSetupContent } from './page_setup_content'; -import { LogEntryCategoriesSetupFlyout } from './setup_flyout'; export const LogEntryCategoriesPageContent = () => { const { @@ -40,9 +43,10 @@ export const LogEntryCategoriesPageContent = () => { const { fetchJobStatus, setupStatus, jobStatus } = useLogEntryCategoriesModuleContext(); - const [isFlyoutOpen, setIsFlyoutOpen] = useState(false); - const openFlyout = useCallback(() => setIsFlyoutOpen(true), []); - const closeFlyout = useCallback(() => setIsFlyoutOpen(false), []); + const { showModuleSetup } = useLogAnalysisSetupFlyoutStateContext(); + const showCategoriesModuleSetup = useCallback(() => showModuleSetup('logs_ui_categories'), [ + showModuleSetup, + ]); useEffect(() => { if (hasLogAnalysisReadCapabilities) { @@ -71,8 +75,8 @@ export const LogEntryCategoriesPageContent = () => { } else if (isJobStatusWithResults(jobStatus['log-entry-categories-count'])) { return ( <> - - + + ); } else if (!hasLogAnalysisSetupCapabilities) { @@ -80,9 +84,11 @@ export const LogEntryCategoriesPageContent = () => { } else { return ( <> - - + + ); } }; + +const allowedSetupModules = ['logs_ui_categories' as const]; diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx index 723d833799e29..7d2f1d5418bc5 100644 --- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx +++ b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx @@ -5,6 +5,7 @@ */ import React from 'react'; +import { LogAnalysisSetupFlyoutStateProvider } from '../../../components/logging/log_analysis_setup/setup_flyout'; import { LogEntryCategoriesModuleProvider } from '../../../containers/logs/log_analysis/modules/log_entry_categories'; import { useLogSourceContext } from '../../../containers/logs/log_source'; import { useActiveKibanaSpace } from '../../../hooks/use_kibana_space'; @@ -27,7 +28,7 @@ export const LogEntryCategoriesPageProviders: React.FunctionComponent = ({ child spaceId={space.id} timestampField={sourceConfiguration.configuration.fields.timestamp} > - {children} + {children} ); }; diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx deleted file mode 100644 index a038765de2bf3..0000000000000 --- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - EuiFlyout, - EuiFlyoutBody, - EuiFlyoutHeader, - EuiSpacer, - EuiSteps, - EuiText, - EuiTitle, -} from '@elastic/eui'; -import { FormattedMessage } from '@kbn/i18n/react'; -import React, { useCallback, useMemo } from 'react'; -import { - createInitialConfigurationStep, - createProcessStep, -} from '../../../components/logging/log_analysis_setup'; -import { useLogEntryCategoriesSetup } from '../../../containers/logs/log_analysis/modules/log_entry_categories'; - -interface LogEntryCategoriesSetupFlyoutProps { - isOpen: boolean; - onClose: () => void; -} - -export const LogEntryCategoriesSetupFlyout: React.FC = ({ - isOpen, - onClose, -}) => { - const { - cleanUpAndSetUp, - endTime, - isValidating, - lastSetupErrorMessages, - setEndTime, - setStartTime, - setValidatedIndices, - setUp, - setupStatus, - startTime, - validatedIndices, - validationErrors, - viewResults, - } = useLogEntryCategoriesSetup(); - - const viewResultsAndClose = useCallback(() => { - viewResults(); - onClose(); - }, [viewResults, onClose]); - - const steps = useMemo( - () => [ - createInitialConfigurationStep({ - setStartTime, - setEndTime, - startTime, - endTime, - isValidating, - validatedIndices, - setupStatus, - setValidatedIndices, - validationErrors, - }), - createProcessStep({ - cleanUpAndSetUp, - errorMessages: lastSetupErrorMessages, - isConfigurationValid: validationErrors.length <= 0 && !isValidating, - setUp, - setupStatus, - viewResults: viewResultsAndClose, - }), - ], - [ - cleanUpAndSetUp, - endTime, - isValidating, - lastSetupErrorMessages, - setEndTime, - setStartTime, - setUp, - setValidatedIndices, - setupStatus, - startTime, - validatedIndices, - validationErrors, - viewResultsAndClose, - ] - ); - - if (!isOpen) { - return null; - } - return ( - - - -

    - -

    -     -     - - -

    - -

    -     - - - - - -     -     - ); -}; diff --git a/x-pack/plugins/infra/server/infra_server.ts b/x-pack/plugins/infra/server/infra_server.ts index 206fffdd2e188..1d89b7be43296 100644 --- a/x-pack/plugins/infra/server/infra_server.ts +++ b/x-pack/plugins/infra/server/infra_server.ts @@ -13,6 +13,7 @@ import { InfraBackendLibs } from './lib/infra_types'; import { initGetLogEntryCategoriesRoute, initGetLogEntryCategoryDatasetsRoute, + initGetLogEntryCategoryDatasetsStatsRoute, initGetLogEntryCategoryExamplesRoute, initGetLogEntryRateRoute, initGetLogEntryExamplesRoute, @@ -54,6 +55,7 @@ export const initInfraServer = (libs: InfraBackendLibs) => { initIpToHostName(libs); initGetLogEntryCategoriesRoute(libs); initGetLogEntryCategoryDatasetsRoute(libs); + initGetLogEntryCategoryDatasetsStatsRoute(libs); initGetLogEntryCategoryExamplesRoute(libs); initGetLogEntryRateRoute(libs); initGetLogEntryAnomaliesRoute(libs); diff --git a/x-pack/plugins/infra/server/lib/log_analysis/common.ts b/x-pack/plugins/infra/server/lib/log_analysis/common.ts index 4d2be94c7cd62..7e4a714a47d1f 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/common.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/common.ts @@ -36,7 +36,7 @@ export async function fetchMlJob(mlAnomalyDetectors: MlAnomalyDetectors, jobId: }; } -const COMPOSITE_AGGREGATION_BATCH_SIZE = 1000; +export const COMPOSITE_AGGREGATION_BATCH_SIZE = 1000; // Finds datasets related to ML job ids export async function getLogEntryDatasets( diff --git a/x-pack/plugins/infra/server/lib/log_analysis/index.ts b/x-pack/plugins/infra/server/lib/log_analysis/index.ts index c9a176be0a28f..bb571a8edf39b 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/index.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/index.ts @@ -6,5 +6,6 @@ export * from './errors'; export * from './log_entry_categories_analysis'; +export * from './log_entry_categories_datasets_stats'; export * from './log_entry_rate_analysis'; export * from './log_entry_anomalies'; diff --git a/x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_datasets_stats.ts b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_datasets_stats.ts new file mode 100644 index 0000000000000..ec5f3c88dff2a --- /dev/null +++ b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_categories_datasets_stats.ts @@ -0,0 +1,94 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { startTracingSpan } from '../../../common/performance_tracing'; +import { decodeOrThrow } from '../../../common/runtime_types'; +import type { MlAnomalyDetectors, MlSystem } from '../../types'; +import { COMPOSITE_AGGREGATION_BATCH_SIZE } from './common'; +import { + CompositeDatasetKey, + createLatestLogEntryCategoriesDatasetsStatsQuery, + latestLogEntryCategoriesDatasetsStatsResponseRT, + LogEntryCategoryDatasetStatsBucket, +} from './queries/latest_log_entry_categories_datasets_stats'; + +export async function getLatestLogEntriesCategoriesDatasetsStats( + context: { + infra: { + mlAnomalyDetectors: MlAnomalyDetectors; + mlSystem: MlSystem; + }; + }, + jobIds: string[], + startTime: number, + endTime: number, + includeCategorizerStatuses: Array<'ok' | 'warn'> = [] +) { + const finalizeLogEntryCategoriesDatasetsStats = startTracingSpan('get categories datasets stats'); + + let latestLogEntryCategoriesDatasetsStatsBuckets: LogEntryCategoryDatasetStatsBucket[] = []; + let afterLatestBatchKey: CompositeDatasetKey | undefined; + + while (true) { + const latestLogEntryCategoriesDatasetsStatsResponse = await context.infra.mlSystem.mlAnomalySearch( + createLatestLogEntryCategoriesDatasetsStatsQuery( + jobIds, + startTime, + endTime, + COMPOSITE_AGGREGATION_BATCH_SIZE, + afterLatestBatchKey + ) + ); + + const { after_key: afterKey, buckets: latestBatchBuckets = [] } = + decodeOrThrow(latestLogEntryCategoriesDatasetsStatsResponseRT)( + latestLogEntryCategoriesDatasetsStatsResponse + ).aggregations?.dataset_composite_terms ?? {}; + + const latestIncludedBatchBuckets = + includeCategorizerStatuses.length > 0 + ? latestBatchBuckets.filter((bucket) => + bucket.categorizer_stats_top_hits.hits.hits.some((hit) => + includeCategorizerStatuses.includes(hit._source.categorization_status) + ) + ) + : latestBatchBuckets; + + latestLogEntryCategoriesDatasetsStatsBuckets = [ + ...latestLogEntryCategoriesDatasetsStatsBuckets, + ...latestIncludedBatchBuckets, + ]; + + afterLatestBatchKey = afterKey; + if (afterKey == null || latestBatchBuckets.length < COMPOSITE_AGGREGATION_BATCH_SIZE) { + break; + } + } + + const logEntryCategoriesDatasetsStatsSpan = finalizeLogEntryCategoriesDatasetsStats(); + + return { + data: latestLogEntryCategoriesDatasetsStatsBuckets.map((bucket) => { + const latestHitSource = bucket.categorizer_stats_top_hits.hits.hits[0]._source; + + return { + categorization_status: latestHitSource.categorization_status, + categorized_doc_count: latestHitSource.categorized_doc_count, + dataset: bucket.key.dataset ?? '', + dead_category_count: latestHitSource.dead_category_count, + failed_category_count: latestHitSource.failed_category_count, + frequent_category_count: latestHitSource.frequent_category_count, + job_id: latestHitSource.job_id, + log_time: latestHitSource.log_time, + rare_category_count: latestHitSource.rare_category_count, + total_category_count: latestHitSource.total_category_count, + }; + }), + timing: { + spans: [logEntryCategoriesDatasetsStatsSpan], + }, + }; +} diff --git a/x-pack/plugins/infra/server/lib/log_analysis/queries/common.ts b/x-pack/plugins/infra/server/lib/log_analysis/queries/common.ts index 63e39ef022392..bb1a1969e99eb 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/queries/common.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/queries/common.ts @@ -40,7 +40,20 @@ export const createTimeRangeFilters = (startTime: number, endTime: number) => [ }, ]; -export const createResultTypeFilters = (resultTypes: Array<'model_plot' | 'record'>) => [ +export const createLogTimeRangeFilters = (startTime: number, endTime: number) => [ + { + range: { + log_time: { + gte: startTime, + lte: endTime, + }, + }, + }, +]; + +export const createResultTypeFilters = ( + resultTypes: Array<'categorizer_stats' | 'model_plot' | 'record'> +) => [ { terms: { result_type: resultTypes, diff --git a/x-pack/plugins/infra/server/lib/log_analysis/queries/latest_log_entry_categories_datasets_stats.ts b/x-pack/plugins/infra/server/lib/log_analysis/queries/latest_log_entry_categories_datasets_stats.ts new file mode 100644 index 0000000000000..b9224e8125a48 --- /dev/null +++ b/x-pack/plugins/infra/server/lib/log_analysis/queries/latest_log_entry_categories_datasets_stats.ts @@ -0,0 +1,133 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import * as rt from 'io-ts'; +import { commonSearchSuccessResponseFieldsRT } from '../../../utils/elasticsearch_runtime_types'; +import { + createJobIdsFilters, + createResultTypeFilters, + defaultRequestParameters, + createLogTimeRangeFilters, +} from './common'; + +export const createLatestLogEntryCategoriesDatasetsStatsQuery = ( + logEntryCategoriesJobIds: string[], + startTime: number, + endTime: number, + size: number, + afterKey?: CompositeDatasetKey +) => ({ + ...defaultRequestParameters, + body: { + query: { + bool: { + filter: [ + ...createJobIdsFilters(logEntryCategoriesJobIds), + ...createResultTypeFilters(['categorizer_stats']), + ...createLogTimeRangeFilters(startTime, endTime), + ], + }, + }, + aggregations: { + dataset_composite_terms: { + composite: { + after: afterKey, + size, + sources: [ + { + dataset: { + terms: { + field: 'partition_field_value', + missing_bucket: true, + }, + }, + }, + ], + }, + aggs: { + categorizer_stats_top_hits: { + top_hits: { + size: 1, + sort: [ + { + log_time: 'desc', + }, + ], + _source: [ + 'categorization_status', + 'categorized_doc_count', + 'dead_category_count', + 'failed_category_count', + 'frequent_category_count', + 'job_id', + 'log_time', + 'rare_category_count', + 'total_category_count', + ], + }, + }, + }, + }, + }, + }, + size: 0, +}); + +export const logEntryCategoryStatusRT = rt.keyof({ + ok: null, + warn: null, +}); + +export const logEntryCategorizerStatsHitRT = rt.type({ + _source: rt.type({ + categorization_status: logEntryCategoryStatusRT, + categorized_doc_count: rt.number, + dead_category_count: rt.number, + failed_category_count: rt.number, + frequent_category_count: rt.number, + job_id: rt.string, + log_time: rt.number, + rare_category_count: rt.number, + total_category_count: rt.number, + }), +}); + +export type LogEntryCategorizerStatsHit = rt.TypeOf; + +const compositeDatasetKeyRT = rt.type({ + dataset: rt.union([rt.string, rt.null]), +}); + +export type CompositeDatasetKey = rt.TypeOf; + +const logEntryCategoryDatasetStatsBucketRT = rt.type({ + key: compositeDatasetKeyRT, + categorizer_stats_top_hits: rt.type({ + hits: rt.type({ + hits: rt.array(logEntryCategorizerStatsHitRT), + }), + }), +}); + +export type LogEntryCategoryDatasetStatsBucket = rt.TypeOf< + typeof logEntryCategoryDatasetStatsBucketRT +>; + +export const latestLogEntryCategoriesDatasetsStatsResponseRT = rt.intersection([ + commonSearchSuccessResponseFieldsRT, + rt.partial({ + aggregations: rt.type({ + dataset_composite_terms: rt.type({ + after_key: compositeDatasetKeyRT, + buckets: rt.array(logEntryCategoryDatasetStatsBucketRT), + }), + }), + }), +]); + +export type LatestLogEntryCategoriesDatasetsStatsResponse = rt.TypeOf< + typeof latestLogEntryCategoriesDatasetsStatsResponseRT +>; diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/index.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/index.ts index a01042616a872..e696477253823 100644 --- a/x-pack/plugins/infra/server/routes/log_analysis/results/index.ts +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/index.ts @@ -6,6 +6,7 @@ export * from './log_entry_categories'; export * from './log_entry_category_datasets'; +export * from './log_entry_category_datasets_stats'; export * from './log_entry_category_examples'; export * from './log_entry_rate'; export * from './log_entry_examples'; diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets_stats.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets_stats.ts new file mode 100644 index 0000000000000..8414fc2062ae9 --- /dev/null +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets_stats.ts @@ -0,0 +1,79 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import Boom from 'boom'; +import { + getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT, + getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT, + LOG_ANALYSIS_GET_LATEST_LOG_ENTRY_CATEGORY_DATASETS_STATS_PATH, +} from '../../../../common/http_api/log_analysis'; +import { createValidationFunction } from '../../../../common/runtime_types'; +import type { InfraBackendLibs } from '../../../lib/infra_types'; +import { getLatestLogEntriesCategoriesDatasetsStats } from '../../../lib/log_analysis'; +import { isMlPrivilegesError } from '../../../lib/log_analysis/errors'; +import { assertHasInfraMlPlugins } from '../../../utils/request_context'; + +export const initGetLogEntryCategoryDatasetsStatsRoute = ({ framework }: InfraBackendLibs) => { + framework.registerRoute( + { + method: 'post', + path: LOG_ANALYSIS_GET_LATEST_LOG_ENTRY_CATEGORY_DATASETS_STATS_PATH, + validate: { + body: createValidationFunction(getLatestLogEntryCategoryDatasetsStatsRequestPayloadRT), + }, + }, + framework.router.handleLegacyErrors(async (requestContext, request, response) => { + const { + data: { + jobIds, + timeRange: { startTime, endTime }, + includeCategorizerStatuses, + }, + } = request.body; + + try { + assertHasInfraMlPlugins(requestContext); + + const { data: datasetStats, timing } = await getLatestLogEntriesCategoriesDatasetsStats( + requestContext, + jobIds, + startTime, + endTime, + includeCategorizerStatuses + ); + + return response.ok({ + body: getLatestLogEntryCategoryDatasetsStatsSuccessResponsePayloadRT.encode({ + data: { + datasetStats, + }, + timing, + }), + }); + } catch (error) { + if (Boom.isBoom(error)) { + throw error; + } + + if (isMlPrivilegesError(error)) { + return response.customError({ + statusCode: 403, + body: { + message: error.message, + }, + }); + } + + return response.customError({ + statusCode: error.statusCode ?? 500, + body: { + message: error.message ?? 'An unexpected error occurred', + }, + }); + } + }) + ); +}; diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json index b4fb242f16522..40c47352371d4 100644 --- a/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json +++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/logs_ui_categories/ml/log_entry_categories_count.json @@ -14,7 +14,11 @@ "use_null": true } ], - "influencers": ["event.dataset", "mlcategory"] + "influencers": ["event.dataset", "mlcategory"], + "per_partition_categorization": { + "enabled": true, + "stop_on_warn": false + } }, "analysis_limits": { "model_memory_limit": "100mb", @@ -29,6 +33,6 @@ }, "custom_settings": { "created_by": "ml-module-logs-ui-categories", - "job_revision": 0 + "job_revision": 1 } } diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index d395b635fed2b..42e695788448f 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -8486,9 +8486,6 @@ "xpack.infra.logs.search.searchInLogsAriaLabel": "検索", "xpack.infra.logs.search.searchInLogsPlaceholder": "検索", "xpack.infra.logs.searchResultTooltip": "{bucketCount, plural, one {# 件のハイライトされたエントリー} other {# 件のハイライトされたエントリー}}", - "xpack.infra.logs.setupFlyout.logCategoriesDescription": "機械学習を使用して、ログメッセージを自動的に分類します。", - "xpack.infra.logs.setupFlyout.logCategoriesTitle": "ログカテゴリー", - "xpack.infra.logs.setupFlyout.setupFlyoutTitle": "機械学習を使用した異常検知", "xpack.infra.logs.showingEntriesFromTimestamp": "{timestamp} 以降のエントリーを表示中", "xpack.infra.logs.showingEntriesUntilTimestamp": "{timestamp} までのエントリーを表示中", "xpack.infra.logs.startStreamingButtonLabel": "ライブストリーム", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index f9c18bcf4e51f..394acbf65d1b5 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -8491,9 +8491,6 @@ "xpack.infra.logs.search.searchInLogsAriaLabel": "搜索", "xpack.infra.logs.search.searchInLogsPlaceholder": "搜索", "xpack.infra.logs.searchResultTooltip": "{bucketCount, plural, one {# 个高亮条目} other {# 个高亮条目}}", - "xpack.infra.logs.setupFlyout.logCategoriesDescription": "使用 Machine Learning 自动归类日志消息。", - "xpack.infra.logs.setupFlyout.logCategoriesTitle": "日志类别", - "xpack.infra.logs.setupFlyout.setupFlyoutTitle": "通过 Machine Learning 检测异常", "xpack.infra.logs.showingEntriesFromTimestamp": "正在显示自 {timestamp} 起的条目", "xpack.infra.logs.showingEntriesUntilTimestamp": "正在显示截止于 {timestamp} 的条目", "xpack.infra.logs.startStreamingButtonLabel": "实时流式传输", From 8ba60a400498ed83832625456d0cfee19f4c55c3 Mon Sep 17 00:00:00 2001 From: Mikhail Shustov Date: Thu, 24 Sep 2020 18:15:15 +0300 Subject: [PATCH 032/120] bump query-string version to remove manual type definitions (#78143) * bump query-string version to remove manual type definitions * remove manual type declaration * fix cypress tests * add ) --- package.json | 2 +- packages/kbn-std/src/index.ts | 2 +- packages/kbn-std/src/url.ts | 6 +-- src/core/typings.ts | 28 ----------- .../public/url_utils/url_helper.test.ts | 9 ++-- .../dashboard/public/url_utils/url_helper.ts | 8 ++-- test/typings/query_string.d.ts | 46 ------------------- typings/query_string.d.ts | 46 ------------------- x-pack/package.json | 2 +- .../pages/link_to/redirect_to_logs.test.tsx | 4 +- .../plugins/infra/public/utils/url_state.tsx | 18 ++++---- .../infra/public/utils/use_url_state.ts | 19 ++++---- .../integration/ml_conditional_links.spec.ts | 26 +++++------ .../common/components/url_state/helpers.ts | 18 ++++---- .../hooks/__tests__/use_url_params.test.tsx | 2 +- x-pack/typings/query_string.d.ts | 33 ------------- yarn.lock | 33 ++++++++++--- 17 files changed, 81 insertions(+), 221 deletions(-) delete mode 100644 test/typings/query_string.d.ts delete mode 100644 typings/query_string.d.ts delete mode 100644 x-pack/typings/query_string.d.ts diff --git a/package.json b/package.json index 7102112a29b4f..6703b688b19fd 100644 --- a/package.json +++ b/package.json @@ -195,7 +195,7 @@ "p-map": "^4.0.0", "pegjs": "0.10.0", "proxy-from-env": "1.0.0", - "query-string": "5.1.1", + "query-string": "^6.13.2", "re2": "^1.15.4", "react": "^16.12.0", "react-color": "^2.13.8", diff --git a/packages/kbn-std/src/index.ts b/packages/kbn-std/src/index.ts index 8cffcd43d7537..7cf70a0e28e2c 100644 --- a/packages/kbn-std/src/index.ts +++ b/packages/kbn-std/src/index.ts @@ -24,6 +24,6 @@ export { mapToObject } from './map_to_object'; export { merge } from './merge'; export { pick } from './pick'; export { withTimeout } from './promise'; -export { isRelativeUrl, modifyUrl, URLMeaningfulParts, ParsedQuery } from './url'; +export { isRelativeUrl, modifyUrl, URLMeaningfulParts } from './url'; export { unset } from './unset'; export { getFlattenedObject } from './get_flattened_object'; diff --git a/packages/kbn-std/src/url.ts b/packages/kbn-std/src/url.ts index 7a0f08130816d..edcdebbd2bc81 100644 --- a/packages/kbn-std/src/url.ts +++ b/packages/kbn-std/src/url.ts @@ -18,11 +18,7 @@ */ import { format as formatUrl, parse as parseUrl, UrlObject } from 'url'; - -// duplicate type from 'query-string' to avoid adding the d.ts file to all packages depending on kbn-std -export interface ParsedQuery { - [key: string]: T | T[] | null | undefined; -} +import type { ParsedQuery } from 'query-string'; /** * We define our own typings because the current version of @types/node diff --git a/src/core/typings.ts b/src/core/typings.ts index a84e1c01d2bd2..f271d0b03e0d3 100644 --- a/src/core/typings.ts +++ b/src/core/typings.ts @@ -17,34 +17,6 @@ * under the License. */ -declare module 'query-string' { - type ArrayFormat = 'bracket' | 'index' | 'none'; - - export interface ParseOptions { - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export interface ParsedQuery { - [key: string]: T | T[] | null | undefined; - } - - export function parse(str: string, options?: ParseOptions): ParsedQuery; - - export function parseUrl(str: string, options?: ParseOptions): { url: string; query: any }; - - export interface StringifyOptions { - strict?: boolean; - encode?: boolean; - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export function stringify(obj: object, options?: StringifyOptions): string; - - export function extract(str: string): string; -} - type DeeplyMockedKeys = { [P in keyof T]: T[P] extends (...args: any[]) => any ? jest.MockInstance, Parameters> diff --git a/src/plugins/dashboard/public/url_utils/url_helper.test.ts b/src/plugins/dashboard/public/url_utils/url_helper.test.ts index 28d4ab032c33d..d2210e7380667 100644 --- a/src/plugins/dashboard/public/url_utils/url_helper.test.ts +++ b/src/plugins/dashboard/public/url_utils/url_helper.test.ts @@ -24,16 +24,17 @@ describe('', () => { const id = '123eb456cd'; const url = "/pep/app/dashboards#/create?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))&_a=(description:'',filters:!())"; - expect(addEmbeddableToDashboardUrl(url, id, 'visualization')).toEqual( - `/pep/app/dashboards#/create?_a=%28description%3A%27%27%2Cfilters%3A%21%28%29%29&_g=%28refreshInterval%3A%28pause%3A%21t%2Cvalue%3A0%29%2Ctime%3A%28from%3Anow-15m%2Cto%3Anow%29%29&addEmbeddableId=${id}&addEmbeddableType=visualization` + + expect(addEmbeddableToDashboardUrl(url, id, 'visualization')).toBe( + '/pep/app/dashboards?addEmbeddableId=123eb456cd&addEmbeddableType=visualization#%2Fcreate%3F_g%3D%28refreshInterval%3A%28pause%3A%21t%2Cvalue%3A0%29%2Ctime%3A%28from%3Anow-15m%2Cto%3Anow%29%29%26_a%3D%28description%3A%27%27%2Cfilters%3A%21%28%29%29' ); }); it('addEmbeddableToDashboardUrl when dashboard is saved', () => { const id = '123eb456cd'; const url = "/pep/app/dashboards#/view/9b780cd0-3dd3-11e8-b2b9-5d5dc1715159?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))&_a=(description:'',filters:!())"; - expect(addEmbeddableToDashboardUrl(url, id, 'visualization')).toEqual( - `/pep/app/dashboards#/view/9b780cd0-3dd3-11e8-b2b9-5d5dc1715159?_a=%28description%3A%27%27%2Cfilters%3A%21%28%29%29&_g=%28refreshInterval%3A%28pause%3A%21t%2Cvalue%3A0%29%2Ctime%3A%28from%3Anow-15m%2Cto%3Anow%29%29&addEmbeddableId=${id}&addEmbeddableType=visualization` + expect(addEmbeddableToDashboardUrl(url, id, 'visualization')).toBe( + '/pep/app/dashboards?addEmbeddableId=123eb456cd&addEmbeddableType=visualization#%2Fview%2F9b780cd0-3dd3-11e8-b2b9-5d5dc1715159%3F_g%3D%28refreshInterval%3A%28pause%3A%21t%2Cvalue%3A0%29%2Ctime%3A%28from%3Anow-15m%2Cto%3Anow%29%29%26_a%3D%28description%3A%27%27%2Cfilters%3A%21%28%29%29' ); }); }); diff --git a/src/plugins/dashboard/public/url_utils/url_helper.ts b/src/plugins/dashboard/public/url_utils/url_helper.ts index 61737e81cf24d..1f4706f0b8a4d 100644 --- a/src/plugins/dashboard/public/url_utils/url_helper.ts +++ b/src/plugins/dashboard/public/url_utils/url_helper.ts @@ -17,7 +17,7 @@ * under the License. */ -import { parseUrl, stringify } from 'query-string'; +import { parseUrl, stringifyUrl } from 'query-string'; import { DashboardConstants } from '../index'; /** * @@ -34,12 +34,14 @@ export function addEmbeddableToDashboardUrl( embeddableId: string, embeddableType: string ) { - const { url, query } = parseUrl(dashboardUrl); + const { url, query, fragmentIdentifier } = parseUrl(dashboardUrl, { + parseFragmentIdentifier: true, + }); if (embeddableId) { query[DashboardConstants.ADD_EMBEDDABLE_TYPE] = embeddableType; query[DashboardConstants.ADD_EMBEDDABLE_ID] = embeddableId; } - return `${url}?${stringify(query)}`; + return stringifyUrl({ url, query, fragmentIdentifier }); } diff --git a/test/typings/query_string.d.ts b/test/typings/query_string.d.ts deleted file mode 100644 index 3e4a8fa4da6a0..0000000000000 --- a/test/typings/query_string.d.ts +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -declare module 'query-string' { - type ArrayFormat = 'bracket' | 'index' | 'none'; - - export interface ParseOptions { - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export interface ParsedQuery { - [key: string]: T | T[] | null | undefined; - } - - export function parse(str: string, options?: ParseOptions): ParsedQuery; - - export function parseUrl(str: string, options?: ParseOptions): { url: string; query: any }; - - export interface StringifyOptions { - strict?: boolean; - encode?: boolean; - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export function stringify(obj: object, options?: StringifyOptions): string; - - export function extract(str: string): string; -} diff --git a/typings/query_string.d.ts b/typings/query_string.d.ts deleted file mode 100644 index 3e4a8fa4da6a0..0000000000000 --- a/typings/query_string.d.ts +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -declare module 'query-string' { - type ArrayFormat = 'bracket' | 'index' | 'none'; - - export interface ParseOptions { - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export interface ParsedQuery { - [key: string]: T | T[] | null | undefined; - } - - export function parse(str: string, options?: ParseOptions): ParsedQuery; - - export function parseUrl(str: string, options?: ParseOptions): { url: string; query: any }; - - export interface StringifyOptions { - strict?: boolean; - encode?: boolean; - arrayFormat?: ArrayFormat; - sort: ((itemLeft: string, itemRight: string) => number) | false; - } - - export function stringify(obj: object, options?: StringifyOptions): string; - - export function extract(str: string): string; -} diff --git a/x-pack/package.json b/x-pack/package.json index 806b4cd5e2ee8..3702e1a49cbe5 100644 --- a/x-pack/package.json +++ b/x-pack/package.json @@ -361,7 +361,7 @@ "proper-lockfile": "^3.2.0", "puid": "1.0.7", "puppeteer-core": "^1.19.0", - "query-string": "5.1.1", + "query-string": "^6.13.2", "raw-loader": "3.1.0", "react": "^16.12.0", "react-datetime": "^2.14.0", diff --git a/x-pack/plugins/infra/public/pages/link_to/redirect_to_logs.test.tsx b/x-pack/plugins/infra/public/pages/link_to/redirect_to_logs.test.tsx index 0556955e47f66..e1b294c8383e3 100644 --- a/x-pack/plugins/infra/public/pages/link_to/redirect_to_logs.test.tsx +++ b/x-pack/plugins/infra/public/pages/link_to/redirect_to_logs.test.tsx @@ -19,7 +19,7 @@ describe('RedirectToLogs component', () => { expect(component).toMatchInlineSnapshot(` `); }); @@ -33,7 +33,7 @@ describe('RedirectToLogs component', () => { expect(component).toMatchInlineSnapshot(` `); }); diff --git a/x-pack/plugins/infra/public/utils/url_state.tsx b/x-pack/plugins/infra/public/utils/url_state.tsx index bf4cfbaf05965..5abd35afb7525 100644 --- a/x-pack/plugins/infra/public/utils/url_state.tsx +++ b/x-pack/plugins/infra/public/utils/url_state.tsx @@ -156,16 +156,14 @@ export const replaceStateKeyInQueryString = ( urlState: UrlState | undefined ) => (queryString: string) => { const previousQueryValues = parse(queryString, { sort: false }); - const encodedUrlState = - typeof urlState !== 'undefined' ? encodeRisonUrlState(urlState) : undefined; - - return stringify( - url.encodeQuery({ - ...previousQueryValues, - [stateKey]: encodedUrlState, - }), - { sort: false, encode: false } - ); + const newValue = + typeof urlState === 'undefined' + ? previousQueryValues + : { + ...previousQueryValues, + [stateKey]: encodeRisonUrlState(urlState), + }; + return stringify(url.encodeQuery(newValue), { sort: false, encode: false }); }; const replaceQueryStringInLocation = (location: Location, queryString: string): Location => { diff --git a/x-pack/plugins/infra/public/utils/use_url_state.ts b/x-pack/plugins/infra/public/utils/use_url_state.ts index ab0ca1311194f..dd1cc9aeef9e4 100644 --- a/x-pack/plugins/infra/public/utils/use_url_state.ts +++ b/x-pack/plugins/infra/public/utils/use_url_state.ts @@ -111,16 +111,15 @@ export const replaceStateKeyInQueryString = ( urlState: UrlState | undefined ) => (queryString: string) => { const previousQueryValues = parse(queryString, { sort: false }); - const encodedUrlState = - typeof urlState !== 'undefined' ? encodeRisonUrlState(urlState) : undefined; - - return stringify( - url.encodeQuery({ - ...previousQueryValues, - [stateKey]: encodedUrlState, - }), - { sort: false, encode: false } - ); + const newValue = + typeof urlState === 'undefined' + ? previousQueryValues + : { + ...previousQueryValues, + [stateKey]: encodeRisonUrlState(urlState), + }; + + return stringify(url.encodeQuery(newValue), { sort: false, encode: false }); }; const replaceQueryStringInLocation = (location: Location, queryString: string): Location => { diff --git a/x-pack/plugins/security_solution/cypress/integration/ml_conditional_links.spec.ts b/x-pack/plugins/security_solution/cypress/integration/ml_conditional_links.spec.ts index 06a8d3a79c3cd..7bdc461a7c73d 100644 --- a/x-pack/plugins/security_solution/cypress/integration/ml_conditional_links.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/ml_conditional_links.spec.ts @@ -94,7 +94,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkSingleIpNullKqlQuery); cy.url().should( 'include', - '/app/security/network/ip/127.0.0.1/source?sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))' + 'app/security/network/ip/127.0.0.1/source?timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -102,7 +102,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkSingleIpKqlQuery); cy.url().should( 'include', - '/app/security/network/ip/127.0.0.1/source?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))' + '/app/security/network/ip/127.0.0.1/source?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -110,7 +110,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkMultipleIpNullKqlQuery); cy.url().should( 'include', - 'app/security/network/flows?query=(language:kuery,query:%27((source.ip:%20%22127.0.0.1%22%20or%20destination.ip:%20%22127.0.0.1%22)%20or%20(source.ip:%20%22127.0.0.2%22%20or%20destination.ip:%20%22127.0.0.2%22))%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27))' + 'app/security/network/flows?query=(language:kuery,query:%27((source.ip:%20%22127.0.0.1%22%20or%20destination.ip:%20%22127.0.0.1%22)%20or%20(source.ip:%20%22127.0.0.2%22%20or%20destination.ip:%20%22127.0.0.2%22))%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -118,7 +118,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkMultipleIpKqlQuery); cy.url().should( 'include', - '/app/security/network/flows?query=(language:kuery,query:%27((source.ip:%20%22127.0.0.1%22%20or%20destination.ip:%20%22127.0.0.1%22)%20or%20(source.ip:%20%22127.0.0.2%22%20or%20destination.ip:%20%22127.0.0.2%22))%20and%20((process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22))%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))' + '/app/security/network/flows?query=(language:kuery,query:%27((source.ip:%20%22127.0.0.1%22%20or%20destination.ip:%20%22127.0.0.1%22)%20or%20(source.ip:%20%22127.0.0.2%22%20or%20destination.ip:%20%22127.0.0.2%22))%20and%20((process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22))%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -126,7 +126,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkNullKqlQuery); cy.url().should( 'include', - '/app/security/network/flows?sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))' + '/app/security/network/flows?timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -134,7 +134,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlNetworkKqlQuery); cy.url().should( 'include', - '/app/security/network/flows?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))' + '/app/security/network/flows?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-08-28T11:00:00.000Z%27,kind:absolute,to:%272019-08-28T13:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -142,7 +142,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostSingleHostNullKqlQuery); cy.url().should( 'include', - '/app/security/hosts/siem-windows/anomalies?sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/siem-windows/anomalies?timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -150,7 +150,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostSingleHostKqlQueryVariable); cy.url().should( 'include', - '/app/security/hosts/siem-windows/anomalies?sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/siem-windows/anomalies?timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -158,7 +158,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostSingleHostKqlQuery); cy.url().should( 'include', - '/app/security/hosts/siem-windows/anomalies?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/siem-windows/anomalies?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -166,7 +166,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostMultiHostNullKqlQuery); cy.url().should( 'include', - '/app/security/hosts/anomalies?query=(language:kuery,query:%27(host.name:%20%22siem-windows%22%20or%20host.name:%20%22siem-suricata%22)%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/anomalies?query=(language:kuery,query:%27(host.name:%20%22siem-windows%22%20or%20host.name:%20%22siem-suricata%22)%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -174,7 +174,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostMultiHostKqlQuery); cy.url().should( 'include', - '/app/security/hosts/anomalies?query=(language:kuery,query:%27(host.name:%20%22siem-windows%22%20or%20host.name:%20%22siem-suricata%22)%20and%20((process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22))%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/anomalies?query=(language:kuery,query:%27(host.name:%20%22siem-windows%22%20or%20host.name:%20%22siem-suricata%22)%20and%20((process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22))%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -182,7 +182,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostVariableHostNullKqlQuery); cy.url().should( 'include', - '/app/security/hosts/anomalies?sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/anomalies?timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); @@ -190,7 +190,7 @@ describe('ml conditional links', () => { loginAndWaitForPageWithoutDateRange(mlHostVariableHostKqlQuery); cy.url().should( 'include', - '/app/security/hosts/anomalies?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&sourcerer=(default:!(%27auditbeat-*%27))&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))' + '/app/security/hosts/anomalies?query=(language:kuery,query:%27(process.name:%20%22conhost.exe%22%20or%20process.name:%20%22sc.exe%22)%27)&timerange=(global:(linkTo:!(timeline),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)),timeline:(linkTo:!(global),timerange:(from:%272019-06-06T06:00:00.000Z%27,kind:absolute,to:%272019-06-07T05:59:59.999Z%27)))&sourcerer=(default:!(%27auditbeat-*%27))' ); }); }); diff --git a/x-pack/plugins/security_solution/public/common/components/url_state/helpers.ts b/x-pack/plugins/security_solution/public/common/components/url_state/helpers.ts index a915b1c9d09a7..05000f91f094c 100644 --- a/x-pack/plugins/security_solution/public/common/components/url_state/helpers.ts +++ b/x-pack/plugins/security_solution/public/common/components/url_state/helpers.ts @@ -60,16 +60,14 @@ export const replaceStateKeyInQueryString = (stateKey: string, urlState: T) = // ಠ_ಠ Code was copied from x-pack/legacy/plugins/infra/public/utils/url_state.tsx ಠ_ಠ // Remove this if these utilities are promoted to kibana core - const encodedUrlState = - typeof urlState !== 'undefined' ? encodeRisonUrlState(urlState) : undefined; - - return stringify( - url.encodeQuery({ - ...previousQueryValues, - [stateKey]: encodedUrlState, - }), - { sort: false, encode: false } - ); + const newValue = + typeof urlState === 'undefined' + ? previousQueryValues + : { + ...previousQueryValues, + [stateKey]: encodeRisonUrlState(urlState), + }; + return stringify(url.encodeQuery(newValue), { sort: false, encode: false }); }; export const replaceQueryStringInLocation = ( diff --git a/x-pack/plugins/uptime/public/hooks/__tests__/use_url_params.test.tsx b/x-pack/plugins/uptime/public/hooks/__tests__/use_url_params.test.tsx index af5c113a02834..b7efb9bfe2aec 100644 --- a/x-pack/plugins/uptime/public/hooks/__tests__/use_url_params.test.tsx +++ b/x-pack/plugins/uptime/public/hooks/__tests__/use_url_params.test.tsx @@ -121,7 +121,7 @@ describe('useUrlParams', () => { expect(history.push).toHaveBeenCalledWith({ pathname: '/', - search: 'dateRangeEnd=now&dateRangeStart=now-12&g=%22%22', + search: 'g=%22%22&dateRangeStart=now-12&dateRangeEnd=now', }); }); }); diff --git a/x-pack/typings/query_string.d.ts b/x-pack/typings/query_string.d.ts deleted file mode 100644 index 88510bcbda81f..0000000000000 --- a/x-pack/typings/query_string.d.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -declare module 'query-string' { - type ArrayFormat = 'bracket' | 'index' | 'none'; - - export interface ParseOptions { - arrayFormat?: ArrayFormat; - sort?: ((itemLeft: string, itemRight: string) => number) | false; - } - - export interface ParsedQuery { - [key: string]: T | T[] | null | undefined; - } - - export function parse(str: string, options?: ParseOptions): ParsedQuery; - - export function parseUrl(str: string, options?: ParseOptions): { url: string; query: any }; - - export interface StringifyOptions { - strict?: boolean; - encode?: boolean; - arrayFormat?: ArrayFormat; - sort?: ((itemLeft: string, itemRight: string) => number) | false; - } - - export function stringify(obj: object, options?: StringifyOptions): string; - - export function extract(str: string): string; -} diff --git a/yarn.lock b/yarn.lock index afb302e17fd2c..06e735c5caf85 100644 --- a/yarn.lock +++ b/yarn.lock @@ -23251,7 +23251,15 @@ qs@^6.6.0: resolved "https://registry.yarnpkg.com/qs/-/qs-6.8.0.tgz#87b763f0d37ca54200334cd57bb2ef8f68a1d081" integrity sha512-tPSkj8y92PfZVbinY1n84i1Qdx75lZjMQYx9WZhnkofyxzw2r7Ho39G3/aEvSUdebxpnnM4LZJCtvE/Aq3+s9w== -query-string@5.1.1, query-string@^5.0.1: +query-string@^4.1.0, query-string@^4.2.2: + version "4.3.4" + resolved "https://registry.yarnpkg.com/query-string/-/query-string-4.3.4.tgz#bbb693b9ca915c232515b228b1a02b609043dbeb" + integrity sha1-u7aTucqRXCMlFbIosaArYJBD2+s= + dependencies: + object-assign "^4.1.0" + strict-uri-encode "^1.0.0" + +query-string@^5.0.1: version "5.1.1" resolved "https://registry.yarnpkg.com/query-string/-/query-string-5.1.1.tgz#a78c012b71c17e05f2e3fa2319dd330682efb3cb" integrity sha512-gjWOsm2SoGlgLEdAGt7a6slVOk9mGiXmPFMqrEhLQ68rhQuBnpfs3+EmlvqKyxnCo9/PPlF+9MtY02S1aFg+Jw== @@ -23260,13 +23268,14 @@ query-string@5.1.1, query-string@^5.0.1: object-assign "^4.1.0" strict-uri-encode "^1.0.0" -query-string@^4.1.0, query-string@^4.2.2: - version "4.3.4" - resolved "https://registry.yarnpkg.com/query-string/-/query-string-4.3.4.tgz#bbb693b9ca915c232515b228b1a02b609043dbeb" - integrity sha1-u7aTucqRXCMlFbIosaArYJBD2+s= +query-string@^6.13.2: + version "6.13.2" + resolved "https://registry.yarnpkg.com/query-string/-/query-string-6.13.2.tgz#3585aa9412c957cbd358fd5eaca7466f05586dda" + integrity sha512-BMmDaUiLDFU1hlM38jTFcRt7HYiGP/zt1sRzrIWm5zpeEuO1rkbPS0ELI3uehoLuuhHDCS8u8lhFN3fEN4JzPQ== dependencies: - object-assign "^4.1.0" - strict-uri-encode "^1.0.0" + decode-uri-component "^0.2.0" + split-on-first "^1.0.0" + strict-uri-encode "^2.0.0" querystring-es3@^0.2.0: version "0.2.1" @@ -26594,6 +26603,11 @@ spdy@^4.0.2: select-hose "^2.0.0" spdy-transport "^3.0.0" +split-on-first@^1.0.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/split-on-first/-/split-on-first-1.1.0.tgz#f610afeee3b12bce1d0c30425e76398b78249a5f" + integrity sha512-43ZssAJaMusuKWL8sKUBQXHWOpq8d6CfN/u1p4gUzfJkM05C8rxTmYrkIPTXapZpORA6LkkzcUulJ8FqA7Uudw== + split-string@^3.0.1, split-string@^3.0.2: version "3.1.0" resolved "https://registry.yarnpkg.com/split-string/-/split-string-3.1.0.tgz#7cb09dda3a86585705c64b39a6466038682e8fe2" @@ -26863,6 +26877,11 @@ strict-uri-encode@^1.0.0: resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz#279b225df1d582b1f54e65addd4352e18faa0713" integrity sha1-J5siXfHVgrH1TmWt3UNS4Y+qBxM= +strict-uri-encode@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-2.0.0.tgz#b9c7330c7042862f6b142dc274bbcc5866ce3546" + integrity sha1-ucczDHBChi9rFC3CdLvMWGbONUY= + string-length@^1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/string-length/-/string-length-1.0.1.tgz#56970fb1c38558e9e70b728bf3de269ac45adfac" From 38f517ae9f38f3548591ba070f21657f20144b22 Mon Sep 17 00:00:00 2001 From: Tim Sullivan Date: Thu, 24 Sep 2020 08:54:34 -0700 Subject: [PATCH 033/120] [Reporting] TS changes to reference an interface instead of class as the logger object (#78359) * [Reporting] TS changes to reference an interface instead of class, making functions more shareable * rename the interface * less flexible interface --- .../plugins/reporting/server/browsers/download/clean.ts | 4 ++-- .../reporting/server/browsers/download/download.ts | 4 ++-- .../server/browsers/download/ensure_downloaded.ts | 6 +++--- x-pack/plugins/reporting/server/browsers/install.ts | 4 ++-- x-pack/plugins/reporting/server/lib/level_logger.ts | 9 ++++++++- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/x-pack/plugins/reporting/server/browsers/download/clean.ts b/x-pack/plugins/reporting/server/browsers/download/clean.ts index 1a362be8568cd..3d840f445b76e 100644 --- a/x-pack/plugins/reporting/server/browsers/download/clean.ts +++ b/x-pack/plugins/reporting/server/browsers/download/clean.ts @@ -7,13 +7,13 @@ import del from 'del'; import { readdirSync } from 'fs'; import { resolve as resolvePath } from 'path'; -import { LevelLogger } from '../../lib'; +import { GenericLevelLogger } from '../../lib/level_logger'; import { asyncMap } from './util'; /** * Delete any file in the `dir` that is not in the expectedPaths */ -export async function clean(dir: string, expectedPaths: string[], logger: LevelLogger) { +export async function clean(dir: string, expectedPaths: string[], logger: GenericLevelLogger) { let filenames: string[]; try { filenames = await readdirSync(dir); diff --git a/x-pack/plugins/reporting/server/browsers/download/download.ts b/x-pack/plugins/reporting/server/browsers/download/download.ts index 30b50c32a7402..b4b303416facd 100644 --- a/x-pack/plugins/reporting/server/browsers/download/download.ts +++ b/x-pack/plugins/reporting/server/browsers/download/download.ts @@ -8,7 +8,7 @@ import Axios from 'axios'; import { createHash } from 'crypto'; import { closeSync, mkdirSync, openSync, writeSync } from 'fs'; import { dirname } from 'path'; -import { LevelLogger } from '../../lib'; +import { GenericLevelLogger } from '../../lib/level_logger'; /** * Download a url and calculate it's checksum @@ -16,7 +16,7 @@ import { LevelLogger } from '../../lib'; * @param {String} path * @return {Promise} checksum of the downloaded file */ -export async function download(url: string, path: string, logger: LevelLogger) { +export async function download(url: string, path: string, logger: GenericLevelLogger) { logger.info(`Downloading ${url} to ${path}`); const hash = createHash('md5'); diff --git a/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts b/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts index f56af15f5d76b..7c3cb7b1d76bb 100644 --- a/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts +++ b/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.ts @@ -7,7 +7,7 @@ import { existsSync } from 'fs'; import { resolve as resolvePath } from 'path'; import { BrowserDownload, chromium } from '../'; -import { LevelLogger } from '../../lib'; +import { GenericLevelLogger } from '../../lib/level_logger'; import { md5 } from './checksum'; import { clean } from './clean'; import { download } from './download'; @@ -18,7 +18,7 @@ import { asyncMap } from './util'; * download them if they are missing or their checksum is invalid * @return {Promise} */ -export async function ensureBrowserDownloaded(logger: LevelLogger) { +export async function ensureBrowserDownloaded(logger: GenericLevelLogger) { await ensureDownloaded([chromium], logger); } @@ -29,7 +29,7 @@ export async function ensureBrowserDownloaded(logger: LevelLogger) { * @param {BrowserSpec} browsers * @return {Promise} */ -async function ensureDownloaded(browsers: BrowserDownload[], logger: LevelLogger) { +async function ensureDownloaded(browsers: BrowserDownload[], logger: GenericLevelLogger) { await asyncMap(browsers, async (browser) => { const { archivesPath } = browser.paths; diff --git a/x-pack/plugins/reporting/server/browsers/install.ts b/x-pack/plugins/reporting/server/browsers/install.ts index 35cc5b6d8b7c2..350c988309a1f 100644 --- a/x-pack/plugins/reporting/server/browsers/install.ts +++ b/x-pack/plugins/reporting/server/browsers/install.ts @@ -8,7 +8,7 @@ import del from 'del'; import os from 'os'; import path from 'path'; import * as Rx from 'rxjs'; -import { LevelLogger } from '../lib'; +import { GenericLevelLogger } from '../lib/level_logger'; import { paths } from './chromium/paths'; import { ensureBrowserDownloaded } from './download'; // @ts-ignore @@ -46,7 +46,7 @@ export const getBinaryPath = ( * archive. If there is an error extracting the archive an `ExtractError` is thrown */ export function installBrowser( - logger: LevelLogger, + logger: GenericLevelLogger, chromiumPath: string = path.resolve(__dirname, '../../chromium'), platform: string = process.platform, architecture: string = os.arch() diff --git a/x-pack/plugins/reporting/server/lib/level_logger.ts b/x-pack/plugins/reporting/server/lib/level_logger.ts index d015d500363c1..9db5274a93db8 100644 --- a/x-pack/plugins/reporting/server/lib/level_logger.ts +++ b/x-pack/plugins/reporting/server/lib/level_logger.ts @@ -10,7 +10,14 @@ const trimStr = (toTrim: string) => { return typeof toTrim === 'string' ? toTrim.trim() : toTrim; }; -export class LevelLogger { +export interface GenericLevelLogger { + debug: (msg: string) => void; + info: (msg: string) => void; + warning: (msg: string) => void; + error: (msg: Error) => void; +} + +export class LevelLogger implements GenericLevelLogger { private _logger: LoggerFactory; private _tags: string[]; public warning: (msg: string, tags?: string[]) => void; From 0e1796acc5f4e41c9e51f5c6cda28a7f18139517 Mon Sep 17 00:00:00 2001 From: Liza Katz Date: Thu, 24 Sep 2020 18:59:27 +0300 Subject: [PATCH 034/120] [Search] Generic search request and response types (#78268) * Improve search types to support EQL strategy * doc * Update types.ts * update demo strategy Co-authored-by: Elastic Machine --- ...in-plugins-data-public.iessearchrequest.md | 3 +- ...ins-data-public.iessearchrequest.params.md | 11 ---- ...data-public.iessearchresponse.isrunning.md | 13 ----- ...n-plugins-data-public.iessearchresponse.md | 13 +---- ...ta-public.iessearchresponse.rawresponse.md | 11 ---- ...lugins-data-public.ikibanasearchrequest.md | 4 +- ...ata-public.ikibanasearchrequest.params.md} | 8 ++- ...public.ikibanasearchresponse.ispartial.md} | 4 +- ...-public.ikibanasearchresponse.isrunning.md | 13 +++++ ...ugins-data-public.ikibanasearchresponse.md | 5 +- ...ublic.ikibanasearchresponse.rawresponse.md | 11 ++++ ...-plugins-data-public.iscompleteresponse.md | 2 +- ...ugin-plugins-data-public.isearchgeneric.md | 2 +- ...gin-plugins-data-public.iserrorresponse.md | 2 +- ...n-plugins-data-public.ispartialresponse.md | 2 +- .../kibana-plugin-plugins-data-public.md | 2 +- ...ns-data-public.searchinterceptor.search.md | 4 +- ...in-plugins-data-server.iessearchrequest.md | 3 +- ...ins-data-server.iessearchrequest.params.md | 11 ---- ...data-server.iessearchresponse.ispartial.md | 13 ----- ...data-server.iessearchresponse.isrunning.md | 13 ----- ...n-plugins-data-server.iessearchresponse.md | 13 +---- ...ta-server.iessearchresponse.rawresponse.md | 11 ---- ...plugin-plugins-data-server.isearchsetup.md | 2 +- ...ver.isearchsetup.registersearchstrategy.md | 2 +- ...plugin-plugins-data-server.isearchstart.md | 4 +- ...plugins-data-server.isearchstart.search.md | 2 +- ...gin-plugins-data-server.isearchstrategy.md | 2 +- .../kibana-plugin-plugins-data-server.md | 2 +- .../search_examples/server/my_strategy.ts | 9 ++-- .../data/common/search/es_search/types.ts | 18 +------ .../data/common/search/es_search/utils.ts | 8 +-- src/plugins/data/common/search/index.ts | 1 - src/plugins/data/common/search/types.ts | 25 ++++++--- src/plugins/data/public/public.api.md | 34 ++++++------ .../data/public/search/search_interceptor.ts | 6 +-- .../data/server/search/routes/search.ts | 9 ++-- .../data/server/search/search_service.ts | 54 +++++++++++-------- src/plugins/data/server/search/types.ts | 18 +++---- src/plugins/data/server/server.api.md | 22 +++----- 40 files changed, 152 insertions(+), 240 deletions(-) delete mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md delete mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md delete mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md rename docs/development/plugins/data/public/{kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md => kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md} (61%) rename docs/development/plugins/data/public/{kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md => kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md} (50%) create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md create mode 100644 docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md delete mode 100644 docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md index fee34378339af..45cd088ee1203 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface IEsSearchRequest extends IKibanaSearchRequest +export interface IEsSearchRequest extends IKibanaSearchRequest ``` ## Properties @@ -15,5 +15,4 @@ export interface IEsSearchRequest extends IKibanaSearchRequest | Property | Type | Description | | --- | --- | --- | | [indexType](./kibana-plugin-plugins-data-public.iessearchrequest.indextype.md) | string | | -| [params](./kibana-plugin-plugins-data-public.iessearchrequest.params.md) | ISearchRequestParams | | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md deleted file mode 100644 index 24107faa28e8c..0000000000000 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchrequest.params.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchRequest](./kibana-plugin-plugins-data-public.iessearchrequest.md) > [params](./kibana-plugin-plugins-data-public.iessearchrequest.params.md) - -## IEsSearchRequest.params property - -Signature: - -```typescript -params?: ISearchRequestParams; -``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md deleted file mode 100644 index 56fb1a7519811..0000000000000 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md +++ /dev/null @@ -1,13 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) > [isRunning](./kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md) - -## IEsSearchResponse.isRunning property - -Indicates whether async search is still in flight - -Signature: - -```typescript -isRunning?: boolean; -``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md index 7c9a6aa702463..c8a372edbdb85 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.md @@ -2,19 +2,10 @@ [Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) -## IEsSearchResponse interface +## IEsSearchResponse type Signature: ```typescript -export interface IEsSearchResponse extends IKibanaSearchResponse +export declare type IEsSearchResponse = IKibanaSearchResponse>; ``` - -## Properties - -| Property | Type | Description | -| --- | --- | --- | -| [isPartial](./kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md) | boolean | Indicates whether the results returned are complete or partial | -| [isRunning](./kibana-plugin-plugins-data-public.iessearchresponse.isrunning.md) | boolean | Indicates whether async search is still in flight | -| [rawResponse](./kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md) | SearchResponse<Source> | | - diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md deleted file mode 100644 index f4648143ebc2e..0000000000000 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) > [rawResponse](./kibana-plugin-plugins-data-public.iessearchresponse.rawresponse.md) - -## IEsSearchResponse.rawResponse property - -Signature: - -```typescript -rawResponse: SearchResponse; -``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md index 57e0fbe2c19a9..bba051037e29b 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.md @@ -7,13 +7,13 @@ Signature: ```typescript -export interface IKibanaSearchRequest +export interface IKibanaSearchRequest ``` ## Properties | Property | Type | Description | | --- | --- | --- | -| [debug](./kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md) | boolean | Optionally tell search strategies to output debug information. | | [id](./kibana-plugin-plugins-data-public.ikibanasearchrequest.id.md) | string | An id can be used to uniquely identify this request. | +| [params](./kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md) | Params | | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md similarity index 61% rename from docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md rename to docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md index cfb21a78557fd..b7e2006a66c14 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md @@ -1,13 +1,11 @@ -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchRequest](./kibana-plugin-plugins-data-public.ikibanasearchrequest.md) > [debug](./kibana-plugin-plugins-data-public.ikibanasearchrequest.debug.md) +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchRequest](./kibana-plugin-plugins-data-public.ikibanasearchrequest.md) > [params](./kibana-plugin-plugins-data-public.ikibanasearchrequest.params.md) -## IKibanaSearchRequest.debug property - -Optionally tell search strategies to output debug information. +## IKibanaSearchRequest.params property Signature: ```typescript -debug?: boolean; +params?: Params; ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md similarity index 50% rename from docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md rename to docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md index 00a56c6fe9c31..702c774eb8818 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md @@ -1,8 +1,8 @@ -[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) > [isPartial](./kibana-plugin-plugins-data-public.iessearchresponse.ispartial.md) +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.md) > [isPartial](./kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md) -## IEsSearchResponse.isPartial property +## IKibanaSearchResponse.isPartial property Indicates whether the results returned are complete or partial diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md new file mode 100644 index 0000000000000..1e625ccff26f9 --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md @@ -0,0 +1,13 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.md) > [isRunning](./kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md) + +## IKibanaSearchResponse.isRunning property + +Indicates whether search is still in flight + +Signature: + +```typescript +isRunning?: boolean; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md index f7dfd1ddd2f49..159dc8f4ada18 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface IKibanaSearchResponse +export interface IKibanaSearchResponse ``` ## Properties @@ -15,6 +15,9 @@ export interface IKibanaSearchResponse | Property | Type | Description | | --- | --- | --- | | [id](./kibana-plugin-plugins-data-public.ikibanasearchresponse.id.md) | string | Some responses may contain a unique id to identify the request this response came from. | +| [isPartial](./kibana-plugin-plugins-data-public.ikibanasearchresponse.ispartial.md) | boolean | Indicates whether the results returned are complete or partial | +| [isRunning](./kibana-plugin-plugins-data-public.ikibanasearchresponse.isrunning.md) | boolean | Indicates whether search is still in flight | | [loaded](./kibana-plugin-plugins-data-public.ikibanasearchresponse.loaded.md) | number | If relevant to the search strategy, return a loaded number that represents how progress is indicated. | +| [rawResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md) | RawResponse | | | [total](./kibana-plugin-plugins-data-public.ikibanasearchresponse.total.md) | number | If relevant to the search strategy, return a total number that represents how progress is indicated. | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md new file mode 100644 index 0000000000000..865c7d795801b --- /dev/null +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md @@ -0,0 +1,11 @@ + + +[Home](./index.md) > [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) > [IKibanaSearchResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.md) > [rawResponse](./kibana-plugin-plugins-data-public.ikibanasearchresponse.rawresponse.md) + +## IKibanaSearchResponse.rawResponse property + +Signature: + +```typescript +rawResponse: RawResponse; +``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md index 17acf4e0d1be8..e17e453ecb749 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iscompleteresponse.md @@ -7,5 +7,5 @@ Signature: ```typescript -isCompleteResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined +isCompleteResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md index 861b59e73ef04..025ca6681d39b 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchgeneric.md @@ -7,5 +7,5 @@ Signature: ```typescript -export declare type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; +export declare type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md index 3f9b1d593870d..e4ac35f19e959 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.iserrorresponse.md @@ -7,5 +7,5 @@ Signature: ```typescript -isErrorResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined +isErrorResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md index 9f2f1bbf2f9e0..4b707ceeacc89 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.ispartialresponse.md @@ -7,5 +7,5 @@ Signature: ```typescript -isPartialResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined +isPartialResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined ``` diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md index 8625120d54848..0f45b5a727676 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md @@ -61,7 +61,6 @@ | [FieldMappingSpec](./kibana-plugin-plugins-data-public.fieldmappingspec.md) | | | [IDataPluginServices](./kibana-plugin-plugins-data-public.idatapluginservices.md) | | | [IEsSearchRequest](./kibana-plugin-plugins-data-public.iessearchrequest.md) | | -| [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) | | | [IFieldSubType](./kibana-plugin-plugins-data-public.ifieldsubtype.md) | | | [IFieldType](./kibana-plugin-plugins-data-public.ifieldtype.md) | | | [IIndexPattern](./kibana-plugin-plugins-data-public.iindexpattern.md) | | @@ -152,6 +151,7 @@ | [Filter](./kibana-plugin-plugins-data-public.filter.md) | | | [IAggConfig](./kibana-plugin-plugins-data-public.iaggconfig.md) | AggConfig This class represents an aggregation, which is displayed in the left-hand nav of the Visualize app. | | [IAggType](./kibana-plugin-plugins-data-public.iaggtype.md) | | +| [IEsSearchResponse](./kibana-plugin-plugins-data-public.iessearchresponse.md) | | | [IFieldFormat](./kibana-plugin-plugins-data-public.ifieldformat.md) | | | [IFieldFormatsRegistry](./kibana-plugin-plugins-data-public.ifieldformatsregistry.md) | | | [IFieldParamType](./kibana-plugin-plugins-data-public.ifieldparamtype.md) | | diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md index 1752d183a8737..1a71b5808f485 100644 --- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md +++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md @@ -9,7 +9,7 @@ Searches using the given `search` method. Overrides the `AbortSignal` with one t Signature: ```typescript -search(request: IEsSearchRequest, options?: ISearchOptions): Observable; +search(request: IEsSearchRequest, options?: ISearchOptions): Observable; ``` ## Parameters @@ -21,5 +21,5 @@ search(request: IEsSearchRequest, options?: ISearchOptions): ObservableReturns: -`Observable` +`Observable` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md index 0dfa23eb64c1b..9141bcdd2e8d7 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface IEsSearchRequest extends IKibanaSearchRequest +export interface IEsSearchRequest extends IKibanaSearchRequest ``` ## Properties @@ -15,5 +15,4 @@ export interface IEsSearchRequest extends IKibanaSearchRequest | Property | Type | Description | | --- | --- | --- | | [indexType](./kibana-plugin-plugins-data-server.iessearchrequest.indextype.md) | string | | -| [params](./kibana-plugin-plugins-data-server.iessearchrequest.params.md) | ISearchRequestParams | | diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md deleted file mode 100644 index d65281973c951..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchrequest.params.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchRequest](./kibana-plugin-plugins-data-server.iessearchrequest.md) > [params](./kibana-plugin-plugins-data-server.iessearchrequest.params.md) - -## IEsSearchRequest.params property - -Signature: - -```typescript -params?: ISearchRequestParams; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md deleted file mode 100644 index fbddfc1cd9fc4..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md +++ /dev/null @@ -1,13 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) > [isPartial](./kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md) - -## IEsSearchResponse.isPartial property - -Indicates whether the results returned are complete or partial - -Signature: - -```typescript -isPartial?: boolean; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md deleted file mode 100644 index 01f3982957d5c..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md +++ /dev/null @@ -1,13 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) > [isRunning](./kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md) - -## IEsSearchResponse.isRunning property - -Indicates whether async search is still in flight - -Signature: - -```typescript -isRunning?: boolean; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md index 55c0399e90e2f..d333af1b278c2 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.md @@ -2,19 +2,10 @@ [Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) -## IEsSearchResponse interface +## IEsSearchResponse type Signature: ```typescript -export interface IEsSearchResponse extends IKibanaSearchResponse +export declare type IEsSearchResponse = IKibanaSearchResponse>; ``` - -## Properties - -| Property | Type | Description | -| --- | --- | --- | -| [isPartial](./kibana-plugin-plugins-data-server.iessearchresponse.ispartial.md) | boolean | Indicates whether the results returned are complete or partial | -| [isRunning](./kibana-plugin-plugins-data-server.iessearchresponse.isrunning.md) | boolean | Indicates whether async search is still in flight | -| [rawResponse](./kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md) | SearchResponse<Source> | | - diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md deleted file mode 100644 index 9987debfa551c..0000000000000 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md +++ /dev/null @@ -1,11 +0,0 @@ - - -[Home](./index.md) > [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) > [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) > [rawResponse](./kibana-plugin-plugins-data-server.iessearchresponse.rawresponse.md) - -## IEsSearchResponse.rawResponse property - -Signature: - -```typescript -rawResponse: SearchResponse; -``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md index ac2ae13372f7a..3e27140e8bc08 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.md @@ -15,6 +15,6 @@ export interface ISearchSetup | Property | Type | Description | | --- | --- | --- | | [aggs](./kibana-plugin-plugins-data-server.isearchsetup.aggs.md) | AggsSetup | | -| [registerSearchStrategy](./kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md) | <SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse>(name: string, strategy: ISearchStrategy<SearchStrategyRequest, SearchStrategyResponse>) => void | Extension point exposed for other plugins to register their own search strategies. | +| [registerSearchStrategy](./kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md) | <SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse>(name: string, strategy: ISearchStrategy<SearchStrategyRequest, SearchStrategyResponse>) => void | Extension point exposed for other plugins to register their own search strategies. | | [usage](./kibana-plugin-plugins-data-server.isearchsetup.usage.md) | SearchUsage | Used internally for telemetry | diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md index f20c6f4911062..81571d343495c 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchsetup.registersearchstrategy.md @@ -9,5 +9,5 @@ Extension point exposed for other plugins to register their own search strategie Signature: ```typescript -registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; +registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; ``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md index 577532d22b3d3..b8b6ee1f0b28c 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.md @@ -7,7 +7,7 @@ Signature: ```typescript -export interface ISearchStart +export interface ISearchStart ``` ## Properties @@ -16,5 +16,5 @@ export interface ISearchStartAggsStart | | | [getSearchStrategy](./kibana-plugin-plugins-data-server.isearchstart.getsearchstrategy.md) | (name: string) => ISearchStrategy<SearchStrategyRequest, SearchStrategyResponse> | Get other registered search strategies. For example, if a new strategy needs to use the already-registered ES search strategy, it can use this function to accomplish that. | -| [search](./kibana-plugin-plugins-data-server.isearchstart.search.md) | (context: RequestHandlerContext, request: IEsSearchRequest, options: ISearchOptions) => Promise<IEsSearchResponse> | | +| [search](./kibana-plugin-plugins-data-server.isearchstart.search.md) | (context: RequestHandlerContext, request: SearchStrategyRequest, options: ISearchOptions) => Promise<SearchStrategyResponse> | | diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md index 33ca818afc769..fdcd4d6768db5 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstart.search.md @@ -7,5 +7,5 @@ Signature: ```typescript -search: (context: RequestHandlerContext, request: IEsSearchRequest, options: ISearchOptions) => Promise; +search: (context: RequestHandlerContext, request: SearchStrategyRequest, options: ISearchOptions) => Promise; ``` diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md index dc076455ab272..3d2caf417f3cb 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchstrategy.md @@ -9,7 +9,7 @@ Search strategy interface contains a search method that takes in a request and r Signature: ```typescript -export interface ISearchStrategy +export interface ISearchStrategy ``` ## Properties diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md index 7113ac935907f..f1eecd6e49b02 100644 --- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md +++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md @@ -46,7 +46,6 @@ | [FieldDescriptor](./kibana-plugin-plugins-data-server.fielddescriptor.md) | | | [FieldFormatConfig](./kibana-plugin-plugins-data-server.fieldformatconfig.md) | | | [IEsSearchRequest](./kibana-plugin-plugins-data-server.iessearchrequest.md) | | -| [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) | | | [IFieldSubType](./kibana-plugin-plugins-data-server.ifieldsubtype.md) | | | [IFieldType](./kibana-plugin-plugins-data-server.ifieldtype.md) | | | [IndexPatternAttributes](./kibana-plugin-plugins-data-server.indexpatternattributes.md) | | @@ -92,6 +91,7 @@ | [Filter](./kibana-plugin-plugins-data-server.filter.md) | | | [IAggConfig](./kibana-plugin-plugins-data-server.iaggconfig.md) | AggConfig This class represents an aggregation, which is displayed in the left-hand nav of the Visualize app. | | [IAggType](./kibana-plugin-plugins-data-server.iaggtype.md) | | +| [IEsSearchResponse](./kibana-plugin-plugins-data-server.iessearchresponse.md) | | | [IFieldFormatsRegistry](./kibana-plugin-plugins-data-server.ifieldformatsregistry.md) | | | [IFieldParamType](./kibana-plugin-plugins-data-server.ifieldparamtype.md) | | | [IMetricAggType](./kibana-plugin-plugins-data-server.imetricaggtype.md) | | diff --git a/examples/search_examples/server/my_strategy.ts b/examples/search_examples/server/my_strategy.ts index a1116ddbd759b..1f59d0a5d8f3a 100644 --- a/examples/search_examples/server/my_strategy.ts +++ b/examples/search_examples/server/my_strategy.ts @@ -20,15 +20,16 @@ import { ISearchStrategy, PluginStart } from '../../../src/plugins/data/server'; import { IMyStrategyResponse, IMyStrategyRequest } from '../common'; -export const mySearchStrategyProvider = (data: PluginStart): ISearchStrategy => { +export const mySearchStrategyProvider = ( + data: PluginStart +): ISearchStrategy => { const es = data.search.getSearchStrategy('es'); return { - search: async (context, request, options): Promise => { - request.debug = true; + search: async (context, request, options) => { const esSearchRes = await es.search(context, request, options); return { ...esSearchRes, - cool: (request as IMyStrategyRequest).get_cool ? 'YES' : 'NOPE', + cool: request.get_cool ? 'YES' : 'NOPE', }; }, cancel: async (context, id) => { diff --git a/src/plugins/data/common/search/es_search/types.ts b/src/plugins/data/common/search/es_search/types.ts index 81124c1e095f7..b1c3e5cdd3960 100644 --- a/src/plugins/data/common/search/es_search/types.ts +++ b/src/plugins/data/common/search/es_search/types.ts @@ -37,22 +37,8 @@ export type ISearchRequestParams> = { trackTotalHits?: boolean; } & Search; -export interface IEsSearchRequest extends IKibanaSearchRequest { - params?: ISearchRequestParams; +export interface IEsSearchRequest extends IKibanaSearchRequest { indexType?: string; } -export interface IEsSearchResponse extends IKibanaSearchResponse { - /** - * Indicates whether async search is still in flight - */ - isRunning?: boolean; - /** - * Indicates whether the results returned are complete or partial - */ - isPartial?: boolean; - rawResponse: SearchResponse; -} - -export const isEsResponse = (response: any): response is IEsSearchResponse => - response && response.rawResponse; +export type IEsSearchResponse = IKibanaSearchResponse>; diff --git a/src/plugins/data/common/search/es_search/utils.ts b/src/plugins/data/common/search/es_search/utils.ts index 517a0c03cf5c8..ec66a3d3f923e 100644 --- a/src/plugins/data/common/search/es_search/utils.ts +++ b/src/plugins/data/common/search/es_search/utils.ts @@ -17,25 +17,25 @@ * under the License. */ -import { IEsSearchResponse } from './types'; +import { IKibanaSearchResponse } from '..'; /** * @returns true if response had an error while executing in ES */ -export const isErrorResponse = (response?: IEsSearchResponse) => { +export const isErrorResponse = (response?: IKibanaSearchResponse) => { return !response || (!response.isRunning && response.isPartial); }; /** * @returns true if response is completed successfully */ -export const isCompleteResponse = (response?: IEsSearchResponse) => { +export const isCompleteResponse = (response?: IKibanaSearchResponse) => { return response && !response.isRunning && !response.isPartial; }; /** * @returns true if request is still running an/d response contains partial results */ -export const isPartialResponse = (response?: IEsSearchResponse) => { +export const isPartialResponse = (response?: IKibanaSearchResponse) => { return response && response.isRunning && response.isPartial; }; diff --git a/src/plugins/data/common/search/index.ts b/src/plugins/data/common/search/index.ts index 2ec4afbc60d96..2ee0db384cf06 100644 --- a/src/plugins/data/common/search/index.ts +++ b/src/plugins/data/common/search/index.ts @@ -23,4 +23,3 @@ export * from './expressions'; export * from './search_source'; export * from './tabify'; export * from './types'; -export * from './es_search'; diff --git a/src/plugins/data/common/search/types.ts b/src/plugins/data/common/search/types.ts index 0a299b57275f8..c3943af5c6ff7 100644 --- a/src/plugins/data/common/search/types.ts +++ b/src/plugins/data/common/search/types.ts @@ -26,14 +26,14 @@ export type ISearch = ( ) => Observable; export type ISearchGeneric = < - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse >( request: SearchStrategyRequest, options?: ISearchOptions ) => Observable; -export interface IKibanaSearchResponse { +export interface IKibanaSearchResponse { /** * Some responses may contain a unique id to identify the request this response came from. */ @@ -50,16 +50,25 @@ export interface IKibanaSearchResponse { * that represents how progress is indicated. */ loaded?: number; + + /** + * Indicates whether search is still in flight + */ + isRunning?: boolean; + + /** + * Indicates whether the results returned are complete or partial + */ + isPartial?: boolean; + + rawResponse: RawResponse; } -export interface IKibanaSearchRequest { +export interface IKibanaSearchRequest { /** * An id can be used to uniquely identify this request. */ id?: string; - /** - * Optionally tell search strategies to output debug information. - */ - debug?: boolean; + params?: Params; } diff --git a/src/plugins/data/public/public.api.md b/src/plugins/data/public/public.api.md index 28dfbf824470c..6b419f6995447 100644 --- a/src/plugins/data/public/public.api.md +++ b/src/plugins/data/public/public.api.md @@ -918,22 +918,15 @@ export interface IDataPluginServices extends Partial { // Warning: (ae-missing-release-tag) "IEsSearchRequest" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchRequest extends IKibanaSearchRequest { +export interface IEsSearchRequest extends IKibanaSearchRequest { // (undocumented) indexType?: string; - // (undocumented) - params?: ISearchRequestParams; } // Warning: (ae-missing-release-tag) "IEsSearchResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchResponse extends IKibanaSearchResponse { - isPartial?: boolean; - isRunning?: boolean; - // (undocumented) - rawResponse: SearchResponse; -} +export type IEsSearchResponse = IKibanaSearchResponse>; // Warning: (ae-missing-release-tag) "IFieldFormat" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1062,17 +1055,22 @@ export interface IIndexPatternFieldList extends Array { // Warning: (ae-missing-release-tag) "IKibanaSearchRequest" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IKibanaSearchRequest { - debug?: boolean; +export interface IKibanaSearchRequest { id?: string; + // (undocumented) + params?: Params; } // Warning: (ae-missing-release-tag) "IKibanaSearchResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IKibanaSearchResponse { +export interface IKibanaSearchResponse { id?: string; + isPartial?: boolean; + isRunning?: boolean; loaded?: number; + // (undocumented) + rawResponse: RawResponse; total?: number; } @@ -1420,7 +1418,7 @@ export type InputTimeRange = TimeRange | { // Warning: (ae-missing-release-tag) "isCompleteResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export const isCompleteResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined; +export const isCompleteResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined; // Warning: (ae-missing-release-tag) "ISearch" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1430,7 +1428,7 @@ export type ISearch = (request: IKibanaSearchRequest, options?: ISearchOptions) // Warning: (ae-missing-release-tag) "ISearchGeneric" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; +export type ISearchGeneric = (request: SearchStrategyRequest, options?: ISearchOptions) => Observable; // Warning: (ae-missing-release-tag) "ISearchOptions" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1477,7 +1475,7 @@ export interface ISearchStartSearchSource { // Warning: (ae-missing-release-tag) "isErrorResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export const isErrorResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined; +export const isErrorResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined; // Warning: (ae-missing-release-tag) "isFilter" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -1492,7 +1490,7 @@ export const isFilters: (x: unknown) => x is Filter[]; // Warning: (ae-missing-release-tag) "isPartialResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export const isPartialResponse: (response?: IEsSearchResponse | undefined) => boolean | undefined; +export const isPartialResponse: (response?: IKibanaSearchResponse | undefined) => boolean | undefined; // Warning: (ae-missing-release-tag) "isQuery" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -2030,8 +2028,8 @@ export class SearchInterceptor { // @internal protected pendingCount$: BehaviorSubject; // @internal (undocumented) - protected runSearch(request: IEsSearchRequest, signal: AbortSignal, strategy?: string): Observable; - search(request: IEsSearchRequest, options?: ISearchOptions): Observable; + protected runSearch(request: IEsSearchRequest, signal: AbortSignal, strategy?: string): Observable; + search(request: IEsSearchRequest, options?: ISearchOptions): Observable; // @internal (undocumented) protected setupAbortSignal({ abortSignal, timeout, }: { abortSignal?: AbortSignal; diff --git a/src/plugins/data/public/search/search_interceptor.ts b/src/plugins/data/public/search/search_interceptor.ts index 888e12a4285b1..802ee6db9433e 100644 --- a/src/plugins/data/public/search/search_interceptor.ts +++ b/src/plugins/data/public/search/search_interceptor.ts @@ -35,7 +35,7 @@ import { getCombinedSignal, AbortError, IEsSearchRequest, - IEsSearchResponse, + IKibanaSearchResponse, ISearchOptions, ES_SEARCH_STRATEGY, } from '../../common'; @@ -91,7 +91,7 @@ export class SearchInterceptor { request: IEsSearchRequest, signal: AbortSignal, strategy?: string - ): Observable { + ): Observable { const { id, ...searchRequest } = request; const path = trimEnd(`/internal/search/${strategy || ES_SEARCH_STRATEGY}/${id || ''}`, '/'); const body = JSON.stringify(searchRequest); @@ -113,7 +113,7 @@ export class SearchInterceptor { public search( request: IEsSearchRequest, options?: ISearchOptions - ): Observable { + ): Observable { // Defer the following logic until `subscribe` is actually called return defer(() => { if (options?.abortSignal?.aborted) { diff --git a/src/plugins/data/server/search/routes/search.ts b/src/plugins/data/server/search/routes/search.ts index b5d5ec283767d..492ad4395b32a 100644 --- a/src/plugins/data/server/search/routes/search.ts +++ b/src/plugins/data/server/search/routes/search.ts @@ -22,7 +22,6 @@ import { IRouter } from 'src/core/server'; import { getRequestAbortedSignal } from '../../lib'; import { SearchRouteDependencies } from '../search_service'; import { shimHitsTotal } from './shim_hits_total'; -import { isEsResponse } from '../../../common'; export function registerSearchRoute( router: IRouter, @@ -62,11 +61,9 @@ export function registerSearchRoute( return res.ok({ body: { ...response, - ...(isEsResponse(response) - ? { - rawResponse: shimHitsTotal(response.rawResponse), - } - : {}), + ...{ + rawResponse: shimHitsTotal(response.rawResponse), + }, }, }); } catch (err) { diff --git a/src/plugins/data/server/search/search_service.ts b/src/plugins/data/server/search/search_service.ts index e19d3dd8a5451..90da8c5653ac1 100644 --- a/src/plugins/data/server/search/search_service.ts +++ b/src/plugins/data/server/search/search_service.ts @@ -40,12 +40,15 @@ import { UsageCollectionSetup } from '../../../usage_collection/server'; import { registerUsageCollector } from './collectors/register'; import { usageProvider } from './collectors/usage'; import { searchTelemetry } from '../saved_objects'; -import { IEsSearchRequest, IEsSearchResponse, ISearchOptions } from '../../common'; +import { + IKibanaSearchRequest, + IKibanaSearchResponse, + IEsSearchRequest, + IEsSearchResponse, + ISearchOptions, +} from '../../common'; -type StrategyMap< - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse -> = Record>; +type StrategyMap = Record>; /** @internal */ export interface SearchServiceSetupDependencies { @@ -67,7 +70,7 @@ export interface SearchRouteDependencies { export class SearchService implements Plugin { private readonly aggsService = new AggsService(); private defaultSearchStrategyName: string = ES_SEARCH_STRATEGY; - private searchStrategies: StrategyMap = {}; + private searchStrategies: StrategyMap = {}; constructor( private initializerContext: PluginInitializerContext, @@ -113,19 +116,6 @@ export class SearchService implements Plugin { usage, }; } - - private search( - context: RequestHandlerContext, - searchRequest: IEsSearchRequest, - options: ISearchOptions - ) { - return this.getSearchStrategy(options.strategy || this.defaultSearchStrategyName).search( - context, - searchRequest, - options - ); - } - public start( { uiSettings }: CoreStart, { fieldFormats }: SearchServiceStartDependencies @@ -135,7 +125,7 @@ export class SearchService implements Plugin { getSearchStrategy: this.getSearchStrategy, search: ( context: RequestHandlerContext, - searchRequest: IEsSearchRequest, + searchRequest: IKibanaSearchRequest, options: Record ) => { return this.search(context, searchRequest, options); @@ -148,8 +138,8 @@ export class SearchService implements Plugin { } private registerSearchStrategy = < - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse >( name: string, strategy: ISearchStrategy @@ -158,7 +148,25 @@ export class SearchService implements Plugin { this.searchStrategies[name] = strategy; }; - private getSearchStrategy = (name: string): ISearchStrategy => { + private search = < + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse + >( + context: RequestHandlerContext, + searchRequest: SearchStrategyRequest, + options: ISearchOptions + ): Promise => { + return this.getSearchStrategy( + options.strategy || this.defaultSearchStrategyName + ).search(context, searchRequest, options); + }; + + private getSearchStrategy = < + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse + >( + name: string + ): ISearchStrategy => { this.logger.debug(`Get strategy ${name}`); const strategy = this.searchStrategies[name]; if (!strategy) { diff --git a/src/plugins/data/server/search/types.ts b/src/plugins/data/server/search/types.ts index aefdac2ab639f..4764bd77278ac 100644 --- a/src/plugins/data/server/search/types.ts +++ b/src/plugins/data/server/search/types.ts @@ -18,7 +18,7 @@ */ import { RequestHandlerContext } from '../../../../core/server'; -import { ISearchOptions } from '../../common/search'; +import { ISearchOptions, IKibanaSearchRequest, IKibanaSearchResponse } from '../../common/search'; import { AggsSetup, AggsStart } from './aggs'; import { SearchUsage } from './collectors'; import { IEsSearchRequest, IEsSearchResponse } from './es_search'; @@ -34,8 +34,8 @@ export interface ISearchSetup { * strategies. */ registerSearchStrategy: < - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse >( name: string, strategy: ISearchStrategy @@ -53,8 +53,8 @@ export interface ISearchSetup { } export interface ISearchStart< - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse > { aggs: AggsStart; /** @@ -66,9 +66,9 @@ export interface ISearchStart< ) => ISearchStrategy; search: ( context: RequestHandlerContext, - request: IEsSearchRequest, + request: SearchStrategyRequest, options: ISearchOptions - ) => Promise; + ) => Promise; } /** @@ -76,8 +76,8 @@ export interface ISearchStart< * that resolves to a response. */ export interface ISearchStrategy< - SearchStrategyRequest extends IEsSearchRequest = IEsSearchRequest, - SearchStrategyResponse extends IEsSearchResponse = IEsSearchResponse + SearchStrategyRequest extends IKibanaSearchRequest = IEsSearchRequest, + SearchStrategyResponse extends IKibanaSearchResponse = IEsSearchResponse > { search: ( context: RequestHandlerContext, diff --git a/src/plugins/data/server/server.api.md b/src/plugins/data/server/server.api.md index 6d4112543ce0e..f465ece697a70 100644 --- a/src/plugins/data/server/server.api.md +++ b/src/plugins/data/server/server.api.md @@ -527,28 +527,20 @@ export type IAggConfigs = AggConfigs; export type IAggType = AggType; // Warning: (ae-forgotten-export) The symbol "IKibanaSearchRequest" needs to be exported by the entry point index.d.ts +// Warning: (ae-forgotten-export) The symbol "ISearchRequestParams" needs to be exported by the entry point index.d.ts // Warning: (ae-missing-release-tag) "IEsSearchRequest" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchRequest extends IKibanaSearchRequest { +export interface IEsSearchRequest extends IKibanaSearchRequest { // (undocumented) indexType?: string; - // Warning: (ae-forgotten-export) The symbol "ISearchRequestParams" needs to be exported by the entry point index.d.ts - // - // (undocumented) - params?: ISearchRequestParams; } // Warning: (ae-forgotten-export) The symbol "IKibanaSearchResponse" needs to be exported by the entry point index.d.ts // Warning: (ae-missing-release-tag) "IEsSearchResponse" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface IEsSearchResponse extends IKibanaSearchResponse { - isPartial?: boolean; - isRunning?: boolean; - // (undocumented) - rawResponse: SearchResponse; -} +export type IEsSearchResponse = IKibanaSearchResponse>; // Warning: (ae-missing-release-tag) "IFieldFormatsRegistry" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // @@ -824,14 +816,14 @@ export interface ISearchSetup { // // (undocumented) aggs: AggsSetup; - registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; + registerSearchStrategy: (name: string, strategy: ISearchStrategy) => void; usage?: SearchUsage; } // Warning: (ae-missing-release-tag) "ISearchStart" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public (undocumented) -export interface ISearchStart { +export interface ISearchStart { // Warning: (ae-forgotten-export) The symbol "AggsStart" needs to be exported by the entry point index.d.ts // // (undocumented) @@ -840,13 +832,13 @@ export interface ISearchStart Promise; + search: (context: RequestHandlerContext, request: SearchStrategyRequest, options: ISearchOptions) => Promise; } // Warning: (ae-missing-release-tag) "ISearchStrategy" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal) // // @public -export interface ISearchStrategy { +export interface ISearchStrategy { // (undocumented) cancel?: (context: RequestHandlerContext, id: string) => Promise; // (undocumented) From 57d10144f9d9d661257d9eb86dad78b3bffab7cc Mon Sep 17 00:00:00 2001 From: Brandon Kobel Date: Thu, 24 Sep 2020 09:08:50 -0700 Subject: [PATCH 035/120] elasticsearch::Client#child performance improvements (#77836) * Updating the version of the elasticsearch-js Client * ES Client methods aren't implicitly bound to the Client anymore * Adjusting mocks to work with prototypical inheritance * Fixing effects of ping returning a Boolean, now. * Updating @elastic/elasticsearch to 7.9.1 * Responding to @restrry's feedback * Now with destructuring... --- package.json | 2 +- src/core/server/elasticsearch/client/mocks.ts | 57 +++++++++++++------ .../migrations/core/migration_es_client.ts | 2 +- .../server/plugin.ts | 6 +- yarn.lock | 8 +-- 5 files changed, 49 insertions(+), 26 deletions(-) diff --git a/package.json b/package.json index 6703b688b19fd..5345f8752d4af 100644 --- a/package.json +++ b/package.json @@ -118,7 +118,7 @@ "@babel/core": "^7.11.1", "@babel/register": "^7.10.5", "@elastic/datemath": "5.0.3", - "@elastic/elasticsearch": "7.9.0-rc.2", + "@elastic/elasticsearch": "7.9.1", "@elastic/eui": "29.0.0", "@elastic/good": "8.1.1-kibana2", "@elastic/numeral": "^2.5.0", diff --git a/src/core/server/elasticsearch/client/mocks.ts b/src/core/server/elasticsearch/client/mocks.ts index 6fb3dc090bfb4..fb2826c787718 100644 --- a/src/core/server/elasticsearch/client/mocks.ts +++ b/src/core/server/elasticsearch/client/mocks.ts @@ -31,6 +31,7 @@ const createInternalClientMock = (): DeeplyMockedKeys => { '_events', '_eventsCount', '_maxListeners', + 'constructor', 'name', 'serializer', 'connectionPool', @@ -38,35 +39,57 @@ const createInternalClientMock = (): DeeplyMockedKeys => { 'helpers', ]; + const getAllPropertyDescriptors = (obj: Record) => { + const descriptors = Object.entries(Object.getOwnPropertyDescriptors(obj)); + let prototype = Object.getPrototypeOf(obj); + while (prototype != null && prototype !== Object.prototype) { + descriptors.push(...Object.entries(Object.getOwnPropertyDescriptors(prototype))); + prototype = Object.getPrototypeOf(prototype); + } + return descriptors; + }; + const mockify = (obj: Record, omitted: string[] = []) => { - Object.keys(obj) - .filter((key) => !omitted.includes(key)) - .forEach((key) => { - const propType = typeof obj[key]; - if (propType === 'function') { + // the @elastic/elasticsearch::Client uses prototypical inheritance + // so we have to crawl up the prototype chain and get all descriptors + // to find everything that we should be mocking + const descriptors = getAllPropertyDescriptors(obj); + descriptors + .filter(([key]) => !omitted.includes(key)) + .forEach(([key, descriptor]) => { + if (typeof descriptor.value === 'function') { obj[key] = jest.fn(() => createSuccessTransportRequestPromise({})); - } else if (propType === 'object' && obj[key] != null) { - mockify(obj[key]); + } else if (typeof obj[key] === 'object' && obj[key] != null) { + mockify(obj[key], omitted); } }); }; mockify(client, omittedProps); - // client got some read-only (getter) properties - // so we need to extend it to override the getter-only props. - const mock: any = { ...client }; + client.close = jest.fn().mockReturnValue(Promise.resolve()); + client.child = jest.fn().mockImplementation(() => createInternalClientMock()); + + const mockGetter = (obj: Record, propertyName: string) => { + Object.defineProperty(obj, propertyName, { + configurable: true, + enumerable: false, + get: () => jest.fn(), + set: undefined, + }); + }; - mock.transport = { + // `on`, `off`, and `once` are properties without a setter. + // We can't `client.on = jest.fn()` because the following error will be thrown: + // TypeError: Cannot set property on of # which has only a getter + mockGetter(client, 'on'); + mockGetter(client, 'off'); + mockGetter(client, 'once'); + client.transport = { request: jest.fn(), }; - mock.close = jest.fn().mockReturnValue(Promise.resolve()); - mock.child = jest.fn().mockImplementation(() => createInternalClientMock()); - mock.on = jest.fn(); - mock.off = jest.fn(); - mock.once = jest.fn(); - return (mock as unknown) as DeeplyMockedKeys; + return client as DeeplyMockedKeys; }; export type ElasticsearchClientMock = DeeplyMockedKeys; diff --git a/src/core/server/saved_objects/migrations/core/migration_es_client.ts b/src/core/server/saved_objects/migrations/core/migration_es_client.ts index ff859057f8fe8..e8482e6352a82 100644 --- a/src/core/server/saved_objects/migrations/core/migration_es_client.ts +++ b/src/core/server/saved_objects/migrations/core/migration_es_client.ts @@ -80,7 +80,7 @@ export function createMigrationEsClient( throw new Error(`unknown ElasticsearchClient client method [${key}]`); } return await migrationRetryCallCluster( - () => fn(params, { maxRetries: 0, ...options }), + () => fn.call(client, params, { maxRetries: 0, ...options }), log, delay ); diff --git a/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts b/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts index 5e018ca7818d3..8b6c8a99c73e8 100644 --- a/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts +++ b/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts @@ -26,7 +26,7 @@ export class ElasticsearchClientPlugin implements Plugin { { path: '/api/elasticsearch_client_plugin/context/ping', validate: false }, async (context, req, res) => { const { body } = await context.core.elasticsearch.client.asInternalUser.ping(); - return res.ok({ body }); + return res.ok({ body: JSON.stringify(body) }); } ); router.get( @@ -34,14 +34,14 @@ export class ElasticsearchClientPlugin implements Plugin { async (context, req, res) => { const [coreStart] = await core.getStartServices(); const { body } = await coreStart.elasticsearch.client.asInternalUser.ping(); - return res.ok({ body }); + return res.ok({ body: JSON.stringify(body) }); } ); router.get( { path: '/api/elasticsearch_client_plugin/custom_client/ping', validate: false }, async (context, req, res) => { const { body } = await this.client!.asInternalUser.ping(); - return res.ok({ body }); + return res.ok({ body: JSON.stringify(body) }); } ); } diff --git a/yarn.lock b/yarn.lock index 06e735c5caf85..182eb90d5f7a4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1204,10 +1204,10 @@ pump "^3.0.0" secure-json-parse "^2.1.0" -"@elastic/elasticsearch@7.9.0-rc.2": - version "7.9.0-rc.2" - resolved "https://registry.yarnpkg.com/@elastic/elasticsearch/-/elasticsearch-7.9.0-rc.2.tgz#cbc935f30940a15484b5ec3758c9b1ef119a5e5c" - integrity sha512-1FKCQJVr7s/LasKq6VbrmbWCI0LjoPcnjgmh2vKPzC+yyEEHVoYlmEfR5wBRchK1meATTXZtDhCVF95+Q9kVbA== +"@elastic/elasticsearch@7.9.1": + version "7.9.1" + resolved "https://registry.yarnpkg.com/@elastic/elasticsearch/-/elasticsearch-7.9.1.tgz#40f1c38e8f70d783851c13be78a7cb346891c15e" + integrity sha512-NfPADbm9tRK/4ohpm9+aBtJ8WPKQqQaReyBKT225pi2oKQO1IzRlfM+OPplAvbhoH1efrSj1NKk27L+4BCrzXQ== dependencies: debug "^4.1.1" decompress-response "^4.2.0" From b8739c553bf781f50f0d27edffd9556179cdf4b8 Mon Sep 17 00:00:00 2001 From: Rashmi Kulkarni Date: Thu, 24 Sep 2020 09:12:41 -0700 Subject: [PATCH 036/120] test for dashboard drilldown (#78377) --- .../drilldowns/dashboard_to_dashboard_drilldown.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts b/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts index c300412c393bc..43b88915b69d9 100644 --- a/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts +++ b/x-pack/test/functional/apps/dashboard/drilldowns/dashboard_to_dashboard_drilldown.ts @@ -21,14 +21,20 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const retry = getService('retry'); const testSubjects = getService('testSubjects'); const filterBar = getService('filterBar'); + const security = getService('security'); describe('Dashboard to dashboard drilldown', function () { before(async () => { log.debug('Dashboard Drilldowns:initTests'); + await security.testUser.setRoles(['test_logstash_reader', 'global_dashboard_all']); await PageObjects.common.navigateToApp('dashboard'); await PageObjects.dashboard.preserveCrossAppState(); }); + after(async () => { + await security.testUser.restoreDefaults(); + }); + it('should create dashboard to dashboard drilldown, use it, and then delete it', async () => { await PageObjects.dashboard.gotoDashboardEditMode( dashboardDrilldownsManage.DASHBOARD_WITH_PIE_CHART_NAME From 179c7d996c22fd34cbd5ede8dbdd78c6eb384838 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= Date: Thu, 24 Sep 2020 18:23:44 +0200 Subject: [PATCH 037/120] [Security Solution] Cleanup graphql (#78403) * [Security Solution] Cleanup graphql * cleanup * cleanup * fix types Co-authored-by: Elastic Machine --- .../common/ecs/network/index.ts | 5 - .../security_solution/network/common/index.ts | 11 + .../components/event_details/json_view.tsx | 6 +- .../common/components/event_details/types.ts | 4 +- .../components/last_event_time/index.test.tsx | 10 +- .../components/last_event_time/index.tsx | 3 +- .../components/matrix_histogram/utils.test.ts | 4 +- .../components/matrix_histogram/utils.ts | 6 +- .../last_event_time.gql_query.ts | 29 - .../containers/events/last_event_time/mock.ts | 52 +- .../matrix_histogram/index.gql_query.ts | 41 - .../public/common/mock/mock_detail_item.ts | 4 +- .../public/common/mock/timeline_results.ts | 11 +- .../components/alerts_table/actions.test.tsx | 15 + .../components/alerts_table/actions.tsx | 31 +- .../components/alerts_table/helpers.ts | 13 +- .../investigate_in_timeline_action.tsx | 14 +- .../components/alerts_table/types.ts | 2 + .../public/graphql/introspection.json | 10410 +++++----------- .../security_solution/public/graphql/types.ts | 4287 ++----- .../authentications/index.gql_query.ts | 74 - .../kpi_host_details/index.gql_query.tsx | 52 - .../containers/kpi_host_details/index.tsx | 93 - .../containers/kpi_hosts/index.gql_query.ts | 52 - .../public/hosts/pages/details/index.tsx | 3 +- .../public/hosts/pages/hosts.tsx | 2 +- .../network/components/direction/index.tsx | 2 +- .../__snapshots__/index.test.tsx.snap | 2 +- .../components/network_dns_table/columns.tsx | 2 +- .../network_dns_table/index.test.tsx | 26 +- .../components/network_dns_table/index.tsx | 216 +- .../components/network_dns_table/mock.ts | 345 +- .../__snapshots__/index.test.tsx.snap | 101 +- .../network_http_table/index.test.tsx | 26 +- .../components/network_http_table/mock.ts | 144 +- .../__snapshots__/index.test.tsx.snap | 12 +- .../network_top_n_flow_table/columns.tsx | 2 +- .../network_top_n_flow_table/index.test.tsx | 40 +- .../network_top_n_flow_table/index.tsx | 83 +- .../network_top_n_flow_table/mock.ts | 130 +- .../containers/kpi_network/index.gql_query.ts | 44 - .../containers/network_dns/index.gql_query.ts | 58 - .../network/containers/network_dns/index.tsx | 2 +- .../network_http/index.gql_query.ts | 57 - .../network/containers/network_http/index.tsx | 3 +- .../network_top_countries/index.gql_query.ts | 68 - .../network_top_n_flow/index.gql_query.ts | 98 - .../public/network/pages/details/index.tsx | 4 +- .../public/network/pages/network.tsx | 2 +- .../components/timeline/footer/index.test.tsx | 39 +- .../components/timeline/footer/mock.ts | 86 - .../containers/details/index.gql_query.ts | 33 - .../timelines/containers/index.gql_query.ts | 375 - .../server/graphql/authentications/index.ts | 8 - .../graphql/authentications/resolvers.ts | 35 - .../graphql/authentications/schema.gql.ts | 47 - .../server/graphql/events/index.ts | 8 - .../server/graphql/events/resolvers.ts | 105 - .../server/graphql/events/schema.gql.ts | 95 - .../security_solution/server/graphql/index.ts | 14 - .../server/graphql/kpi_hosts/index.ts | 8 - .../server/graphql/kpi_hosts/resolvers.ts | 45 - .../server/graphql/kpi_hosts/schema.gql.ts | 56 - .../server/graphql/kpi_network/index.ts | 8 - .../server/graphql/kpi_network/resolvers.ts | 35 - .../server/graphql/kpi_network/schema.gql.ts | 35 - .../server/graphql/matrix_histogram/index.ts | 8 - .../graphql/matrix_histogram/resolvers.ts | 39 - .../graphql/matrix_histogram/schema.gql.ts | 39 - .../server/graphql/network/index.ts | 8 - .../server/graphql/network/resolvers.ts | 83 - .../server/graphql/network/schema.gql.ts | 253 - .../security_solution/server/graphql/types.ts | 9367 ++++++-------- .../server/graphql/who_am_i/index.ts | 8 - .../server/graphql/who_am_i/resolvers.ts | 28 - .../server/graphql/who_am_i/schema.gql.ts | 19 - .../security_solution/server/init_server.ts | 15 - .../elasticsearch_adapter.test.ts | 135 - .../authentications/elasticsearch_adapter.ts | 119 - .../server/lib/authentications/index.ts | 21 - .../server/lib/authentications/query.dsl.ts | 121 - .../server/lib/authentications/types.ts | 62 - .../server/lib/compose/kibana.ts | 15 - .../lib/events/elasticsearch_adapter.test.ts | 549 - .../lib/events/elasticsearch_adapter.ts | 264 - .../server/lib/events/index.ts | 40 - .../server/lib/events/mock.ts | 3412 ----- .../server/lib/events/query.dsl.ts | 104 - .../lib/events/query.last_event_time.dsl.ts | 91 - .../server/lib/events/types.ts | 97 - .../server/lib/framework/types.ts | 7 - .../kpi_hosts/elasticsearch_adapter.test.ts | 282 - .../lib/kpi_hosts/elasticsearch_adapter.ts | 205 - .../server/lib/kpi_hosts/helpers.test.ts | 21 - .../server/lib/kpi_hosts/helpers.ts | 11 - .../server/lib/kpi_hosts/index.ts | 28 - .../server/lib/kpi_hosts/mock.ts | 606 - .../query_authentication.dsl.test.ts | 30 - .../lib/kpi_hosts/query_authentication.dsl.ts | 105 - .../server/lib/kpi_hosts/query_hosts.dsl.ts | 69 - .../kpi_hosts/query_unique_ips.dsl.test.ts | 24 - .../lib/kpi_hosts/query_unique_ips.dsl.ts | 87 - .../server/lib/kpi_hosts/types.ts | 126 - .../lib/kpi_network/elastic_adapter.test.ts | 147 - .../lib/kpi_network/elasticsearch_adapter.ts | 113 - .../server/lib/kpi_network/helpers.ts | 25 - .../server/lib/kpi_network/index.ts | 21 - .../server/lib/kpi_network/mock.ts | 335 - .../server/lib/kpi_network/query_dns.dsl.ts | 78 - .../lib/kpi_network/query_network_events.ts | 52 - .../kpi_network/query_tls_handshakes.dsl.ts | 78 - .../lib/kpi_network/query_unique_flow.ts | 59 - .../query_unique_private_ips.dsl.ts | 108 - .../server/lib/kpi_network/types.ts | 50 - .../matrix_histogram/elasticsearch_adapter.ts | 81 - .../elasticseatch_adapter.test.ts | 56 - .../server/lib/matrix_histogram/index.ts | 21 - .../server/lib/matrix_histogram/mock.ts | 118 - .../query.anomalies_over_time.dsl.ts | 78 - .../query.authentications_over_time.dsl.ts | 92 - .../query.events_over_time.dsl.ts | 93 - .../lib/matrix_histogram/query_alerts.dsl.ts | 121 - .../query_dns_histogram.dsl.ts | 84 - .../lib/matrix_histogram/translations.ts | 14 - .../server/lib/matrix_histogram/types.ts | 144 - .../server/lib/matrix_histogram/utils.ts | 50 - .../elastic_adapter.test.ts.snap | 1366 -- .../lib/network/elastic_adapter.test.ts | 171 - .../lib/network/elasticsearch_adapter.ts | 361 - .../server/lib/network/index.ts | 77 - .../server/lib/network/mock.ts | 1675 --- .../server/lib/network/query_dns.dsl.ts | 134 - .../server/lib/network/query_http.dsl.ts | 116 - .../lib/network/query_top_countries.dsl.ts | 153 - .../lib/network/query_top_n_flow.dsl.ts | 194 - .../server/lib/network/types.ts | 165 - .../security_solution/server/lib/types.ts | 12 - .../apis/security_solution/authentications.ts | 2 + .../apis/security_solution/index.js | 14 +- .../security_solution/kpi_host_details.ts | 2 + .../apis/security_solution/kpi_hosts.ts | 2 + .../apis/security_solution/kpi_network.ts | 2 + .../apis/security_solution/network_dns.ts | 5 + .../security_solution/network_top_n_flow.ts | 5 + .../apis/security_solution/timeline.ts | 2 + .../security_solution/timeline_details.ts | 3 + 146 files changed, 8597 insertions(+), 32113 deletions(-) delete mode 100644 x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx delete mode 100644 x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts delete mode 100644 x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/authentications/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/events/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/events/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/network/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts delete mode 100644 x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/authentications/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/query.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/events/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/kpi_network/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap delete mode 100644 x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/index.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/mock.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts delete mode 100644 x-pack/plugins/security_solution/server/lib/network/types.ts diff --git a/x-pack/plugins/security_solution/common/ecs/network/index.ts b/x-pack/plugins/security_solution/common/ecs/network/index.ts index c2fc3cb4b9f48..18f7583d12231 100644 --- a/x-pack/plugins/security_solution/common/ecs/network/index.ts +++ b/x-pack/plugins/security_solution/common/ecs/network/index.ts @@ -6,14 +6,9 @@ export interface NetworkEcs { bytes?: number[]; - community_id?: string[]; - direction?: string[]; - packets?: number[]; - protocol?: string[]; - transport?: string[]; } diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts index 19521741c5f66..b557755b07a03 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/common/index.ts @@ -7,6 +7,17 @@ import { GeoEcs } from '../../../../ecs/geo'; import { Maybe } from '../../..'; +export enum NetworkDirectionEcs { + inbound = 'inbound', + outbound = 'outbound', + internal = 'internal', + external = 'external', + incoming = 'incoming', + outgoing = 'outgoing', + listening = 'listening', + unknown = 'unknown', +} + export enum NetworkTopTablesFields { bytes_in = 'bytes_in', bytes_out = 'bytes_out', diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx index 1b8177b2038ae..168fe6e65564d 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/json_view.tsx @@ -9,11 +9,11 @@ import { set } from '@elastic/safer-lodash-set/fp'; import React from 'react'; import styled from 'styled-components'; -import { DetailItem } from '../../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../../common/search_strategy'; import { omitTypenameAndEmpty } from '../../../timelines/components/timeline/body/helpers'; interface Props { - data: DetailItem[]; + data: TimelineEventsDetailsItem[]; } const JsonEditor = styled.div` @@ -40,5 +40,5 @@ export const JsonView = React.memo(({ data }) => ( JsonView.displayName = 'JsonView'; -export const buildJsonView = (data: DetailItem[]) => +export const buildJsonView = (data: TimelineEventsDetailsItem[]) => data.reduce((accumulator, item) => set(item.field, item.originalValue, accumulator), {}); diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/types.ts b/x-pack/plugins/security_solution/public/common/components/event_details/types.ts index db53f411fa518..ed27a57745787 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/types.ts +++ b/x-pack/plugins/security_solution/public/common/components/event_details/types.ts @@ -5,6 +5,6 @@ */ import { BrowserField } from '../../containers/source'; -import { DetailItem } from '../../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../../common/search_strategy'; -export type EventFieldsData = BrowserField & DetailItem; +export type EventFieldsData = BrowserField & TimelineEventsDetailsItem; diff --git a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx index c2800b0705b43..cc0c4d4c837a3 100644 --- a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { getEmptyValue } from '../empty_value'; -import { LastEventIndexKey } from '../../../graphql/types'; +import { LastEventIndexKey } from '../../../../common/search_strategy'; import { mockLastEventTimeQuery } from '../../containers/events/last_event_time/mock'; import { useMountAppended } from '../../utils/use_mount_appended'; @@ -48,8 +48,8 @@ describe('Last Event Time Stat', () => { (useTimelineLastEventTime as jest.Mock).mockReturnValue([ false, { - lastSeen: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.lastSeen, - errorMessage: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.errorMessage, + lastSeen: mockLastEventTimeQuery.lastSeen, + errorMessage: mockLastEventTimeQuery.errorMessage, }, ]); const wrapper = mount( @@ -64,7 +64,7 @@ describe('Last Event Time Stat', () => { false, { lastSeen: 'something-invalid', - errorMessage: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.errorMessage, + errorMessage: mockLastEventTimeQuery.errorMessage, }, ]); const wrapper = mount( @@ -80,7 +80,7 @@ describe('Last Event Time Stat', () => { false, { lastSeen: null, - errorMessage: mockLastEventTimeQuery[0].result.data!.source.LastEventTime.errorMessage, + errorMessage: mockLastEventTimeQuery.errorMessage, }, ]); const wrapper = mount( diff --git a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx index d508040f84239..fe827b3ab324c 100644 --- a/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/last_event_time/index.tsx @@ -8,8 +8,7 @@ import { EuiIcon, EuiLoadingSpinner, EuiToolTip } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n/react'; import React, { memo } from 'react'; -import { DocValueFields } from '../../../../common/search_strategy'; -import { LastEventIndexKey } from '../../../graphql/types'; +import { DocValueFields, LastEventIndexKey } from '../../../../common/search_strategy'; import { useTimelineLastEventTime } from '../../containers/events/last_event_time'; import { getEmptyTagValue } from '../empty_value'; import { FormattedRelativePreferenceDate } from '../formatted_date'; diff --git a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts index 7a3f44d3ea729..03fa55a3c9fa6 100644 --- a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts +++ b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.test.ts @@ -13,7 +13,7 @@ import { } from './utils'; import { UpdateDateRange } from '../charts/common'; import { Position } from '@elastic/charts'; -import { MatrixOverTimeHistogramData } from '../../../graphql/types'; +import { MatrixHistogramData } from '../../../../common/search_strategy'; import { BarchartConfigs } from './types'; describe('utils', () => { @@ -77,7 +77,7 @@ describe('utils', () => { describe('formatToChartDataItem', () => { test('it should format data correctly', () => { - const data: [string, MatrixOverTimeHistogramData[]] = [ + const data: [string, MatrixHistogramData[]] = [ 'g1', [ { x: 1, y: 2, g: 'g1' }, diff --git a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts index 9474929d35a51..5b5b56cf0ec45 100644 --- a/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts +++ b/x-pack/plugins/security_solution/public/common/components/matrix_histogram/utils.ts @@ -8,7 +8,7 @@ import { get, groupBy, map, toPairs } from 'lodash/fp'; import { UpdateDateRange, ChartSeriesData } from '../charts/common'; import { MatrixHistogramMappingTypes, BarchartConfigs } from './types'; -import { MatrixOverTimeHistogramData } from '../../../graphql/types'; +import { MatrixHistogramData } from '../../../../common/search_strategy'; import { histogramDateTimeFormatter } from '../utils'; interface GetBarchartConfigsProps { @@ -84,14 +84,14 @@ export const defaultLegendColors = [ export const formatToChartDataItem = ([key, value]: [ string, - MatrixOverTimeHistogramData[] + MatrixHistogramData[] ]): ChartSeriesData => ({ key, value, }); export const getCustomChartData = ( - data: MatrixOverTimeHistogramData[] | null, + data: MatrixHistogramData[] | null, mapping?: MatrixHistogramMappingTypes ): ChartSeriesData[] => { if (!data) return []; diff --git a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts b/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts deleted file mode 100644 index 36305ef0dc882..0000000000000 --- a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/last_event_time.gql_query.ts +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const LastEventTimeGqlQuery = gql` - query GetLastEventTimeQuery( - $sourceId: ID! - $indexKey: LastEventIndexKey! - $details: LastTimeDetails! - $defaultIndex: [String!]! - $docValueFields: [docValueFieldsInput!]! - ) { - source(id: $sourceId) { - id - LastEventTime( - indexKey: $indexKey - details: $details - defaultIndex: $defaultIndex - docValueFields: $docValueFields - ) { - lastSeen - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts b/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts index bdeb1db4e1b28..208c03b453e04 100644 --- a/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts +++ b/x-pack/plugins/security_solution/public/common/containers/events/last_event_time/mock.ts @@ -4,28 +4,9 @@ * you may not use this file except in compliance with the Elastic License. */ -import { DEFAULT_INDEX_PATTERN } from '../../../../../common/constants'; -import { GetLastEventTimeQuery, LastEventIndexKey } from '../../../../graphql/types'; - -import { LastEventTimeGqlQuery } from './last_event_time.gql_query'; - interface MockLastEventTimeQuery { - request: { - query: GetLastEventTimeQuery.Query; - variables: GetLastEventTimeQuery.Variables; - }; - result: { - data?: { - source: { - id: string; - LastEventTime: { - lastSeen: string | null; - errorMessage: string | null; - }; - }; - }; - errors?: [{ message: string }]; - }; + lastSeen: string | null; + errorMessage: string | null; } const getTimeTwelveMinutesAgo = () => { @@ -35,28 +16,7 @@ const getTimeTwelveMinutesAgo = () => { return new Date(twelveMinutes).toISOString(); }; -export const mockLastEventTimeQuery: MockLastEventTimeQuery[] = [ - { - request: { - query: LastEventTimeGqlQuery, - variables: { - sourceId: 'default', - indexKey: LastEventIndexKey.hosts, - details: {}, - defaultIndex: DEFAULT_INDEX_PATTERN, - docValueFields: [], - }, - }, - result: { - data: { - source: { - id: 'default', - LastEventTime: { - lastSeen: getTimeTwelveMinutesAgo(), - errorMessage: null, - }, - }, - }, - }, - }, -]; +export const mockLastEventTimeQuery: MockLastEventTimeQuery = { + lastSeen: getTimeTwelveMinutesAgo(), + errorMessage: null, +}; diff --git a/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts b/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts deleted file mode 100644 index 6fb729ca7e9a0..0000000000000 --- a/x-pack/plugins/security_solution/public/common/containers/matrix_histogram/index.gql_query.ts +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const MatrixHistogramGqlQuery = gql` - query GetMatrixHistogramQuery( - $defaultIndex: [String!]! - $filterQuery: String - $histogramType: HistogramType! - $inspect: Boolean! - $sourceId: ID! - $stackByField: String! - $timerange: TimerangeInput! - ) { - source(id: $sourceId) { - id - MatrixHistogram( - timerange: $timerange - filterQuery: $filterQuery - defaultIndex: $defaultIndex - stackByField: $stackByField - histogramType: $histogramType - ) { - matrixHistogramData { - x - y - g - } - totalCount - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts b/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts index 2395010a0ba2e..c5d881c540eec 100644 --- a/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts +++ b/x-pack/plugins/security_solution/public/common/mock/mock_detail_item.ts @@ -4,11 +4,11 @@ * you may not use this file except in compliance with the Elastic License. */ -import { DetailItem } from '../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../common/search_strategy'; export const mockDetailItemDataId = 'Y-6TfmcB0WOhS6qyMv3s'; -export const mockDetailItemData: DetailItem[] = [ +export const mockDetailItemData: TimelineEventsDetailsItem[] = [ { field: '_id', originalValue: 'pEMaMmkBUV60JmNWmWVi', diff --git a/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts b/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts index 6403a50ad4a1d..9f26fc22ede53 100644 --- a/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts +++ b/x-pack/plugins/security_solution/public/common/mock/timeline_results.ts @@ -8,13 +8,8 @@ import { FilterStateStore } from '../../../../../../src/plugins/data/common/es_q import { TimelineId, TimelineType, TimelineStatus } from '../../../common/types/timeline'; import { OpenTimelineResult } from '../../timelines/components/open_timeline/types'; -import { - GetAllTimeline, - SortFieldTimeline, - TimelineResult, - Direction, - DetailItem, -} from '../../graphql/types'; +import { GetAllTimeline, SortFieldTimeline, TimelineResult, Direction } from '../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../common/search_strategy'; import { allTimelinesQuery } from '../../timelines/containers/all/index.gql_query'; import { CreateTimelineProps } from '../../detections/components/alerts_table/types'; import { TimelineModel } from '../../timelines/store/timeline/model'; @@ -2264,7 +2259,7 @@ export const defaultTimelineProps: CreateTimelineProps = { ruleNote: '# this is some markdown documentation', }; -export const mockTimelineDetails: DetailItem[] = [ +export const mockTimelineDetails: TimelineEventsDetailsItem[] = [ { field: 'host.name', values: ['apache'], diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx index e3440f4158513..f326d5ad54ef2 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx @@ -15,10 +15,12 @@ import { apolloClient, mockTimelineApolloResult, mockTimelineDetailsApollo, + mockTimelineDetails, } from '../../../common/mock/'; import { CreateTimeline, UpdateTimelineLoading } from './types'; import { Ecs } from '../../../../common/ecs'; import { TimelineId, TimelineType, TimelineStatus } from '../../../../common/types/timeline'; +import { ISearchStart } from '../../../../../../../src/plugins/data/public'; jest.mock('apollo-client'); @@ -27,6 +29,7 @@ describe('alert actions', () => { const unix = moment(anchor).valueOf(); let createTimeline: CreateTimeline; let updateTimelineIsLoading: UpdateTimelineLoading; + let searchStrategyClient: ISearchStart; let clock: sinon.SinonFakeTimers; beforeEach(() => { @@ -39,6 +42,11 @@ describe('alert actions', () => { createTimeline = jest.fn() as jest.Mocked; updateTimelineIsLoading = jest.fn() as jest.Mocked; + searchStrategyClient = { + aggs: {} as ISearchStart['aggs'], + search: jest.fn().mockResolvedValue({ data: mockTimelineDetails }), + searchSource: {} as ISearchStart['searchSource'], + }; jest.spyOn(apolloClient, 'query').mockImplementation((obj) => { const id = get('variables.id', obj); @@ -64,6 +72,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).toHaveBeenCalledTimes(1); @@ -80,6 +89,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); const expected = { from: '2018-11-05T18:58:25.937Z', @@ -268,6 +278,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); const createTimelineArg = (createTimeline as jest.Mock).mock.calls[0][0]; @@ -297,6 +308,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); const createTimelineArg = (createTimeline as jest.Mock).mock.calls[0][0]; @@ -315,6 +327,7 @@ describe('alert actions', () => { ecsData: mockEcsDataWithAlert, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).toHaveBeenCalledWith({ @@ -349,6 +362,7 @@ describe('alert actions', () => { ecsData: ecsDataMock, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).not.toHaveBeenCalled(); @@ -374,6 +388,7 @@ describe('alert actions', () => { ecsData: ecsDataMock, nonEcsData: [], updateTimelineIsLoading, + searchStrategyClient, }); expect(updateTimelineIsLoading).not.toHaveBeenCalled(); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx index 7f98d3b2f71de..0e2aee5abd42e 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx @@ -15,10 +15,13 @@ import { TimelineId, TimelineStatus, TimelineType } from '../../../../common/typ import { updateAlertStatus } from '../../containers/detection_engine/alerts/api'; import { SendAlertToTimelineActionProps, UpdateAlertStatusActionProps } from './types'; import { Ecs } from '../../../../common/ecs'; -import { GetOneTimeline, TimelineResult, GetTimelineDetailsQuery } from '../../../graphql/types'; +import { GetOneTimeline, TimelineResult } from '../../../graphql/types'; import { TimelineNonEcsData, TimelineEventsDetailsItem, + TimelineEventsDetailsRequestOptions, + TimelineEventsDetailsStrategyResponse, + TimelineEventsQueries, } from '../../../../common/search_strategy/timeline'; import { oneTimelineQuery } from '../../../timelines/containers/one/index.gql_query'; import { timelineDefaults } from '../../../timelines/store/timeline/defaults'; @@ -34,7 +37,6 @@ import { } from './helpers'; import { KueryFilterQueryKind } from '../../../common/store'; import { DataProvider } from '../../../timelines/components/timeline/data_providers/data_provider'; -import { timelineDetailsQuery } from '../../../timelines/containers/details/index.gql_query'; export const getUpdateAlertsQuery = (eventIds: Readonly) => { return { @@ -154,6 +156,7 @@ export const sendAlertToTimelineAction = async ({ ecsData, nonEcsData, updateTimelineIsLoading, + searchStrategyClient, }: SendAlertToTimelineActionProps) => { let openAlertInBasicTimeline = true; const noteContent = ecsData.signal?.rule?.note != null ? ecsData.signal?.rule?.note[0] : ''; @@ -172,24 +175,24 @@ export const sendAlertToTimelineAction = async ({ id: timelineId, }, }), - apolloClient.query({ - query: timelineDetailsQuery, - fetchPolicy: 'no-cache', - variables: { + searchStrategyClient.search< + TimelineEventsDetailsRequestOptions, + TimelineEventsDetailsStrategyResponse + >( + { defaultIndex: [], docValueFields: [], - eventId: ecsData._id, indexName: ecsData._index ?? '', - sourceId: 'default', + eventId: ecsData._id, + factoryQueryType: TimelineEventsQueries.details, }, - }), + { + strategy: 'securitySolutionTimelineSearchStrategy', + } + ), ]); const resultingTimeline: TimelineResult = getOr({}, 'data.getOneTimeline', responseTimeline); - const eventData: TimelineEventsDetailsItem[] = getOr( - [], - 'data.source.TimelineDetails.data', - eventDataResp - ); + const eventData: TimelineEventsDetailsItem[] = getOr([], 'data', eventDataResp); if (!isEmpty(resultingTimeline)) { const timelineTemplate: TimelineResult = omitTypenameInTimeline(resultingTimeline); openAlertInBasicTimeline = false; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts index 20c233a03a8cf..b386ce0c9631b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/helpers.ts @@ -11,7 +11,8 @@ import { DataProviderType, DataProvidersAnd, } from '../../../timelines/components/timeline/data_providers/data_provider'; -import { DetailItem, TimelineType } from '../../../graphql/types'; +import { TimelineEventsDetailsItem } from '../../../../common/search_strategy'; +import { TimelineType } from '../../../graphql/types'; interface FindValueToChangeInQuery { field: string; @@ -49,7 +50,7 @@ const templateFields = [ */ export const getStringArray = ( field: string, - data: DetailItem[], + data: TimelineEventsDetailsItem[], localConsole = console ): string[] => { const value: unknown | undefined = data.find((d) => d.field === field)?.values ?? null; @@ -108,7 +109,7 @@ export const findValueToChangeInQuery = ( export const replaceTemplateFieldFromQuery = ( query: string, - eventData: DetailItem[], + eventData: TimelineEventsDetailsItem[], timelineType: TimelineType = TimelineType.default ): string => { if (timelineType === TimelineType.default) { @@ -132,7 +133,7 @@ export const replaceTemplateFieldFromQuery = ( export const replaceTemplateFieldFromMatchFilters = ( filters: Filter[], - eventData: DetailItem[] + eventData: TimelineEventsDetailsItem[] ): Filter[] => filters.map((filter) => { if ( @@ -151,7 +152,7 @@ export const replaceTemplateFieldFromMatchFilters = ( export const reformatDataProviderWithNewValue = ( dataProvider: T, - eventData: DetailItem[], + eventData: TimelineEventsDetailsItem[], timelineType: TimelineType = TimelineType.default ): T => { // Support for legacy "template-like" timeline behavior that is using hardcoded list of templateFields @@ -201,7 +202,7 @@ export const reformatDataProviderWithNewValue = dataProviders.map((dataProvider) => { diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx index f4649b016f67c..8960b7a76660b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/investigate_in_timeline_action.tsx @@ -7,6 +7,7 @@ import React, { useCallback } from 'react'; import { useDispatch } from 'react-redux'; +import { useKibana } from '../../../../common/lib/kibana'; import { TimelineId } from '../../../../../common/types/timeline'; import { Ecs } from '../../../../../common/ecs'; import { TimelineNonEcsData } from '../../../../../common/search_strategy/timeline'; @@ -30,6 +31,9 @@ const InvestigateInTimelineActionComponent: React.FC { + const { + data: { search: searchStrategyClient }, + } = useKibana().services; const dispatch = useDispatch(); const apolloClient = useApolloClient(); @@ -66,9 +70,17 @@ const InvestigateInTimelineActionComponent: React.FC void; diff --git a/x-pack/plugins/security_solution/public/graphql/introspection.json b/x-pack/plugins/security_solution/public/graphql/introspection.json index ece0712414349..8d780137b847c 100644 --- a/x-pack/plugins/security_solution/public/graphql/introspection.json +++ b/x-pack/plugins/security_solution/public/graphql/introspection.json @@ -683,9 +683,15 @@ "deprecationReason": null }, { - "name": "Authentications", - "description": "Gets Authentication success and failures based on a timerange", + "name": "Hosts", + "description": "Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified", "args": [ + { + "name": "id", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { "name": "timerange", "description": "", @@ -710,6 +716,16 @@ }, "defaultValue": null }, + { + "name": "sort", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "HostsSortField", "ofType": null } + }, + "defaultValue": null + }, { "name": "filterQuery", "description": "", @@ -760,65 +776,41 @@ "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "AuthenticationsData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "HostsData", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "Timeline", + "name": "HostOverview", "description": "", "args": [ { - "name": "pagination", + "name": "id", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "PaginationInput", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null }, { - "name": "sortField", + "name": "hostName", "description": "", "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "SortField", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "defaultValue": null }, { - "name": "fieldRequested", + "name": "timerange", "description": "", "type": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } + "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } }, "defaultValue": null }, - { - "name": "timerange", - "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, { "name": "defaultIndex", "description": "", @@ -836,54 +828,28 @@ } }, "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null } ], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "TimelineDetails", + "name": "HostFirstLastSeen", "description": "", "args": [ { - "name": "eventId", + "name": "id", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null }, { - "name": "indexName", + "name": "hostName", "description": "", "type": { "kind": "NON_NULL", @@ -936,41 +902,140 @@ "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineDetailsData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "FirstLastSeenHost", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceConfiguration", + "description": "A set of configuration options for a security data source", + "fields": [ + { + "name": "fields", + "description": "The field mapping to use for this source", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "SourceFields", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceFields", + "description": "A mapping of semantic fields to their document counterparts", + "fields": [ + { + "name": "container", + "description": "The field to identify a container by", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "LastEventTime", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "indexKey", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "LastEventIndexKey", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "details", - "description": "", - "type": { + "name": "host", + "description": "The fields to identify a host by", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "message", + "description": "The fields that may contain the log event message. The first field found win.", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "LastTimeDetails", "ofType": null } - }, - "defaultValue": null - }, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "pod", + "description": "The field to identify a pod by", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "tiebreaker", + "description": "The field to use as a tiebreaker for log events that have identical timestamps", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "timestamp", + "description": "The field to use as a timestamp for metrics and logs", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceStatus", + "description": "The status of an infrastructure data source", + "fields": [ + { + "name": "indicesExist", + "description": "Whether the configured alias or wildcard pattern resolve to any auditbeat indices", + "args": [ { "name": "defaultIndex", "description": "", @@ -988,9 +1053,22 @@ } }, "defaultValue": null - }, + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "indexFields", + "description": "The list of fields defined in the index mappings", + "args": [ { - "name": "docValueFields", + "name": "defaultIndex", "description": "", "type": { "kind": "NON_NULL", @@ -1001,11 +1079,7 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } } } }, @@ -1015,2451 +1089,16 @@ "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "LastEventTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "Hosts", - "description": "Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "HostsSortField", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "HostOverview", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "hostName", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "HostFirstLastSeen", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "hostName", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FirstLastSeenHost", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "KpiNetwork", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { "kind": "OBJECT", "name": "KpiNetworkData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "KpiHosts", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "KpiHostDetails", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostDetailsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "MatrixHistogram", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "histogramType", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "HistogramType", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "MatrixHistogramOverTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkTopCountries", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "flowTarget", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "FlowTargetSourceDest", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkTopTablesSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopCountriesData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkTopNFlow", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "flowTarget", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "FlowTargetSourceDest", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkTopTablesSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopNFlowData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkDns", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "isPtrIncluded", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkDnsSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDnsData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkDnsHistogram", - "description": "", - "args": [ - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "stackByField", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "docValueFields", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "ofType": null - } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDsOverTimeData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "NetworkHttp", - "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "filterQuery", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "ip", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "pagination", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "sort", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "INPUT_OBJECT", - "name": "NetworkHttpSortField", - "ofType": null - } - }, - "defaultValue": null - }, - { - "name": "timerange", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimerangeInput", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkHttpData", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "whoAmI", - "description": "Just a simple example to get the app name", - "args": [], - "type": { "kind": "OBJECT", "name": "SayMyName", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceConfiguration", - "description": "A set of configuration options for a security data source", - "fields": [ - { - "name": "fields", - "description": "The field mapping to use for this source", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "SourceFields", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceFields", - "description": "A mapping of semantic fields to their document counterparts", - "fields": [ - { - "name": "container", - "description": "The field to identify a container by", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "host", - "description": "The fields to identify a host by", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "message", - "description": "The fields that may contain the log event message. The first field found win.", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pod", - "description": "The field to identify a pod by", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tiebreaker", - "description": "The field to use as a tiebreaker for log events that have identical timestamps", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timestamp", - "description": "The field to use as a timestamp for metrics and logs", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceStatus", - "description": "The status of an infrastructure data source", - "fields": [ - { - "name": "indicesExist", - "description": "Whether the configured alias or wildcard pattern resolve to any auditbeat indices", - "args": [ - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "indexFields", - "description": "The list of fields defined in the index mappings", - "args": [ - { - "name": "defaultIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "Boolean", - "description": "The `Boolean` scalar type represents `true` or `false`.", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "TimerangeInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "interval", - "description": "The interval string to use for last bucket. The format is '{value}{unit}'. For example '5m' would return the metrics for the last 5 minutes of the timespan.", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "to", - "description": "The end of the timerange", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "from", - "description": "The beginning of the timerange", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "PaginationInputPaginated", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "activePage", - "description": "The activePage parameter defines the page of results you want to fetch", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "cursorStart", - "description": "The cursorStart parameter defines the start of the results to be displayed", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "fakePossibleCount", - "description": "The fakePossibleCount parameter determines the total count in order to show 5 additional pages", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "querySize", - "description": "The querySize parameter is the number of items to be returned", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "docValueFieldsInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "format", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuthenticationsData", - "description": "", - "fields": [ - { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "AuthenticationsEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pageInfo", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuthenticationsEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "AuthenticationItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "cursor", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuthenticationItem", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "failures", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "successes", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "user", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "UserEcsFields", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastSuccess", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "LastSourceHost", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastFailure", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "LastSourceHost", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "UserEcsFields", - "description": "", - "fields": [ - { - "name": "domain", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "full_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "email", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "hash", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "group", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToStringArray", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "LastSourceHost", - "description": "", - "fields": [ - { - "name": "timestamp", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SourceEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "host", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "Date", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SourceEcsFields", - "description": "", - "fields": [ - { - "name": "bytes", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "port", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "domain", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "geo", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "packets", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToNumberArray", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "GeoEcsFields", - "description": "", - "fields": [ - { - "name": "city_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "continent_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "country_iso_code", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "country_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "location", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Location", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "region_iso_code", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "region_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Location", - "description": "", - "fields": [ - { - "name": "lon", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lat", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostEcsFields", - "description": "", - "fields": [ - { - "name": "architecture", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "mac", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "os", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "OsEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "type", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "OsEcsFields", - "description": "", - "fields": [ - { - "name": "platform", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "full", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "family", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "version", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "kernel", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "CursorType", - "description": "", - "fields": [ - { - "name": "value", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tiebreaker", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "PageInfoPaginated", - "description": "", - "fields": [ - { - "name": "activePage", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "fakeTotalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "showMorePagesIndicator", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Inspect", - "description": "", - "fields": [ - { - "name": "dsl", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "response", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "PaginationInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "limit", - "description": "The limit parameter allows you to configure the maximum amount of items to be returned", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "cursor", - "description": "The cursor parameter defines the next result you want to fetch", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "tiebreaker", - "description": "The tiebreaker parameter allow to be more precise to fetch the next item", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "SortField", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "sortFieldId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineData", - "description": "", - "fields": [ - { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "pageInfo", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfo", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "cursor", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineItem", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "_index", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "data", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineNonEcsData", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ecs", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ECS", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineNonEcsData", - "description": "", - "fields": [ - { - "name": "field", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "value", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ECS", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "_index", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "agent", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AgentEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "auditd", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuditdEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "DestinationEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "dns", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "DnsEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "endgame", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "EndgameEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "event", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "EventEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "geo", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "host", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "network", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "NetworkEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "rule", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "RuleEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "signal", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SignalField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SourceEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "suricata", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SuricataEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tls", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TlsEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "zeek", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "ZeekEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "http", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HttpEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "url", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "UrlEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timestamp", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "message", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "user", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "UserEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "winlog", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "WinlogEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "process", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "ProcessEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "file", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "FileFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "system", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SystemEcsField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AgentEcsField", - "description": "", - "fields": [ - { - "name": "type", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -3470,262 +1109,246 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "AuditdEcsFields", - "description": "", - "fields": [ - { - "name": "result", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "session", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "data", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuditdData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "summary", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Summary", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "sequence", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], + "kind": "SCALAR", + "name": "Boolean", + "description": "The `Boolean` scalar type represents `true` or `false`.", + "fields": null, "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "AuditdData", + "kind": "INPUT_OBJECT", + "name": "TimerangeInput", "description": "", - "fields": [ - { - "name": "acct", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "fields": null, + "inputFields": [ + { + "name": "interval", + "description": "The interval string to use for last bucket. The format is '{value}{unit}'. For example '5m' would return the metrics for the last 5 minutes of the timespan.", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null }, { - "name": "terminal", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "to", + "description": "The end of the timerange", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null }, { - "name": "op", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "from", + "description": "The beginning of the timerange", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "Summary", + "kind": "INPUT_OBJECT", + "name": "PaginationInputPaginated", "description": "", - "fields": [ - { - "name": "actor", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": [ { - "name": "object", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "activePage", + "description": "The activePage parameter defines the page of results you want to fetch", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "how", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "cursorStart", + "description": "The cursorStart parameter defines the start of the results to be displayed", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "message_type", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "fakePossibleCount", + "description": "The fakePossibleCount parameter determines the total count in order to show 5 additional pages", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "sequence", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "querySize", + "description": "The querySize parameter is the number of items to be returned", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "PrimarySecondary", + "kind": "INPUT_OBJECT", + "name": "HostsSortField", "description": "", - "fields": [ - { - "name": "primary", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": [ { - "name": "secondary", + "name": "field", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "HostsFields", "ofType": null } + }, + "defaultValue": null }, { - "name": "type", + "name": "direction", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "DestinationEcsFields", + "kind": "ENUM", + "name": "HostsFields", "description": "", - "fields": [ - { - "name": "bytes", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "port", + "name": "hostName", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "domain", + "name": "lastSeen", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "docValueFieldsInput", + "description": "", + "fields": null, + "inputFields": [ { - "name": "geo", + "name": "field", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null }, { - "name": "packets", + "name": "format", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "DnsEcsFields", + "name": "HostsData", "description": "", "fields": [ { - "name": "question", + "name": "edges", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "DnsQuestionData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "HostsEdges", "ofType": null } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "totalCount", + "description": "", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "resolved_ip", + "name": "pageInfo", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "response_code", + "name": "inspect", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -3737,22 +1360,30 @@ }, { "kind": "OBJECT", - "name": "DnsQuestionData", + "name": "HostsEdges", "description": "", "fields": [ { - "name": "name", + "name": "node", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "cursor", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -3764,110 +1395,105 @@ }, { "kind": "OBJECT", - "name": "EndgameEcsFields", + "name": "HostItem", "description": "", "fields": [ { - "name": "exit_code", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "file_name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "file_path", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "logon_type", + "name": "_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "parent_process_name", + "name": "cloud", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "CloudFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pid", + "name": "endpoint", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "EndpointFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "process_name", + "name": "host", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "subject_domain_name", + "name": "inspect", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "subject_logon_id", + "name": "lastSeen", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "CloudFields", + "description": "", + "fields": [ { - "name": "subject_user_name", + "name": "instance", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "CloudInstance", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_domain_name", + "name": "machine", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "CloudMachine", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_logon_id", + "name": "provider", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_user_name", + "name": "region", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -3879,67 +1505,116 @@ }, { "kind": "OBJECT", - "name": "EventEcsFields", + "name": "CloudInstance", "description": "", "fields": [ { - "name": "action", + "name": "id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "CloudMachine", + "description": "", + "fields": [ { - "name": "category", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "EndpointFields", + "description": "", + "fields": [ { - "name": "code", + "name": "endpointPolicy", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created", + "name": "sensorVersion", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dataset", + "name": "policyStatus", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "ENUM", "name": "HostPolicyResponseActionStatus", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "HostPolicyResponseActionStatus", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "duration", + "name": "success", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "end", + "name": "failure", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, + { "name": "warning", "description": "", "isDeprecated": false, "deprecationReason": null } + ], + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "HostEcsFields", + "description": "", + "fields": [ { - "name": "hash", + "name": "architecture", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -3955,23 +1630,7 @@ "deprecationReason": null }, { - "name": "kind", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "module", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "original", + "name": "ip", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -3979,7 +1638,7 @@ "deprecationReason": null }, { - "name": "outcome", + "name": "mac", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -3987,42 +1646,18 @@ "deprecationReason": null }, { - "name": "risk_score", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "risk_score_norm", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "severity", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "start", + "name": "name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "timezone", + "name": "os", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "OsEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, @@ -4042,7 +1677,7 @@ }, { "kind": "SCALAR", - "name": "ToDateArray", + "name": "ToStringArray", "description": "", "fields": null, "inputFields": null, @@ -4052,19 +1687,19 @@ }, { "kind": "OBJECT", - "name": "NetworkEcsField", + "name": "OsEcsFields", "description": "", "fields": [ { - "name": "bytes", + "name": "platform", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "community_id", + "name": "name", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4072,7 +1707,7 @@ "deprecationReason": null }, { - "name": "direction", + "name": "full", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4080,15 +1715,15 @@ "deprecationReason": null }, { - "name": "packets", + "name": "family", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "protocol", + "name": "version", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4096,7 +1731,7 @@ "deprecationReason": null }, { - "name": "transport", + "name": "kernel", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, @@ -4111,14 +1746,46 @@ }, { "kind": "OBJECT", - "name": "RuleEcsField", + "name": "Inspect", "description": "", "fields": [ { - "name": "reference", + "name": "dsl", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "response", + "description": "", + "args": [], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -4128,32 +1795,34 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "SCALAR", + "name": "Date", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, { "kind": "OBJECT", - "name": "SignalField", + "name": "CursorType", "description": "", "fields": [ { - "name": "rule", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "RuleField", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "original_time", + "name": "value", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "status", + "name": "tiebreaker", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -4165,210 +1834,208 @@ }, { "kind": "OBJECT", - "name": "RuleField", + "name": "PageInfoPaginated", "description": "", "fields": [ { - "name": "id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "rule_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "false_positives", + "name": "activePage", "description": "", "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "saved_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timeline_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timeline_title", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "max_signals", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "risk_score", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "output_index", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "description", + "name": "fakeTotalCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "from", + "name": "showMorePagesIndicator", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "FirstLastSeenHost", + "description": "", + "fields": [ { - "name": "immutable", + "name": "inspect", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "index", + "name": "firstSeen", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "interval", + "name": "lastSeen", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TimelineResult", + "description": "", + "fields": [ { - "name": "language", + "name": "columns", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ColumnHeaderResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "query", + "name": "created", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "references", + "name": "createdBy", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "severity", + "name": "dataProviders", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "tags", + "name": "dateRange", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "DateRangePickerResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "threat", + "name": "description", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "eventIdToNoteIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "size", + "name": "eventType", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "to", + "name": "excludedRowRendererIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "enabled", + "name": "favorite", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, @@ -4376,226 +2043,207 @@ "name": "filters", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "FilterTimelineResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created_at", + "name": "kqlMode", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated_at", + "name": "kqlQuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SerializedFilterQueryResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created_by", + "name": "indexNames", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated_by", + "name": "notes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "noteIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "note", + "name": "pinnedEventIds", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "threshold", + "name": "pinnedEventsSaveObject", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "exceptions_list", + "name": "savedQueryId", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToBooleanArray", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToAny", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SuricataEcsFields", - "description": "", - "fields": [ + }, { - "name": "eve", + "name": "savedObjectId", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SuricataEveData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SuricataEveData", - "description": "", - "fields": [ + }, { - "name": "alert", + "name": "sort", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SuricataAlertData", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SortTimelineResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "flow_id", + "name": "status", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "proto", + "name": "title", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SuricataAlertData", - "description": "", - "fields": [ + }, { - "name": "signature", + "name": "templateTimelineId", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "signature_id", + "name": "templateTimelineVersion", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsEcsFields", - "description": "", - "fields": [ + }, { - "name": "client_certificate", + "name": "timelineType", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsClientCertificateData", "ofType": null }, + "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "fingerprints", + "name": "updated", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsFingerprintsData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "server_certificate", + "name": "updatedBy", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsServerCertificateData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsClientCertificateData", - "description": "", - "fields": [ + "deprecationReason": null + }, { - "name": "fingerprint", + "name": "version", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -4607,138 +2255,102 @@ }, { "kind": "OBJECT", - "name": "FingerprintData", + "name": "ColumnHeaderResult", "description": "", "fields": [ { - "name": "sha1", + "name": "aggregatable", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsFingerprintsData", - "description": "", - "fields": [ + }, { - "name": "ja3", + "name": "category", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "TlsJa3Data", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsJa3Data", - "description": "", - "fields": [ + }, { - "name": "hash", + "name": "columnHeaderType", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TlsServerCertificateData", - "description": "", - "fields": [ + }, { - "name": "fingerprint", + "name": "description", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ZeekEcsFields", - "description": "", - "fields": [ + }, { - "name": "session_id", + "name": "example", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "connection", + "name": "indexes", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekConnectionData", "ofType": null }, + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "notice", + "name": "id", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekNoticeData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dns", + "name": "name", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekDnsData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "http", + "name": "placeholder", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekHttpData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "files", + "name": "searchable", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekFileData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ssl", + "name": "type", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ZeekSslData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -4750,46 +2362,78 @@ }, { "kind": "OBJECT", - "name": "ZeekConnectionData", + "name": "DataProviderResult", "description": "", "fields": [ { - "name": "local_resp", + "name": "id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "local_orig", + "name": "name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "missed_bytes", + "name": "enabled", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "state", + "name": "excluded", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "history", + "name": "kqlQuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "queryMatch", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "QueryMatchResult", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "type", + "description": "", + "args": [], + "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "and", + "description": "", + "args": [], + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -4801,212 +2445,210 @@ }, { "kind": "OBJECT", - "name": "ZeekNoticeData", + "name": "QueryMatchResult", "description": "", "fields": [ { - "name": "suppress_for", + "name": "field", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "msg", + "name": "displayField", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "note", + "name": "value", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sub", + "name": "displayValue", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dst", + "name": "operator", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "DataProviderType", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "dropped", + "name": "default", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "peer_descr", + "name": "template", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ZeekDnsData", + "name": "DateRangePickerResult", "description": "", "fields": [ { - "name": "AA", + "name": "start", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "qclass_name", + "name": "end", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "ToAny", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "RowRendererId", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { "name": "auditd", "description": "", "isDeprecated": false, "deprecationReason": null }, + { + "name": "auditd_file", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "RD", + "name": "netflow", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, + { "name": "plain", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "qtype_name", + "name": "suricata", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, + { "name": "system", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "rejected", + "name": "system_dns", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "qtype", + "name": "system_endgame_process", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "query", + "name": "system_file", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "trans_id", + "name": "system_fim", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "qclass", + "name": "system_security_event", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "RA", + "name": "system_socket", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, - { - "name": "TC", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } + { "name": "zeek", "description": "", "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ZeekHttpData", + "name": "FavoriteTimelineResult", "description": "", "fields": [ { - "name": "resp_mime_types", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "trans_depth", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "status_msg", + "name": "fullName", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "resp_fuids", + "name": "userName", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "tags", + "name": "favoriteDate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5018,193 +2660,161 @@ }, { "kind": "OBJECT", - "name": "ZeekFileData", + "name": "FilterTimelineResult", "description": "", "fields": [ { - "name": "session_ids", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "timedout", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "local_orig", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tx_host", + "name": "exists", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "source", + "name": "meta", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "FilterMetaTimelineResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "is_orig", + "name": "match_all", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "overflow_bytes", + "name": "missing", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sha1", + "name": "query", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "duration", + "name": "range", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "depth", + "name": "script", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "FilterMetaTimelineResult", + "description": "", + "fields": [ { - "name": "analyzers", + "name": "alias", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "mime_type", + "name": "controlledBy", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "rx_host", + "name": "disabled", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "total_bytes", + "name": "field", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "fuid", + "name": "formattedValue", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "seen_bytes", + "name": "index", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "missing_bytes", + "name": "key", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "md5", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ZeekSslData", - "description": "", - "fields": [ - { - "name": "cipher", + "name": "negate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "established", + "name": "params", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "resumed", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "value", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5216,30 +2826,14 @@ }, { "kind": "OBJECT", - "name": "HttpEcsFields", + "name": "SerializedFilterQueryResult", "description": "", "fields": [ { - "name": "version", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "request", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HttpRequestData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "response", + "name": "filterQuery", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "HttpResponseData", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SerializedKueryQueryResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5251,38 +2845,22 @@ }, { "kind": "OBJECT", - "name": "HttpRequestData", + "name": "SerializedKueryQueryResult", "description": "", "fields": [ { - "name": "method", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "body", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "referrer", + "name": "kuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "OBJECT", "name": "KueryFilterQueryResult", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes", + "name": "serializedQuery", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5294,22 +2872,22 @@ }, { "kind": "OBJECT", - "name": "HttpBodyData", + "name": "KueryFilterQueryResult", "description": "", "fields": [ { - "name": "content", + "name": "kind", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes", + "name": "expression", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -5321,218 +2899,504 @@ }, { "kind": "OBJECT", - "name": "HttpResponseData", + "name": "SortTimelineResult", "description": "", "fields": [ { - "name": "status_code", + "name": "columnId", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "body", + "name": "sortDirection", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "TimelineStatus", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { "name": "active", "description": "", "isDeprecated": false, "deprecationReason": null }, + { "name": "draft", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes", + "name": "immutable", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } ], + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "Int", + "description": "The `Int` scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1. ", + "fields": null, "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "UrlEcsFields", + "kind": "ENUM", + "name": "TimelineType", "description": "", - "fields": [ + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "domain", + "name": "default", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "original", + "name": "template", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null + } + ], + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "PageInfoTimeline", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "pageIndex", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null }, { - "name": "username", + "name": "pageSize", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "SortTimeline", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "sortField", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "SortFieldTimeline", "ofType": null } + }, + "defaultValue": null }, { - "name": "password", + "name": "sortOrder", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } + }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "WinlogEcsFields", + "kind": "ENUM", + "name": "SortFieldTimeline", "description": "", - "fields": [ + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { "name": "title", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "event_id", + "name": "description", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } + }, + { + "name": "updated", + "description": "", + "isDeprecated": false, + "deprecationReason": null + }, + { "name": "created", "description": "", "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ProcessEcsFields", + "name": "ResponseTimelines", "description": "", "fields": [ { - "name": "hash", + "name": "timeline", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "ProcessHashData", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } + } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pid", + "name": "totalCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", + "name": "defaultTimelineCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ppid", + "name": "templateTimelineCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "args", + "name": "elasticTemplateTimelineCount", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "customTemplateTimelineCount", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "favoriteCount", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "Mutation", + "description": "", + "fields": [ + { + "name": "persistNote", + "description": "Persists a note", + "args": [ + { + "name": "noteId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + }, + { + "name": "version", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "note", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "NoteInput", "ofType": null } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ResponseNote", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "entity_id", + "name": "deleteNote", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "id", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + } + } + }, + "defaultValue": null + } + ], + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "executable", + "name": "deleteNoteByTimelineId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "timelineId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "version", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + } + ], + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "title", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "name": "persistPinnedEventOnTimeline", + "description": "Persists a pinned event in a timeline", + "args": [ + { + "name": "pinnedEventId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + }, + { + "name": "eventId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "timelineId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + } + ], + "type": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "thread", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Thread", "ofType": null }, + "name": "deletePinnedEventOnTimeline", + "description": "Remove a pinned events in a timeline", + "args": [ + { + "name": "id", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + } + } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "working_directory", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "name": "deleteAllPinnedEventsOnTimeline", + "description": "Remove all pinned events in a timeline", + "args": [ + { + "name": "timelineId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ProcessHashData", - "description": "", - "fields": [ + }, { - "name": "md5", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "name": "persistTimeline", + "description": "Persists a timeline", + "args": [ + { + "name": "id", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + }, + { + "name": "version", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "timeline", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "TimelineInput", "ofType": null } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ResponseTimeline", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sha1", + "name": "persistFavorite", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "timelineId", + "description": "", + "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "ResponseFavoriteTimeline", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sha256", + "name": "deleteTimeline", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "args": [ + { + "name": "id", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } + } + } + }, + "defaultValue": null + } + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null } @@ -5543,524 +3407,416 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "Thread", + "kind": "INPUT_OBJECT", + "name": "NoteInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "id", + "name": "eventId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "start", + "name": "note", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "timelineId", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "FileFields", + "name": "ResponseNote", "description": "", "fields": [ { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "path", + "name": "code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "target_path", + "name": "message", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "extension", + "name": "note", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "INPUT_OBJECT", + "name": "TimelineInput", + "description": "", + "fields": null, + "inputFields": [ { - "name": "type", + "name": "columns", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "ColumnHeaderInput", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "device", + "name": "dataProviders", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "inode", + "name": "description", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "uid", + "name": "eventType", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "owner", + "name": "excludedRowRendererIds", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "gid", + "name": "filters", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "FilterTimelineInput", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "group", + "name": "kqlMode", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "mode", + "name": "kqlQuery", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "INPUT_OBJECT", + "name": "SerializedFilterQueryInput", + "ofType": null + }, + "defaultValue": null }, { - "name": "size", + "name": "indexNames", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + } + }, + "defaultValue": null }, { - "name": "mtime", + "name": "title", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "ctime", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SystemEcsField", - "description": "", - "fields": [ - { - "name": "audit", + "name": "templateTimelineId", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuditEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "auth", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AuthEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AuditEcsFields", - "description": "", - "fields": [ - { - "name": "package", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "PackageEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "PackageEcsFields", - "description": "", - "fields": [ - { - "name": "arch", + "name": "templateTimelineVersion", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, + "defaultValue": null }, { - "name": "entity_id", + "name": "timelineType", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, + "defaultValue": null }, { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "name": "dateRange", + "description": "", + "type": { "kind": "INPUT_OBJECT", "name": "DateRangePickerInput", "ofType": null }, + "defaultValue": null }, { - "name": "size", + "name": "savedQueryId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "summary", + "name": "sort", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "SortTimelineInput", "ofType": null }, + "defaultValue": null }, { - "name": "version", + "name": "status", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "AuthEcsFields", + "kind": "INPUT_OBJECT", + "name": "ColumnHeaderInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "ssh", + "name": "aggregatable", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "SshEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SshEcsFields", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null + }, { - "name": "method", + "name": "category", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "signature", + "name": "columnHeaderType", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "PageInfo", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "endCursor", + "name": "description", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CursorType", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "hasNextPage", + "name": "example", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TimelineDetailsData", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "data", + "name": "indexes", "description": "", - "args": [], "type": { "kind": "LIST", "name": null, "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "DetailItem", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } } }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null }, { - "name": "inspect", + "name": "id", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "DetailItem", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "field", + "name": "name", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "values", + "name": "placeholder", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "originalValue", + "name": "searchable", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "EsValue", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null + }, + { + "name": "type", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "EsValue", - "description": "", - "fields": null, - "inputFields": null, "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "ENUM", - "name": "LastEventIndexKey", + "kind": "INPUT_OBJECT", + "name": "DataProviderInput", "description": "", "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "inputFields": [ { - "name": "hostDetails", + "name": "id", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, - { "name": "hosts", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "ipDetails", + "name": "name", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, - { "name": "network", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "LastTimeDetails", - "description": "", - "fields": null, - "inputFields": [ { - "name": "hostName", + "name": "enabled", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, "defaultValue": null }, { - "name": "ip", + "name": "excluded", + "description": "", + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null + }, + { + "name": "kqlQuery", "description": "", "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "LastEventTimeData", - "description": "", - "fields": [ + }, { - "name": "lastSeen", + "name": "queryMatch", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "QueryMatchInput", "ofType": null }, + "defaultValue": null }, { - "name": "inspect", + "name": "and", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } + } + }, + "defaultValue": null + }, + { + "name": "type", + "description": "", + "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "INPUT_OBJECT", - "name": "HostsSortField", + "name": "QueryMatchInput", "description": "", "fields": null, "inputFields": [ { "name": "field", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "HostsFields", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null }, { - "name": "direction", + "name": "displayField", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "value", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "displayValue", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "operator", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "defaultValue": null } ], @@ -6069,399 +3825,251 @@ "possibleTypes": null }, { - "kind": "ENUM", - "name": "HostsFields", + "kind": "INPUT_OBJECT", + "name": "FilterTimelineInput", "description": "", "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "inputFields": [ { - "name": "hostName", + "name": "exists", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "lastSeen", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostsData", - "description": "", - "fields": [ - { - "name": "edges", + "name": "meta", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostsEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "FilterMetaTimelineInput", "ofType": null }, + "defaultValue": null }, { - "name": "totalCount", + "name": "match_all", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "pageInfo", + "name": "missing", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "inspect", + "name": "query", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "HostsEdges", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "node", + "name": "range", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "HostItem", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "cursor", + "name": "script", "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "HostItem", + "kind": "INPUT_OBJECT", + "name": "FilterMetaTimelineInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "_id", + "name": "alias", "description": "", - "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null }, { - "name": "cloud", + "name": "controlledBy", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "endpoint", + "name": "disabled", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "EndpointFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null }, { - "name": "host", + "name": "field", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "inspect", + "name": "formattedValue", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "lastSeen", + "name": "index", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "CloudFields", - "description": "", - "fields": [ + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, { - "name": "instance", + "name": "key", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudInstance", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "machine", + "name": "negate", "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "CloudMachine", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": null }, { - "name": "provider", + "name": "params", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "region", + "name": "type", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "value", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "CloudInstance", + "kind": "INPUT_OBJECT", + "name": "SerializedFilterQueryInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "id", + "name": "filterQuery", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "SerializedKueryQueryInput", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "CloudMachine", + "kind": "INPUT_OBJECT", + "name": "SerializedKueryQueryInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "type", + "name": "kuery", "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "INPUT_OBJECT", "name": "KueryFilterQueryInput", "ofType": null }, + "defaultValue": null + }, + { + "name": "serializedQuery", + "description": "", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "EndpointFields", + "kind": "INPUT_OBJECT", + "name": "KueryFilterQueryInput", "description": "", - "fields": [ + "fields": null, + "inputFields": [ { - "name": "endpointPolicy", + "name": "kind", "description": "", - "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null }, { - "name": "sensorVersion", + "name": "expression", "description": "", - "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "policyStatus", - "description": "", - "args": [], - "type": { "kind": "ENUM", "name": "HostPolicyResponseActionStatus", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "ENUM", - "name": "HostPolicyResponseActionStatus", + "kind": "INPUT_OBJECT", + "name": "DateRangePickerInput", "description": "", "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "inputFields": [ { - "name": "success", + "name": "start", "description": "", - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "defaultValue": null }, { - "name": "failure", + "name": "end", "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "warning", "description": "", "isDeprecated": false, "deprecationReason": null } + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "defaultValue": null + } ], + "interfaces": null, + "enumValues": null, "possibleTypes": null }, { - "kind": "OBJECT", - "name": "FirstLastSeenHost", + "kind": "INPUT_OBJECT", + "name": "SortTimelineInput", "description": "", - "fields": [ - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "fields": null, + "inputFields": [ { - "name": "firstSeen", + "name": "columnId", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null }, { - "name": "lastSeen", + "name": "sortDirection", "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null } ], - "inputFields": null, - "interfaces": [], + "interfaces": null, "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "KpiNetworkData", + "name": "ResponseTimeline", "description": "", "fields": [ { - "name": "networkEvents", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueFlowId", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueSourcePrivateIps", + "name": "code", "description": "", "args": [], "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, @@ -6469,95 +4077,24 @@ "deprecationReason": null }, { - "name": "uniqueSourcePrivateIpsHistogram", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiNetworkHistogramData", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueDestinationPrivateIps", + "name": "message", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDestinationPrivateIpsHistogram", + "name": "timeline", "description": "", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiNetworkHistogramData", "ofType": null } - } + "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } }, "isDeprecated": false, "deprecationReason": null - }, - { - "name": "dnsQueries", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "tlsHandshakes", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KpiNetworkHistogramData", - "description": "", - "fields": [ - { - "name": "x", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "y", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null } ], "inputFields": null, @@ -6567,67 +4104,51 @@ }, { "kind": "OBJECT", - "name": "KpiHostsData", - "description": "", - "fields": [ - { - "name": "hosts", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + "name": "ResponseFavoriteTimeline", + "description": "", + "fields": [ { - "name": "hostsHistogram", + "name": "code", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authSuccess", + "name": "message", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authSuccessHistogram", + "name": "savedObjectId", "description": "", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailure", + "name": "version", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailureHistogram", + "name": "favorite", "description": "", "args": [], "type": { @@ -6636,92 +4157,88 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null - }, - { - "name": "uniqueSourceIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "__Schema", + "description": "A GraphQL Schema defines the capabilities of a GraphQL server. It exposes all available types and directives on the server, as well as the entry points for query, mutation, and subscription operations.", + "fields": [ { - "name": "uniqueSourceIpsHistogram", - "description": "", + "name": "types", + "description": "A list of all types supported by this server.", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, "ofType": { - "kind": "NON_NULL", + "kind": "LIST", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } + } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDestinationIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueDestinationIpsHistogram", - "description": "", + "name": "queryType", + "description": "The type that query operations will be rooted at.", "args": [], "type": { - "kind": "LIST", + "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", - "description": "", + "name": "mutationType", + "description": "If this server supports mutation, the type that mutation operations will be rooted at.", "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, + "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KpiHostHistogramData", - "description": "", - "fields": [ + }, { - "name": "x", - "description": "", + "name": "subscriptionType", + "description": "If this server support subscription, the type that subscription operations will be rooted at.", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "y", - "description": "", + "name": "directives", + "description": "A list of all directives supported by this server.", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__Directive", "ofType": null } + } + } + }, "isDeprecated": false, "deprecationReason": null } @@ -6733,68 +4250,63 @@ }, { "kind": "OBJECT", - "name": "KpiHostDetailsData", - "description": "", + "name": "__Type", + "description": "The fundamental unit of any GraphQL Schema is the type. There are many kinds of types in GraphQL as represented by the `__TypeKind` enum.\n\nDepending on the kind of a type, certain fields describe information about that type. Scalar types provide no information beyond a name and description, while Enum types provide their values. Object and Interface types provide the fields they describe. Abstract types, Union and Interface, provide the Object types possible at runtime. List and NonNull types compose other types.", "fields": [ { - "name": "authSuccess", - "description": "", + "name": "kind", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "__TypeKind", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authSuccessHistogram", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailure", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "authFailureHistogram", - "description": "", - "args": [], + "name": "fields", + "description": null, + "args": [ + { + "name": "includeDeprecated", + "description": null, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": "false" + } + ], "type": { "kind": "LIST", "name": null, "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Field", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueSourceIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueSourceIpsHistogram", - "description": "", + "name": "interfaces", + "description": null, "args": [], "type": { "kind": "LIST", @@ -6802,23 +4314,15 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDestinationIps", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "uniqueDestinationIpsHistogram", - "description": "", + "name": "possibleTypes", + "description": null, "args": [], "type": { "kind": "LIST", @@ -6826,133 +4330,56 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "KpiHostHistogramData", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "HistogramType", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "authentications", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "anomalies", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "events", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "alerts", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "dns", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "MatrixHistogramOverTimeData", - "description": "", - "fields": [ - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "matrixHistogramData", - "description": "", - "args": [], + "name": "enumValues", + "description": null, + "args": [ + { + "name": "includeDeprecated", + "description": null, + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "defaultValue": "false" + } + ], "type": { - "kind": "NON_NULL", + "kind": "LIST", "name": null, "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "ofType": null - } - } + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__EnumValue", "ofType": null } } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", - "description": "", + "name": "inputFields", + "description": null, "args": [], "type": { - "kind": "NON_NULL", + "kind": "LIST", "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } + } }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "description": "", - "fields": [ - { - "name": "x", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "y", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null }, { - "name": "g", - "description": "", + "name": "ofType", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -6964,83 +4391,57 @@ }, { "kind": "ENUM", - "name": "FlowTargetSourceDest", - "description": "", + "name": "__TypeKind", + "description": "An enum describing what kind of type a given `__Type` is.", "fields": null, "inputFields": null, "interfaces": null, "enumValues": [ { - "name": "destination", - "description": "", + "name": "SCALAR", + "description": "Indicates this type is a scalar.", "isDeprecated": false, "deprecationReason": null }, - { "name": "source", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "NetworkTopTablesSortField", - "description": "", - "fields": null, - "inputFields": [ { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "NetworkTopTablesFields", "ofType": null } - }, - "defaultValue": null + "name": "OBJECT", + "description": "Indicates this type is an object. `fields` and `interfaces` are valid fields.", + "isDeprecated": false, + "deprecationReason": null }, { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "NetworkTopTablesFields", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + "name": "INTERFACE", + "description": "Indicates this type is an interface. `fields` and `possibleTypes` are valid fields.", + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "bytes_in", - "description": "", + "name": "UNION", + "description": "Indicates this type is a union. `possibleTypes` is a valid field.", "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes_out", - "description": "", + "name": "ENUM", + "description": "Indicates this type is an enum. `enumValues` is a valid field.", "isDeprecated": false, "deprecationReason": null }, - { "name": "flows", "description": "", "isDeprecated": false, "deprecationReason": null }, { - "name": "destination_ips", - "description": "", + "name": "INPUT_OBJECT", + "description": "Indicates this type is an input object. `inputFields` is a valid field.", "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", + "name": "LIST", + "description": "Indicates this type is a list. `ofType` is a valid field.", + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "NON_NULL", + "description": "Indicates this type is a non-null. `ofType` is a valid field.", "isDeprecated": false, "deprecationReason": null } @@ -7049,136 +4450,78 @@ }, { "kind": "OBJECT", - "name": "NetworkTopCountriesData", - "description": "", + "name": "__Field", + "description": "Object and Interface types are described by a list of Fields, each of which has a name, potentially a list of arguments, and a return type.", "fields": [ { - "name": "edges", - "description": "", + "name": "name", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopCountriesEdges", "ofType": null } - } - } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", - "description": "", + "name": "args", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } + } + } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopCountriesEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", + "name": "type", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopCountriesItem", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", - "description": "", + "name": "isDeprecated", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopCountriesItem", - "description": "", - "fields": [ - { - "name": "_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopCountriesItemSource", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopCountriesItemDestination", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null }, { - "name": "network", - "description": "", + "name": "deprecationReason", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "TopNetworkTablesEcsField", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7190,73 +4533,46 @@ }, { "kind": "OBJECT", - "name": "TopCountriesItemSource", - "description": "", + "name": "__InputValue", + "description": "Arguments provided to Fields or Directives and the input fields of an InputObject are represented as Input Values which describe their type and optionally a default value.", "fields": [ { - "name": "country", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination_ips", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "flows", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "location", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "GeoItem", - "description": "", - "fields": [ + }, { - "name": "geo", - "description": "", + "name": "type", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "flowTarget", - "description": "", + "name": "defaultValue", + "description": "A GraphQL-formatted string representing the default value for this input value.", "args": [], - "type": { "kind": "ENUM", "name": "FlowTargetSourceDest", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7268,46 +4584,46 @@ }, { "kind": "OBJECT", - "name": "TopCountriesItemDestination", - "description": "", + "name": "__EnumValue", + "description": "One possible value for a given Enum. Enum values are unique values, not a placeholder for a string or numeric value. However an Enum value is returned in a JSON response as a string.", "fields": [ { - "name": "country", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "destination_ips", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "flows", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "location", - "description": "", + "name": "isDeprecated", + "description": null, "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", + "name": "deprecationReason", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7319,39 +4635,32 @@ }, { "kind": "OBJECT", - "name": "TopNetworkTablesEcsField", - "description": "", + "name": "__Directive", + "description": "A Directive provides a way to describe alternate runtime execution and type validation behavior in a GraphQL document.\n\nIn some cases, you need to provide options to alter GraphQL's execution behavior in ways field arguments will not suffice, such as conditionally including or skipping a field. Directives provide this by describing additional information to the executor.", "fields": [ { - "name": "bytes_in", - "description": "", + "name": "name", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, "isDeprecated": false, "deprecationReason": null }, { - "name": "bytes_out", - "description": "", + "name": "description", + "description": null, "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopNFlowData", - "description": "", - "fields": [ + }, { - "name": "edges", - "description": "", + "name": "locations", + "description": null, "args": [], "type": { "kind": "NON_NULL", @@ -7362,7 +4671,7 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopNFlowEdges", "ofType": null } + "ofType": { "kind": "ENUM", "name": "__DirectiveLocation", "ofType": null } } } }, @@ -7370,71 +4679,60 @@ "deprecationReason": null }, { - "name": "totalCount", - "description": "", + "name": "args", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } + } + } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", - "description": "", + "name": "onOperation", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, - "isDeprecated": false, - "deprecationReason": null + "isDeprecated": true, + "deprecationReason": "Use `locations`." }, { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkTopNFlowEdges", - "description": "", - "fields": [ - { - "name": "node", - "description": "", + "name": "onFragment", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkTopNFlowItem", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, - "isDeprecated": false, - "deprecationReason": null + "isDeprecated": true, + "deprecationReason": "Use `locations`." }, { - "name": "cursor", - "description": "", + "name": "onField", + "description": null, "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } }, - "isDeprecated": false, - "deprecationReason": null + "isDeprecated": true, + "deprecationReason": "Use `locations`." } ], "inputFields": null, @@ -7443,496 +4741,288 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "NetworkTopNFlowItem", - "description": "", - "fields": [ + "kind": "ENUM", + "name": "__DirectiveLocation", + "description": "A Directive can be adjacent to many parts of the GraphQL language, a __DirectiveLocation describes one such possible adjacencies.", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ { - "name": "_id", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "QUERY", + "description": "Location adjacent to a query operation.", "isDeprecated": false, "deprecationReason": null }, { - "name": "source", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopNFlowItemSource", "ofType": null }, + "name": "MUTATION", + "description": "Location adjacent to a mutation operation.", "isDeprecated": false, "deprecationReason": null }, { - "name": "destination", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopNFlowItemDestination", "ofType": null }, + "name": "SUBSCRIPTION", + "description": "Location adjacent to a subscription operation.", "isDeprecated": false, "deprecationReason": null }, { - "name": "network", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "TopNetworkTablesEcsField", "ofType": null }, + "name": "FIELD", + "description": "Location adjacent to a field.", "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TopNFlowItemSource", - "description": "", - "fields": [ + }, { - "name": "autonomous_system", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AutonomousSystemItem", "ofType": null }, + "name": "FRAGMENT_DEFINITION", + "description": "Location adjacent to a fragment definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "domain", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "name": "FRAGMENT_SPREAD", + "description": "Location adjacent to a fragment spread.", "isDeprecated": false, "deprecationReason": null }, { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "INLINE_FRAGMENT", + "description": "Location adjacent to an inline fragment.", "isDeprecated": false, "deprecationReason": null }, { - "name": "location", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "name": "SCHEMA", + "description": "Location adjacent to a schema definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "flows", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "SCALAR", + "description": "Location adjacent to a scalar definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "destination_ips", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "OBJECT", + "description": "Location adjacent to an object type definition.", "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "AutonomousSystemItem", - "description": "", - "fields": [ + "deprecationReason": null + }, { - "name": "name", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "FIELD_DEFINITION", + "description": "Location adjacent to a field definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "number", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "ARGUMENT_DEFINITION", + "description": "Location adjacent to an argument definition.", "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "TopNFlowItemDestination", - "description": "", - "fields": [ + }, { - "name": "autonomous_system", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "AutonomousSystemItem", "ofType": null }, + "name": "INTERFACE", + "description": "Location adjacent to an interface definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "domain", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "name": "UNION", + "description": "Location adjacent to a union definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "ip", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "name": "ENUM", + "description": "Location adjacent to an enum definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "location", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "GeoItem", "ofType": null }, + "name": "ENUM_VALUE", + "description": "Location adjacent to an enum value definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "flows", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "INPUT_OBJECT", + "description": "Location adjacent to an input object type definition.", "isDeprecated": false, "deprecationReason": null }, { - "name": "source_ips", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "name": "INPUT_FIELD_DEFINITION", + "description": "Location adjacent to an input object field definition.", "isDeprecated": false, "deprecationReason": null } ], - "inputFields": null, - "interfaces": [], - "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "NetworkDnsSortField", + "kind": "SCALAR", + "name": "ToStringArrayNoNullable", "description": "", "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "NetworkDnsFields", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], + "inputFields": null, "interfaces": null, "enumValues": null, "possibleTypes": null }, { - "kind": "ENUM", - "name": "NetworkDnsFields", + "kind": "OBJECT", + "name": "EventEcsFields", "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "dnsName", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, + "fields": [ { - "name": "queryCount", + "name": "action", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDomains", + "name": "category", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesIn", + "name": "code", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesOut", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkDnsData", - "description": "", - "fields": [ - { - "name": "edges", + "name": "created", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDnsEdges", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "dataset", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", + "name": "duration", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", + "name": "end", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "histogram", + "name": "hash", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverOrdinalHistogramData", - "ofType": null - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkDnsEdges", - "description": "", - "fields": [ + }, { - "name": "node", + "name": "id", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkDnsItem", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", + "name": "kind", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkDnsItem", - "description": "", - "fields": [ + }, { - "name": "_id", + "name": "module", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesIn", + "name": "original", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsBytesOut", + "name": "outcome", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dnsName", + "name": "risk_score", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "queryCount", + "name": "risk_score_norm", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "uniqueDomains", + "name": "severity", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "MatrixOverOrdinalHistogramData", - "description": "", - "fields": [ + }, { - "name": "x", + "name": "start", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "y", + "name": "timezone", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "g", + "name": "type", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7942,52 +5032,44 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "SCALAR", + "name": "ToDateArray", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "ToNumberArray", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, { "kind": "OBJECT", - "name": "NetworkDsOverTimeData", + "name": "Location", "description": "", "fields": [ { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "matrixHistogramData", + "name": "lon", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "OBJECT", - "name": "MatrixOverTimeHistogramData", - "ofType": null - } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "lat", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -7997,116 +5079,64 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "INPUT_OBJECT", - "name": "NetworkHttpSortField", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "direction", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, { "kind": "OBJECT", - "name": "NetworkHttpData", + "name": "GeoEcsFields", "description": "", "fields": [ { - "name": "edges", + "name": "city_name", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkHttpEdges", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "continent_name", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", + "name": "country_iso_code", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfoPaginated", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inspect", + "name": "country_name", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "NetworkHttpEdges", - "description": "", - "fields": [ + }, { - "name": "node", + "name": "location", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NetworkHttpItem", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "Location", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", + "name": "region_iso_code", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "region_name", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8118,106 +5148,81 @@ }, { "kind": "OBJECT", - "name": "NetworkHttpItem", + "name": "PrimarySecondary", "description": "", "fields": [ { - "name": "_id", + "name": "primary", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "domains", + "name": "secondary", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "lastHost", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "Summary", + "description": "", + "fields": [ { - "name": "lastSourceIp", + "name": "actor", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "methods", + "name": "object", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, + "type": { "kind": "OBJECT", "name": "PrimarySecondary", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "path", + "name": "how", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "requestCount", + "name": "message_type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "statuses", + "name": "sequence", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8229,18 +5234,14 @@ }, { "kind": "OBJECT", - "name": "SayMyName", + "name": "AgentEcsField", "description": "", "fields": [ { - "name": "appName", - "description": "The id of the source", + "name": "type", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8251,335 +5252,294 @@ "possibleTypes": null }, { - "kind": "OBJECT", - "name": "TimelineResult", - "description": "", - "fields": [ - { - "name": "columns", - "description": "", - "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ColumnHeaderResult", "ofType": null } - } - }, + "kind": "OBJECT", + "name": "AuditdData", + "description": "", + "fields": [ + { + "name": "acct", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "created", + "name": "terminal", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "createdBy", + "name": "op", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "AuditdEcsFields", + "description": "", + "fields": [ { - "name": "dataProviders", + "name": "result", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "dateRange", + "name": "session", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "DateRangePickerResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", + "name": "data", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "AuditdData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "eventIdToNoteIds", + "name": "summary", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } - } - }, + "type": { "kind": "OBJECT", "name": "Summary", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "eventType", + "name": "sequence", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "Thread", + "description": "", + "fields": [ { - "name": "excludedRowRendererIds", + "name": "id", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "favorite", + "name": "start", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ProcessHashData", + "description": "", + "fields": [ { - "name": "filters", + "name": "md5", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FilterTimelineResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "kqlMode", + "name": "sha1", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "kqlQuery", + "name": "sha256", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SerializedFilterQueryResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ProcessEcsFields", + "description": "", + "fields": [ { - "name": "indexNames", + "name": "hash", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "OBJECT", "name": "ProcessHashData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "notes", + "name": "pid", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "noteIds", + "name": "name", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pinnedEventIds", + "name": "ppid", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pinnedEventsSaveObject", + "name": "args", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "savedQueryId", + "name": "entity_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "savedObjectId", + "name": "executable", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sort", + "name": "title", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SortTimelineResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "status", + "name": "thread", "description": "", "args": [], - "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, + "type": { "kind": "OBJECT", "name": "Thread", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "title", + "name": "working_directory", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SourceEcsFields", + "description": "", + "fields": [ { - "name": "templateTimelineId", + "name": "bytes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "templateTimelineVersion", + "name": "ip", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "timelineType", + "name": "port", "description": "", "args": [], - "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated", + "name": "domain", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updatedBy", + "name": "geo", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "packets", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8591,102 +5551,116 @@ }, { "kind": "OBJECT", - "name": "ColumnHeaderResult", + "name": "DestinationEcsFields", "description": "", "fields": [ { - "name": "aggregatable", + "name": "bytes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "category", + "name": "ip", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "columnHeaderType", + "name": "port", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", + "name": "domain", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "example", + "name": "geo", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "indexes", + "name": "packets", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "DnsQuestionData", + "description": "", + "fields": [ { - "name": "id", + "name": "name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "DnsEcsFields", + "description": "", + "fields": [ { - "name": "placeholder", + "name": "question", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "DnsQuestionData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "searchable", + "name": "resolved_ip", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "response_code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8698,129 +5672,110 @@ }, { "kind": "OBJECT", - "name": "DataProviderResult", + "name": "EndgameEcsFields", "description": "", "fields": [ { - "name": "id", + "name": "exit_code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", + "name": "file_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "enabled", + "name": "file_path", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "excluded", + "name": "logon_type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "kqlQuery", + "name": "parent_process_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "queryMatch", + "name": "pid", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "QueryMatchResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "process_name", "description": "", "args": [], - "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "and", + "name": "subject_domain_name", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "DataProviderResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "QueryMatchResult", - "description": "", - "fields": [ + }, { - "name": "field", + "name": "subject_logon_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "displayField", + "name": "subject_user_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "value", + "name": "target_domain_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "displayValue", + "name": "target_logon_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "operator", + "name": "target_user_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8830,151 +5785,97 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "ENUM", - "name": "DataProviderType", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "default", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "template", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, { "kind": "OBJECT", - "name": "DateRangePickerResult", + "name": "SuricataAlertData", "description": "", "fields": [ { - "name": "start", + "name": "signature", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "end", + "name": "signature_id", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } ], "inputFields": null, "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "RowRendererId", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "auditd", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "auditd_file", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "netflow", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "plain", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "suricata", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "system", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "system_dns", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "system_endgame_process", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "system_file", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "SuricataEveData", + "description": "", + "fields": [ { - "name": "system_fim", + "name": "alert", "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SuricataAlertData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "system_security_event", + "name": "flow_id", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "system_socket", + "name": "proto", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, - { "name": "zeek", "description": "", "isDeprecated": false, "deprecationReason": null } + } ], + "inputFields": null, + "interfaces": [], + "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "FavoriteTimelineResult", + "name": "SuricataEcsFields", "description": "", "fields": [ { - "name": "fullName", - "description": "", - "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "userName", + "name": "eve", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "SuricataEveData", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsJa3Data", + "description": "", + "fields": [ { - "name": "favoriteDate", + "name": "hash", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -8986,62 +5887,106 @@ }, { "kind": "OBJECT", - "name": "FilterTimelineResult", + "name": "FingerprintData", "description": "", "fields": [ { - "name": "exists", + "name": "sha1", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsClientCertificateData", + "description": "", + "fields": [ { - "name": "meta", + "name": "fingerprint", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "FilterMetaTimelineResult", "ofType": null }, + "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsServerCertificateData", + "description": "", + "fields": [ { - "name": "match_all", + "name": "fingerprint", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "FingerprintData", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsFingerprintsData", + "description": "", + "fields": [ { - "name": "missing", + "name": "ja3", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsJa3Data", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "TlsEcsFields", + "description": "", + "fields": [ { - "name": "query", + "name": "client_certificate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsClientCertificateData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "range", + "name": "fingerprints", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsFingerprintsData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "script", + "name": "server_certificate", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "TlsServerCertificateData", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9053,94 +5998,123 @@ }, { "kind": "OBJECT", - "name": "FilterMetaTimelineResult", + "name": "ZeekConnectionData", "description": "", "fields": [ { - "name": "alias", + "name": "local_resp", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "controlledBy", + "name": "local_orig", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "disabled", + "name": "missed_bytes", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "field", + "name": "state", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "formattedValue", + "name": "history", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "ToBooleanArray", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ZeekNoticeData", + "description": "", + "fields": [ + { + "name": "suppress_for", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "index", + "name": "msg", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "key", + "name": "note", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "negate", + "name": "sub", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "params", + "name": "dst", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", + "name": "dropped", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "value", + "name": "peer_descr", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9152,577 +6126,303 @@ }, { "kind": "OBJECT", - "name": "SerializedFilterQueryResult", + "name": "ZeekDnsData", "description": "", "fields": [ { - "name": "filterQuery", + "name": "AA", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "SerializedKueryQueryResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SerializedKueryQueryResult", - "description": "", - "fields": [ + }, { - "name": "kuery", + "name": "qclass_name", "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "KueryFilterQueryResult", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "serializedQuery", + "name": "RD", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "KueryFilterQueryResult", - "description": "", - "fields": [ + }, { - "name": "kind", + "name": "qtype_name", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "expression", + "name": "rejected", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "SortTimelineResult", - "description": "", - "fields": [ + }, { - "name": "columnId", + "name": "qtype", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "sortDirection", + "name": "query", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "TimelineStatus", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "active", "description": "", "isDeprecated": false, "deprecationReason": null }, - { "name": "draft", "description": "", "isDeprecated": false, "deprecationReason": null }, + }, { - "name": "immutable", + "name": "trans_id", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "Int", - "description": "The `Int` scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1. ", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "TimelineType", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + }, { - "name": "default", + "name": "qclass", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "template", + "name": "RA", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "PageInfoTimeline", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "pageIndex", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null }, { - "name": "pageSize", + "name": "TC", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SortTimeline", + "kind": "OBJECT", + "name": "FileFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "sortField", + "name": "name", "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "SortFieldTimeline", "ofType": null } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "sortOrder", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } - }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "SortFieldTimeline", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { "name": "title", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "description", + "name": "path", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "updated", + "name": "target_path", "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, - { "name": "created", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "ResponseTimelines", - "description": "", - "fields": [ { - "name": "timeline", + "name": "extension", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "totalCount", + "name": "type", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "defaultTimelineCount", + "name": "device", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "templateTimelineCount", + "name": "inode", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "elasticTemplateTimelineCount", + "name": "uid", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "customTemplateTimelineCount", + "name": "owner", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "favoriteCount", + "name": "gid", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "Mutation", - "description": "", - "fields": [ + }, { - "name": "persistNote", - "description": "Persists a note", - "args": [ - { - "name": "noteId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - }, - { - "name": "version", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "note", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "NoteInput", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ResponseNote", "ofType": null } - }, + "name": "group", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteNote", + "name": "mode", "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteNoteByTimelineId", + "name": "size", "description": "", - "args": [ - { - "name": "timelineId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "version", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "persistPinnedEventOnTimeline", - "description": "Persists a pinned event in a timeline", - "args": [ - { - "name": "pinnedEventId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - }, - { - "name": "eventId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - }, - "defaultValue": null - }, - { - "name": "timelineId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - } - ], - "type": { "kind": "OBJECT", "name": "PinnedEvent", "ofType": null }, + "name": "mtime", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deletePinnedEventOnTimeline", - "description": "Remove a pinned events in a timeline", - "args": [ - { - "name": "id", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "name": "ctime", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToDateArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "ZeekHttpData", + "description": "", + "fields": [ + { + "name": "resp_mime_types", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteAllPinnedEventsOnTimeline", - "description": "Remove all pinned events in a timeline", - "args": [ - { - "name": "timelineId", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "name": "trans_depth", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "persistTimeline", - "description": "Persists a timeline", - "args": [ - { - "name": "id", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - }, - { - "name": "version", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "timeline", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "TimelineInput", "ofType": null } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ResponseTimeline", "ofType": null } - }, + "name": "status_msg", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "persistFavorite", + "name": "resp_fuids", "description": "", - "args": [ - { - "name": "timelineId", - "description": "", - "type": { "kind": "SCALAR", "name": "ID", "ofType": null }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ResponseFavoriteTimeline", "ofType": null } - }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deleteTimeline", + "name": "tags", "description": "", - "args": [ - { - "name": "id", - "description": "", - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "ID", "ofType": null } - } - } - }, - "defaultValue": null - } - ], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "HttpBodyData", + "description": "", + "fields": [ + { + "name": "content", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "bytes", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9733,64 +6433,74 @@ "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "NoteInput", + "kind": "OBJECT", + "name": "HttpRequestData", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "eventId", + "name": "method", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "note", + "name": "body", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "timelineId", + "name": "referrer", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "bytes", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ResponseNote", + "name": "HttpResponseData", "description": "", "fields": [ { - "name": "code", + "name": "status_code", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "message", + "name": "body", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "HttpBodyData", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "note", + "name": "bytes", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "NoteResult", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -9801,624 +6511,608 @@ "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "TimelineInput", + "kind": "OBJECT", + "name": "HttpEcsFields", "description": "", - "fields": null, - "inputFields": [ - { - "name": "columns", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "ColumnHeaderInput", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "dataProviders", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "description", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "eventType", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "excludedRowRendererIds", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "RowRendererId", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "filters", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "FilterTimelineInput", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "kqlMode", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "kqlQuery", - "description": "", - "type": { - "kind": "INPUT_OBJECT", - "name": "SerializedFilterQueryInput", - "ofType": null - }, - "defaultValue": null - }, - { - "name": "indexNames", - "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, - "defaultValue": null - }, - { - "name": "title", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "templateTimelineId", + "name": "version", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "templateTimelineVersion", + "name": "request", "description": "", - "type": { "kind": "SCALAR", "name": "Int", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "HttpRequestData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "timelineType", + "name": "response", "description": "", - "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null }, - "defaultValue": null - }, + "args": [], + "type": { "kind": "OBJECT", "name": "HttpResponseData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "UrlEcsFields", + "description": "", + "fields": [ { - "name": "dateRange", + "name": "domain", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "DateRangePickerInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "savedQueryId", + "name": "original", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "sort", + "name": "username", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "SortTimelineInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "status", + "name": "password", "description": "", - "type": { "kind": "ENUM", "name": "TimelineStatus", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "ColumnHeaderInput", + "kind": "OBJECT", + "name": "ZeekFileData", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "aggregatable", + "name": "session_ids", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "category", + "name": "timedout", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "columnHeaderType", + "name": "local_orig", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "description", + "name": "tx_host", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "example", + "name": "source", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "indexes", + "name": "is_orig", "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "id", + "name": "overflow_bytes", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "name", + "name": "sha1", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "placeholder", + "name": "duration", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "searchable", + "name": "depth", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "type", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "DataProviderInput", - "description": "", - "fields": null, - "inputFields": [ - { - "name": "id", + "name": "analyzers", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "name", + "name": "mime_type", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "enabled", + "name": "rx_host", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "excluded", + "name": "total_bytes", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "kqlQuery", + "name": "fuid", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "queryMatch", + "name": "seen_bytes", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "QueryMatchInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "and", + "name": "missing_bytes", "description": "", - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "INPUT_OBJECT", "name": "DataProviderInput", "ofType": null } - } - }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "type", + "name": "md5", "description": "", - "type": { "kind": "ENUM", "name": "DataProviderType", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "QueryMatchInput", + "kind": "OBJECT", + "name": "ZeekSslData", "description": "", - "fields": null, - "inputFields": [ - { - "name": "field", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "displayField", + "name": "cipher", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "value", + "name": "established", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "displayValue", + "name": "resumed", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "operator", + "name": "version", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "FilterTimelineInput", + "kind": "OBJECT", + "name": "ZeekEcsFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "exists", + "name": "session_id", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "meta", + "name": "connection", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "FilterMetaTimelineInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekConnectionData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "match_all", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "name": "notice", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekNoticeData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "missing", + "name": "dns", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekDnsData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "query", + "name": "http", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekHttpData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "range", + "name": "files", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekFileData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "script", + "name": "ssl", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekSslData", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "FilterMetaTimelineInput", + "kind": "OBJECT", + "name": "UserEcsFields", "description": "", - "fields": null, - "inputFields": [ - { - "name": "alias", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "controlledBy", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, - { - "name": "disabled", - "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null - }, - { - "name": "field", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "formattedValue", + "name": "domain", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "index", + "name": "id", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "key", + "name": "name", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "negate", + "name": "full_name", "description": "", - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "params", + "name": "email", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "type", + "name": "hash", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "value", + "name": "group", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SerializedFilterQueryInput", + "kind": "OBJECT", + "name": "WinlogEcsFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "filterQuery", + "name": "event_id", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "SerializedKueryQueryInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SerializedKueryQueryInput", + "kind": "OBJECT", + "name": "NetworkEcsField", "description": "", - "fields": null, - "inputFields": [ + "fields": [ { - "name": "kuery", + "name": "bytes", "description": "", - "type": { "kind": "INPUT_OBJECT", "name": "KueryFilterQueryInput", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "serializedQuery", + "name": "community_id", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - } - ], - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "INPUT_OBJECT", - "name": "KueryFilterQueryInput", - "description": "", - "fields": null, - "inputFields": [ + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "kind", + "name": "direction", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "expression", + "name": "packets", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "protocol", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "transport", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "DateRangePickerInput", + "kind": "OBJECT", + "name": "PackageEcsFields", "description": "", - "fields": null, - "inputFields": [ + "fields": [ + { + "name": "arch", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "entity_id", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "name", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "size", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "start", + "name": "summary", "description": "", - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "end", + "name": "version", "description": "", - "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { - "kind": "INPUT_OBJECT", - "name": "SortTimelineInput", + "kind": "OBJECT", + "name": "AuditEcsFields", "description": "", - "fields": null, - "inputFields": [ - { - "name": "columnId", - "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null - }, + "fields": [ { - "name": "sortDirection", + "name": "package", "description": "", - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "defaultValue": null + "args": [], + "type": { "kind": "OBJECT", "name": "PackageEcsFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null } ], - "interfaces": null, + "inputFields": null, + "interfaces": [], "enumValues": null, "possibleTypes": null }, { "kind": "OBJECT", - "name": "ResponseTimeline", + "name": "SshEcsFields", "description": "", "fields": [ { - "name": "code", + "name": "method", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "message", + "name": "signature", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "AuthEcsFields", + "description": "", + "fields": [ { - "name": "timeline", + "name": "ssh", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "TimelineResult", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "SshEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -10430,80 +7124,56 @@ }, { "kind": "OBJECT", - "name": "ResponseFavoriteTimeline", + "name": "SystemEcsField", "description": "", "fields": [ { - "name": "code", + "name": "audit", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "Float", "ofType": null }, + "type": { "kind": "OBJECT", "name": "AuditEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "message", + "name": "auth", "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "OBJECT", "name": "AuthEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "RuleField", + "description": "", + "fields": [ { - "name": "savedObjectId", + "name": "id", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "version", + "name": "rule_id", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "favorite", + "name": "false_positives", "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "FavoriteTimelineResult", "ofType": null } - } - }, - "isDeprecated": false, - "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__Schema", - "description": "A GraphQL Schema defines the capabilities of a GraphQL server. It exposes all available types and directives on the server, as well as the entry points for query, mutation, and subscription operations.", - "fields": [ - { - "name": "types", - "description": "A list of all types supported by this server.", - "args": [], "type": { "kind": "NON_NULL", "name": null, @@ -10513,7 +7183,7 @@ "ofType": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } } } }, @@ -10521,384 +7191,242 @@ "deprecationReason": null }, { - "name": "queryType", - "description": "The type that query operations will be rooted at.", + "name": "saved_id", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "mutationType", - "description": "If this server supports mutation, the type that mutation operations will be rooted at.", + "name": "timeline_id", + "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "subscriptionType", - "description": "If this server support subscription, the type that subscription operations will be rooted at.", + "name": "timeline_title", + "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "directives", - "description": "A list of all directives supported by this server.", + "name": "max_signals", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Directive", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToNumberArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__Type", - "description": "The fundamental unit of any GraphQL Schema is the type. There are many kinds of types in GraphQL as represented by the `__TypeKind` enum.\n\nDepending on the kind of a type, certain fields describe information about that type. Scalar types provide no information beyond a name and description, while Enum types provide their values. Object and Interface types provide the fields they describe. Abstract types, Union and Interface, provide the Object types possible at runtime. List and NonNull types compose other types.", - "fields": [ + }, { - "name": "kind", - "description": null, + "name": "risk_score", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "__TypeKind", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "name", - "description": null, + "name": "output_index", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { "name": "description", - "description": null, + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "fields", - "description": null, - "args": [ - { - "name": "includeDeprecated", - "description": null, - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": "false" - } - ], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Field", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "interfaces", - "description": null, + "name": "from", + "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "possibleTypes", - "description": null, + "name": "immutable", + "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "enumValues", - "description": null, - "args": [ - { - "name": "includeDeprecated", - "description": null, - "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, - "defaultValue": "false" - } - ], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__EnumValue", "ofType": null } - } - }, + "name": "index", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "inputFields", - "description": null, + "name": "interval", + "description": "", "args": [], - "type": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ofType", - "description": null, + "name": "language", + "description": "", "args": [], - "type": { "kind": "OBJECT", "name": "__Type", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "__TypeKind", - "description": "An enum describing what kind of type a given `__Type` is.", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ + }, { - "name": "SCALAR", - "description": "Indicates this type is a scalar.", + "name": "query", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "OBJECT", - "description": "Indicates this type is an object. `fields` and `interfaces` are valid fields.", + "name": "references", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INTERFACE", - "description": "Indicates this type is an interface. `fields` and `possibleTypes` are valid fields.", + "name": "severity", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "UNION", - "description": "Indicates this type is a union. `possibleTypes` is a valid field.", + "name": "tags", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ENUM", - "description": "Indicates this type is an enum. `enumValues` is a valid field.", + "name": "threat", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INPUT_OBJECT", - "description": "Indicates this type is an input object. `inputFields` is a valid field.", + "name": "type", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "LIST", - "description": "Indicates this type is a list. `ofType` is a valid field.", + "name": "size", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "NON_NULL", - "description": "Indicates this type is a non-null. `ofType` is a valid field.", + "name": "to", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__Field", - "description": "Object and Interface types are described by a list of Fields, each of which has a name, potentially a list of arguments, and a return type.", - "fields": [ + }, { - "name": "name", - "description": null, + "name": "enabled", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToBooleanArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "filters", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "args", - "description": null, + "name": "created_at", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } - } - } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", - "description": null, + "name": "updated_at", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "isDeprecated", - "description": null, + "name": "created_by", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "deprecationReason", - "description": null, + "name": "updated_by", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "__InputValue", - "description": "Arguments provided to Fields or Directives and the input fields of an InputObject are represented as Input Values which describe their type and optionally a default value.", - "fields": [ + }, { - "name": "name", - "description": null, + "name": "version", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "note", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "type", - "description": null, + "name": "threshold", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__Type", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "defaultValue", - "description": "A GraphQL-formatted string representing the default value for this input value.", + "name": "exceptions_list", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToAny", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -10910,46 +7438,49 @@ }, { "kind": "OBJECT", - "name": "__EnumValue", - "description": "One possible value for a given Enum. Enum values are unique values, not a placeholder for a string or numeric value. However an Enum value is returned in a JSON response as a string.", + "name": "SignalField", + "description": "", "fields": [ { - "name": "name", - "description": null, + "name": "rule", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "RuleField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "original_time", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "isDeprecated", - "description": null, + "name": "status", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null - }, + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "RuleEcsField", + "description": "", + "fields": [ { - "name": "deprecationReason", - "description": null, + "name": "reference", + "description": "", "args": [], - "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -10961,12 +7492,12 @@ }, { "kind": "OBJECT", - "name": "__Directive", - "description": "A Directive provides a way to describe alternate runtime execution and type validation behavior in a GraphQL document.\n\nIn some cases, you need to provide options to alter GraphQL's execution behavior in ways field arguments will not suffice, such as conditionally including or skipping a field. Directives provide this by describing additional information to the executor.", + "name": "ECS", + "description": "", "fields": [ { - "name": "name", - "description": null, + "name": "_id", + "description": "", "args": [], "type": { "kind": "NON_NULL", @@ -10977,250 +7508,202 @@ "deprecationReason": null }, { - "name": "description", - "description": null, + "name": "_index", + "description": "", "args": [], "type": { "kind": "SCALAR", "name": "String", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "locations", - "description": null, + "name": "agent", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "ENUM", "name": "__DirectiveLocation", "ofType": null } - } - } - }, + "type": { "kind": "OBJECT", "name": "AgentEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "args", - "description": null, + "name": "auditd", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "__InputValue", "ofType": null } - } - } - }, + "type": { "kind": "OBJECT", "name": "AuditdEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "onOperation", - "description": null, - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": true, - "deprecationReason": "Use `locations`." - }, - { - "name": "onFragment", - "description": null, + "name": "destination", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": true, - "deprecationReason": "Use `locations`." + "type": { "kind": "OBJECT", "name": "DestinationEcsFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null }, { - "name": "onField", - "description": null, + "name": "dns", + "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "SCALAR", "name": "Boolean", "ofType": null } - }, - "isDeprecated": true, - "deprecationReason": "Use `locations`." - } - ], - "inputFields": null, - "interfaces": [], - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "__DirectiveLocation", - "description": "A Directive can be adjacent to many parts of the GraphQL language, a __DirectiveLocation describes one such possible adjacencies.", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "QUERY", - "description": "Location adjacent to a query operation.", + "type": { "kind": "OBJECT", "name": "DnsEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "MUTATION", - "description": "Location adjacent to a mutation operation.", + "name": "endgame", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "EndgameEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "SUBSCRIPTION", - "description": "Location adjacent to a subscription operation.", + "name": "event", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "EventEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FIELD", - "description": "Location adjacent to a field.", + "name": "geo", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "GeoEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FRAGMENT_DEFINITION", - "description": "Location adjacent to a fragment definition.", + "name": "host", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "HostEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FRAGMENT_SPREAD", - "description": "Location adjacent to a fragment spread.", + "name": "network", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "NetworkEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INLINE_FRAGMENT", - "description": "Location adjacent to an inline fragment.", + "name": "rule", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "RuleEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "SCHEMA", - "description": "Location adjacent to a schema definition.", + "name": "signal", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SignalField", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "SCALAR", - "description": "Location adjacent to a scalar definition.", + "name": "source", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SourceEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "OBJECT", - "description": "Location adjacent to an object type definition.", + "name": "suricata", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SuricataEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "FIELD_DEFINITION", - "description": "Location adjacent to a field definition.", + "name": "tls", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "TlsEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ARGUMENT_DEFINITION", - "description": "Location adjacent to an argument definition.", + "name": "zeek", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "ZeekEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INTERFACE", - "description": "Location adjacent to an interface definition.", + "name": "http", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "HttpEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "UNION", - "description": "Location adjacent to a union definition.", + "name": "url", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "UrlEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ENUM", - "description": "Location adjacent to an enum definition.", + "name": "timestamp", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Date", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "ENUM_VALUE", - "description": "Location adjacent to an enum value definition.", + "name": "message", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "ToStringArray", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INPUT_OBJECT", - "description": "Location adjacent to an input object type definition.", + "name": "user", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "UserEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "INPUT_FIELD_DEFINITION", - "description": "Location adjacent to an input object field definition.", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, - { - "kind": "SCALAR", - "name": "ToStringArrayNoNullable", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": null, - "possibleTypes": null - }, - { - "kind": "OBJECT", - "name": "EcsEdges", - "description": "", - "fields": [ + "name": "winlog", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "WinlogEcsFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, { - "name": "node", + "name": "process", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "ECS", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "ProcessEcsFields", "ofType": null }, "isDeprecated": false, "deprecationReason": null }, { - "name": "cursor", + "name": "file", "description": "", "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } - }, + "type": { "kind": "OBJECT", "name": "FileFields", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "system", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "SystemEcsField", "ofType": null }, "isDeprecated": false, "deprecationReason": null } @@ -11232,60 +7715,32 @@ }, { "kind": "OBJECT", - "name": "EventsTimelineData", + "name": "EcsEdges", "description": "", "fields": [ { - "name": "edges", - "description": "", - "args": [], - "type": { - "kind": "NON_NULL", - "name": null, - "ofType": { - "kind": "LIST", - "name": null, - "ofType": { - "kind": "NON_NULL", - "name": null, - "ofType": { "kind": "OBJECT", "name": "EcsEdges", "ofType": null } - } - } - }, - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "totalCount", + "name": "node", "description": "", "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "ECS", "ofType": null } }, "isDeprecated": false, "deprecationReason": null }, { - "name": "pageInfo", + "name": "cursor", "description": "", "args": [], "type": { "kind": "NON_NULL", "name": null, - "ofType": { "kind": "OBJECT", "name": "PageInfo", "ofType": null } + "ofType": { "kind": "OBJECT", "name": "CursorType", "ofType": null } }, "isDeprecated": false, "deprecationReason": null - }, - { - "name": "inspect", - "description": "", - "args": [], - "type": { "kind": "OBJECT", "name": "Inspect", "ofType": null }, - "isDeprecated": false, - "deprecationReason": null } ], "inputFields": null, @@ -11427,108 +7882,6 @@ "enumValues": null, "possibleTypes": null }, - { - "kind": "ENUM", - "name": "NetworkDirectionEcs", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "inbound", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "outbound", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "internal", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "external", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "incoming", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "outgoing", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "listening", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "unknown", "description": "", "isDeprecated": false, "deprecationReason": null } - ], - "possibleTypes": null - }, - { - "kind": "ENUM", - "name": "NetworkHttpFields", - "description": "", - "fields": null, - "inputFields": null, - "interfaces": null, - "enumValues": [ - { - "name": "domains", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastHost", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "lastSourceIp", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "methods", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { "name": "path", "description": "", "isDeprecated": false, "deprecationReason": null }, - { - "name": "requestCount", - "description": "", - "isDeprecated": false, - "deprecationReason": null - }, - { - "name": "statuses", - "description": "", - "isDeprecated": false, - "deprecationReason": null - } - ], - "possibleTypes": null - }, { "kind": "SCALAR", "name": "ToIFieldSubTypeNonNullable", @@ -11666,6 +8019,39 @@ "enumValues": null, "possibleTypes": null }, + { + "kind": "INPUT_OBJECT", + "name": "PaginationInput", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "limit", + "description": "The limit parameter allows you to configure the maximum amount of items to be returned", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "Float", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "cursor", + "description": "The cursor parameter defines the next result you want to fetch", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + }, + { + "name": "tiebreaker", + "description": "The tiebreaker parameter allow to be more precise to fetch the next item", + "type": { "kind": "SCALAR", "name": "String", "ofType": null }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, { "kind": "ENUM", "name": "FlowTarget", @@ -11686,6 +8072,24 @@ ], "possibleTypes": null }, + { + "kind": "ENUM", + "name": "FlowTargetSourceDest", + "description": "", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { + "name": "destination", + "description": "", + "isDeprecated": false, + "deprecationReason": null + }, + { "name": "source", "description": "", "isDeprecated": false, "deprecationReason": null } + ], + "possibleTypes": null + }, { "kind": "ENUM", "name": "FlowDirection", @@ -11709,6 +8113,64 @@ ], "possibleTypes": null }, + { + "kind": "INPUT_OBJECT", + "name": "SortField", + "description": "", + "fields": null, + "inputFields": [ + { + "name": "sortFieldId", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "SCALAR", "name": "String", "ofType": null } + }, + "defaultValue": null + }, + { + "name": "direction", + "description": "", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { "kind": "ENUM", "name": "Direction", "ofType": null } + }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "PageInfo", + "description": "", + "fields": [ + { + "name": "endCursor", + "description": "", + "args": [], + "type": { "kind": "OBJECT", "name": "CursorType", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "hasNextPage", + "description": "", + "args": [], + "type": { "kind": "SCALAR", "name": "Boolean", "ofType": null }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [], + "enumValues": null, + "possibleTypes": null + }, { "kind": "INPUT_OBJECT", "name": "FavoriteTimelineInput", diff --git a/x-pack/plugins/security_solution/public/graphql/types.ts b/x-pack/plugins/security_solution/public/graphql/types.ts index 1083583cb133c..df8333ea63055 100644 --- a/x-pack/plugins/security_solution/public/graphql/types.ts +++ b/x-pack/plugins/security_solution/public/graphql/types.ts @@ -40,53 +40,16 @@ export interface PaginationInputPaginated { querySize: number; } -export interface DocValueFieldsInput { - field: string; - - format: string; -} - -export interface PaginationInput { - /** The limit parameter allows you to configure the maximum amount of items to be returned */ - limit: number; - /** The cursor parameter defines the next result you want to fetch */ - cursor?: Maybe; - /** The tiebreaker parameter allow to be more precise to fetch the next item */ - tiebreaker?: Maybe; -} - -export interface SortField { - sortFieldId: string; - - direction: Direction; -} - -export interface LastTimeDetails { - hostName?: Maybe; - - ip?: Maybe; -} - export interface HostsSortField { field: HostsFields; direction: Direction; } -export interface NetworkTopTablesSortField { - field: NetworkTopTablesFields; - - direction: Direction; -} - -export interface NetworkDnsSortField { - field: NetworkDnsFields; - - direction: Direction; -} +export interface DocValueFieldsInput { + field: string; -export interface NetworkHttpSortField { - direction: Direction; + format: string; } export interface PageInfoTimeline { @@ -267,6 +230,21 @@ export interface SortTimelineInput { sortDirection?: Maybe; } +export interface PaginationInput { + /** The limit parameter allows you to configure the maximum amount of items to be returned */ + limit: number; + /** The cursor parameter defines the next result you want to fetch */ + cursor?: Maybe; + /** The tiebreaker parameter allow to be more precise to fetch the next item */ + tiebreaker?: Maybe; +} + +export interface SortField { + sortFieldId: string; + + direction: Direction; +} + export interface FavoriteTimelineInput { fullName?: Maybe; @@ -285,13 +263,6 @@ export enum Direction { desc = 'desc', } -export enum LastEventIndexKey { - hostDetails = 'hostDetails', - hosts = 'hosts', - ipDetails = 'ipDetails', - network = 'network', -} - export enum HostsFields { hostName = 'hostName', lastSeen = 'lastSeen', @@ -303,35 +274,6 @@ export enum HostPolicyResponseActionStatus { warning = 'warning', } -export enum HistogramType { - authentications = 'authentications', - anomalies = 'anomalies', - events = 'events', - alerts = 'alerts', - dns = 'dns', -} - -export enum FlowTargetSourceDest { - destination = 'destination', - source = 'source', -} - -export enum NetworkTopTablesFields { - bytes_in = 'bytes_in', - bytes_out = 'bytes_out', - flows = 'flows', - destination_ips = 'destination_ips', - source_ips = 'source_ips', -} - -export enum NetworkDnsFields { - dnsName = 'dnsName', - queryCount = 'queryCount', - uniqueDomains = 'uniqueDomains', - dnsBytesIn = 'dnsBytesIn', - dnsBytesOut = 'dnsBytesOut', -} - export enum DataProviderType { default = 'default', template = 'template', @@ -371,27 +313,6 @@ export enum SortFieldTimeline { created = 'created', } -export enum NetworkDirectionEcs { - inbound = 'inbound', - outbound = 'outbound', - internal = 'internal', - external = 'external', - incoming = 'incoming', - outgoing = 'outgoing', - listening = 'listening', - unknown = 'unknown', -} - -export enum NetworkHttpFields { - domains = 'domains', - lastHost = 'lastHost', - lastSourceIp = 'lastSourceIp', - methods = 'methods', - path = 'path', - requestCount = 'requestCount', - statuses = 'statuses', -} - export enum FlowTarget { client = 'client', destination = 'destination', @@ -399,6 +320,11 @@ export enum FlowTarget { source = 'source', } +export enum FlowTargetSourceDest { + destination = 'destination', + source = 'source', +} + export enum FlowDirection { uniDirectional = 'uniDirectional', biDirectional = 'biDirectional', @@ -408,17 +334,15 @@ export type ToStringArray = string[]; export type Date = string; -export type ToNumberArray = number[]; - -export type ToDateArray = string[]; +export type ToAny = any; -export type ToBooleanArray = boolean[]; +export type ToStringArrayNoNullable = any; -export type ToAny = any; +export type ToDateArray = string[]; -export type EsValue = any; +export type ToNumberArray = number[]; -export type ToStringArrayNoNullable = any; +export type ToBooleanArray = boolean[]; export type ToIFieldSubTypeNonNullable = any; @@ -509,40 +433,12 @@ export interface Source { configuration: SourceConfiguration; /** The status of the source */ status: SourceStatus; - /** Gets Authentication success and failures based on a timerange */ - Authentications: AuthenticationsData; - - Timeline: TimelineData; - - TimelineDetails: TimelineDetailsData; - - LastEventTime: LastEventTimeData; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts: HostsData; HostOverview: HostItem; HostFirstLastSeen: FirstLastSeenHost; - - KpiNetwork?: Maybe; - - KpiHosts: KpiHostsData; - - KpiHostDetails: KpiHostDetailsData; - - MatrixHistogram: MatrixHistogramOverTimeData; - - NetworkTopCountries: NetworkTopCountriesData; - - NetworkTopNFlow: NetworkTopNFlowData; - - NetworkDns: NetworkDnsData; - - NetworkDnsHistogram: NetworkDsOverTimeData; - - NetworkHttp: NetworkHttpData; - /** Just a simple example to get the app name */ - whoAmI?: Maybe; } /** A set of configuration options for a security data source */ @@ -575,8 +471,8 @@ export interface SourceStatus { indexFields: string[]; } -export interface AuthenticationsData { - edges: AuthenticationsEdges[]; +export interface HostsData { + edges: HostsEdges[]; totalCount: number; @@ -585,84 +481,50 @@ export interface AuthenticationsData { inspect?: Maybe; } -export interface AuthenticationsEdges { - node: AuthenticationItem; +export interface HostsEdges { + node: HostItem; cursor: CursorType; } -export interface AuthenticationItem { - _id: string; +export interface HostItem { + _id?: Maybe; - failures: number; + cloud?: Maybe; - successes: number; + endpoint?: Maybe; - user: UserEcsFields; + host?: Maybe; - lastSuccess?: Maybe; + inspect?: Maybe; - lastFailure?: Maybe; + lastSeen?: Maybe; } -export interface UserEcsFields { - domain?: Maybe; - - id?: Maybe; - - name?: Maybe; - - full_name?: Maybe; +export interface CloudFields { + instance?: Maybe; - email?: Maybe; + machine?: Maybe; - hash?: Maybe; + provider?: Maybe<(Maybe)[]>; - group?: Maybe; + region?: Maybe<(Maybe)[]>; } -export interface LastSourceHost { - timestamp?: Maybe; - - source?: Maybe; - - host?: Maybe; +export interface CloudInstance { + id?: Maybe<(Maybe)[]>; } -export interface SourceEcsFields { - bytes?: Maybe; - - ip?: Maybe; - - port?: Maybe; - - domain?: Maybe; - - geo?: Maybe; - - packets?: Maybe; +export interface CloudMachine { + type?: Maybe<(Maybe)[]>; } -export interface GeoEcsFields { - city_name?: Maybe; - - continent_name?: Maybe; - - country_iso_code?: Maybe; - - country_name?: Maybe; - - location?: Maybe; - - region_iso_code?: Maybe; - - region_name?: Maybe; -} +export interface EndpointFields { + endpointPolicy?: Maybe; -export interface Location { - lon?: Maybe; + sensorVersion?: Maybe; - lat?: Maybe; + policyStatus?: Maybe; } export interface HostEcsFields { @@ -695,6 +557,12 @@ export interface OsEcsFields { kernel?: Maybe; } +export interface Inspect { + dsl: string[]; + + response: string[]; +} + export interface CursorType { value?: Maybe; @@ -709,196 +577,267 @@ export interface PageInfoPaginated { showMorePagesIndicator: boolean; } -export interface Inspect { - dsl: string[]; +export interface FirstLastSeenHost { + inspect?: Maybe; - response: string[]; + firstSeen?: Maybe; + + lastSeen?: Maybe; } -export interface TimelineData { - edges: TimelineEdges[]; +export interface TimelineResult { + columns?: Maybe; - totalCount: number; + created?: Maybe; - pageInfo: PageInfo; + createdBy?: Maybe; - inspect?: Maybe; -} + dataProviders?: Maybe; -export interface TimelineEdges { - node: TimelineItem; + dateRange?: Maybe; - cursor: CursorType; -} + description?: Maybe; -export interface TimelineItem { - _id: string; + eventIdToNoteIds?: Maybe; - _index?: Maybe; + eventType?: Maybe; - data: TimelineNonEcsData[]; + excludedRowRendererIds?: Maybe; - ecs: Ecs; -} + favorite?: Maybe; -export interface TimelineNonEcsData { - field: string; + filters?: Maybe; - value?: Maybe; -} + kqlMode?: Maybe; -export interface Ecs { - _id: string; + kqlQuery?: Maybe; - _index?: Maybe; + indexNames?: Maybe; - agent?: Maybe; + notes?: Maybe; - auditd?: Maybe; + noteIds?: Maybe; - destination?: Maybe; + pinnedEventIds?: Maybe; - dns?: Maybe; + pinnedEventsSaveObject?: Maybe; - endgame?: Maybe; + savedQueryId?: Maybe; - event?: Maybe; + savedObjectId: string; - geo?: Maybe; + sort?: Maybe; - host?: Maybe; + status?: Maybe; - network?: Maybe; + title?: Maybe; - rule?: Maybe; + templateTimelineId?: Maybe; - signal?: Maybe; + templateTimelineVersion?: Maybe; - source?: Maybe; + timelineType?: Maybe; - suricata?: Maybe; + updated?: Maybe; - tls?: Maybe; + updatedBy?: Maybe; - zeek?: Maybe; + version: string; +} - http?: Maybe; +export interface ColumnHeaderResult { + aggregatable?: Maybe; - url?: Maybe; + category?: Maybe; - timestamp?: Maybe; + columnHeaderType?: Maybe; - message?: Maybe; + description?: Maybe; - user?: Maybe; + example?: Maybe; - winlog?: Maybe; + indexes?: Maybe; - process?: Maybe; + id?: Maybe; - file?: Maybe; + name?: Maybe; - system?: Maybe; -} + placeholder?: Maybe; -export interface AgentEcsField { - type?: Maybe; + searchable?: Maybe; + + type?: Maybe; } -export interface AuditdEcsFields { - result?: Maybe; +export interface DataProviderResult { + id?: Maybe; - session?: Maybe; + name?: Maybe; - data?: Maybe; + enabled?: Maybe; - summary?: Maybe; + excluded?: Maybe; - sequence?: Maybe; + kqlQuery?: Maybe; + + queryMatch?: Maybe; + + type?: Maybe; + + and?: Maybe; } -export interface AuditdData { - acct?: Maybe; +export interface QueryMatchResult { + field?: Maybe; - terminal?: Maybe; + displayField?: Maybe; - op?: Maybe; + value?: Maybe; + + displayValue?: Maybe; + + operator?: Maybe; } -export interface Summary { - actor?: Maybe; +export interface DateRangePickerResult { + start?: Maybe; - object?: Maybe; + end?: Maybe; +} - how?: Maybe; +export interface FavoriteTimelineResult { + fullName?: Maybe; - message_type?: Maybe; + userName?: Maybe; - sequence?: Maybe; + favoriteDate?: Maybe; } -export interface PrimarySecondary { - primary?: Maybe; +export interface FilterTimelineResult { + exists?: Maybe; - secondary?: Maybe; + meta?: Maybe; - type?: Maybe; + match_all?: Maybe; + + missing?: Maybe; + + query?: Maybe; + + range?: Maybe; + + script?: Maybe; } -export interface DestinationEcsFields { - bytes?: Maybe; +export interface FilterMetaTimelineResult { + alias?: Maybe; - ip?: Maybe; + controlledBy?: Maybe; - port?: Maybe; + disabled?: Maybe; - domain?: Maybe; + field?: Maybe; - geo?: Maybe; + formattedValue?: Maybe; - packets?: Maybe; + index?: Maybe; + + key?: Maybe; + + negate?: Maybe; + + params?: Maybe; + + type?: Maybe; + + value?: Maybe; } -export interface DnsEcsFields { - question?: Maybe; +export interface SerializedFilterQueryResult { + filterQuery?: Maybe; +} - resolved_ip?: Maybe; +export interface SerializedKueryQueryResult { + kuery?: Maybe; - response_code?: Maybe; + serializedQuery?: Maybe; } -export interface DnsQuestionData { - name?: Maybe; +export interface KueryFilterQueryResult { + kind?: Maybe; - type?: Maybe; + expression?: Maybe; } -export interface EndgameEcsFields { - exit_code?: Maybe; +export interface SortTimelineResult { + columnId?: Maybe; - file_name?: Maybe; + sortDirection?: Maybe; +} - file_path?: Maybe; +export interface ResponseTimelines { + timeline: (Maybe)[]; - logon_type?: Maybe; + totalCount?: Maybe; - parent_process_name?: Maybe; + defaultTimelineCount?: Maybe; - pid?: Maybe; + templateTimelineCount?: Maybe; - process_name?: Maybe; + elasticTemplateTimelineCount?: Maybe; - subject_domain_name?: Maybe; + customTemplateTimelineCount?: Maybe; - subject_logon_id?: Maybe; + favoriteCount?: Maybe; +} - subject_user_name?: Maybe; +export interface Mutation { + /** Persists a note */ + persistNote: ResponseNote; - target_domain_name?: Maybe; + deleteNote?: Maybe; - target_logon_id?: Maybe; + deleteNoteByTimelineId?: Maybe; + /** Persists a pinned event in a timeline */ + persistPinnedEventOnTimeline?: Maybe; + /** Remove a pinned events in a timeline */ + deletePinnedEventOnTimeline: boolean; + /** Remove all pinned events in a timeline */ + deleteAllPinnedEventsOnTimeline: boolean; + /** Persists a timeline */ + persistTimeline: ResponseTimeline; - target_user_name?: Maybe; + persistFavorite: ResponseFavoriteTimeline; + + deleteTimeline: boolean; +} + +export interface ResponseNote { + code?: Maybe; + + message?: Maybe; + + note: NoteResult; +} + +export interface ResponseTimeline { + code?: Maybe; + + message?: Maybe; + + timeline: TimelineResult; +} + +export interface ResponseFavoriteTimeline { + code?: Maybe; + + message?: Maybe; + + savedObjectId: string; + + version: string; + + favorite?: Maybe; } export interface EventEcsFields { @@ -941,110 +880,176 @@ export interface EventEcsFields { type?: Maybe; } -export interface NetworkEcsField { - bytes?: Maybe; - - community_id?: Maybe; +export interface Location { + lon?: Maybe; - direction?: Maybe; + lat?: Maybe; +} - packets?: Maybe; +export interface GeoEcsFields { + city_name?: Maybe; - protocol?: Maybe; + continent_name?: Maybe; - transport?: Maybe; -} + country_iso_code?: Maybe; -export interface RuleEcsField { - reference?: Maybe; -} + country_name?: Maybe; -export interface SignalField { - rule?: Maybe; + location?: Maybe; - original_time?: Maybe; + region_iso_code?: Maybe; - status?: Maybe; + region_name?: Maybe; } -export interface RuleField { - id?: Maybe; +export interface PrimarySecondary { + primary?: Maybe; - rule_id?: Maybe; + secondary?: Maybe; - false_positives: string[]; + type?: Maybe; +} - saved_id?: Maybe; +export interface Summary { + actor?: Maybe; - timeline_id?: Maybe; + object?: Maybe; - timeline_title?: Maybe; + how?: Maybe; - max_signals?: Maybe; + message_type?: Maybe; - risk_score?: Maybe; + sequence?: Maybe; +} - output_index?: Maybe; +export interface AgentEcsField { + type?: Maybe; +} - description?: Maybe; +export interface AuditdData { + acct?: Maybe; - from?: Maybe; + terminal?: Maybe; - immutable?: Maybe; + op?: Maybe; +} - index?: Maybe; +export interface AuditdEcsFields { + result?: Maybe; - interval?: Maybe; + session?: Maybe; - language?: Maybe; + data?: Maybe; - query?: Maybe; + summary?: Maybe; - references?: Maybe; + sequence?: Maybe; +} - severity?: Maybe; +export interface Thread { + id?: Maybe; - tags?: Maybe; + start?: Maybe; +} - threat?: Maybe; +export interface ProcessHashData { + md5?: Maybe; - type?: Maybe; + sha1?: Maybe; - size?: Maybe; + sha256?: Maybe; +} - to?: Maybe; +export interface ProcessEcsFields { + hash?: Maybe; - enabled?: Maybe; + pid?: Maybe; - filters?: Maybe; + name?: Maybe; - created_at?: Maybe; + ppid?: Maybe; - updated_at?: Maybe; + args?: Maybe; - created_by?: Maybe; + entity_id?: Maybe; - updated_by?: Maybe; + executable?: Maybe; - version?: Maybe; + title?: Maybe; - note?: Maybe; + thread?: Maybe; - threshold?: Maybe; + working_directory?: Maybe; +} - exceptions_list?: Maybe; +export interface SourceEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEcsFields { - eve?: Maybe; +export interface DestinationEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEveData { - alert?: Maybe; +export interface DnsQuestionData { + name?: Maybe; - flow_id?: Maybe; + type?: Maybe; +} - proto?: Maybe; +export interface DnsEcsFields { + question?: Maybe; + + resolved_ip?: Maybe; + + response_code?: Maybe; +} + +export interface EndgameEcsFields { + exit_code?: Maybe; + + file_name?: Maybe; + + file_path?: Maybe; + + logon_type?: Maybe; + + parent_process_name?: Maybe; + + pid?: Maybe; + + process_name?: Maybe; + + subject_domain_name?: Maybe; + + subject_logon_id?: Maybe; + + subject_user_name?: Maybe; + + target_domain_name?: Maybe; + + target_logon_id?: Maybe; + + target_user_name?: Maybe; } export interface SuricataAlertData { @@ -1053,48 +1058,44 @@ export interface SuricataAlertData { signature_id?: Maybe; } -export interface TlsEcsFields { - client_certificate?: Maybe; +export interface SuricataEveData { + alert?: Maybe; - fingerprints?: Maybe; + flow_id?: Maybe; - server_certificate?: Maybe; + proto?: Maybe; } -export interface TlsClientCertificateData { - fingerprint?: Maybe; +export interface SuricataEcsFields { + eve?: Maybe; } -export interface FingerprintData { - sha1?: Maybe; +export interface TlsJa3Data { + hash?: Maybe; } -export interface TlsFingerprintsData { - ja3?: Maybe; +export interface FingerprintData { + sha1?: Maybe; } -export interface TlsJa3Data { - hash?: Maybe; +export interface TlsClientCertificateData { + fingerprint?: Maybe; } export interface TlsServerCertificateData { fingerprint?: Maybe; } -export interface ZeekEcsFields { - session_id?: Maybe; - - connection?: Maybe; - - notice?: Maybe; - - dns?: Maybe; +export interface TlsFingerprintsData { + ja3?: Maybe; +} - http?: Maybe; +export interface TlsEcsFields { + client_certificate?: Maybe; - files?: Maybe; + fingerprints?: Maybe; - ssl?: Maybe; + server_certificate?: Maybe; } export interface ZeekConnectionData { @@ -1149,6 +1150,38 @@ export interface ZeekDnsData { TC?: Maybe; } +export interface FileFields { + name?: Maybe; + + path?: Maybe; + + target_path?: Maybe; + + extension?: Maybe; + + type?: Maybe; + + device?: Maybe; + + inode?: Maybe; + + uid?: Maybe; + + owner?: Maybe; + + gid?: Maybe; + + group?: Maybe; + + mode?: Maybe; + + size?: Maybe; + + mtime?: Maybe; + + ctime?: Maybe; +} + export interface ZeekHttpData { resp_mime_types?: Maybe; @@ -1161,6 +1194,48 @@ export interface ZeekHttpData { tags?: Maybe; } +export interface HttpBodyData { + content?: Maybe; + + bytes?: Maybe; +} + +export interface HttpRequestData { + method?: Maybe; + + body?: Maybe; + + referrer?: Maybe; + + bytes?: Maybe; +} + +export interface HttpResponseData { + status_code?: Maybe; + + body?: Maybe; + + bytes?: Maybe; +} + +export interface HttpEcsFields { + version?: Maybe; + + request?: Maybe; + + response?: Maybe; +} + +export interface UrlEcsFields { + domain?: Maybe; + + original?: Maybe; + + username?: Maybe; + + password?: Maybe; +} + export interface ZeekFileData { session_ids?: Maybe; @@ -1209,128 +1284,54 @@ export interface ZeekSslData { version?: Maybe; } -export interface HttpEcsFields { - version?: Maybe; +export interface ZeekEcsFields { + session_id?: Maybe; - request?: Maybe; + connection?: Maybe; - response?: Maybe; -} + notice?: Maybe; -export interface HttpRequestData { - method?: Maybe; + dns?: Maybe; - body?: Maybe; + http?: Maybe; - referrer?: Maybe; + files?: Maybe; - bytes?: Maybe; + ssl?: Maybe; } -export interface HttpBodyData { - content?: Maybe; +export interface UserEcsFields { + domain?: Maybe; - bytes?: Maybe; -} + id?: Maybe; -export interface HttpResponseData { - status_code?: Maybe; + name?: Maybe; - body?: Maybe; + full_name?: Maybe; - bytes?: Maybe; -} + email?: Maybe; -export interface UrlEcsFields { - domain?: Maybe; + hash?: Maybe; - original?: Maybe; - - username?: Maybe; - - password?: Maybe; -} + group?: Maybe; +} export interface WinlogEcsFields { event_id?: Maybe; } -export interface ProcessEcsFields { - hash?: Maybe; - - pid?: Maybe; - - name?: Maybe; - - ppid?: Maybe; - - args?: Maybe; - - entity_id?: Maybe; - - executable?: Maybe; - - title?: Maybe; - - thread?: Maybe; - - working_directory?: Maybe; -} - -export interface ProcessHashData { - md5?: Maybe; - - sha1?: Maybe; - - sha256?: Maybe; -} - -export interface Thread { - id?: Maybe; - - start?: Maybe; -} - -export interface FileFields { - name?: Maybe; - - path?: Maybe; - - target_path?: Maybe; - - extension?: Maybe; - - type?: Maybe; - - device?: Maybe; - - inode?: Maybe; - - uid?: Maybe; - - owner?: Maybe; - - gid?: Maybe; - - group?: Maybe; - - mode?: Maybe; - - size?: Maybe; +export interface NetworkEcsField { + bytes?: Maybe; - mtime?: Maybe; + community_id?: Maybe; - ctime?: Maybe; -} + direction?: Maybe; -export interface SystemEcsField { - audit?: Maybe; + packets?: Maybe; - auth?: Maybe; -} + protocol?: Maybe; -export interface AuditEcsFields { - package?: Maybe; + transport?: Maybe; } export interface PackageEcsFields { @@ -1347,8 +1348,8 @@ export interface PackageEcsFields { version?: Maybe; } -export interface AuthEcsFields { - ssh?: Maybe; +export interface AuditEcsFields { + package?: Maybe; } export interface SshEcsFields { @@ -1357,3188 +1358,760 @@ export interface SshEcsFields { signature?: Maybe; } -export interface PageInfo { - endCursor?: Maybe; - - hasNextPage?: Maybe; +export interface AuthEcsFields { + ssh?: Maybe; } -export interface TimelineDetailsData { - data?: Maybe; +export interface SystemEcsField { + audit?: Maybe; - inspect?: Maybe; + auth?: Maybe; } -export interface DetailItem { - field: string; - - values?: Maybe; - - originalValue?: Maybe; -} +export interface RuleField { + id?: Maybe; -export interface LastEventTimeData { - lastSeen?: Maybe; + rule_id?: Maybe; - inspect?: Maybe; -} + false_positives: string[]; -export interface HostsData { - edges: HostsEdges[]; + saved_id?: Maybe; - totalCount: number; + timeline_id?: Maybe; - pageInfo: PageInfoPaginated; + timeline_title?: Maybe; - inspect?: Maybe; -} + max_signals?: Maybe; -export interface HostsEdges { - node: HostItem; + risk_score?: Maybe; - cursor: CursorType; -} + output_index?: Maybe; -export interface HostItem { - _id?: Maybe; + description?: Maybe; - cloud?: Maybe; + from?: Maybe; - endpoint?: Maybe; + immutable?: Maybe; - host?: Maybe; + index?: Maybe; - inspect?: Maybe; + interval?: Maybe; - lastSeen?: Maybe; -} + language?: Maybe; -export interface CloudFields { - instance?: Maybe; + query?: Maybe; - machine?: Maybe; + references?: Maybe; - provider?: Maybe<(Maybe)[]>; + severity?: Maybe; - region?: Maybe<(Maybe)[]>; -} + tags?: Maybe; -export interface CloudInstance { - id?: Maybe<(Maybe)[]>; -} + threat?: Maybe; -export interface CloudMachine { - type?: Maybe<(Maybe)[]>; -} + type?: Maybe; -export interface EndpointFields { - endpointPolicy?: Maybe; + size?: Maybe; - sensorVersion?: Maybe; + to?: Maybe; - policyStatus?: Maybe; -} + enabled?: Maybe; -export interface FirstLastSeenHost { - inspect?: Maybe; + filters?: Maybe; - firstSeen?: Maybe; + created_at?: Maybe; - lastSeen?: Maybe; -} + updated_at?: Maybe; -export interface KpiNetworkData { - networkEvents?: Maybe; + created_by?: Maybe; - uniqueFlowId?: Maybe; + updated_by?: Maybe; - uniqueSourcePrivateIps?: Maybe; + version?: Maybe; - uniqueSourcePrivateIpsHistogram?: Maybe; + note?: Maybe; - uniqueDestinationPrivateIps?: Maybe; + threshold?: Maybe; - uniqueDestinationPrivateIpsHistogram?: Maybe; + exceptions_list?: Maybe; +} - dnsQueries?: Maybe; +export interface SignalField { + rule?: Maybe; - tlsHandshakes?: Maybe; + original_time?: Maybe; - inspect?: Maybe; + status?: Maybe; } -export interface KpiNetworkHistogramData { - x?: Maybe; - - y?: Maybe; +export interface RuleEcsField { + reference?: Maybe; } -export interface KpiHostsData { - hosts?: Maybe; - - hostsHistogram?: Maybe; - - authSuccess?: Maybe; - - authSuccessHistogram?: Maybe; - - authFailure?: Maybe; - - authFailureHistogram?: Maybe; - - uniqueSourceIps?: Maybe; +export interface Ecs { + _id: string; - uniqueSourceIpsHistogram?: Maybe; + _index?: Maybe; - uniqueDestinationIps?: Maybe; + agent?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + auditd?: Maybe; - inspect?: Maybe; -} + destination?: Maybe; -export interface KpiHostHistogramData { - x?: Maybe; + dns?: Maybe; - y?: Maybe; -} + endgame?: Maybe; -export interface KpiHostDetailsData { - authSuccess?: Maybe; + event?: Maybe; - authSuccessHistogram?: Maybe; + geo?: Maybe; - authFailure?: Maybe; + host?: Maybe; - authFailureHistogram?: Maybe; + network?: Maybe; - uniqueSourceIps?: Maybe; + rule?: Maybe; - uniqueSourceIpsHistogram?: Maybe; + signal?: Maybe; - uniqueDestinationIps?: Maybe; + source?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + suricata?: Maybe; - inspect?: Maybe; -} + tls?: Maybe; -export interface MatrixHistogramOverTimeData { - inspect?: Maybe; + zeek?: Maybe; - matrixHistogramData: MatrixOverTimeHistogramData[]; + http?: Maybe; - totalCount: number; -} + url?: Maybe; -export interface MatrixOverTimeHistogramData { - x?: Maybe; + timestamp?: Maybe; - y?: Maybe; + message?: Maybe; - g?: Maybe; -} + user?: Maybe; -export interface NetworkTopCountriesData { - edges: NetworkTopCountriesEdges[]; + winlog?: Maybe; - totalCount: number; + process?: Maybe; - pageInfo: PageInfoPaginated; + file?: Maybe; - inspect?: Maybe; + system?: Maybe; } -export interface NetworkTopCountriesEdges { - node: NetworkTopCountriesItem; +export interface EcsEdges { + node: Ecs; cursor: CursorType; } -export interface NetworkTopCountriesItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; - - network?: Maybe; -} +export interface OsFields { + platform?: Maybe; -export interface TopCountriesItemSource { - country?: Maybe; + name?: Maybe; - destination_ips?: Maybe; + full?: Maybe; - flows?: Maybe; + family?: Maybe; - location?: Maybe; + version?: Maybe; - source_ips?: Maybe; + kernel?: Maybe; } -export interface GeoItem { - geo?: Maybe; +export interface HostFields { + architecture?: Maybe; - flowTarget?: Maybe; -} + id?: Maybe; -export interface TopCountriesItemDestination { - country?: Maybe; + ip?: Maybe<(Maybe)[]>; - destination_ips?: Maybe; + mac?: Maybe<(Maybe)[]>; - flows?: Maybe; + name?: Maybe; - location?: Maybe; + os?: Maybe; - source_ips?: Maybe; + type?: Maybe; } -export interface TopNetworkTablesEcsField { - bytes_in?: Maybe; - - bytes_out?: Maybe; -} - -export interface NetworkTopNFlowData { - edges: NetworkTopNFlowEdges[]; - - totalCount: number; +/** A descriptor of a field in an index */ +export interface IndexField { + /** Where the field belong */ + category: string; + /** Example of field's value */ + example?: Maybe; + /** whether the field's belong to an alias index */ + indexes: (Maybe)[]; + /** The name of the field */ + name: string; + /** The type of the field's values as recognized by Kibana */ + type: string; + /** Whether the field's values can be efficiently searched for */ + searchable: boolean; + /** Whether the field's values can be aggregated */ + aggregatable: boolean; + /** Description of the field */ + description?: Maybe; - pageInfo: PageInfoPaginated; + format?: Maybe; + /** the elastic type as mapped in the index */ + esTypes?: Maybe; - inspect?: Maybe; + subType?: Maybe; } -export interface NetworkTopNFlowEdges { - node: NetworkTopNFlowItem; +export interface PageInfo { + endCursor?: Maybe; - cursor: CursorType; + hasNextPage?: Maybe; } -export interface NetworkTopNFlowItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; +// ==================================================== +// Arguments +// ==================================================== - network?: Maybe; +export interface GetNoteQueryArgs { + id: string; } - -export interface TopNFlowItemSource { - autonomous_system?: Maybe; - - domain?: Maybe; - - ip?: Maybe; - - location?: Maybe; - - flows?: Maybe; - - destination_ips?: Maybe; +export interface GetNotesByTimelineIdQueryArgs { + timelineId: string; } - -export interface AutonomousSystemItem { - name?: Maybe; - - number?: Maybe; +export interface GetNotesByEventIdQueryArgs { + eventId: string; } +export interface GetAllNotesQueryArgs { + pageInfo?: Maybe; -export interface TopNFlowItemDestination { - autonomous_system?: Maybe; - - domain?: Maybe; - - ip?: Maybe; - - location?: Maybe; - - flows?: Maybe; + search?: Maybe; - source_ips?: Maybe; + sort?: Maybe; } +export interface GetAllPinnedEventsByTimelineIdQueryArgs { + timelineId: string; +} +export interface SourceQueryArgs { + /** The id of the source */ + id: string; +} +export interface GetOneTimelineQueryArgs { + id: string; +} +export interface GetAllTimelineQueryArgs { + pageInfo: PageInfoTimeline; -export interface NetworkDnsData { - edges: NetworkDnsEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; + search?: Maybe; - inspect?: Maybe; + sort?: Maybe; - histogram?: Maybe; -} + onlyUserFavorite?: Maybe; -export interface NetworkDnsEdges { - node: NetworkDnsItem; + timelineType?: Maybe; - cursor: CursorType; + status?: Maybe; } +export interface HostsSourceArgs { + id?: Maybe; -export interface NetworkDnsItem { - _id?: Maybe; + timerange: TimerangeInput; - dnsBytesIn?: Maybe; + pagination: PaginationInputPaginated; - dnsBytesOut?: Maybe; + sort: HostsSortField; - dnsName?: Maybe; + filterQuery?: Maybe; - queryCount?: Maybe; + defaultIndex: string[]; - uniqueDomains?: Maybe; + docValueFields: DocValueFieldsInput[]; } +export interface HostOverviewSourceArgs { + id?: Maybe; -export interface MatrixOverOrdinalHistogramData { - x: string; + hostName: string; - y: number; + timerange: TimerangeInput; - g: string; + defaultIndex: string[]; } +export interface HostFirstLastSeenSourceArgs { + id?: Maybe; -export interface NetworkDsOverTimeData { - inspect?: Maybe; + hostName: string; - matrixHistogramData: MatrixOverTimeHistogramData[]; + defaultIndex: string[]; - totalCount: number; + docValueFields: DocValueFieldsInput[]; } - -export interface NetworkHttpData { - edges: NetworkHttpEdges[]; - - totalCount: number; - - pageInfo: PageInfoPaginated; - - inspect?: Maybe; +export interface IndicesExistSourceStatusArgs { + defaultIndex: string[]; } - -export interface NetworkHttpEdges { - node: NetworkHttpItem; - - cursor: CursorType; +export interface IndexFieldsSourceStatusArgs { + defaultIndex: string[]; } +export interface PersistNoteMutationArgs { + noteId?: Maybe; -export interface NetworkHttpItem { - _id?: Maybe; - - domains: string[]; - - lastHost?: Maybe; - - lastSourceIp?: Maybe; - - methods: string[]; - - path?: Maybe; - - requestCount?: Maybe; + version?: Maybe; - statuses: string[]; + note: NoteInput; } - -export interface SayMyName { - /** The id of the source */ - appName: string; +export interface DeleteNoteMutationArgs { + id: string[]; } +export interface DeleteNoteByTimelineIdMutationArgs { + timelineId: string; -export interface TimelineResult { - columns?: Maybe; - - created?: Maybe; - - createdBy?: Maybe; - - dataProviders?: Maybe; - - dateRange?: Maybe; - - description?: Maybe; - - eventIdToNoteIds?: Maybe; - - eventType?: Maybe; - - excludedRowRendererIds?: Maybe; - - favorite?: Maybe; - - filters?: Maybe; - - kqlMode?: Maybe; - - kqlQuery?: Maybe; - - indexNames?: Maybe; - - notes?: Maybe; - - noteIds?: Maybe; - - pinnedEventIds?: Maybe; - - pinnedEventsSaveObject?: Maybe; - - savedQueryId?: Maybe; - - savedObjectId: string; - - sort?: Maybe; + version?: Maybe; +} +export interface PersistPinnedEventOnTimelineMutationArgs { + pinnedEventId?: Maybe; - status?: Maybe; + eventId: string; - title?: Maybe; + timelineId?: Maybe; +} +export interface DeletePinnedEventOnTimelineMutationArgs { + id: string[]; +} +export interface DeleteAllPinnedEventsOnTimelineMutationArgs { + timelineId: string; +} +export interface PersistTimelineMutationArgs { + id?: Maybe; - templateTimelineId?: Maybe; + version?: Maybe; - templateTimelineVersion?: Maybe; + timeline: TimelineInput; +} +export interface PersistFavoriteMutationArgs { + timelineId?: Maybe; +} +export interface DeleteTimelineMutationArgs { + id: string[]; +} - timelineType?: Maybe; +// ==================================================== +// Documents +// ==================================================== - updated?: Maybe; +export namespace GetHostOverviewQuery { + export type Variables = { + sourceId: string; + hostName: string; + timerange: TimerangeInput; + defaultIndex: string[]; + inspect: boolean; + }; - updatedBy?: Maybe; + export type Query = { + __typename?: 'Query'; - version: string; -} + source: Source; + }; -export interface ColumnHeaderResult { - aggregatable?: Maybe; + export type Source = { + __typename?: 'Source'; - category?: Maybe; + id: string; - columnHeaderType?: Maybe; + HostOverview: HostOverview; + }; - description?: Maybe; + export type HostOverview = { + __typename?: 'HostItem'; - example?: Maybe; + _id: Maybe; - indexes?: Maybe; + host: Maybe; - id?: Maybe; + cloud: Maybe; - name?: Maybe; + inspect: Maybe; - placeholder?: Maybe; + endpoint: Maybe; + }; - searchable?: Maybe; + export type Host = { + __typename?: 'HostEcsFields'; - type?: Maybe; -} - -export interface DataProviderResult { - id?: Maybe; - - name?: Maybe; - - enabled?: Maybe; - - excluded?: Maybe; - - kqlQuery?: Maybe; - - queryMatch?: Maybe; - - type?: Maybe; - - and?: Maybe; -} - -export interface QueryMatchResult { - field?: Maybe; - - displayField?: Maybe; - - value?: Maybe; - - displayValue?: Maybe; - - operator?: Maybe; -} - -export interface DateRangePickerResult { - start?: Maybe; - - end?: Maybe; -} - -export interface FavoriteTimelineResult { - fullName?: Maybe; - - userName?: Maybe; - - favoriteDate?: Maybe; -} - -export interface FilterTimelineResult { - exists?: Maybe; - - meta?: Maybe; - - match_all?: Maybe; - - missing?: Maybe; - - query?: Maybe; - - range?: Maybe; - - script?: Maybe; -} - -export interface FilterMetaTimelineResult { - alias?: Maybe; - - controlledBy?: Maybe; - - disabled?: Maybe; - - field?: Maybe; - - formattedValue?: Maybe; - - index?: Maybe; - - key?: Maybe; - - negate?: Maybe; - - params?: Maybe; - - type?: Maybe; - - value?: Maybe; -} - -export interface SerializedFilterQueryResult { - filterQuery?: Maybe; -} - -export interface SerializedKueryQueryResult { - kuery?: Maybe; - - serializedQuery?: Maybe; -} - -export interface KueryFilterQueryResult { - kind?: Maybe; - - expression?: Maybe; -} - -export interface SortTimelineResult { - columnId?: Maybe; - - sortDirection?: Maybe; -} - -export interface ResponseTimelines { - timeline: (Maybe)[]; - - totalCount?: Maybe; - - defaultTimelineCount?: Maybe; - - templateTimelineCount?: Maybe; - - elasticTemplateTimelineCount?: Maybe; - - customTemplateTimelineCount?: Maybe; - - favoriteCount?: Maybe; -} - -export interface Mutation { - /** Persists a note */ - persistNote: ResponseNote; - - deleteNote?: Maybe; - - deleteNoteByTimelineId?: Maybe; - /** Persists a pinned event in a timeline */ - persistPinnedEventOnTimeline?: Maybe; - /** Remove a pinned events in a timeline */ - deletePinnedEventOnTimeline: boolean; - /** Remove all pinned events in a timeline */ - deleteAllPinnedEventsOnTimeline: boolean; - /** Persists a timeline */ - persistTimeline: ResponseTimeline; - - persistFavorite: ResponseFavoriteTimeline; - - deleteTimeline: boolean; -} - -export interface ResponseNote { - code?: Maybe; - - message?: Maybe; - - note: NoteResult; -} - -export interface ResponseTimeline { - code?: Maybe; - - message?: Maybe; - - timeline: TimelineResult; -} - -export interface ResponseFavoriteTimeline { - code?: Maybe; - - message?: Maybe; - - savedObjectId: string; - - version: string; - - favorite?: Maybe; -} - -export interface EcsEdges { - node: Ecs; - - cursor: CursorType; -} - -export interface EventsTimelineData { - edges: EcsEdges[]; - - totalCount: number; - - pageInfo: PageInfo; - - inspect?: Maybe; -} - -export interface OsFields { - platform?: Maybe; - - name?: Maybe; - - full?: Maybe; - - family?: Maybe; - - version?: Maybe; - - kernel?: Maybe; -} - -export interface HostFields { - architecture?: Maybe; - - id?: Maybe; - - ip?: Maybe<(Maybe)[]>; - - mac?: Maybe<(Maybe)[]>; - - name?: Maybe; - - os?: Maybe; - - type?: Maybe; -} - -/** A descriptor of a field in an index */ -export interface IndexField { - /** Where the field belong */ - category: string; - /** Example of field's value */ - example?: Maybe; - /** whether the field's belong to an alias index */ - indexes: (Maybe)[]; - /** The name of the field */ - name: string; - /** The type of the field's values as recognized by Kibana */ - type: string; - /** Whether the field's values can be efficiently searched for */ - searchable: boolean; - /** Whether the field's values can be aggregated */ - aggregatable: boolean; - /** Description of the field */ - description?: Maybe; - - format?: Maybe; - /** the elastic type as mapped in the index */ - esTypes?: Maybe; - - subType?: Maybe; -} - -// ==================================================== -// Arguments -// ==================================================== - -export interface GetNoteQueryArgs { - id: string; -} -export interface GetNotesByTimelineIdQueryArgs { - timelineId: string; -} -export interface GetNotesByEventIdQueryArgs { - eventId: string; -} -export interface GetAllNotesQueryArgs { - pageInfo?: Maybe; - - search?: Maybe; - - sort?: Maybe; -} -export interface GetAllPinnedEventsByTimelineIdQueryArgs { - timelineId: string; -} -export interface SourceQueryArgs { - /** The id of the source */ - id: string; -} -export interface GetOneTimelineQueryArgs { - id: string; -} -export interface GetAllTimelineQueryArgs { - pageInfo: PageInfoTimeline; - - search?: Maybe; - - sort?: Maybe; - - onlyUserFavorite?: Maybe; - - timelineType?: Maybe; - - status?: Maybe; -} -export interface AuthenticationsSourceArgs { - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineSourceArgs { - pagination: PaginationInput; - - sortField: SortField; - - fieldRequested: string[]; - - timerange?: Maybe; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineDetailsSourceArgs { - eventId: string; - - indexName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface LastEventTimeSourceArgs { - id?: Maybe; - - indexKey: LastEventIndexKey; - - details: LastTimeDetails; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - sort: HostsSortField; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostOverviewSourceArgs { - id?: Maybe; - - hostName: string; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface HostFirstLastSeenSourceArgs { - id?: Maybe; - - hostName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface KpiNetworkSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostDetailsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface MatrixHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField: string; - - histogramType: HistogramType; -} -export interface NetworkTopCountriesSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkTopNFlowSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - isPtrIncluded: boolean; - - pagination: PaginationInputPaginated; - - sort: NetworkDnsSortField; - - stackByField?: Maybe; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; - - docValueFields: DocValueFieldsInput[]; -} -export interface NetworkHttpSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - pagination: PaginationInputPaginated; - - sort: NetworkHttpSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface IndicesExistSourceStatusArgs { - defaultIndex: string[]; -} -export interface IndexFieldsSourceStatusArgs { - defaultIndex: string[]; -} -export interface PersistNoteMutationArgs { - noteId?: Maybe; - - version?: Maybe; - - note: NoteInput; -} -export interface DeleteNoteMutationArgs { - id: string[]; -} -export interface DeleteNoteByTimelineIdMutationArgs { - timelineId: string; - - version?: Maybe; -} -export interface PersistPinnedEventOnTimelineMutationArgs { - pinnedEventId?: Maybe; - - eventId: string; - - timelineId?: Maybe; -} -export interface DeletePinnedEventOnTimelineMutationArgs { - id: string[]; -} -export interface DeleteAllPinnedEventsOnTimelineMutationArgs { - timelineId: string; -} -export interface PersistTimelineMutationArgs { - id?: Maybe; - - version?: Maybe; - - timeline: TimelineInput; -} -export interface PersistFavoriteMutationArgs { - timelineId?: Maybe; -} -export interface DeleteTimelineMutationArgs { - id: string[]; -} - -// ==================================================== -// Documents -// ==================================================== - -export namespace GetLastEventTimeQuery { - export type Variables = { - sourceId: string; - indexKey: LastEventIndexKey; - details: LastTimeDetails; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - LastEventTime: LastEventTime; - }; - - export type LastEventTime = { - __typename?: 'LastEventTimeData'; - - lastSeen: Maybe; - }; -} - -export namespace GetMatrixHistogramQuery { - export type Variables = { - defaultIndex: string[]; - filterQuery?: Maybe; - histogramType: HistogramType; - inspect: boolean; - sourceId: string; - stackByField: string; - timerange: TimerangeInput; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - MatrixHistogram: MatrixHistogram; - }; - - export type MatrixHistogram = { - __typename?: 'MatrixHistogramOverTimeData'; - - matrixHistogramData: MatrixHistogramData[]; - - totalCount: number; - - inspect: Maybe; - }; - - export type MatrixHistogramData = { - __typename?: 'MatrixOverTimeHistogramData'; - - x: Maybe; - - y: Maybe; - - g: Maybe; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetAuthenticationsQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - pagination: PaginationInputPaginated; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Authentications: Authentications; - }; - - export type Authentications = { - __typename?: 'AuthenticationsData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'AuthenticationsEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'AuthenticationItem'; - - _id: string; - - failures: number; - - successes: number; - - user: User; - - lastSuccess: Maybe; - - lastFailure: Maybe; - }; - - export type User = { - __typename?: 'UserEcsFields'; - - name: Maybe; - }; - - export type LastSuccess = { - __typename?: 'LastSourceHost'; - - timestamp: Maybe; - - source: Maybe<_Source>; - - host: Maybe; - }; - - export type _Source = { - __typename?: 'SourceEcsFields'; - - ip: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - }; - - export type LastFailure = { - __typename?: 'LastSourceHost'; - - timestamp: Maybe; - - source: Maybe<__Source>; - - host: Maybe<_Host>; - }; - - export type __Source = { - __typename?: 'SourceEcsFields'; - - ip: Maybe; - }; - - export type _Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetHostOverviewQuery { - export type Variables = { - sourceId: string; - hostName: string; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - HostOverview: HostOverview; - }; - - export type HostOverview = { - __typename?: 'HostItem'; - - _id: Maybe; - - host: Maybe; - - cloud: Maybe; - - inspect: Maybe; - - endpoint: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - architecture: Maybe; - - id: Maybe; - - ip: Maybe; - - mac: Maybe; - - name: Maybe; - - os: Maybe; - - type: Maybe; - }; - - export type Os = { - __typename?: 'OsEcsFields'; - - family: Maybe; - - name: Maybe; - - platform: Maybe; - - version: Maybe; - }; - - export type Cloud = { - __typename?: 'CloudFields'; - - instance: Maybe; - - machine: Maybe; - - provider: Maybe<(Maybe)[]>; - - region: Maybe<(Maybe)[]>; - }; - - export type Instance = { - __typename?: 'CloudInstance'; - - id: Maybe<(Maybe)[]>; - }; - - export type Machine = { - __typename?: 'CloudMachine'; - - type: Maybe<(Maybe)[]>; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; - - export type Endpoint = { - __typename?: 'EndpointFields'; - - endpointPolicy: Maybe; - - policyStatus: Maybe; - - sensorVersion: Maybe; - }; -} - -export namespace GetHostFirstLastSeenQuery { - export type Variables = { - sourceId: string; - hostName: string; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - HostFirstLastSeen: HostFirstLastSeen; - }; - - export type HostFirstLastSeen = { - __typename?: 'FirstLastSeenHost'; - - firstSeen: Maybe; - - lastSeen: Maybe; - }; -} - -export namespace GetHostsTableQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - pagination: PaginationInputPaginated; - sort: HostsSortField; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Hosts: Hosts; - }; - - export type Hosts = { - __typename?: 'HostsData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'HostsEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'HostItem'; - - _id: Maybe; - - lastSeen: Maybe; - - host: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - - os: Maybe; - }; - - export type Os = { - __typename?: 'OsEcsFields'; - - name: Maybe; - - version: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetKpiHostDetailsQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - KpiHostDetails: KpiHostDetails; - }; - - export type KpiHostDetails = { - __typename?: 'KpiHostDetailsData'; - - authSuccess: Maybe; - - authSuccessHistogram: Maybe; - - authFailure: Maybe; - - authFailureHistogram: Maybe; - - uniqueSourceIps: Maybe; - - uniqueSourceIpsHistogram: Maybe; - - uniqueDestinationIps: Maybe; - - uniqueDestinationIpsHistogram: Maybe; - - inspect: Maybe; - }; - - export type AuthSuccessHistogram = KpiHostDetailsChartFields.Fragment; - - export type AuthFailureHistogram = KpiHostDetailsChartFields.Fragment; - - export type UniqueSourceIpsHistogram = KpiHostDetailsChartFields.Fragment; - - export type UniqueDestinationIpsHistogram = KpiHostDetailsChartFields.Fragment; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetKpiHostsQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - KpiHosts: KpiHosts; - }; - - export type KpiHosts = { - __typename?: 'KpiHostsData'; - - hosts: Maybe; - - hostsHistogram: Maybe; - - authSuccess: Maybe; - - authSuccessHistogram: Maybe; - - authFailure: Maybe; - - authFailureHistogram: Maybe; - - uniqueSourceIps: Maybe; - - uniqueSourceIpsHistogram: Maybe; - - uniqueDestinationIps: Maybe; - - uniqueDestinationIpsHistogram: Maybe; - - inspect: Maybe; - }; - - export type HostsHistogram = KpiHostChartFields.Fragment; - - export type AuthSuccessHistogram = KpiHostChartFields.Fragment; - - export type AuthFailureHistogram = KpiHostChartFields.Fragment; - - export type UniqueSourceIpsHistogram = KpiHostChartFields.Fragment; - - export type UniqueDestinationIpsHistogram = KpiHostChartFields.Fragment; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetKpiNetworkQuery { - export type Variables = { - sourceId: string; - timerange: TimerangeInput; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - KpiNetwork: Maybe; - }; - - export type KpiNetwork = { - __typename?: 'KpiNetworkData'; - - networkEvents: Maybe; - - uniqueFlowId: Maybe; - - uniqueSourcePrivateIps: Maybe; - - uniqueSourcePrivateIpsHistogram: Maybe; - - uniqueDestinationPrivateIps: Maybe; - - uniqueDestinationPrivateIpsHistogram: Maybe; - - dnsQueries: Maybe; - - tlsHandshakes: Maybe; - - inspect: Maybe; - }; - - export type UniqueSourcePrivateIpsHistogram = KpiNetworkChartFields.Fragment; - - export type UniqueDestinationPrivateIpsHistogram = KpiNetworkChartFields.Fragment; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkDnsQuery { - export type Variables = { - defaultIndex: string[]; - filterQuery?: Maybe; - inspect: boolean; - isPtrIncluded: boolean; - pagination: PaginationInputPaginated; - sort: NetworkDnsSortField; - sourceId: string; - stackByField?: Maybe; - timerange: TimerangeInput; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkDns: NetworkDns; - }; - - export type NetworkDns = { - __typename?: 'NetworkDnsData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkDnsEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkDnsItem'; - - _id: Maybe; - - dnsBytesIn: Maybe; - - dnsBytesOut: Maybe; - - dnsName: Maybe; - - queryCount: Maybe; - - uniqueDomains: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkHttpQuery { - export type Variables = { - sourceId: string; - ip?: Maybe; - filterQuery?: Maybe; - pagination: PaginationInputPaginated; - sort: NetworkHttpSortField; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkHttp: NetworkHttp; - }; - - export type NetworkHttp = { - __typename?: 'NetworkHttpData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkHttpEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkHttpItem'; - - domains: string[]; - - lastHost: Maybe; - - lastSourceIp: Maybe; - - methods: string[]; - - path: Maybe; - - requestCount: Maybe; - - statuses: string[]; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkTopCountriesQuery { - export type Variables = { - sourceId: string; - ip?: Maybe; - filterQuery?: Maybe; - pagination: PaginationInputPaginated; - sort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkTopCountries: NetworkTopCountries; - }; - - export type NetworkTopCountries = { - __typename?: 'NetworkTopCountriesData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkTopCountriesEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkTopCountriesItem'; - - source: Maybe<_Source>; - - destination: Maybe; - - network: Maybe; - }; - - export type _Source = { - __typename?: 'TopCountriesItemSource'; - - country: Maybe; - - destination_ips: Maybe; - - flows: Maybe; - - source_ips: Maybe; - }; - - export type Destination = { - __typename?: 'TopCountriesItemDestination'; - - country: Maybe; - - destination_ips: Maybe; - - flows: Maybe; - - source_ips: Maybe; - }; - - export type Network = { - __typename?: 'TopNetworkTablesEcsField'; - - bytes_in: Maybe; - - bytes_out: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetNetworkTopNFlowQuery { - export type Variables = { - sourceId: string; - ip?: Maybe; - filterQuery?: Maybe; - pagination: PaginationInputPaginated; - sort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - timerange: TimerangeInput; - defaultIndex: string[]; - inspect: boolean; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - NetworkTopNFlow: NetworkTopNFlow; - }; - - export type NetworkTopNFlow = { - __typename?: 'NetworkTopNFlowData'; - - totalCount: number; - - edges: Edges[]; - - pageInfo: PageInfo; - - inspect: Maybe; - }; - - export type Edges = { - __typename?: 'NetworkTopNFlowEdges'; - - node: Node; - - cursor: Cursor; - }; - - export type Node = { - __typename?: 'NetworkTopNFlowItem'; - - source: Maybe<_Source>; - - destination: Maybe; - - network: Maybe; - }; - - export type _Source = { - __typename?: 'TopNFlowItemSource'; - - autonomous_system: Maybe; - - domain: Maybe; - - ip: Maybe; - - location: Maybe; - - flows: Maybe; - - destination_ips: Maybe; - }; - - export type AutonomousSystem = { - __typename?: 'AutonomousSystemItem'; - - name: Maybe; - - number: Maybe; - }; - - export type Location = { - __typename?: 'GeoItem'; - - geo: Maybe; - - flowTarget: Maybe; - }; - - export type Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Destination = { - __typename?: 'TopNFlowItemDestination'; - - autonomous_system: Maybe<_AutonomousSystem>; - - domain: Maybe; - - ip: Maybe; - - location: Maybe<_Location>; - - flows: Maybe; - - source_ips: Maybe; - }; - - export type _AutonomousSystem = { - __typename?: 'AutonomousSystemItem'; - - name: Maybe; - - number: Maybe; - }; - - export type _Location = { - __typename?: 'GeoItem'; - - geo: Maybe<_Geo>; - - flowTarget: Maybe; - }; - - export type _Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Network = { - __typename?: 'TopNetworkTablesEcsField'; - - bytes_in: Maybe; - - bytes_out: Maybe; - }; - - export type Cursor = { - __typename?: 'CursorType'; - - value: Maybe; - }; - - export type PageInfo = { - __typename?: 'PageInfoPaginated'; - - activePage: number; - - fakeTotalCount: number; - - showMorePagesIndicator: boolean; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; -} - -export namespace GetAllTimeline { - export type Variables = { - pageInfo: PageInfoTimeline; - search?: Maybe; - sort?: Maybe; - onlyUserFavorite?: Maybe; - timelineType?: Maybe; - status?: Maybe; - }; - - export type Query = { - __typename?: 'Query'; - - getAllTimeline: GetAllTimeline; - }; - - export type GetAllTimeline = { - __typename?: 'ResponseTimelines'; - - totalCount: Maybe; - - defaultTimelineCount: Maybe; - - templateTimelineCount: Maybe; - - elasticTemplateTimelineCount: Maybe; - - customTemplateTimelineCount: Maybe; - - favoriteCount: Maybe; - - timeline: (Maybe)[]; - }; - - export type Timeline = { - __typename?: 'TimelineResult'; - - savedObjectId: string; - - description: Maybe; - - favorite: Maybe; - - eventIdToNoteIds: Maybe; - - excludedRowRendererIds: Maybe; - - notes: Maybe; - - noteIds: Maybe; - - pinnedEventIds: Maybe; - - status: Maybe; - - title: Maybe; - - timelineType: Maybe; - - templateTimelineId: Maybe; - - templateTimelineVersion: Maybe; - - created: Maybe; - - createdBy: Maybe; - - updated: Maybe; - - updatedBy: Maybe; - - version: string; - }; - - export type Favorite = { - __typename?: 'FavoriteTimelineResult'; - - fullName: Maybe; - - userName: Maybe; - - favoriteDate: Maybe; - }; - - export type EventIdToNoteIds = { - __typename?: 'NoteResult'; - - eventId: Maybe; - - note: Maybe; - - timelineId: Maybe; - - noteId: string; - - created: Maybe; - - createdBy: Maybe; - - timelineVersion: Maybe; - - updated: Maybe; - - updatedBy: Maybe; - - version: Maybe; - }; - - export type Notes = { - __typename?: 'NoteResult'; - - eventId: Maybe; - - note: Maybe; - - timelineId: Maybe; - - timelineVersion: Maybe; - - noteId: string; - - created: Maybe; - - createdBy: Maybe; - - updated: Maybe; - - updatedBy: Maybe; - - version: Maybe; - }; -} - -export namespace DeleteTimelineMutation { - export type Variables = { - id: string[]; - }; - - export type Mutation = { - __typename?: 'Mutation'; - - deleteTimeline: boolean; - }; -} - -export namespace GetTimelineDetailsQuery { - export type Variables = { - sourceId: string; - eventId: string; - indexName: string; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - TimelineDetails: TimelineDetails; - }; - - export type TimelineDetails = { - __typename?: 'TimelineDetailsData'; - - data: Maybe; - }; - - export type Data = { - __typename?: 'DetailItem'; - - field: string; - - values: Maybe; - - originalValue: Maybe; - }; -} - -export namespace PersistTimelineFavoriteMutation { - export type Variables = { - timelineId?: Maybe; - }; - - export type Mutation = { - __typename?: 'Mutation'; - - persistFavorite: PersistFavorite; - }; - - export type PersistFavorite = { - __typename?: 'ResponseFavoriteTimeline'; - - savedObjectId: string; - - version: string; - - favorite: Maybe; - }; - - export type Favorite = { - __typename?: 'FavoriteTimelineResult'; - - fullName: Maybe; - - userName: Maybe; - - favoriteDate: Maybe; - }; -} - -export namespace GetTimelineQuery { - export type Variables = { - sourceId: string; - fieldRequested: string[]; - pagination: PaginationInput; - sortField: SortField; - filterQuery?: Maybe; - defaultIndex: string[]; - inspect: boolean; - docValueFields: DocValueFieldsInput[]; - timerange: TimerangeInput; - }; - - export type Query = { - __typename?: 'Query'; - - source: Source; - }; - - export type Source = { - __typename?: 'Source'; - - id: string; - - Timeline: Timeline; - }; - - export type Timeline = { - __typename?: 'TimelineData'; - - totalCount: number; - - inspect: Maybe; - - pageInfo: PageInfo; - - edges: Edges[]; - }; - - export type Inspect = { - __typename?: 'Inspect'; - - dsl: string[]; - - response: string[]; - }; - - export type PageInfo = { - __typename?: 'PageInfo'; - - endCursor: Maybe; - - hasNextPage: Maybe; - }; - - export type EndCursor = { - __typename?: 'CursorType'; - - value: Maybe; - - tiebreaker: Maybe; - }; - - export type Edges = { - __typename?: 'TimelineEdges'; - - node: Node; - }; - - export type Node = { - __typename?: 'TimelineItem'; - - _id: string; - - _index: Maybe; - - data: Data[]; - - ecs: Ecs; - }; - - export type Data = { - __typename?: 'TimelineNonEcsData'; - - field: string; - - value: Maybe; - }; - - export type Ecs = { - __typename?: 'ECS'; - - _id: string; - - _index: Maybe; - - timestamp: Maybe; - - message: Maybe; - - system: Maybe; - - event: Maybe; - - agent: Maybe; - - auditd: Maybe; - - file: Maybe; - - host: Maybe; - - rule: Maybe; - - source: Maybe<_Source>; - - destination: Maybe; - - dns: Maybe; - - endgame: Maybe; - - geo: Maybe<__Geo>; - - signal: Maybe; - - suricata: Maybe; - - network: Maybe; - - http: Maybe; - - tls: Maybe; - - url: Maybe; - - user: Maybe; - - winlog: Maybe; - - process: Maybe; - - zeek: Maybe; - }; - - export type System = { - __typename?: 'SystemEcsField'; - - auth: Maybe; - - audit: Maybe; - }; - - export type Auth = { - __typename?: 'AuthEcsFields'; - - ssh: Maybe; - }; - - export type Ssh = { - __typename?: 'SshEcsFields'; - - signature: Maybe; - - method: Maybe; - }; - - export type Audit = { - __typename?: 'AuditEcsFields'; - - package: Maybe; - }; - - export type Package = { - __typename?: 'PackageEcsFields'; - - arch: Maybe; - - entity_id: Maybe; - - name: Maybe; - - size: Maybe; - - summary: Maybe; - - version: Maybe; - }; - - export type Event = { - __typename?: 'EventEcsFields'; - - action: Maybe; - - category: Maybe; - - code: Maybe; - - created: Maybe; - - dataset: Maybe; - - duration: Maybe; - - end: Maybe; - - hash: Maybe; - - id: Maybe; - - kind: Maybe; - - module: Maybe; - - original: Maybe; - - outcome: Maybe; - - risk_score: Maybe; - - risk_score_norm: Maybe; - - severity: Maybe; - - start: Maybe; - - timezone: Maybe; - - type: Maybe; - }; - - export type Agent = { - __typename?: 'AgentEcsField'; - - type: Maybe; - }; - - export type Auditd = { - __typename?: 'AuditdEcsFields'; - - result: Maybe; - - session: Maybe; - - data: Maybe<_Data>; - - summary: Maybe; - }; - - export type _Data = { - __typename?: 'AuditdData'; - - acct: Maybe; - - terminal: Maybe; - - op: Maybe; - }; - - export type Summary = { - __typename?: 'Summary'; - - actor: Maybe; - - object: Maybe; - - how: Maybe; - - message_type: Maybe; - - sequence: Maybe; - }; - - export type Actor = { - __typename?: 'PrimarySecondary'; - - primary: Maybe; - - secondary: Maybe; - }; - - export type Object = { - __typename?: 'PrimarySecondary'; - - primary: Maybe; - - secondary: Maybe; - - type: Maybe; - }; - - export type File = { - __typename?: 'FileFields'; - - name: Maybe; - - path: Maybe; - - target_path: Maybe; - - extension: Maybe; - - type: Maybe; - - device: Maybe; - - inode: Maybe; - - uid: Maybe; - - owner: Maybe; - - gid: Maybe; - - group: Maybe; - - mode: Maybe; - - size: Maybe; - - mtime: Maybe; - - ctime: Maybe; - }; - - export type Host = { - __typename?: 'HostEcsFields'; - - id: Maybe; - - name: Maybe; - - ip: Maybe; - }; - - export type Rule = { - __typename?: 'RuleEcsField'; - - reference: Maybe; - }; - - export type _Source = { - __typename?: 'SourceEcsFields'; - - bytes: Maybe; - - ip: Maybe; - - packets: Maybe; - - port: Maybe; - - geo: Maybe; - }; - - export type Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Destination = { - __typename?: 'DestinationEcsFields'; - - bytes: Maybe; - - ip: Maybe; - - packets: Maybe; - - port: Maybe; - - geo: Maybe<_Geo>; - }; - - export type _Geo = { - __typename?: 'GeoEcsFields'; - - continent_name: Maybe; - - country_name: Maybe; - - country_iso_code: Maybe; - - city_name: Maybe; - - region_iso_code: Maybe; - - region_name: Maybe; - }; - - export type Dns = { - __typename?: 'DnsEcsFields'; - - question: Maybe; - - resolved_ip: Maybe; - - response_code: Maybe; - }; - - export type Question = { - __typename?: 'DnsQuestionData'; - - name: Maybe; - - type: Maybe; - }; - - export type Endgame = { - __typename?: 'EndgameEcsFields'; - - exit_code: Maybe; - - file_name: Maybe; - - file_path: Maybe; - - logon_type: Maybe; - - parent_process_name: Maybe; - - pid: Maybe; - - process_name: Maybe; - - subject_domain_name: Maybe; - - subject_logon_id: Maybe; - - subject_user_name: Maybe; - - target_domain_name: Maybe; - - target_logon_id: Maybe; - - target_user_name: Maybe; - }; - - export type __Geo = { - __typename?: 'GeoEcsFields'; - - region_name: Maybe; - - country_iso_code: Maybe; - }; - - export type Signal = { - __typename?: 'SignalField'; - - status: Maybe; - - original_time: Maybe; - - rule: Maybe<_Rule>; - }; - - export type _Rule = { - __typename?: 'RuleField'; + architecture: Maybe; id: Maybe; - saved_id: Maybe; - - timeline_id: Maybe; + ip: Maybe; - timeline_title: Maybe; + mac: Maybe; - output_index: Maybe; + name: Maybe; - from: Maybe; + os: Maybe; - index: Maybe; + type: Maybe; + }; - language: Maybe; + export type Os = { + __typename?: 'OsEcsFields'; - query: Maybe; + family: Maybe; - to: Maybe; + name: Maybe; - filters: Maybe; + platform: Maybe; - note: Maybe; + version: Maybe; + }; - type: Maybe; + export type Cloud = { + __typename?: 'CloudFields'; - threshold: Maybe; + instance: Maybe; - exceptions_list: Maybe; - }; + machine: Maybe; - export type Suricata = { - __typename?: 'SuricataEcsFields'; + provider: Maybe<(Maybe)[]>; - eve: Maybe; + region: Maybe<(Maybe)[]>; }; - export type Eve = { - __typename?: 'SuricataEveData'; + export type Instance = { + __typename?: 'CloudInstance'; - proto: Maybe; + id: Maybe<(Maybe)[]>; + }; - flow_id: Maybe; + export type Machine = { + __typename?: 'CloudMachine'; - alert: Maybe; + type: Maybe<(Maybe)[]>; }; - export type Alert = { - __typename?: 'SuricataAlertData'; + export type Inspect = { + __typename?: 'Inspect'; - signature: Maybe; + dsl: string[]; - signature_id: Maybe; + response: string[]; }; - export type Network = { - __typename?: 'NetworkEcsField'; + export type Endpoint = { + __typename?: 'EndpointFields'; - bytes: Maybe; + endpointPolicy: Maybe; - community_id: Maybe; + policyStatus: Maybe; - direction: Maybe; + sensorVersion: Maybe; + }; +} - packets: Maybe; +export namespace GetHostFirstLastSeenQuery { + export type Variables = { + sourceId: string; + hostName: string; + defaultIndex: string[]; + docValueFields: DocValueFieldsInput[]; + }; - protocol: Maybe; + export type Query = { + __typename?: 'Query'; - transport: Maybe; + source: Source; }; - export type Http = { - __typename?: 'HttpEcsFields'; - - version: Maybe; + export type Source = { + __typename?: 'Source'; - request: Maybe; + id: string; - response: Maybe; + HostFirstLastSeen: HostFirstLastSeen; }; - export type Request = { - __typename?: 'HttpRequestData'; - - method: Maybe; + export type HostFirstLastSeen = { + __typename?: 'FirstLastSeenHost'; - body: Maybe; + firstSeen: Maybe; - referrer: Maybe; + lastSeen: Maybe; }; +} - export type Body = { - __typename?: 'HttpBodyData'; +export namespace GetHostsTableQuery { + export type Variables = { + sourceId: string; + timerange: TimerangeInput; + pagination: PaginationInputPaginated; + sort: HostsSortField; + filterQuery?: Maybe; + defaultIndex: string[]; + inspect: boolean; + docValueFields: DocValueFieldsInput[]; + }; - bytes: Maybe; + export type Query = { + __typename?: 'Query'; - content: Maybe; + source: Source; }; - export type Response = { - __typename?: 'HttpResponseData'; + export type Source = { + __typename?: 'Source'; - status_code: Maybe; + id: string; - body: Maybe<_Body>; + Hosts: Hosts; }; - export type _Body = { - __typename?: 'HttpBodyData'; + export type Hosts = { + __typename?: 'HostsData'; - bytes: Maybe; + totalCount: number; - content: Maybe; - }; + edges: Edges[]; + + pageInfo: PageInfo; - export type Tls = { - __typename?: 'TlsEcsFields'; + inspect: Maybe; + }; - client_certificate: Maybe; + export type Edges = { + __typename?: 'HostsEdges'; - fingerprints: Maybe; + node: Node; - server_certificate: Maybe; + cursor: Cursor; }; - export type ClientCertificate = { - __typename?: 'TlsClientCertificateData'; + export type Node = { + __typename?: 'HostItem'; - fingerprint: Maybe; - }; + _id: Maybe; - export type Fingerprint = { - __typename?: 'FingerprintData'; + lastSeen: Maybe; - sha1: Maybe; + host: Maybe; }; - export type Fingerprints = { - __typename?: 'TlsFingerprintsData'; + export type Host = { + __typename?: 'HostEcsFields'; - ja3: Maybe; - }; + id: Maybe; - export type Ja3 = { - __typename?: 'TlsJa3Data'; + name: Maybe; - hash: Maybe; + os: Maybe; }; - export type ServerCertificate = { - __typename?: 'TlsServerCertificateData'; + export type Os = { + __typename?: 'OsEcsFields'; + + name: Maybe; - fingerprint: Maybe<_Fingerprint>; + version: Maybe; }; - export type _Fingerprint = { - __typename?: 'FingerprintData'; + export type Cursor = { + __typename?: 'CursorType'; - sha1: Maybe; + value: Maybe; }; - export type Url = { - __typename?: 'UrlEcsFields'; - - original: Maybe; + export type PageInfo = { + __typename?: 'PageInfoPaginated'; - domain: Maybe; + activePage: number; - username: Maybe; + fakeTotalCount: number; - password: Maybe; + showMorePagesIndicator: boolean; }; - export type User = { - __typename?: 'UserEcsFields'; + export type Inspect = { + __typename?: 'Inspect'; - domain: Maybe; + dsl: string[]; - name: Maybe; + response: string[]; }; +} - export type Winlog = { - __typename?: 'WinlogEcsFields'; - - event_id: Maybe; +export namespace GetAllTimeline { + export type Variables = { + pageInfo: PageInfoTimeline; + search?: Maybe; + sort?: Maybe; + onlyUserFavorite?: Maybe; + timelineType?: Maybe; + status?: Maybe; }; - export type Process = { - __typename?: 'ProcessEcsFields'; + export type Query = { + __typename?: 'Query'; - hash: Maybe; + getAllTimeline: GetAllTimeline; + }; - pid: Maybe; + export type GetAllTimeline = { + __typename?: 'ResponseTimelines'; - name: Maybe; + totalCount: Maybe; - ppid: Maybe; + defaultTimelineCount: Maybe; - args: Maybe; + templateTimelineCount: Maybe; - entity_id: Maybe; + elasticTemplateTimelineCount: Maybe; - executable: Maybe; + customTemplateTimelineCount: Maybe; - title: Maybe; + favoriteCount: Maybe; - working_directory: Maybe; + timeline: (Maybe)[]; }; - export type Hash = { - __typename?: 'ProcessHashData'; - - md5: Maybe; - - sha1: Maybe; - - sha256: Maybe; - }; + export type Timeline = { + __typename?: 'TimelineResult'; - export type Zeek = { - __typename?: 'ZeekEcsFields'; + savedObjectId: string; - session_id: Maybe; + description: Maybe; - connection: Maybe; + favorite: Maybe; - notice: Maybe; + eventIdToNoteIds: Maybe; - dns: Maybe<_Dns>; + excludedRowRendererIds: Maybe; - http: Maybe<_Http>; + notes: Maybe; - files: Maybe; + noteIds: Maybe; - ssl: Maybe; - }; + pinnedEventIds: Maybe; - export type Connection = { - __typename?: 'ZeekConnectionData'; + status: Maybe; - local_resp: Maybe; + title: Maybe; - local_orig: Maybe; + timelineType: Maybe; - missed_bytes: Maybe; + templateTimelineId: Maybe; - state: Maybe; + templateTimelineVersion: Maybe; - history: Maybe; - }; + created: Maybe; - export type Notice = { - __typename?: 'ZeekNoticeData'; + createdBy: Maybe; - suppress_for: Maybe; + updated: Maybe; - msg: Maybe; + updatedBy: Maybe; - note: Maybe; + version: string; + }; - sub: Maybe; + export type Favorite = { + __typename?: 'FavoriteTimelineResult'; - dst: Maybe; + fullName: Maybe; - dropped: Maybe; + userName: Maybe; - peer_descr: Maybe; + favoriteDate: Maybe; }; - export type _Dns = { - __typename?: 'ZeekDnsData'; - - AA: Maybe; + export type EventIdToNoteIds = { + __typename?: 'NoteResult'; - qclass_name: Maybe; + eventId: Maybe; - RD: Maybe; + note: Maybe; - qtype_name: Maybe; + timelineId: Maybe; - rejected: Maybe; + noteId: string; - qtype: Maybe; + created: Maybe; - query: Maybe; + createdBy: Maybe; - trans_id: Maybe; + timelineVersion: Maybe; - qclass: Maybe; + updated: Maybe; - RA: Maybe; + updatedBy: Maybe; - TC: Maybe; + version: Maybe; }; - export type _Http = { - __typename?: 'ZeekHttpData'; - - resp_mime_types: Maybe; - - trans_depth: Maybe; - - status_msg: Maybe; - - resp_fuids: Maybe; + export type Notes = { + __typename?: 'NoteResult'; - tags: Maybe; - }; + eventId: Maybe; - export type Files = { - __typename?: 'ZeekFileData'; + note: Maybe; - session_ids: Maybe; + timelineId: Maybe; - timedout: Maybe; + timelineVersion: Maybe; - local_orig: Maybe; + noteId: string; - tx_host: Maybe; + created: Maybe; - source: Maybe; + createdBy: Maybe; - is_orig: Maybe; + updated: Maybe; - overflow_bytes: Maybe; + updatedBy: Maybe; - sha1: Maybe; + version: Maybe; + }; +} - duration: Maybe; +export namespace DeleteTimelineMutation { + export type Variables = { + id: string[]; + }; - depth: Maybe; + export type Mutation = { + __typename?: 'Mutation'; - analyzers: Maybe; + deleteTimeline: boolean; + }; +} - mime_type: Maybe; +export namespace PersistTimelineFavoriteMutation { + export type Variables = { + timelineId?: Maybe; + }; - rx_host: Maybe; + export type Mutation = { + __typename?: 'Mutation'; - total_bytes: Maybe; + persistFavorite: PersistFavorite; + }; - fuid: Maybe; + export type PersistFavorite = { + __typename?: 'ResponseFavoriteTimeline'; - seen_bytes: Maybe; + savedObjectId: string; - missing_bytes: Maybe; + version: string; - md5: Maybe; + favorite: Maybe; }; - export type Ssl = { - __typename?: 'ZeekSslData'; - - cipher: Maybe; + export type Favorite = { + __typename?: 'FavoriteTimelineResult'; - established: Maybe; + fullName: Maybe; - resumed: Maybe; + userName: Maybe; - version: Maybe; + favoriteDate: Maybe; }; } @@ -5199,33 +2772,3 @@ export namespace PersistTimelinePinnedEventMutation { version: Maybe; }; } - -export namespace KpiHostDetailsChartFields { - export type Fragment = { - __typename?: 'KpiHostHistogramData'; - - x: Maybe; - - y: Maybe; - }; -} - -export namespace KpiHostChartFields { - export type Fragment = { - __typename?: 'KpiHostHistogramData'; - - x: Maybe; - - y: Maybe; - }; -} - -export namespace KpiNetworkChartFields { - export type Fragment = { - __typename?: 'KpiNetworkHistogramData'; - - x: Maybe; - - y: Maybe; - }; -} diff --git a/x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts b/x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts deleted file mode 100644 index c68816b34c175..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/authentications/index.gql_query.ts +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const authenticationsQuery = gql` - query GetAuthenticationsQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $pagination: PaginationInputPaginated! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - $docValueFields: [docValueFieldsInput!]! - ) { - source(id: $sourceId) { - id - Authentications( - timerange: $timerange - pagination: $pagination - filterQuery: $filterQuery - defaultIndex: $defaultIndex - docValueFields: $docValueFields - ) { - totalCount - edges { - node { - _id - failures - successes - user { - name - } - lastSuccess { - timestamp - source { - ip - } - host { - id - name - } - } - lastFailure { - timestamp - source { - ip - } - host { - id - name - } - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx b/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx deleted file mode 100644 index 077f49c4bdfa6..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query.tsx +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiHostDetailsQuery = gql` - fragment KpiHostDetailsChartFields on KpiHostHistogramData { - x - y - } - - query GetKpiHostDetailsQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - KpiHostDetails( - timerange: $timerange - filterQuery: $filterQuery - defaultIndex: $defaultIndex - ) { - authSuccess - authSuccessHistogram { - ...KpiHostDetailsChartFields - } - authFailure - authFailureHistogram { - ...KpiHostDetailsChartFields - } - uniqueSourceIps - uniqueSourceIpsHistogram { - ...KpiHostDetailsChartFields - } - uniqueDestinationIps - uniqueDestinationIpsHistogram { - ...KpiHostDetailsChartFields - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx b/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx deleted file mode 100644 index 26e4eaf9ea82e..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/kpi_host_details/index.tsx +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; -import React from 'react'; -import { Query } from 'react-apollo'; -import { connect, ConnectedProps } from 'react-redux'; - -import { KpiHostDetailsData, GetKpiHostDetailsQuery } from '../../../graphql/types'; -import { inputsModel, inputsSelectors, State } from '../../../common/store'; -import { createFilter, getDefaultFetchPolicy } from '../../../common/containers/helpers'; -import { QueryTemplateProps } from '../../../common/containers/query_template'; - -import { kpiHostDetailsQuery } from './index.gql_query'; - -const ID = 'kpiHostDetailsQuery'; - -export interface KpiHostDetailsArgs { - id: string; - inspect: inputsModel.InspectQuery; - kpiHostDetails: KpiHostDetailsData; - loading: boolean; - refetch: inputsModel.Refetch; -} - -export interface QueryKpiHostDetailsProps extends QueryTemplateProps { - children: (args: KpiHostDetailsArgs) => React.ReactNode; -} - -const KpiHostDetailsComponentQuery = React.memo( - ({ - id = ID, - children, - endDate, - filterQuery, - indexNames, - isInspected, - skip, - sourceId, - startDate, - }) => ( - - query={kpiHostDetailsQuery} - fetchPolicy={getDefaultFetchPolicy()} - notifyOnNetworkStatusChange - skip={skip} - variables={{ - sourceId, - timerange: { - interval: '12h', - from: startDate!, - to: endDate!, - }, - filterQuery: createFilter(filterQuery), - defaultIndex: indexNames ?? [], - inspect: isInspected, - }} - > - {({ data, loading, refetch }) => { - const kpiHostDetails = getOr({}, `source.KpiHostDetails`, data); - return children({ - id, - inspect: getOr(null, 'source.KpiHostDetails.inspect', data), - kpiHostDetails, - loading, - refetch, - }); - }} - - ) -); - -KpiHostDetailsComponentQuery.displayName = 'KpiHostDetailsComponentQuery'; - -const makeMapStateToProps = () => { - const getQuery = inputsSelectors.globalQueryByIdSelector(); - const mapStateToProps = (state: State, { id = ID }: QueryKpiHostDetailsProps) => { - const { isInspected } = getQuery(state, id); - return { - isInspected, - }; - }; - return mapStateToProps; -}; - -const connector = connect(makeMapStateToProps); - -type PropsFromRedux = ConnectedProps; - -export const KpiHostDetailsQuery = connector(KpiHostDetailsComponentQuery); diff --git a/x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts b/x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts deleted file mode 100644 index 37d54455db1fd..0000000000000 --- a/x-pack/plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query.ts +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiHostsQuery = gql` - fragment KpiHostChartFields on KpiHostHistogramData { - x - y - } - - query GetKpiHostsQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - KpiHosts(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) { - hosts - hostsHistogram { - ...KpiHostChartFields - } - authSuccess - authSuccessHistogram { - ...KpiHostChartFields - } - authFailure - authFailureHistogram { - ...KpiHostChartFields - } - uniqueSourceIps - uniqueSourceIpsHistogram { - ...KpiHostChartFields - } - uniqueDestinationIps - uniqueDestinationIpsHistogram { - ...KpiHostChartFields - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx b/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx index 55b2b529000be..a8b46769b7363 100644 --- a/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx +++ b/x-pack/plugins/security_solution/public/hosts/pages/details/index.tsx @@ -9,7 +9,7 @@ import { noop } from 'lodash/fp'; import React, { useEffect, useCallback, useMemo } from 'react'; import { connect, ConnectedProps } from 'react-redux'; -import { HostItem } from '../../../../common/search_strategy'; +import { HostItem, LastEventIndexKey } from '../../../../common/search_strategy'; import { SecurityPageName } from '../../../app/types'; import { UpdateDateRange } from '../../../common/components/charts/common'; import { FiltersGlobal } from '../../../common/components/filters_global'; @@ -28,7 +28,6 @@ import { SiemSearchBar } from '../../../common/components/search_bar'; import { WrapperPage } from '../../../common/components/wrapper_page'; import { HostOverviewByNameQuery } from '../../containers/hosts/details'; import { useGlobalTime } from '../../../common/containers/use_global_time'; -import { LastEventIndexKey } from '../../../graphql/types'; import { useKibana } from '../../../common/lib/kibana'; import { convertToBuildEsQuery } from '../../../common/lib/keury'; import { inputsSelectors, State } from '../../../common/store'; diff --git a/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx b/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx index ea8cf11e7595a..4835f7eff5b6f 100644 --- a/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx +++ b/x-pack/plugins/security_solution/public/hosts/pages/hosts.tsx @@ -23,7 +23,7 @@ import { WrapperPage } from '../../common/components/wrapper_page'; import { useFullScreen } from '../../common/containers/use_full_screen'; import { useGlobalTime } from '../../common/containers/use_global_time'; import { TimelineId } from '../../../common/types/timeline'; -import { LastEventIndexKey } from '../../graphql/types'; +import { LastEventIndexKey } from '../../../common/search_strategy'; import { useKibana } from '../../common/lib/kibana'; import { convertToBuildEsQuery } from '../../common/lib/keury'; import { inputsSelectors, State } from '../../common/store'; diff --git a/x-pack/plugins/security_solution/public/network/components/direction/index.tsx b/x-pack/plugins/security_solution/public/network/components/direction/index.tsx index c8e8f009339c1..7fbc4c5e3c6df 100644 --- a/x-pack/plugins/security_solution/public/network/components/direction/index.tsx +++ b/x-pack/plugins/security_solution/public/network/components/direction/index.tsx @@ -6,7 +6,7 @@ import React from 'react'; -import { NetworkDirectionEcs } from '../../../graphql/types'; +import { NetworkDirectionEcs } from '../../../../common/search_strategy'; import { DraggableBadge } from '../../../common/components/draggables'; import { NETWORK_DIRECTION_FIELD_NAME } from '../source_destination/field_names'; diff --git a/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap index a70ee66a5552e..0119859d37672 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/network/components/network_dns_table/__snapshots__/index.test.tsx.snap @@ -1,7 +1,7 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`NetworkTopNFlow Table Component rendering it renders the default NetworkTopNFlow table 1`] = ` - { const wrapper = shallow( ); - expect(wrapper.find('Connect(NetworkDnsTableComponent)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkDnsTableComponent)')).toMatchSnapshot(); }); }); @@ -81,18 +77,14 @@ describe('NetworkTopNFlow Table Component', () => { diff --git a/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx b/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx index ce5c05db34c5e..fa7690e9eeaff 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx +++ b/x-pack/plugins/security_solution/public/network/components/network_dns_table/index.tsx @@ -5,17 +5,16 @@ */ import React, { useCallback, useMemo } from 'react'; -import { connect, ConnectedProps } from 'react-redux'; +import { useDispatch, useSelector, shallowEqual } from 'react-redux'; import deepEqual from 'fast-deep-equal'; import { networkActions, networkModel, networkSelectors } from '../../store'; import { Direction, + SortField, NetworkDnsEdges, NetworkDnsFields, - NetworkDnsSortField, -} from '../../../graphql/types'; -import { State } from '../../../common/store'; +} from '../../../../common/search_strategy'; import { Criteria, ItemsPerRow, PaginatedTable } from '../../../common/components/paginated_table'; import { getNetworkDnsColumns } from './columns'; @@ -24,7 +23,7 @@ import * as i18n from './translations'; const tableType = networkModel.NetworkTableType.dns; -interface OwnProps { +interface NetworkDnsTableProps { data: NetworkDnsEdges[]; fakeTotalCount: number; id: string; @@ -36,8 +35,6 @@ interface OwnProps { type: networkModel.NetworkType; } -type NetworkDnsTableProps = OwnProps & PropsFromRedux; - const rowItems: ItemsPerRow[] = [ { text: i18n.ROWS_5, @@ -49,121 +46,122 @@ const rowItems: ItemsPerRow[] = [ }, ]; -export const NetworkDnsTableComponent = React.memo( - ({ - activePage, - data, - fakeTotalCount, - id, - isInspect, - isPtrIncluded, - limit, - loading, - loadPage, - showMorePagesIndicator, - sort, - totalCount, - type, - updateNetworkTable, - }) => { - const updateLimitPagination = useCallback( - (newLimit) => - updateNetworkTable({ +const NetworkDnsTableComponent: React.FC = ({ + data, + fakeTotalCount, + id, + isInspect, + loading, + loadPage, + showMorePagesIndicator, + totalCount, + type, +}) => { + const dispatch = useDispatch(); + const getNetworkDnsSelector = networkSelectors.dnsSelector(); + const { activePage, isPtrIncluded, limit, sort } = useSelector( + getNetworkDnsSelector, + shallowEqual + ); + const updateLimitPagination = useCallback( + (newLimit) => + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { limit: newLimit }, - }), - [type, updateNetworkTable] - ); - - const updateActivePage = useCallback( - (newPage) => - updateNetworkTable({ + }) + ), + [type, dispatch] + ); + + const updateActivePage = useCallback( + (newPage) => + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { activePage: newPage }, - }), - [type, updateNetworkTable] - ); - - const onChange = useCallback( - (criteria: Criteria) => { - if (criteria.sort != null) { - const newDnsSortField: NetworkDnsSortField = { - field: criteria.sort.field.split('.')[1] as NetworkDnsFields, - direction: criteria.sort.direction as Direction, - }; - if (!deepEqual(newDnsSortField, sort)) { - updateNetworkTable({ + }) + ), + [dispatch, type] + ); + + const onChange = useCallback( + (criteria: Criteria) => { + if (criteria.sort != null) { + const newDnsSortField: SortField = { + field: criteria.sort.field.split('.')[1] as NetworkDnsFields, + direction: criteria.sort.direction as Direction, + }; + if (!deepEqual(newDnsSortField, sort)) { + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { sort: newDnsSortField }, - }); - } + }) + ); } - }, - [sort, type, updateNetworkTable] - ); - - const onChangePtrIncluded = useCallback( - () => - updateNetworkTable({ + } + }, + [sort, type, dispatch] + ); + + const onChangePtrIncluded = useCallback( + () => + dispatch( + networkActions.updateNetworkTable({ networkType: type, tableType, updates: { isPtrIncluded: !isPtrIncluded }, - }), - [type, updateNetworkTable, isPtrIncluded] - ); - - const columns = useMemo(() => getNetworkDnsColumns(), []); - - return ( - - } - headerTitle={i18n.TOP_DNS_DOMAINS} - headerTooltip={i18n.TOOLTIP} - headerUnit={i18n.UNIT(totalCount)} - id={id} - itemsPerRow={rowItems} - isInspect={isInspect} - limit={limit} - loading={loading} - loadPage={loadPage} - onChange={onChange} - pageOfItems={data} - showMorePagesIndicator={showMorePagesIndicator} - sorting={{ - field: `node.${sort.field}`, - direction: sort.direction, - }} - totalCount={fakeTotalCount} - updateActivePage={updateActivePage} - updateLimitPagination={updateLimitPagination} - /> - ); - } -); - -NetworkDnsTableComponent.displayName = 'NetworkDnsTableComponent'; - -const makeMapStateToProps = () => { - const getNetworkDnsSelector = networkSelectors.dnsSelector(); - const mapStateToProps = (state: State) => getNetworkDnsSelector(state); - return mapStateToProps; -}; - -const mapDispatchToProps = { - updateNetworkTable: networkActions.updateNetworkTable, + }) + ), + [dispatch, type, isPtrIncluded] + ); + + const columns = useMemo(() => getNetworkDnsColumns(), []); + + const sorting = useMemo( + () => ({ + field: `node.${sort.field}`, + direction: sort.direction, + }), + [sort.direction, sort.field] + ); + + const HeaderSupplement = useMemo( + () => , + [isPtrIncluded, onChangePtrIncluded] + ); + + return ( + + ); }; -const connector = connect(makeMapStateToProps, mapDispatchToProps); - -type PropsFromRedux = ConnectedProps; +NetworkDnsTableComponent.displayName = 'NetworkDnsTableComponent'; -export const NetworkDnsTable = connector(NetworkDnsTableComponent); +export const NetworkDnsTable = React.memo(NetworkDnsTableComponent); diff --git a/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts index d094256fa4026..faeee4800d8a8 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/network_dns_table/mock.ts @@ -4,179 +4,178 @@ * you may not use this file except in compliance with the Elastic License. */ -import { NetworkDnsData } from '../../../graphql/types'; +import { NetworkDnsStrategyResponse } from '../../../../common/search_strategy'; -export const mockData: { NetworkDns: NetworkDnsData } = { - NetworkDns: { - totalCount: 80, - edges: [ - { - node: { - _id: 'nflxvideo.net', - dnsBytesIn: 2964, - dnsBytesOut: 12546, - dnsName: 'nflxvideo.net', - queryCount: 52, - uniqueDomains: 21, - }, - cursor: { value: 'nflxvideo.net' }, - }, - { - node: { - _id: 'apple.com', - dnsBytesIn: 2680, - dnsBytesOut: 31687, - dnsName: 'apple.com', - queryCount: 75, - uniqueDomains: 20, - }, - cursor: { value: 'apple.com' }, - }, - { - node: { - _id: 'googlevideo.com', - dnsBytesIn: 1890, - dnsBytesOut: 16292, - dnsName: 'googlevideo.com', - queryCount: 38, - uniqueDomains: 19, - }, - cursor: { value: 'googlevideo.com' }, - }, - { - node: { - _id: 'netflix.com', - dnsBytesIn: 60525, - dnsBytesOut: 218193, - dnsName: 'netflix.com', - queryCount: 1532, - uniqueDomains: 12, - }, - cursor: { value: 'netflix.com' }, - }, - { - node: { - _id: 'samsungcloudsolution.com', - dnsBytesIn: 1480, - dnsBytesOut: 11702, - dnsName: 'samsungcloudsolution.com', - queryCount: 31, - uniqueDomains: 8, - }, - cursor: { value: 'samsungcloudsolution.com' }, - }, - { - node: { - _id: 'doubleclick.net', - dnsBytesIn: 1505, - dnsBytesOut: 14372, - dnsName: 'doubleclick.net', - queryCount: 35, - uniqueDomains: 7, - }, - cursor: { value: 'doubleclick.net' }, - }, - { - node: { - _id: 'digitalocean.com', - dnsBytesIn: 2035, - dnsBytesOut: 4111, - dnsName: 'digitalocean.com', - queryCount: 35, - uniqueDomains: 6, - }, - cursor: { value: 'digitalocean.com' }, - }, - { - node: { - _id: 'samsungelectronics.com', - dnsBytesIn: 3916, - dnsBytesOut: 36592, - dnsName: 'samsungelectronics.com', - queryCount: 89, - uniqueDomains: 6, - }, - cursor: { value: 'samsungelectronics.com' }, - }, - { - node: { - _id: 'google.com', - dnsBytesIn: 896, - dnsBytesOut: 8072, - dnsName: 'google.com', - queryCount: 23, - uniqueDomains: 5, - }, - cursor: { value: 'google.com' }, - }, - { - node: { - _id: 'samsungcloudsolution.net', - dnsBytesIn: 1490, - dnsBytesOut: 11518, - dnsName: 'samsungcloudsolution.net', - queryCount: 30, - uniqueDomains: 5, - }, - cursor: { value: 'samsungcloudsolution.net' }, - }, - ], - pageInfo: { - activePage: 1, - fakeTotalCount: 50, - showMorePagesIndicator: true, - }, - histogram: [ - { - x: 'nflxvideo.net', - g: 'nflxvideo.net', - y: 12546, - }, - { - x: 'apple.com', - g: 'apple.com', - y: 31687, - }, - { - x: 'googlevideo.com', - g: 'googlevideo.com', - y: 16292, - }, - { - x: 'netflix.com', - g: 'netflix.com', - y: 218193, - }, - { - x: 'samsungcloudsolution.com', - g: 'samsungcloudsolution.com', - y: 11702, - }, - { - x: 'doubleclick.net', - g: 'doubleclick.net', - y: 14372, - }, - { - x: 'digitalocean.com', - g: 'digitalocean.com', - y: 4111, - }, - { - x: 'samsungelectronics.com', - g: 'samsungelectronics.com', - y: 36592, - }, - { - x: 'google.com', - g: 'google.com', - y: 8072, - }, - { - x: 'samsungcloudsolution.net', - g: 'samsungcloudsolution.net', - y: 11518, - }, - ], +export const mockData: NetworkDnsStrategyResponse = { + totalCount: 80, + edges: [ + { + node: { + _id: 'nflxvideo.net', + dnsBytesIn: 2964, + dnsBytesOut: 12546, + dnsName: 'nflxvideo.net', + queryCount: 52, + uniqueDomains: 21, + }, + cursor: { value: 'nflxvideo.net' }, + }, + { + node: { + _id: 'apple.com', + dnsBytesIn: 2680, + dnsBytesOut: 31687, + dnsName: 'apple.com', + queryCount: 75, + uniqueDomains: 20, + }, + cursor: { value: 'apple.com' }, + }, + { + node: { + _id: 'googlevideo.com', + dnsBytesIn: 1890, + dnsBytesOut: 16292, + dnsName: 'googlevideo.com', + queryCount: 38, + uniqueDomains: 19, + }, + cursor: { value: 'googlevideo.com' }, + }, + { + node: { + _id: 'netflix.com', + dnsBytesIn: 60525, + dnsBytesOut: 218193, + dnsName: 'netflix.com', + queryCount: 1532, + uniqueDomains: 12, + }, + cursor: { value: 'netflix.com' }, + }, + { + node: { + _id: 'samsungcloudsolution.com', + dnsBytesIn: 1480, + dnsBytesOut: 11702, + dnsName: 'samsungcloudsolution.com', + queryCount: 31, + uniqueDomains: 8, + }, + cursor: { value: 'samsungcloudsolution.com' }, + }, + { + node: { + _id: 'doubleclick.net', + dnsBytesIn: 1505, + dnsBytesOut: 14372, + dnsName: 'doubleclick.net', + queryCount: 35, + uniqueDomains: 7, + }, + cursor: { value: 'doubleclick.net' }, + }, + { + node: { + _id: 'digitalocean.com', + dnsBytesIn: 2035, + dnsBytesOut: 4111, + dnsName: 'digitalocean.com', + queryCount: 35, + uniqueDomains: 6, + }, + cursor: { value: 'digitalocean.com' }, + }, + { + node: { + _id: 'samsungelectronics.com', + dnsBytesIn: 3916, + dnsBytesOut: 36592, + dnsName: 'samsungelectronics.com', + queryCount: 89, + uniqueDomains: 6, + }, + cursor: { value: 'samsungelectronics.com' }, + }, + { + node: { + _id: 'google.com', + dnsBytesIn: 896, + dnsBytesOut: 8072, + dnsName: 'google.com', + queryCount: 23, + uniqueDomains: 5, + }, + cursor: { value: 'google.com' }, + }, + { + node: { + _id: 'samsungcloudsolution.net', + dnsBytesIn: 1490, + dnsBytesOut: 11518, + dnsName: 'samsungcloudsolution.net', + queryCount: 30, + uniqueDomains: 5, + }, + cursor: { value: 'samsungcloudsolution.net' }, + }, + ], + pageInfo: { + activePage: 1, + fakeTotalCount: 50, + showMorePagesIndicator: true, }, + histogram: [ + { + x: 'nflxvideo.net', + g: 'nflxvideo.net', + y: 12546, + }, + { + x: 'apple.com', + g: 'apple.com', + y: 31687, + }, + { + x: 'googlevideo.com', + g: 'googlevideo.com', + y: 16292, + }, + { + x: 'netflix.com', + g: 'netflix.com', + y: 218193, + }, + { + x: 'samsungcloudsolution.com', + g: 'samsungcloudsolution.com', + y: 11702, + }, + { + x: 'doubleclick.net', + g: 'doubleclick.net', + y: 14372, + }, + { + x: 'digitalocean.com', + g: 'digitalocean.com', + y: 4111, + }, + { + x: 'samsungelectronics.com', + g: 'samsungelectronics.com', + y: 36592, + }, + { + x: 'google.com', + g: 'google.com', + y: 8072, + }, + { + x: 'samsungcloudsolution.net', + g: 'samsungcloudsolution.net', + y: 11518, + }, + ], + rawResponse: {} as NetworkDnsStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap index 7adee9531b1f3..c5df0f6603fbf 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/network/components/network_http_table/__snapshots__/index.test.tsx.snap @@ -1,3 +1,102 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`NetworkHttp Table Component rendering it renders the default NetworkHttp table 1`] = `null`; +exports[`NetworkHttp Table Component rendering it renders the default NetworkHttp table 1`] = ` + +`; diff --git a/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx b/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx index 2e0e278d8242d..5bd9b0f79f903 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx +++ b/x-pack/plugins/security_solution/public/network/components/network_http_table/index.test.tsx @@ -57,24 +57,20 @@ describe('NetworkHttp Table Component', () => { const wrapper = shallow( ); - expect(wrapper.find('Connect(Component)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkHttpTableComponent)')).toMatchSnapshot(); }); }); @@ -84,18 +80,14 @@ describe('NetworkHttp Table Component', () => { diff --git a/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts index f82f911d601ff..592feb6b73cde 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/network_http_table/mock.ts @@ -4,85 +4,83 @@ * you may not use this file except in compliance with the Elastic License. */ -import { NetworkHttpData } from '../../../graphql/types'; +import { NetworkHttpStrategyResponse } from '../../../../common/search_strategy'; -export const mockData: { NetworkHttp: NetworkHttpData } = { - NetworkHttp: { - edges: [ - { - node: { - _id: '/computeMetadata/v1/instance/virtual-clock/drift-token', - domains: ['metadata.google.internal'], - methods: ['get'], - statuses: [], - lastHost: 'suricata-iowa', - lastSourceIp: '10.128.0.21', - path: '/computeMetadata/v1/instance/virtual-clock/drift-token', - requestCount: 1440, - }, - cursor: { - value: '/computeMetadata/v1/instance/virtual-clock/drift-token', - tiebreaker: null, - }, +export const mockData: NetworkHttpStrategyResponse = { + edges: [ + { + node: { + _id: '/computeMetadata/v1/instance/virtual-clock/drift-token', + domains: ['metadata.google.internal'], + methods: ['get'], + statuses: [], + lastHost: 'suricata-iowa', + lastSourceIp: '10.128.0.21', + path: '/computeMetadata/v1/instance/virtual-clock/drift-token', + requestCount: 1440, }, - { - node: { - _id: '/computeMetadata/v1/', - domains: ['metadata.google.internal'], - methods: ['get'], - statuses: ['200'], - lastHost: 'suricata-iowa', - lastSourceIp: '10.128.0.21', - path: '/computeMetadata/v1/', - requestCount: 1020, - }, - cursor: { - value: '/computeMetadata/v1/', - tiebreaker: null, - }, + cursor: { + value: '/computeMetadata/v1/instance/virtual-clock/drift-token', + tiebreaker: null, }, - { - node: { - _id: '/computeMetadata/v1/instance/network-interfaces/', - domains: ['metadata.google.internal'], - methods: ['get'], - statuses: [], - lastHost: 'suricata-iowa', - lastSourceIp: '10.128.0.21', - path: '/computeMetadata/v1/instance/network-interfaces/', - requestCount: 960, - }, - cursor: { - value: '/computeMetadata/v1/instance/network-interfaces/', - tiebreaker: null, - }, + }, + { + node: { + _id: '/computeMetadata/v1/', + domains: ['metadata.google.internal'], + methods: ['get'], + statuses: ['200'], + lastHost: 'suricata-iowa', + lastSourceIp: '10.128.0.21', + path: '/computeMetadata/v1/', + requestCount: 1020, }, - { - node: { - _id: '/downloads/ca_setup.exe', - domains: ['www.oxid.it'], - methods: ['get'], - statuses: ['200'], - lastHost: 'jessie', - lastSourceIp: '10.0.2.15', - path: '/downloads/ca_setup.exe', - requestCount: 3, - }, - cursor: { - value: '/downloads/ca_setup.exe', - tiebreaker: null, - }, + cursor: { + value: '/computeMetadata/v1/', + tiebreaker: null, }, - ], - inspect: { - dsl: [''], - response: [''], }, - pageInfo: { - activePage: 0, - fakeTotalCount: 4, - showMorePagesIndicator: false, + { + node: { + _id: '/computeMetadata/v1/instance/network-interfaces/', + domains: ['metadata.google.internal'], + methods: ['get'], + statuses: [], + lastHost: 'suricata-iowa', + lastSourceIp: '10.128.0.21', + path: '/computeMetadata/v1/instance/network-interfaces/', + requestCount: 960, + }, + cursor: { + value: '/computeMetadata/v1/instance/network-interfaces/', + tiebreaker: null, + }, }, - totalCount: 4, + { + node: { + _id: '/downloads/ca_setup.exe', + domains: ['www.oxid.it'], + methods: ['get'], + statuses: ['200'], + lastHost: 'jessie', + lastSourceIp: '10.0.2.15', + path: '/downloads/ca_setup.exe', + requestCount: 3, + }, + cursor: { + value: '/downloads/ca_setup.exe', + tiebreaker: null, + }, + }, + ], + inspect: { + dsl: [''], + }, + pageInfo: { + activePage: 0, + fakeTotalCount: 4, + showMorePagesIndicator: false, }, + totalCount: 4, + rawResponse: {} as NetworkHttpStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap index 3d47e398ed395..07874f9f39f0b 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/__snapshots__/index.test.tsx.snap @@ -1,7 +1,7 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`NetworkTopNFlow Table Component rendering it renders the default NetworkTopNFlow table on the IP Details page 1`] = ` - { const wrapper = shallow( ); - expect(wrapper.find('Connect(Component)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkTopNFlowTableComponent)')).toMatchSnapshot(); }); test('it renders the default NetworkTopNFlow table on the IP Details page', () => { const wrapper = shallow( ); - expect(wrapper.find('Connect(Component)')).toMatchSnapshot(); + expect(wrapper.find('Memo(NetworkTopNFlowTableComponent)')).toMatchSnapshot(); }); }); @@ -110,19 +102,15 @@ describe('NetworkTopNFlow Table Component', () => { diff --git a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx index 757b178431d90..9824ac602bb43 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx +++ b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/index.tsx @@ -5,23 +5,23 @@ */ import { last } from 'lodash/fp'; import React, { useCallback, useMemo } from 'react'; -import { connect, ConnectedProps } from 'react-redux'; +import { useDispatch, useSelector, shallowEqual } from 'react-redux'; import deepEqual from 'fast-deep-equal'; import { Direction, + SortField, FlowTargetSourceDest, NetworkTopNFlowEdges, NetworkTopTablesFields, - NetworkTopTablesSortField, -} from '../../../graphql/types'; +} from '../../../../common/search_strategy'; import { State } from '../../../common/store'; import { Criteria, ItemsPerRow, PaginatedTable } from '../../../common/components/paginated_table'; import { networkActions, networkModel, networkSelectors } from '../../store'; import { getNFlowColumnsCurated } from './columns'; import * as i18n from './translations'; -interface OwnProps { +interface NetworkTopNFlowTableProps { data: NetworkTopNFlowEdges[]; fakeTotalCount: number; flowTargeted: FlowTargetSourceDest; @@ -34,8 +34,6 @@ interface OwnProps { type: networkModel.NetworkType; } -type NetworkTopNFlowTableProps = OwnProps & PropsFromRedux; - const rowItems: ItemsPerRow[] = [ { text: i18n.ROWS_5, @@ -50,21 +48,24 @@ const rowItems: ItemsPerRow[] = [ export const NetworkTopNFlowTableId = 'networkTopSourceFlow-top-talkers'; const NetworkTopNFlowTableComponent: React.FC = ({ - activePage, data, fakeTotalCount, flowTargeted, id, isInspect, - limit, loading, loadPage, showMorePagesIndicator, - sort, totalCount, type, - updateNetworkTable, }) => { + const dispatch = useDispatch(); + const getTopNFlowSelector = networkSelectors.topNFlowSelector(); + const { activePage, limit, sort } = useSelector( + (state: State) => getTopNFlowSelector(state, type, flowTargeted), + shallowEqual + ); + const columns = useMemo( () => getNFlowColumnsCurated(flowTargeted, type, NetworkTopNFlowTableId), [flowTargeted, type] @@ -92,22 +93,24 @@ const NetworkTopNFlowTableComponent: React.FC = ({ const splitField = criteria.sort.field.split('.'); const field = last(splitField); const newSortDirection = field !== sort.field ? Direction.desc : criteria.sort.direction; // sort by desc on init click - const newTopNFlowSort: NetworkTopTablesSortField = { + const newTopNFlowSort: SortField = { field: field as NetworkTopTablesFields, - direction: newSortDirection as Direction, + direction: newSortDirection, }; if (!deepEqual(newTopNFlowSort, sort)) { - updateNetworkTable({ - networkType: type, - tableType, - updates: { - sort: newTopNFlowSort, - }, - }); + dispatch( + networkActions.updateNetworkTable({ + networkType: type, + tableType, + updates: { + sort: newTopNFlowSort, + }, + }) + ); } } }, - [sort, type, tableType, updateNetworkTable] + [sort, dispatch, type, tableType] ); const field = @@ -118,18 +121,26 @@ const NetworkTopNFlowTableComponent: React.FC = ({ const updateActivePage = useCallback( (newPage) => - updateNetworkTable({ - networkType: type, - tableType, - updates: { activePage: newPage }, - }), - [updateNetworkTable, type, tableType] + dispatch( + networkActions.updateNetworkTable({ + networkType: type, + tableType, + updates: { activePage: newPage }, + }) + ), + [dispatch, type, tableType] ); const updateLimitPagination = useCallback( (newLimit) => - updateNetworkTable({ networkType: type, tableType, updates: { limit: newLimit } }), - [updateNetworkTable, type, tableType] + dispatch( + networkActions.updateNetworkTable({ + networkType: type, + tableType, + updates: { limit: newLimit }, + }) + ), + [dispatch, type, tableType] ); return ( @@ -157,18 +168,4 @@ const NetworkTopNFlowTableComponent: React.FC = ({ ); }; -const makeMapStateToProps = () => { - const getTopNFlowSelector = networkSelectors.topNFlowSelector(); - return (state: State, { type, flowTargeted }: OwnProps) => - getTopNFlowSelector(state, type, flowTargeted); -}; - -const mapDispatchToProps = { - updateNetworkTable: networkActions.updateNetworkTable, -}; - -const connector = connect(makeMapStateToProps, mapDispatchToProps); - -type PropsFromRedux = ConnectedProps; - -export const NetworkTopNFlowTable = connector(React.memo(NetworkTopNFlowTableComponent)); +export const NetworkTopNFlowTable = React.memo(NetworkTopNFlowTableComponent); diff --git a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts index bd21d78ba77c5..cf7d6974fc739 100644 --- a/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts +++ b/x-pack/plugins/security_solution/public/network/components/network_top_n_flow_table/mock.ts @@ -4,83 +4,81 @@ * you may not use this file except in compliance with the Elastic License. */ -import { NetworkTopNFlowData, FlowTargetSourceDest } from '../../../graphql/types'; +import { + NetworkTopNFlowStrategyResponse, + FlowTargetSourceDest, +} from '../../../../common/search_strategy'; -export const mockData: { NetworkTopNFlow: NetworkTopNFlowData } = { - NetworkTopNFlow: { - totalCount: 524, - edges: [ - { - node: { - source: { - autonomous_system: { - name: 'Google, Inc', - number: 15169, - }, - domain: ['test.domain.com'], - flows: 12345, - destination_ips: 12, - ip: '8.8.8.8', - location: { - geo: { - continent_name: ['North America'], - country_name: null, - country_iso_code: ['US'], - city_name: ['Mountain View'], - region_iso_code: ['US-CA'], - region_name: ['California'], - }, - flowTarget: FlowTargetSourceDest.source, - }, +export const mockData: NetworkTopNFlowStrategyResponse = { + totalCount: 524, + edges: [ + { + node: { + source: { + autonomous_system: { + name: 'Google, Inc', + number: 15169, }, - destination: null, - network: { - bytes_in: 3826633497, - bytes_out: 1083495734, + domain: ['test.domain.com'], + flows: 12345, + destination_ips: 12, + ip: '8.8.8.8', + location: { + geo: { + continent_name: ['North America'], + country_iso_code: ['US'], + city_name: ['Mountain View'], + region_iso_code: ['US-CA'], + region_name: ['California'], + }, + flowTarget: FlowTargetSourceDest.source, }, }, - cursor: { - value: '8.8.8.8', + network: { + bytes_in: 3826633497, + bytes_out: 1083495734, }, }, - { - node: { - source: { - autonomous_system: { - name: 'TM Net, Internet Service Provider', - number: 4788, - }, - domain: ['test.domain.net', 'test.old.domain.net'], - flows: 12345, - destination_ips: 12, - ip: '9.9.9.9', - location: { - geo: { - continent_name: ['Asia'], - country_name: null, - country_iso_code: ['MY'], - city_name: ['Petaling Jaya'], - region_iso_code: ['MY-10'], - region_name: ['Selangor'], - }, - flowTarget: FlowTargetSourceDest.source, - }, + cursor: { + value: '8.8.8.8', + }, + }, + { + node: { + source: { + autonomous_system: { + name: 'TM Net, Internet Service Provider', + number: 4788, }, - destination: null, - network: { - bytes_in: 3826633497, - bytes_out: 1083495734, + domain: ['test.domain.net', 'test.old.domain.net'], + flows: 12345, + destination_ips: 12, + ip: '9.9.9.9', + location: { + geo: { + continent_name: ['Asia'], + country_iso_code: ['MY'], + city_name: ['Petaling Jaya'], + region_iso_code: ['MY-10'], + region_name: ['Selangor'], + }, + flowTarget: FlowTargetSourceDest.source, }, }, - cursor: { - value: '9.9.9.9', + network: { + bytes_in: 3826633497, + bytes_out: 1083495734, }, }, - ], - pageInfo: { - activePage: 1, - fakeTotalCount: 50, - showMorePagesIndicator: true, + cursor: { + value: '9.9.9.9', + }, }, + ], + pageInfo: { + activePage: 1, + fakeTotalCount: 50, + showMorePagesIndicator: true, }, + rawResponse: {} as NetworkTopNFlowStrategyResponse['rawResponse'], }; diff --git a/x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts deleted file mode 100644 index 3c693f08b45f2..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/kpi_network/index.gql_query.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiNetworkQuery = gql` - fragment KpiNetworkChartFields on KpiNetworkHistogramData { - x - y - } - - query GetKpiNetworkQuery( - $sourceId: ID! - $timerange: TimerangeInput! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - KpiNetwork(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) { - networkEvents - uniqueFlowId - uniqueSourcePrivateIps - uniqueSourcePrivateIpsHistogram { - ...KpiNetworkChartFields - } - uniqueDestinationPrivateIps - uniqueDestinationPrivateIpsHistogram { - ...KpiNetworkChartFields - } - dnsQueries - tlsHandshakes - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts deleted file mode 100644 index a81d112fa4c50..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.gql_query.ts +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkDnsQuery = gql` - query GetNetworkDnsQuery( - $defaultIndex: [String!]! - $filterQuery: String - $inspect: Boolean! - $isPtrIncluded: Boolean! - $pagination: PaginationInputPaginated! - $sort: NetworkDnsSortField! - $sourceId: ID! - $stackByField: String - $timerange: TimerangeInput! - ) { - source(id: $sourceId) { - id - NetworkDns( - isPtrIncluded: $isPtrIncluded - sort: $sort - timerange: $timerange - pagination: $pagination - filterQuery: $filterQuery - defaultIndex: $defaultIndex - stackByField: $stackByField - ) { - totalCount - edges { - node { - _id - dnsBytesIn - dnsBytesOut - dnsName - queryCount - uniqueDomains - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx index 334373c4a551a..1f199ba4f9acd 100644 --- a/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx +++ b/x-pack/plugins/security_solution/public/network/containers/network_dns/index.tsx @@ -13,7 +13,7 @@ import { ESTermQuery } from '../../../../common/typed_json'; import { inputsModel, State } from '../../../common/store'; import { useKibana } from '../../../common/lib/kibana'; import { createFilter } from '../../../common/containers/helpers'; -import { NetworkDnsEdges, PageInfoPaginated } from '../../../graphql/types'; +import { NetworkDnsEdges, PageInfoPaginated } from '../../../../common/search_strategy'; import { generateTablePaginationOptions } from '../../../common/components/paginated_table/helpers'; import { networkModel, networkSelectors } from '../../store'; import { diff --git a/x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts deleted file mode 100644 index bedf13dfa9849..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_http/index.gql_query.ts +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkHttpQuery = gql` - query GetNetworkHttpQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkHttpSortField! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkHttp( - filterQuery: $filterQuery - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - domains - lastHost - lastSourceIp - methods - path - requestCount - statuses - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx b/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx index 221b693818c50..98202f6b42be6 100644 --- a/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx +++ b/x-pack/plugins/security_solution/public/network/containers/network_http/index.tsx @@ -13,11 +13,12 @@ import { ESTermQuery } from '../../../../common/typed_json'; import { inputsModel, State } from '../../../common/store'; import { useKibana } from '../../../common/lib/kibana'; import { createFilter } from '../../../common/containers/helpers'; -import { NetworkHttpEdges, PageInfoPaginated } from '../../../graphql/types'; import { generateTablePaginationOptions } from '../../../common/components/paginated_table/helpers'; import { networkModel, networkSelectors } from '../../store'; import { NetworkQueries, + NetworkHttpEdges, + PageInfoPaginated, NetworkHttpRequestOptions, NetworkHttpStrategyResponse, SortField, diff --git a/x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts deleted file mode 100644 index 5850246ceecec..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_top_countries/index.gql_query.ts +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkTopCountriesQuery = gql` - query GetNetworkTopCountriesQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkTopTablesSortField! - $flowTarget: FlowTargetSourceDest! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkTopCountries( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - source { - country - destination_ips - flows - source_ips - } - destination { - country - destination_ips - flows - source_ips - } - network { - bytes_in - bytes_out - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts b/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts deleted file mode 100644 index a73f9ff9256ff..0000000000000 --- a/x-pack/plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query.ts +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkTopNFlowQuery = gql` - query GetNetworkTopNFlowQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkTopTablesSortField! - $flowTarget: FlowTargetSourceDest! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkTopNFlow( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - source { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - destination_ips - } - destination { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - source_ips - } - network { - bytes_in - bytes_out - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/network/pages/details/index.tsx b/x-pack/plugins/security_solution/public/network/pages/details/index.tsx index eaeb31c020473..a227dec410915 100644 --- a/x-pack/plugins/security_solution/public/network/pages/details/index.tsx +++ b/x-pack/plugins/security_solution/public/network/pages/details/index.tsx @@ -9,7 +9,7 @@ import React, { useCallback, useEffect, useMemo } from 'react'; import { useDispatch, useSelector, shallowEqual } from 'react-redux'; import { useParams } from 'react-router-dom'; -import { FlowTarget } from '../../../../common/search_strategy'; +import { FlowTarget, LastEventIndexKey } from '../../../../common/search_strategy'; import { useGlobalTime } from '../../../common/containers/use_global_time'; import { FiltersGlobal } from '../../../common/components/filters_global'; import { HeaderPage } from '../../../common/components/header_page'; @@ -24,7 +24,7 @@ import { IpOverview } from '../../components/details'; import { SiemSearchBar } from '../../../common/components/search_bar'; import { WrapperPage } from '../../../common/components/wrapper_page'; import { useNetworkDetails } from '../../containers/details'; -import { FlowTargetSourceDest, LastEventIndexKey } from '../../../graphql/types'; +import { FlowTargetSourceDest } from '../../../graphql/types'; import { useKibana } from '../../../common/lib/kibana'; import { decodeIpv6 } from '../../../common/lib/helpers'; import { convertToBuildEsQuery } from '../../../common/lib/keury'; diff --git a/x-pack/plugins/security_solution/public/network/pages/network.tsx b/x-pack/plugins/security_solution/public/network/pages/network.tsx index 6aea771e49499..243ea8626582f 100644 --- a/x-pack/plugins/security_solution/public/network/pages/network.tsx +++ b/x-pack/plugins/security_solution/public/network/pages/network.tsx @@ -24,7 +24,7 @@ import { SiemSearchBar } from '../../common/components/search_bar'; import { WrapperPage } from '../../common/components/wrapper_page'; import { useFullScreen } from '../../common/containers/use_full_screen'; import { useGlobalTime } from '../../common/containers/use_global_time'; -import { LastEventIndexKey } from '../../graphql/types'; +import { LastEventIndexKey } from '../../../common/search_strategy'; import { useKibana } from '../../common/lib/kibana'; import { convertToBuildEsQuery } from '../../common/lib/keury'; import { State, inputsSelectors } from '../../common/store'; diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx index 01e5202d03332..f823b717e7f4c 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx @@ -10,12 +10,13 @@ import React from 'react'; import { TestProviders } from '../../../../common/mock/test_providers'; import { FooterComponent, PagingControlComponent } from './index'; -import { mockData } from './mock'; describe('Footer Timeline Component', () => { const loadMore = jest.fn(); const onChangeItemsPerPage = jest.fn(); const updatedAt = 1546878704036; + const totalCount = 15546; + const itemsCount = 2; describe('rendering', () => { test('it renders the default timeline footer', () => { @@ -27,12 +28,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> ); @@ -49,12 +50,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={true} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> ); @@ -72,12 +73,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -123,12 +124,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={true} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> ); @@ -146,12 +147,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={1} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -173,12 +174,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -198,12 +199,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={1} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -225,12 +226,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={true} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> @@ -250,12 +251,12 @@ describe('Footer Timeline Component', () => { id={'timeline-id'} isLive={false} isLoading={false} - itemsCount={mockData.Events.edges.length} + itemsCount={itemsCount} itemsPerPage={2} itemsPerPageOptions={[1, 5, 10, 20]} onChangeItemsPerPage={onChangeItemsPerPage} onChangePage={loadMore} - serverSideEventCount={mockData.Events.totalCount} + serverSideEventCount={totalCount} totalPages={2} /> diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts deleted file mode 100644 index fcd30ee2b8500..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/footer/mock.ts +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { EventsTimelineData } from '../../../../graphql/types'; - -export const mockData: { Events: EventsTimelineData } = { - Events: { - totalCount: 15546, - pageInfo: { - hasNextPage: true, - endCursor: { - value: '1546878704036', - tiebreaker: '10624', - }, - }, - edges: [ - { - cursor: { - value: '1546878704036', - tiebreaker: '10656', - }, - node: { - _id: 'Fo8nKWgBiyhPd5Zo3cib', - timestamp: '2019-01-07T16:31:44.036Z', - _index: 'auditbeat-7.0.0-2019.01.07', - destination: { - ip: ['24.168.54.169'], - port: [62123], - }, - event: { - category: null, - id: null, - module: ['system'], - severity: null, - type: null, - }, - geo: null, - host: { - name: ['siem-general'], - ip: null, - }, - source: { - ip: ['10.142.0.6'], - port: [9200], - }, - suricata: null, - }, - }, - { - cursor: { - value: '1546878704036', - tiebreaker: '10624', - }, - node: { - _id: 'F48nKWgBiyhPd5Zo3cib', - timestamp: '2019-01-07T16:31:44.036Z', - _index: 'auditbeat-7.0.0-2019.01.07', - destination: { - ip: ['24.168.54.169'], - port: [62145], - }, - event: { - category: null, - id: null, - module: ['system'], - severity: null, - type: null, - }, - geo: null, - host: { - name: ['siem-general'], - ip: null, - }, - source: { - ip: ['10.142.0.6'], - port: [9200], - }, - suricata: null, - }, - }, - ], - }, -}; diff --git a/x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts b/x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts deleted file mode 100644 index eff58725edb29..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/containers/details/index.gql_query.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const timelineDetailsQuery = gql` - query GetTimelineDetailsQuery( - $sourceId: ID! - $eventId: String! - $indexName: String! - $defaultIndex: [String!]! - $docValueFields: [docValueFieldsInput!]! - ) { - source(id: $sourceId) { - id - TimelineDetails( - eventId: $eventId - indexName: $indexName - defaultIndex: $defaultIndex - docValueFields: $docValueFields - ) { - data { - field - values - originalValue - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts b/x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts deleted file mode 100644 index c67ad45bede94..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/containers/index.gql_query.ts +++ /dev/null @@ -1,375 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const timelineQuery = gql` - query GetTimelineQuery( - $sourceId: ID! - $fieldRequested: [String!]! - $pagination: PaginationInput! - $sortField: SortField! - $filterQuery: String - $defaultIndex: [String!]! - $inspect: Boolean! - $docValueFields: [docValueFieldsInput!]! - $timerange: TimerangeInput! - ) { - source(id: $sourceId) { - id - Timeline( - fieldRequested: $fieldRequested - pagination: $pagination - sortField: $sortField - filterQuery: $filterQuery - defaultIndex: $defaultIndex - docValueFields: $docValueFields - timerange: $timerange - ) { - totalCount - inspect @include(if: $inspect) { - dsl - response - } - pageInfo { - endCursor { - value - tiebreaker - } - hasNextPage - } - edges { - node { - _id - _index - data { - field - value - } - ecs { - _id - _index - timestamp - message - system { - auth { - ssh { - signature - method - } - } - audit { - package { - arch - entity_id - name - size - summary - version - } - } - } - event { - action - category - code - created - dataset - duration - end - hash - id - kind - module - original - outcome - risk_score - risk_score_norm - severity - start - timezone - type - } - agent { - type - } - auditd { - result - session - data { - acct - terminal - op - } - summary { - actor { - primary - secondary - } - object { - primary - secondary - type - } - how - message_type - sequence - } - } - file { - name - path - target_path - extension - type - device - inode - uid - owner - gid - group - mode - size - mtime - ctime - } - host { - id - name - ip - } - rule { - reference - } - source { - bytes - ip - packets - port - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - } - destination { - bytes - ip - packets - port - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - } - dns { - question { - name - type - } - resolved_ip - response_code - } - endgame { - exit_code - file_name - file_path - logon_type - parent_process_name - pid - process_name - subject_domain_name - subject_logon_id - subject_user_name - target_domain_name - target_logon_id - target_user_name - } - geo { - region_name - country_iso_code - } - signal { - status - original_time - rule { - id - saved_id - timeline_id - timeline_title - output_index - from - index - language - query - to - filters - note - type - threshold - exceptions_list - } - } - suricata { - eve { - proto - flow_id - alert { - signature - signature_id - } - } - } - network { - bytes - community_id - direction - packets - protocol - transport - } - http { - version - request { - method - body { - bytes - content - } - referrer - } - response { - status_code - body { - bytes - content - } - } - } - tls { - client_certificate { - fingerprint { - sha1 - } - } - fingerprints { - ja3 { - hash - } - } - server_certificate { - fingerprint { - sha1 - } - } - } - url { - original - domain - username - password - } - user { - domain - name - } - winlog { - event_id - } - process { - hash { - md5 - sha1 - sha256 - } - pid - name - ppid - args - entity_id - executable - title - working_directory - } - zeek { - session_id - connection { - local_resp - local_orig - missed_bytes - state - history - } - notice { - suppress_for - msg - note - sub - dst - dropped - peer_descr - } - dns { - AA - qclass_name - RD - qtype_name - rejected - qtype - query - trans_id - qclass - RA - TC - } - http { - resp_mime_types - trans_depth - status_msg - resp_fuids - tags - } - files { - session_ids - timedout - local_orig - tx_host - source - is_orig - overflow_bytes - sha1 - duration - depth - analyzers - mime_type - rx_host - total_bytes - fuid - seen_bytes - missing_bytes - md5 - } - ssl { - cipher - established - resumed - version - } - } - } - } - } - } - } - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/authentications/index.ts b/x-pack/plugins/security_solution/server/graphql/authentications/index.ts deleted file mode 100644 index 8c16518590ad7..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/authentications/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createAuthenticationsResolvers } from './resolvers'; -export { authenticationsSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts deleted file mode 100644 index b66ccd9a111b7..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/authentications/resolvers.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { Authentications } from '../../lib/authentications'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { createOptionsPaginated } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -type QueryAuthenticationsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface AuthenticationsResolversDeps { - authentications: Authentications; -} - -export const createAuthenticationsResolvers = ( - libs: AuthenticationsResolversDeps -): { - Source: { - Authentications: QueryAuthenticationsResolver; - }; -} => ({ - Source: { - async Authentications(source, args, { req }, info) { - const options = createOptionsPaginated(source, args, info); - return libs.authentications.getAuthentications(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts deleted file mode 100644 index 648a65fa24682..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/authentications/schema.gql.ts +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const authenticationsSchema = gql` - type LastSourceHost { - timestamp: Date - source: SourceEcsFields - host: HostEcsFields - } - - type AuthenticationItem { - _id: String! - failures: Float! - successes: Float! - user: UserEcsFields! - lastSuccess: LastSourceHost - lastFailure: LastSourceHost - } - - type AuthenticationsEdges { - node: AuthenticationItem! - cursor: CursorType! - } - - type AuthenticationsData { - edges: [AuthenticationsEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - extend type Source { - "Gets Authentication success and failures based on a timerange" - Authentications( - timerange: TimerangeInput! - pagination: PaginationInputPaginated! - filterQuery: String - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): AuthenticationsData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/events/index.ts b/x-pack/plugins/security_solution/server/graphql/events/index.ts deleted file mode 100644 index c794dfa7170f2..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/events/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createEsValueResolvers, createEventsResolvers } from './resolvers'; -export { eventsSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/events/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/events/resolvers.ts deleted file mode 100644 index ef28ac523ff85..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/events/resolvers.ts +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { GraphQLScalarType, Kind } from 'graphql'; - -import { Events } from '../../lib/events'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; -import { SourceResolvers } from '../types'; -import { LastEventTimeRequestOptions } from '../../lib/events/types'; - -type QueryTimelineResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryTimelineDetailsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryLastEventTimeResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface EventsResolversDeps { - events: Events; -} -export const createEventsResolvers = ( - libs: EventsResolversDeps -): { - Source: { - Timeline: QueryTimelineResolver; - TimelineDetails: QueryTimelineDetailsResolver; - LastEventTime: QueryLastEventTimeResolver; - }; -} => ({ - Source: { - async Timeline(source, args, { req }, info) { - const options = createOptions(source, args, info, 'edges.node.ecs.'); - return libs.events.getTimelineData(req, { - ...options, - fieldRequested: args.fieldRequested, - }); - }, - async TimelineDetails(source, args, { req }) { - return libs.events.getTimelineDetails(req, { - indexName: args.indexName, - eventId: args.eventId, - defaultIndex: args.defaultIndex, - }); - }, - async LastEventTime(source, args, { req }) { - const options: LastEventTimeRequestOptions = { - defaultIndex: args.defaultIndex, - docValueFields: args.docValueFields, - sourceConfiguration: source.configuration, - indexKey: args.indexKey, - details: args.details, - }; - return libs.events.getLastEventTimeData(req, options); - }, - }, -}); - -/* - * serialize: gets invoked when serializing the result to send it back to a client. - * - * parseValue: gets invoked to parse client input that was passed through variables. - * - * parseLiteral: gets invoked to parse client input that was passed inline in the query. - */ - -const esValueScalar = new GraphQLScalarType({ - name: 'DetailItemValue', - description: 'Represents value in detail item from the timeline who wants to more than one type', - serialize(value): string { - return value; - }, - parseValue(value) { - return value; - }, - parseLiteral(ast) { - switch (ast.kind) { - case Kind.INT: - return parseInt(ast.value, 10); - case Kind.FLOAT: - return parseFloat(ast.value); - case Kind.STRING: - return ast.value; - case Kind.LIST: - return ast.values; - case Kind.OBJECT: - return ast.fields; - } - return null; - }, -}); - -export const createEsValueResolvers = () => ({ EsValue: esValueScalar }); diff --git a/x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts deleted file mode 100644 index eee4bc3e3a33f..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/events/schema.gql.ts +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const eventsSchema = gql` - scalar EsValue - - type EventsTimelineData { - edges: [EcsEdges!]! - totalCount: Float! - pageInfo: PageInfo! - inspect: Inspect - } - - type TimelineNonEcsData { - field: String! - value: ToStringArray - } - - type TimelineItem { - _id: String! - _index: String - data: [TimelineNonEcsData!]! - ecs: ECS! - } - - type TimelineEdges { - node: TimelineItem! - cursor: CursorType! - } - - type TimelineData { - edges: [TimelineEdges!]! - totalCount: Float! - pageInfo: PageInfo! - inspect: Inspect - } - - type DetailItem { - field: String! - values: ToStringArray - originalValue: EsValue - } - - input LastTimeDetails { - hostName: String - ip: String - } - - type TimelineDetailsData { - data: [DetailItem!] - inspect: Inspect - } - - type LastEventTimeData { - lastSeen: Date - inspect: Inspect - } - - enum LastEventIndexKey { - hostDetails - hosts - ipDetails - network - } - - extend type Source { - Timeline( - pagination: PaginationInput! - sortField: SortField! - fieldRequested: [String!]! - timerange: TimerangeInput - filterQuery: String - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): TimelineData! - TimelineDetails( - eventId: String! - indexName: String! - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): TimelineDetailsData! - LastEventTime( - id: String - indexKey: LastEventIndexKey! - details: LastTimeDetails! - defaultIndex: [String!]! - docValueFields: [docValueFieldsInput!]! - ): LastEventTimeData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/index.ts b/x-pack/plugins/security_solution/server/graphql/index.ts index d23494e0eeaa6..5eed9919825c3 100644 --- a/x-pack/plugins/security_solution/server/graphql/index.ts +++ b/x-pack/plugins/security_solution/server/graphql/index.ts @@ -7,13 +7,8 @@ import { rootSchema } from '../../common/graphql/root'; import { sharedSchema } from '../../common/graphql/shared'; -import { authenticationsSchema } from './authentications'; import { ecsSchema } from './ecs'; -import { eventsSchema } from './events'; import { hostsSchema } from './hosts'; -import { kpiHostsSchema } from './kpi_hosts'; -import { kpiNetworkSchema } from './kpi_network'; -import { networkSchema } from './network'; import { dateSchema } from './scalar_date'; import { noteSchema } from './note'; import { pinnedEventSchema } from './pinned_event'; @@ -24,22 +19,14 @@ import { toNumberSchema } from './scalar_to_number_array'; import { sourceStatusSchema } from './source_status'; import { sourcesSchema } from './sources'; import { timelineSchema } from './timeline'; -import { whoAmISchema } from './who_am_i'; -import { matrixHistogramSchema } from './matrix_histogram'; export const schemas = [ - authenticationsSchema, ecsSchema, - eventsSchema, dateSchema, toAnySchema, toNumberSchema, toDateSchema, toBooleanSchema, hostsSchema, - kpiNetworkSchema, - kpiHostsSchema, - matrixHistogramSchema, - networkSchema, noteSchema, pinnedEventSchema, rootSchema, @@ -47,5 +34,4 @@ export const schemas = [ sourceStatusSchema, sharedSchema, timelineSchema, - whoAmISchema, ]; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts b/x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts deleted file mode 100644 index cb0f2be52adc7..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createKpiHostsResolvers } from './resolvers'; -export { kpiHostsSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts deleted file mode 100644 index 6708bdcd55d62..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/resolvers.ts +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { KpiHosts } from '../../lib/kpi_hosts'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryKpiHostsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export type QueryKpiHostDetailsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface KpiHostsResolversDeps { - kpiHosts: KpiHosts; -} - -export const createKpiHostsResolvers = ( - libs: KpiHostsResolversDeps -): { - Source: { - KpiHosts: QueryKpiHostsResolver; - KpiHostDetails: QueryKpiHostDetailsResolver; - }; -} => ({ - Source: { - async KpiHosts(source, args, { req }, info) { - const options = { ...createOptions(source, args, info) }; - return libs.kpiHosts.getKpiHosts(req, options); - }, - async KpiHostDetails(source, args, { req }, info) { - const options = { ...createOptions(source, args, info) }; - return libs.kpiHosts.getKpiHostDetails(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts deleted file mode 100644 index 49c988436e977..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_hosts/schema.gql.ts +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiHostsSchema = gql` - type KpiHostHistogramData { - x: Float - y: Float - } - - type KpiHostsData { - hosts: Float - hostsHistogram: [KpiHostHistogramData!] - authSuccess: Float - authSuccessHistogram: [KpiHostHistogramData!] - authFailure: Float - authFailureHistogram: [KpiHostHistogramData!] - uniqueSourceIps: Float - uniqueSourceIpsHistogram: [KpiHostHistogramData!] - uniqueDestinationIps: Float - uniqueDestinationIpsHistogram: [KpiHostHistogramData!] - inspect: Inspect - } - - type KpiHostDetailsData { - authSuccess: Float - authSuccessHistogram: [KpiHostHistogramData!] - authFailure: Float - authFailureHistogram: [KpiHostHistogramData!] - uniqueSourceIps: Float - uniqueSourceIpsHistogram: [KpiHostHistogramData!] - uniqueDestinationIps: Float - uniqueDestinationIpsHistogram: [KpiHostHistogramData!] - inspect: Inspect - } - - extend type Source { - KpiHosts( - id: String - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - ): KpiHostsData! - - KpiHostDetails( - id: String - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - ): KpiHostDetailsData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts b/x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts deleted file mode 100644 index bd9da6374d868..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_network/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createKpiNetworkResolvers } from './resolvers'; -export { kpiNetworkSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts deleted file mode 100644 index b587d8c4ac726..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_network/resolvers.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { KpiNetwork } from '../../lib/kpi_network'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryKipNetworkResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface KpiNetworkResolversDeps { - kpiNetwork: KpiNetwork; -} - -export const createKpiNetworkResolvers = ( - libs: KpiNetworkResolversDeps -): { - Source: { - KpiNetwork: QueryKipNetworkResolver; - }; -} => ({ - Source: { - async KpiNetwork(source, args, { req }, info) { - const options = { ...createOptions(source, args, info) }; - return libs.kpiNetwork.getKpiNetwork(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts deleted file mode 100644 index 830240a83bd91..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/kpi_network/schema.gql.ts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const kpiNetworkSchema = gql` - type KpiNetworkHistogramData { - x: Float - y: Float - } - - type KpiNetworkData { - networkEvents: Float - uniqueFlowId: Float - uniqueSourcePrivateIps: Float - uniqueSourcePrivateIpsHistogram: [KpiNetworkHistogramData!] - uniqueDestinationPrivateIps: Float - uniqueDestinationPrivateIpsHistogram: [KpiNetworkHistogramData!] - dnsQueries: Float - tlsHandshakes: Float - inspect: Inspect - } - - extend type Source { - KpiNetwork( - id: String - timerange: TimerangeInput! - filterQuery: String - defaultIndex: [String!]! - ): KpiNetworkData - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts b/x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts deleted file mode 100644 index 1460b6022bb13..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createMatrixHistogramResolvers } from './resolvers'; -export { matrixHistogramSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts deleted file mode 100644 index 35cebe4777dcf..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/resolvers.ts +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { MatrixHistogram } from '../../lib/matrix_histogram'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { createOptions } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; -import { SourceResolvers } from '../types'; - -export interface MatrixHistogramResolversDeps { - matrixHistogram: MatrixHistogram; -} - -type QueryMatrixHistogramResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export const createMatrixHistogramResolvers = ( - libs: MatrixHistogramResolversDeps -): { - Source: { - MatrixHistogram: QueryMatrixHistogramResolver; - }; -} => ({ - Source: { - async MatrixHistogram(source, args, { req }, info) { - const options = { - ...createOptions(source, args, info), - stackByField: args.stackByField, - histogramType: args.histogramType, - }; - return libs.matrixHistogram.getMatrixHistogramData(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts deleted file mode 100644 index deda6dc6e5c1a..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/matrix_histogram/schema.gql.ts +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const matrixHistogramSchema = gql` - type MatrixOverTimeHistogramData { - x: Float - y: Float - g: String - } - - type MatrixHistogramOverTimeData { - inspect: Inspect - matrixHistogramData: [MatrixOverTimeHistogramData!]! - totalCount: Float! - } - - enum HistogramType { - authentications - anomalies - events - alerts - dns - } - - extend type Source { - MatrixHistogram( - filterQuery: String - defaultIndex: [String!]! - timerange: TimerangeInput! - stackByField: String! - histogramType: HistogramType! - ): MatrixHistogramOverTimeData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/network/index.ts b/x-pack/plugins/security_solution/server/graphql/network/index.ts deleted file mode 100644 index 5dba3b21c1108..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/network/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createNetworkResolvers } from './resolvers'; -export { networkSchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/network/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/network/resolvers.ts deleted file mode 100644 index db15babc42a72..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/network/resolvers.ts +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { Network } from '../../lib/network'; -import { createOptionsPaginated } from '../../utils/build_query/create_options'; -import { QuerySourceResolver } from '../sources/resolvers'; - -type QueryNetworkTopCountriesResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryNetworkTopNFlowResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryNetworkHttpResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -type QueryDnsResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export interface NetworkResolversDeps { - network: Network; -} - -export const createNetworkResolvers = ( - libs: NetworkResolversDeps -): { - Source: { - NetworkHttp: QueryNetworkHttpResolver; - NetworkTopCountries: QueryNetworkTopCountriesResolver; - NetworkTopNFlow: QueryNetworkTopNFlowResolver; - NetworkDns: QueryDnsResolver; - }; -} => ({ - Source: { - async NetworkTopCountries(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - flowTarget: args.flowTarget, - networkTopCountriesSort: args.sort, - ip: args.ip, - }; - return libs.network.getNetworkTopCountries(req, options); - }, - async NetworkTopNFlow(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - flowTarget: args.flowTarget, - networkTopNFlowSort: args.sort, - ip: args.ip, - }; - return libs.network.getNetworkTopNFlow(req, options); - }, - async NetworkHttp(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - networkHttpSort: args.sort, - ip: args.ip, - }; - return libs.network.getNetworkHttp(req, options); - }, - async NetworkDns(source, args, { req }, info) { - const options = { - ...createOptionsPaginated(source, args, info), - networkDnsSortField: args.sort, - isPtrIncluded: args.isPtrIncluded, - }; - return libs.network.getNetworkDns(req, options); - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts deleted file mode 100644 index 9bb8a48c12f0d..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/network/schema.gql.ts +++ /dev/null @@ -1,253 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const networkSchema = gql` - enum NetworkDirectionEcs { - inbound - outbound - internal - external - incoming - outgoing - listening - unknown - } - - type TopNetworkTablesEcsField { - bytes_in: Float - bytes_out: Float - } - - type GeoItem { - geo: GeoEcsFields - flowTarget: FlowTargetSourceDest - } - - type AutonomousSystemItem { - name: String - number: Float - } - - type TopCountriesItemSource { - country: String - destination_ips: Float - flows: Float - location: GeoItem - source_ips: Float - } - - type TopCountriesItemDestination { - country: String - destination_ips: Float - flows: Float - location: GeoItem - source_ips: Float - } - - type NetworkTopCountriesItem { - _id: String - source: TopCountriesItemSource - destination: TopCountriesItemDestination - network: TopNetworkTablesEcsField - } - - type NetworkTopCountriesEdges { - node: NetworkTopCountriesItem! - cursor: CursorType! - } - - type NetworkTopCountriesData { - edges: [NetworkTopCountriesEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - type TopNFlowItemSource { - autonomous_system: AutonomousSystemItem - domain: [String!] - ip: String - location: GeoItem - flows: Float - destination_ips: Float - } - - type TopNFlowItemDestination { - autonomous_system: AutonomousSystemItem - domain: [String!] - ip: String - location: GeoItem - flows: Float - source_ips: Float - } - - enum NetworkTopTablesFields { - bytes_in - bytes_out - flows - destination_ips - source_ips - } - - input NetworkTopTablesSortField { - field: NetworkTopTablesFields! - direction: Direction! - } - - type NetworkTopNFlowItem { - _id: String - source: TopNFlowItemSource - destination: TopNFlowItemDestination - network: TopNetworkTablesEcsField - } - - type NetworkTopNFlowEdges { - node: NetworkTopNFlowItem! - cursor: CursorType! - } - - type NetworkTopNFlowData { - edges: [NetworkTopNFlowEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - enum NetworkDnsFields { - dnsName - queryCount - uniqueDomains - dnsBytesIn - dnsBytesOut - } - - input NetworkDnsSortField { - field: NetworkDnsFields! - direction: Direction! - } - - type NetworkDnsItem { - _id: String - dnsBytesIn: Float - dnsBytesOut: Float - dnsName: String - queryCount: Float - uniqueDomains: Float - } - - type NetworkDnsEdges { - node: NetworkDnsItem! - cursor: CursorType! - } - - type MatrixOverOrdinalHistogramData { - x: String! - y: Float! - g: String! - } - - type NetworkDnsData { - edges: [NetworkDnsEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - histogram: [MatrixOverOrdinalHistogramData!] - } - - enum NetworkHttpFields { - domains - lastHost - lastSourceIp - methods - path - requestCount - statuses - } - - input NetworkHttpSortField { - direction: Direction! - } - - type NetworkHttpItem { - _id: String - domains: [String!]! - lastHost: String - lastSourceIp: String - methods: [String!]! - path: String - requestCount: Float - statuses: [String!]! - } - - type NetworkHttpEdges { - node: NetworkHttpItem! - cursor: CursorType! - } - - type NetworkHttpData { - edges: [NetworkHttpEdges!]! - totalCount: Float! - pageInfo: PageInfoPaginated! - inspect: Inspect - } - - type NetworkDsOverTimeData { - inspect: Inspect - matrixHistogramData: [MatrixOverTimeHistogramData!]! - totalCount: Float! - } - - extend type Source { - NetworkTopCountries( - id: String - filterQuery: String - ip: String - flowTarget: FlowTargetSourceDest! - pagination: PaginationInputPaginated! - sort: NetworkTopTablesSortField! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkTopCountriesData! - NetworkTopNFlow( - id: String - filterQuery: String - ip: String - flowTarget: FlowTargetSourceDest! - pagination: PaginationInputPaginated! - sort: NetworkTopTablesSortField! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkTopNFlowData! - NetworkDns( - filterQuery: String - id: String - isPtrIncluded: Boolean! - pagination: PaginationInputPaginated! - sort: NetworkDnsSortField! - stackByField: String - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkDnsData! - NetworkDnsHistogram( - filterQuery: String - defaultIndex: [String!]! - timerange: TimerangeInput! - stackByField: String - docValueFields: [docValueFieldsInput!]! - ): NetworkDsOverTimeData! - NetworkHttp( - id: String - filterQuery: String - ip: String - pagination: PaginationInputPaginated! - sort: NetworkHttpSortField! - timerange: TimerangeInput! - defaultIndex: [String!]! - ): NetworkHttpData! - } -`; diff --git a/x-pack/plugins/security_solution/server/graphql/types.ts b/x-pack/plugins/security_solution/server/graphql/types.ts index 5f370ab1b8c9f..7d2ce8a284994 100644 --- a/x-pack/plugins/security_solution/server/graphql/types.ts +++ b/x-pack/plugins/security_solution/server/graphql/types.ts @@ -42,53 +42,16 @@ export interface PaginationInputPaginated { querySize: number; } -export interface DocValueFieldsInput { - field: string; - - format: string; -} - -export interface PaginationInput { - /** The limit parameter allows you to configure the maximum amount of items to be returned */ - limit: number; - /** The cursor parameter defines the next result you want to fetch */ - cursor?: Maybe; - /** The tiebreaker parameter allow to be more precise to fetch the next item */ - tiebreaker?: Maybe; -} - -export interface SortField { - sortFieldId: string; - - direction: Direction; -} - -export interface LastTimeDetails { - hostName?: Maybe; - - ip?: Maybe; -} - export interface HostsSortField { field: HostsFields; direction: Direction; } -export interface NetworkTopTablesSortField { - field: NetworkTopTablesFields; - - direction: Direction; -} - -export interface NetworkDnsSortField { - field: NetworkDnsFields; - - direction: Direction; -} +export interface DocValueFieldsInput { + field: string; -export interface NetworkHttpSortField { - direction: Direction; + format: string; } export interface PageInfoTimeline { @@ -269,6 +232,21 @@ export interface SortTimelineInput { sortDirection?: Maybe; } +export interface PaginationInput { + /** The limit parameter allows you to configure the maximum amount of items to be returned */ + limit: number; + /** The cursor parameter defines the next result you want to fetch */ + cursor?: Maybe; + /** The tiebreaker parameter allow to be more precise to fetch the next item */ + tiebreaker?: Maybe; +} + +export interface SortField { + sortFieldId: string; + + direction: Direction; +} + export interface FavoriteTimelineInput { fullName?: Maybe; @@ -287,13 +265,6 @@ export enum Direction { desc = 'desc', } -export enum LastEventIndexKey { - hostDetails = 'hostDetails', - hosts = 'hosts', - ipDetails = 'ipDetails', - network = 'network', -} - export enum HostsFields { hostName = 'hostName', lastSeen = 'lastSeen', @@ -305,35 +276,6 @@ export enum HostPolicyResponseActionStatus { warning = 'warning', } -export enum HistogramType { - authentications = 'authentications', - anomalies = 'anomalies', - events = 'events', - alerts = 'alerts', - dns = 'dns', -} - -export enum FlowTargetSourceDest { - destination = 'destination', - source = 'source', -} - -export enum NetworkTopTablesFields { - bytes_in = 'bytes_in', - bytes_out = 'bytes_out', - flows = 'flows', - destination_ips = 'destination_ips', - source_ips = 'source_ips', -} - -export enum NetworkDnsFields { - dnsName = 'dnsName', - queryCount = 'queryCount', - uniqueDomains = 'uniqueDomains', - dnsBytesIn = 'dnsBytesIn', - dnsBytesOut = 'dnsBytesOut', -} - export enum DataProviderType { default = 'default', template = 'template', @@ -373,27 +315,6 @@ export enum SortFieldTimeline { created = 'created', } -export enum NetworkDirectionEcs { - inbound = 'inbound', - outbound = 'outbound', - internal = 'internal', - external = 'external', - incoming = 'incoming', - outgoing = 'outgoing', - listening = 'listening', - unknown = 'unknown', -} - -export enum NetworkHttpFields { - domains = 'domains', - lastHost = 'lastHost', - lastSourceIp = 'lastSourceIp', - methods = 'methods', - path = 'path', - requestCount = 'requestCount', - statuses = 'statuses', -} - export enum FlowTarget { client = 'client', destination = 'destination', @@ -401,6 +322,11 @@ export enum FlowTarget { source = 'source', } +export enum FlowTargetSourceDest { + destination = 'destination', + source = 'source', +} + export enum FlowDirection { uniDirectional = 'uniDirectional', biDirectional = 'biDirectional', @@ -410,17 +336,15 @@ export type ToStringArray = string[] | string; export type Date = string; -export type ToNumberArray = number[] | number; - -export type ToDateArray = string[] | string; +export type ToAny = any; -export type ToBooleanArray = boolean[] | boolean; +export type ToStringArrayNoNullable = any; -export type ToAny = any; +export type ToDateArray = string[] | string; -export type EsValue = any; +export type ToNumberArray = number[] | number; -export type ToStringArrayNoNullable = any; +export type ToBooleanArray = boolean[] | boolean; export type ToIFieldSubTypeNonNullable = any; @@ -511,40 +435,12 @@ export interface Source { configuration: SourceConfiguration; /** The status of the source */ status: SourceStatus; - /** Gets Authentication success and failures based on a timerange */ - Authentications: AuthenticationsData; - - Timeline: TimelineData; - - TimelineDetails: TimelineDetailsData; - - LastEventTime: LastEventTimeData; /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ Hosts: HostsData; HostOverview: HostItem; HostFirstLastSeen: FirstLastSeenHost; - - KpiNetwork?: Maybe; - - KpiHosts: KpiHostsData; - - KpiHostDetails: KpiHostDetailsData; - - MatrixHistogram: MatrixHistogramOverTimeData; - - NetworkTopCountries: NetworkTopCountriesData; - - NetworkTopNFlow: NetworkTopNFlowData; - - NetworkDns: NetworkDnsData; - - NetworkDnsHistogram: NetworkDsOverTimeData; - - NetworkHttp: NetworkHttpData; - /** Just a simple example to get the app name */ - whoAmI?: Maybe; } /** A set of configuration options for a security data source */ @@ -577,8 +473,8 @@ export interface SourceStatus { indexFields: string[]; } -export interface AuthenticationsData { - edges: AuthenticationsEdges[]; +export interface HostsData { + edges: HostsEdges[]; totalCount: number; @@ -587,84 +483,50 @@ export interface AuthenticationsData { inspect?: Maybe; } -export interface AuthenticationsEdges { - node: AuthenticationItem; +export interface HostsEdges { + node: HostItem; cursor: CursorType; } -export interface AuthenticationItem { - _id: string; +export interface HostItem { + _id?: Maybe; - failures: number; + cloud?: Maybe; - successes: number; + endpoint?: Maybe; - user: UserEcsFields; + host?: Maybe; - lastSuccess?: Maybe; + inspect?: Maybe; - lastFailure?: Maybe; + lastSeen?: Maybe; } -export interface UserEcsFields { - domain?: Maybe; - - id?: Maybe; - - name?: Maybe; - - full_name?: Maybe; +export interface CloudFields { + instance?: Maybe; - email?: Maybe; + machine?: Maybe; - hash?: Maybe; + provider?: Maybe<(Maybe)[]>; - group?: Maybe; + region?: Maybe<(Maybe)[]>; } -export interface LastSourceHost { - timestamp?: Maybe; - - source?: Maybe; - - host?: Maybe; +export interface CloudInstance { + id?: Maybe<(Maybe)[]>; } -export interface SourceEcsFields { - bytes?: Maybe; - - ip?: Maybe; - - port?: Maybe; - - domain?: Maybe; - - geo?: Maybe; - - packets?: Maybe; +export interface CloudMachine { + type?: Maybe<(Maybe)[]>; } -export interface GeoEcsFields { - city_name?: Maybe; - - continent_name?: Maybe; - - country_iso_code?: Maybe; - - country_name?: Maybe; - - location?: Maybe; - - region_iso_code?: Maybe; - - region_name?: Maybe; -} +export interface EndpointFields { + endpointPolicy?: Maybe; -export interface Location { - lon?: Maybe; + sensorVersion?: Maybe; - lat?: Maybe; + policyStatus?: Maybe; } export interface HostEcsFields { @@ -697,6 +559,12 @@ export interface OsEcsFields { kernel?: Maybe; } +export interface Inspect { + dsl: string[]; + + response: string[]; +} + export interface CursorType { value?: Maybe; @@ -711,196 +579,267 @@ export interface PageInfoPaginated { showMorePagesIndicator: boolean; } -export interface Inspect { - dsl: string[]; +export interface FirstLastSeenHost { + inspect?: Maybe; - response: string[]; + firstSeen?: Maybe; + + lastSeen?: Maybe; } -export interface TimelineData { - edges: TimelineEdges[]; +export interface TimelineResult { + columns?: Maybe; - totalCount: number; + created?: Maybe; - pageInfo: PageInfo; + createdBy?: Maybe; - inspect?: Maybe; -} + dataProviders?: Maybe; -export interface TimelineEdges { - node: TimelineItem; + dateRange?: Maybe; - cursor: CursorType; -} + description?: Maybe; -export interface TimelineItem { - _id: string; + eventIdToNoteIds?: Maybe; - _index?: Maybe; + eventType?: Maybe; - data: TimelineNonEcsData[]; + excludedRowRendererIds?: Maybe; - ecs: Ecs; -} + favorite?: Maybe; -export interface TimelineNonEcsData { - field: string; + filters?: Maybe; - value?: Maybe; -} + kqlMode?: Maybe; -export interface Ecs { - _id: string; + kqlQuery?: Maybe; - _index?: Maybe; + indexNames?: Maybe; - agent?: Maybe; + notes?: Maybe; - auditd?: Maybe; + noteIds?: Maybe; - destination?: Maybe; + pinnedEventIds?: Maybe; - dns?: Maybe; + pinnedEventsSaveObject?: Maybe; - endgame?: Maybe; + savedQueryId?: Maybe; - event?: Maybe; + savedObjectId: string; - geo?: Maybe; + sort?: Maybe; - host?: Maybe; + status?: Maybe; - network?: Maybe; + title?: Maybe; - rule?: Maybe; + templateTimelineId?: Maybe; - signal?: Maybe; + templateTimelineVersion?: Maybe; - source?: Maybe; + timelineType?: Maybe; - suricata?: Maybe; + updated?: Maybe; - tls?: Maybe; + updatedBy?: Maybe; - zeek?: Maybe; + version: string; +} - http?: Maybe; +export interface ColumnHeaderResult { + aggregatable?: Maybe; - url?: Maybe; + category?: Maybe; - timestamp?: Maybe; + columnHeaderType?: Maybe; - message?: Maybe; + description?: Maybe; - user?: Maybe; + example?: Maybe; - winlog?: Maybe; + indexes?: Maybe; - process?: Maybe; + id?: Maybe; - file?: Maybe; + name?: Maybe; - system?: Maybe; -} + placeholder?: Maybe; -export interface AgentEcsField { - type?: Maybe; + searchable?: Maybe; + + type?: Maybe; } -export interface AuditdEcsFields { - result?: Maybe; +export interface DataProviderResult { + id?: Maybe; - session?: Maybe; + name?: Maybe; - data?: Maybe; + enabled?: Maybe; - summary?: Maybe; + excluded?: Maybe; - sequence?: Maybe; + kqlQuery?: Maybe; + + queryMatch?: Maybe; + + type?: Maybe; + + and?: Maybe; } -export interface AuditdData { - acct?: Maybe; +export interface QueryMatchResult { + field?: Maybe; - terminal?: Maybe; + displayField?: Maybe; - op?: Maybe; + value?: Maybe; + + displayValue?: Maybe; + + operator?: Maybe; } -export interface Summary { - actor?: Maybe; +export interface DateRangePickerResult { + start?: Maybe; - object?: Maybe; + end?: Maybe; +} - how?: Maybe; +export interface FavoriteTimelineResult { + fullName?: Maybe; - message_type?: Maybe; + userName?: Maybe; - sequence?: Maybe; + favoriteDate?: Maybe; } -export interface PrimarySecondary { - primary?: Maybe; +export interface FilterTimelineResult { + exists?: Maybe; - secondary?: Maybe; + meta?: Maybe; - type?: Maybe; + match_all?: Maybe; + + missing?: Maybe; + + query?: Maybe; + + range?: Maybe; + + script?: Maybe; } -export interface DestinationEcsFields { - bytes?: Maybe; +export interface FilterMetaTimelineResult { + alias?: Maybe; - ip?: Maybe; + controlledBy?: Maybe; - port?: Maybe; + disabled?: Maybe; - domain?: Maybe; + field?: Maybe; - geo?: Maybe; + formattedValue?: Maybe; - packets?: Maybe; + index?: Maybe; + + key?: Maybe; + + negate?: Maybe; + + params?: Maybe; + + type?: Maybe; + + value?: Maybe; } -export interface DnsEcsFields { - question?: Maybe; +export interface SerializedFilterQueryResult { + filterQuery?: Maybe; +} - resolved_ip?: Maybe; +export interface SerializedKueryQueryResult { + kuery?: Maybe; - response_code?: Maybe; + serializedQuery?: Maybe; } -export interface DnsQuestionData { - name?: Maybe; +export interface KueryFilterQueryResult { + kind?: Maybe; - type?: Maybe; + expression?: Maybe; } -export interface EndgameEcsFields { - exit_code?: Maybe; +export interface SortTimelineResult { + columnId?: Maybe; - file_name?: Maybe; + sortDirection?: Maybe; +} - file_path?: Maybe; +export interface ResponseTimelines { + timeline: (Maybe)[]; - logon_type?: Maybe; + totalCount?: Maybe; - parent_process_name?: Maybe; + defaultTimelineCount?: Maybe; - pid?: Maybe; + templateTimelineCount?: Maybe; - process_name?: Maybe; + elasticTemplateTimelineCount?: Maybe; - subject_domain_name?: Maybe; + customTemplateTimelineCount?: Maybe; - subject_logon_id?: Maybe; + favoriteCount?: Maybe; +} - subject_user_name?: Maybe; +export interface Mutation { + /** Persists a note */ + persistNote: ResponseNote; - target_domain_name?: Maybe; + deleteNote?: Maybe; - target_logon_id?: Maybe; + deleteNoteByTimelineId?: Maybe; + /** Persists a pinned event in a timeline */ + persistPinnedEventOnTimeline?: Maybe; + /** Remove a pinned events in a timeline */ + deletePinnedEventOnTimeline: boolean; + /** Remove all pinned events in a timeline */ + deleteAllPinnedEventsOnTimeline: boolean; + /** Persists a timeline */ + persistTimeline: ResponseTimeline; - target_user_name?: Maybe; + persistFavorite: ResponseFavoriteTimeline; + + deleteTimeline: boolean; +} + +export interface ResponseNote { + code?: Maybe; + + message?: Maybe; + + note: NoteResult; +} + +export interface ResponseTimeline { + code?: Maybe; + + message?: Maybe; + + timeline: TimelineResult; +} + +export interface ResponseFavoriteTimeline { + code?: Maybe; + + message?: Maybe; + + savedObjectId: string; + + version: string; + + favorite?: Maybe; } export interface EventEcsFields { @@ -943,110 +882,176 @@ export interface EventEcsFields { type?: Maybe; } -export interface NetworkEcsField { - bytes?: Maybe; - - community_id?: Maybe; +export interface Location { + lon?: Maybe; - direction?: Maybe; + lat?: Maybe; +} - packets?: Maybe; +export interface GeoEcsFields { + city_name?: Maybe; - protocol?: Maybe; + continent_name?: Maybe; - transport?: Maybe; -} + country_iso_code?: Maybe; -export interface RuleEcsField { - reference?: Maybe; -} + country_name?: Maybe; -export interface SignalField { - rule?: Maybe; + location?: Maybe; - original_time?: Maybe; + region_iso_code?: Maybe; - status?: Maybe; + region_name?: Maybe; } -export interface RuleField { - id?: Maybe; +export interface PrimarySecondary { + primary?: Maybe; - rule_id?: Maybe; + secondary?: Maybe; - false_positives: string[]; + type?: Maybe; +} - saved_id?: Maybe; +export interface Summary { + actor?: Maybe; - timeline_id?: Maybe; + object?: Maybe; - timeline_title?: Maybe; + how?: Maybe; - max_signals?: Maybe; + message_type?: Maybe; - risk_score?: Maybe; + sequence?: Maybe; +} - output_index?: Maybe; +export interface AgentEcsField { + type?: Maybe; +} - description?: Maybe; +export interface AuditdData { + acct?: Maybe; - from?: Maybe; + terminal?: Maybe; - immutable?: Maybe; + op?: Maybe; +} - index?: Maybe; +export interface AuditdEcsFields { + result?: Maybe; - interval?: Maybe; + session?: Maybe; - language?: Maybe; + data?: Maybe; - query?: Maybe; + summary?: Maybe; - references?: Maybe; + sequence?: Maybe; +} - severity?: Maybe; +export interface Thread { + id?: Maybe; - tags?: Maybe; + start?: Maybe; +} - threat?: Maybe; +export interface ProcessHashData { + md5?: Maybe; - type?: Maybe; + sha1?: Maybe; - size?: Maybe; + sha256?: Maybe; +} - to?: Maybe; +export interface ProcessEcsFields { + hash?: Maybe; - enabled?: Maybe; + pid?: Maybe; - filters?: Maybe; + name?: Maybe; - created_at?: Maybe; + ppid?: Maybe; - updated_at?: Maybe; + args?: Maybe; - created_by?: Maybe; + entity_id?: Maybe; - updated_by?: Maybe; + executable?: Maybe; - version?: Maybe; + title?: Maybe; - note?: Maybe; + thread?: Maybe; - threshold?: Maybe; + working_directory?: Maybe; +} - exceptions_list?: Maybe; +export interface SourceEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEcsFields { - eve?: Maybe; +export interface DestinationEcsFields { + bytes?: Maybe; + + ip?: Maybe; + + port?: Maybe; + + domain?: Maybe; + + geo?: Maybe; + + packets?: Maybe; } -export interface SuricataEveData { - alert?: Maybe; +export interface DnsQuestionData { + name?: Maybe; - flow_id?: Maybe; + type?: Maybe; +} - proto?: Maybe; +export interface DnsEcsFields { + question?: Maybe; + + resolved_ip?: Maybe; + + response_code?: Maybe; +} + +export interface EndgameEcsFields { + exit_code?: Maybe; + + file_name?: Maybe; + + file_path?: Maybe; + + logon_type?: Maybe; + + parent_process_name?: Maybe; + + pid?: Maybe; + + process_name?: Maybe; + + subject_domain_name?: Maybe; + + subject_logon_id?: Maybe; + + subject_user_name?: Maybe; + + target_domain_name?: Maybe; + + target_logon_id?: Maybe; + + target_user_name?: Maybe; } export interface SuricataAlertData { @@ -1055,48 +1060,44 @@ export interface SuricataAlertData { signature_id?: Maybe; } -export interface TlsEcsFields { - client_certificate?: Maybe; +export interface SuricataEveData { + alert?: Maybe; - fingerprints?: Maybe; + flow_id?: Maybe; - server_certificate?: Maybe; + proto?: Maybe; } -export interface TlsClientCertificateData { - fingerprint?: Maybe; +export interface SuricataEcsFields { + eve?: Maybe; } -export interface FingerprintData { - sha1?: Maybe; +export interface TlsJa3Data { + hash?: Maybe; } -export interface TlsFingerprintsData { - ja3?: Maybe; +export interface FingerprintData { + sha1?: Maybe; } -export interface TlsJa3Data { - hash?: Maybe; +export interface TlsClientCertificateData { + fingerprint?: Maybe; } export interface TlsServerCertificateData { fingerprint?: Maybe; } -export interface ZeekEcsFields { - session_id?: Maybe; - - connection?: Maybe; - - notice?: Maybe; - - dns?: Maybe; +export interface TlsFingerprintsData { + ja3?: Maybe; +} - http?: Maybe; +export interface TlsEcsFields { + client_certificate?: Maybe; - files?: Maybe; + fingerprints?: Maybe; - ssl?: Maybe; + server_certificate?: Maybe; } export interface ZeekConnectionData { @@ -1151,6 +1152,38 @@ export interface ZeekDnsData { TC?: Maybe; } +export interface FileFields { + name?: Maybe; + + path?: Maybe; + + target_path?: Maybe; + + extension?: Maybe; + + type?: Maybe; + + device?: Maybe; + + inode?: Maybe; + + uid?: Maybe; + + owner?: Maybe; + + gid?: Maybe; + + group?: Maybe; + + mode?: Maybe; + + size?: Maybe; + + mtime?: Maybe; + + ctime?: Maybe; +} + export interface ZeekHttpData { resp_mime_types?: Maybe; @@ -1163,6 +1196,48 @@ export interface ZeekHttpData { tags?: Maybe; } +export interface HttpBodyData { + content?: Maybe; + + bytes?: Maybe; +} + +export interface HttpRequestData { + method?: Maybe; + + body?: Maybe; + + referrer?: Maybe; + + bytes?: Maybe; +} + +export interface HttpResponseData { + status_code?: Maybe; + + body?: Maybe; + + bytes?: Maybe; +} + +export interface HttpEcsFields { + version?: Maybe; + + request?: Maybe; + + response?: Maybe; +} + +export interface UrlEcsFields { + domain?: Maybe; + + original?: Maybe; + + username?: Maybe; + + password?: Maybe; +} + export interface ZeekFileData { session_ids?: Maybe; @@ -1211,128 +1286,54 @@ export interface ZeekSslData { version?: Maybe; } -export interface HttpEcsFields { - version?: Maybe; +export interface ZeekEcsFields { + session_id?: Maybe; - request?: Maybe; + connection?: Maybe; - response?: Maybe; -} + notice?: Maybe; -export interface HttpRequestData { - method?: Maybe; + dns?: Maybe; - body?: Maybe; + http?: Maybe; - referrer?: Maybe; + files?: Maybe; - bytes?: Maybe; + ssl?: Maybe; } -export interface HttpBodyData { - content?: Maybe; +export interface UserEcsFields { + domain?: Maybe; - bytes?: Maybe; -} + id?: Maybe; -export interface HttpResponseData { - status_code?: Maybe; + name?: Maybe; - body?: Maybe; + full_name?: Maybe; - bytes?: Maybe; -} + email?: Maybe; -export interface UrlEcsFields { - domain?: Maybe; + hash?: Maybe; - original?: Maybe; - - username?: Maybe; - - password?: Maybe; -} + group?: Maybe; +} export interface WinlogEcsFields { event_id?: Maybe; } -export interface ProcessEcsFields { - hash?: Maybe; - - pid?: Maybe; - - name?: Maybe; - - ppid?: Maybe; - - args?: Maybe; - - entity_id?: Maybe; - - executable?: Maybe; - - title?: Maybe; - - thread?: Maybe; - - working_directory?: Maybe; -} - -export interface ProcessHashData { - md5?: Maybe; - - sha1?: Maybe; - - sha256?: Maybe; -} - -export interface Thread { - id?: Maybe; - - start?: Maybe; -} - -export interface FileFields { - name?: Maybe; - - path?: Maybe; - - target_path?: Maybe; - - extension?: Maybe; - - type?: Maybe; - - device?: Maybe; - - inode?: Maybe; - - uid?: Maybe; - - owner?: Maybe; - - gid?: Maybe; - - group?: Maybe; - - mode?: Maybe; - - size?: Maybe; +export interface NetworkEcsField { + bytes?: Maybe; - mtime?: Maybe; + community_id?: Maybe; - ctime?: Maybe; -} + direction?: Maybe; -export interface SystemEcsField { - audit?: Maybe; + packets?: Maybe; - auth?: Maybe; -} + protocol?: Maybe; -export interface AuditEcsFields { - package?: Maybe; + transport?: Maybe; } export interface PackageEcsFields { @@ -1349,8 +1350,8 @@ export interface PackageEcsFields { version?: Maybe; } -export interface AuthEcsFields { - ssh?: Maybe; +export interface AuditEcsFields { + package?: Maybe; } export interface SshEcsFields { @@ -1359,6688 +1360,4387 @@ export interface SshEcsFields { signature?: Maybe; } -export interface PageInfo { - endCursor?: Maybe; - - hasNextPage?: Maybe; +export interface AuthEcsFields { + ssh?: Maybe; } -export interface TimelineDetailsData { - data?: Maybe; +export interface SystemEcsField { + audit?: Maybe; - inspect?: Maybe; + auth?: Maybe; } -export interface DetailItem { - field: string; - - values?: Maybe; - - originalValue?: Maybe; -} +export interface RuleField { + id?: Maybe; -export interface LastEventTimeData { - lastSeen?: Maybe; + rule_id?: Maybe; - inspect?: Maybe; -} + false_positives: string[]; -export interface HostsData { - edges: HostsEdges[]; + saved_id?: Maybe; - totalCount: number; + timeline_id?: Maybe; - pageInfo: PageInfoPaginated; + timeline_title?: Maybe; - inspect?: Maybe; -} + max_signals?: Maybe; -export interface HostsEdges { - node: HostItem; + risk_score?: Maybe; - cursor: CursorType; -} + output_index?: Maybe; -export interface HostItem { - _id?: Maybe; + description?: Maybe; - cloud?: Maybe; + from?: Maybe; - endpoint?: Maybe; + immutable?: Maybe; - host?: Maybe; + index?: Maybe; - inspect?: Maybe; + interval?: Maybe; - lastSeen?: Maybe; -} + language?: Maybe; -export interface CloudFields { - instance?: Maybe; + query?: Maybe; - machine?: Maybe; + references?: Maybe; - provider?: Maybe<(Maybe)[]>; + severity?: Maybe; - region?: Maybe<(Maybe)[]>; -} + tags?: Maybe; -export interface CloudInstance { - id?: Maybe<(Maybe)[]>; -} + threat?: Maybe; -export interface CloudMachine { - type?: Maybe<(Maybe)[]>; -} + type?: Maybe; -export interface EndpointFields { - endpointPolicy?: Maybe; + size?: Maybe; - sensorVersion?: Maybe; + to?: Maybe; - policyStatus?: Maybe; -} + enabled?: Maybe; -export interface FirstLastSeenHost { - inspect?: Maybe; + filters?: Maybe; - firstSeen?: Maybe; + created_at?: Maybe; - lastSeen?: Maybe; -} + updated_at?: Maybe; -export interface KpiNetworkData { - networkEvents?: Maybe; + created_by?: Maybe; - uniqueFlowId?: Maybe; + updated_by?: Maybe; - uniqueSourcePrivateIps?: Maybe; + version?: Maybe; - uniqueSourcePrivateIpsHistogram?: Maybe; + note?: Maybe; - uniqueDestinationPrivateIps?: Maybe; + threshold?: Maybe; - uniqueDestinationPrivateIpsHistogram?: Maybe; + exceptions_list?: Maybe; +} - dnsQueries?: Maybe; +export interface SignalField { + rule?: Maybe; - tlsHandshakes?: Maybe; + original_time?: Maybe; - inspect?: Maybe; + status?: Maybe; } -export interface KpiNetworkHistogramData { - x?: Maybe; - - y?: Maybe; +export interface RuleEcsField { + reference?: Maybe; } -export interface KpiHostsData { - hosts?: Maybe; - - hostsHistogram?: Maybe; - - authSuccess?: Maybe; - - authSuccessHistogram?: Maybe; - - authFailure?: Maybe; - - authFailureHistogram?: Maybe; - - uniqueSourceIps?: Maybe; +export interface Ecs { + _id: string; - uniqueSourceIpsHistogram?: Maybe; + _index?: Maybe; - uniqueDestinationIps?: Maybe; + agent?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + auditd?: Maybe; - inspect?: Maybe; -} + destination?: Maybe; -export interface KpiHostHistogramData { - x?: Maybe; + dns?: Maybe; - y?: Maybe; -} + endgame?: Maybe; -export interface KpiHostDetailsData { - authSuccess?: Maybe; + event?: Maybe; - authSuccessHistogram?: Maybe; + geo?: Maybe; - authFailure?: Maybe; + host?: Maybe; - authFailureHistogram?: Maybe; + network?: Maybe; - uniqueSourceIps?: Maybe; + rule?: Maybe; - uniqueSourceIpsHistogram?: Maybe; + signal?: Maybe; - uniqueDestinationIps?: Maybe; + source?: Maybe; - uniqueDestinationIpsHistogram?: Maybe; + suricata?: Maybe; - inspect?: Maybe; -} + tls?: Maybe; -export interface MatrixHistogramOverTimeData { - inspect?: Maybe; + zeek?: Maybe; - matrixHistogramData: MatrixOverTimeHistogramData[]; + http?: Maybe; - totalCount: number; -} + url?: Maybe; -export interface MatrixOverTimeHistogramData { - x?: Maybe; + timestamp?: Maybe; - y?: Maybe; + message?: Maybe; - g?: Maybe; -} + user?: Maybe; -export interface NetworkTopCountriesData { - edges: NetworkTopCountriesEdges[]; + winlog?: Maybe; - totalCount: number; + process?: Maybe; - pageInfo: PageInfoPaginated; + file?: Maybe; - inspect?: Maybe; + system?: Maybe; } -export interface NetworkTopCountriesEdges { - node: NetworkTopCountriesItem; +export interface EcsEdges { + node: Ecs; cursor: CursorType; } -export interface NetworkTopCountriesItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; - - network?: Maybe; -} +export interface OsFields { + platform?: Maybe; -export interface TopCountriesItemSource { - country?: Maybe; + name?: Maybe; - destination_ips?: Maybe; + full?: Maybe; - flows?: Maybe; + family?: Maybe; - location?: Maybe; + version?: Maybe; - source_ips?: Maybe; + kernel?: Maybe; } -export interface GeoItem { - geo?: Maybe; +export interface HostFields { + architecture?: Maybe; - flowTarget?: Maybe; -} + id?: Maybe; -export interface TopCountriesItemDestination { - country?: Maybe; + ip?: Maybe<(Maybe)[]>; - destination_ips?: Maybe; + mac?: Maybe<(Maybe)[]>; - flows?: Maybe; + name?: Maybe; - location?: Maybe; + os?: Maybe; - source_ips?: Maybe; + type?: Maybe; } -export interface TopNetworkTablesEcsField { - bytes_in?: Maybe; - - bytes_out?: Maybe; -} - -export interface NetworkTopNFlowData { - edges: NetworkTopNFlowEdges[]; - - totalCount: number; +/** A descriptor of a field in an index */ +export interface IndexField { + /** Where the field belong */ + category: string; + /** Example of field's value */ + example?: Maybe; + /** whether the field's belong to an alias index */ + indexes: (Maybe)[]; + /** The name of the field */ + name: string; + /** The type of the field's values as recognized by Kibana */ + type: string; + /** Whether the field's values can be efficiently searched for */ + searchable: boolean; + /** Whether the field's values can be aggregated */ + aggregatable: boolean; + /** Description of the field */ + description?: Maybe; - pageInfo: PageInfoPaginated; + format?: Maybe; + /** the elastic type as mapped in the index */ + esTypes?: Maybe; - inspect?: Maybe; + subType?: Maybe; } -export interface NetworkTopNFlowEdges { - node: NetworkTopNFlowItem; +export interface PageInfo { + endCursor?: Maybe; - cursor: CursorType; + hasNextPage?: Maybe; } -export interface NetworkTopNFlowItem { - _id?: Maybe; - - source?: Maybe; - - destination?: Maybe; +// ==================================================== +// Arguments +// ==================================================== - network?: Maybe; +export interface GetNoteQueryArgs { + id: string; } - -export interface TopNFlowItemSource { - autonomous_system?: Maybe; - - domain?: Maybe; - - ip?: Maybe; - - location?: Maybe; - - flows?: Maybe; - - destination_ips?: Maybe; +export interface GetNotesByTimelineIdQueryArgs { + timelineId: string; +} +export interface GetNotesByEventIdQueryArgs { + eventId: string; } +export interface GetAllNotesQueryArgs { + pageInfo?: Maybe; -export interface AutonomousSystemItem { - name?: Maybe; + search?: Maybe; - number?: Maybe; + sort?: Maybe; } +export interface GetAllPinnedEventsByTimelineIdQueryArgs { + timelineId: string; +} +export interface SourceQueryArgs { + /** The id of the source */ + id: string; +} +export interface GetOneTimelineQueryArgs { + id: string; +} +export interface GetAllTimelineQueryArgs { + pageInfo: PageInfoTimeline; -export interface TopNFlowItemDestination { - autonomous_system?: Maybe; - - domain?: Maybe; + search?: Maybe; - ip?: Maybe; + sort?: Maybe; - location?: Maybe; + onlyUserFavorite?: Maybe; - flows?: Maybe; + timelineType?: Maybe; - source_ips?: Maybe; + status?: Maybe; } +export interface HostsSourceArgs { + id?: Maybe; -export interface NetworkDnsData { - edges: NetworkDnsEdges[]; - - totalCount: number; + timerange: TimerangeInput; - pageInfo: PageInfoPaginated; + pagination: PaginationInputPaginated; - inspect?: Maybe; + sort: HostsSortField; - histogram?: Maybe; -} + filterQuery?: Maybe; -export interface NetworkDnsEdges { - node: NetworkDnsItem; + defaultIndex: string[]; - cursor: CursorType; + docValueFields: DocValueFieldsInput[]; } +export interface HostOverviewSourceArgs { + id?: Maybe; -export interface NetworkDnsItem { - _id?: Maybe; - - dnsBytesIn?: Maybe; - - dnsBytesOut?: Maybe; - - dnsName?: Maybe; + hostName: string; - queryCount?: Maybe; + timerange: TimerangeInput; - uniqueDomains?: Maybe; + defaultIndex: string[]; } +export interface HostFirstLastSeenSourceArgs { + id?: Maybe; -export interface MatrixOverOrdinalHistogramData { - x: string; + hostName: string; - y: number; + defaultIndex: string[]; - g: string; + docValueFields: DocValueFieldsInput[]; } +export interface IndicesExistSourceStatusArgs { + defaultIndex: string[]; +} +export interface IndexFieldsSourceStatusArgs { + defaultIndex: string[]; +} +export interface PersistNoteMutationArgs { + noteId?: Maybe; -export interface NetworkDsOverTimeData { - inspect?: Maybe; - - matrixHistogramData: MatrixOverTimeHistogramData[]; + version?: Maybe; - totalCount: number; + note: NoteInput; } +export interface DeleteNoteMutationArgs { + id: string[]; +} +export interface DeleteNoteByTimelineIdMutationArgs { + timelineId: string; -export interface NetworkHttpData { - edges: NetworkHttpEdges[]; - - totalCount: number; + version?: Maybe; +} +export interface PersistPinnedEventOnTimelineMutationArgs { + pinnedEventId?: Maybe; - pageInfo: PageInfoPaginated; + eventId: string; - inspect?: Maybe; + timelineId?: Maybe; +} +export interface DeletePinnedEventOnTimelineMutationArgs { + id: string[]; +} +export interface DeleteAllPinnedEventsOnTimelineMutationArgs { + timelineId: string; } +export interface PersistTimelineMutationArgs { + id?: Maybe; -export interface NetworkHttpEdges { - node: NetworkHttpItem; + version?: Maybe; - cursor: CursorType; + timeline: TimelineInput; +} +export interface PersistFavoriteMutationArgs { + timelineId?: Maybe; +} +export interface DeleteTimelineMutationArgs { + id: string[]; } -export interface NetworkHttpItem { - _id?: Maybe; - - domains: string[]; +import { GraphQLResolveInfo, GraphQLScalarType, GraphQLScalarTypeConfig } from 'graphql'; - lastHost?: Maybe; +export type Resolver = ( + parent: Parent, + args: Args, + context: TContext, + info: GraphQLResolveInfo +) => Promise | Result; - lastSourceIp?: Maybe; +export interface ISubscriptionResolverObject { + subscribe( + parent: P, + args: Args, + context: TContext, + info: GraphQLResolveInfo + ): AsyncIterator | Promise>; + resolve?( + parent: P, + args: Args, + context: TContext, + info: GraphQLResolveInfo + ): R | Result | Promise; +} - methods: string[]; +export type SubscriptionResolver = + | ((...args: any[]) => ISubscriptionResolverObject) + | ISubscriptionResolverObject; - path?: Maybe; +export type TypeResolveFn = ( + parent: Parent, + context: TContext, + info: GraphQLResolveInfo +) => Maybe; - requestCount?: Maybe; +export type NextResolverFn = () => Promise; - statuses: string[]; -} +export type DirectiveResolverFn = ( + next: NextResolverFn, + source: any, + args: TArgs, + context: TContext, + info: GraphQLResolveInfo +) => TResult | Promise; -export interface SayMyName { - /** The id of the source */ - appName: string; -} +export namespace QueryResolvers { + export interface Resolvers { + getNote?: GetNoteResolver; -export interface TimelineResult { - columns?: Maybe; + getNotesByTimelineId?: GetNotesByTimelineIdResolver; - created?: Maybe; + getNotesByEventId?: GetNotesByEventIdResolver; - createdBy?: Maybe; + getAllNotes?: GetAllNotesResolver; - dataProviders?: Maybe; + getAllPinnedEventsByTimelineId?: GetAllPinnedEventsByTimelineIdResolver< + PinnedEvent[], + TypeParent, + TContext + >; + /** Get a security data source by id */ + source?: SourceResolver; + /** Get a list of all security data sources */ + allSources?: AllSourcesResolver; - dateRange?: Maybe; + getOneTimeline?: GetOneTimelineResolver; - description?: Maybe; + getAllTimeline?: GetAllTimelineResolver; + } - eventIdToNoteIds?: Maybe; + export type GetNoteResolver = Resolver< + R, + Parent, + TContext, + GetNoteArgs + >; + export interface GetNoteArgs { + id: string; + } - eventType?: Maybe; + export type GetNotesByTimelineIdResolver< + R = NoteResult[], + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetNotesByTimelineIdArgs { + timelineId: string; + } - excludedRowRendererIds?: Maybe; + export type GetNotesByEventIdResolver< + R = NoteResult[], + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetNotesByEventIdArgs { + eventId: string; + } - favorite?: Maybe; + export type GetAllNotesResolver< + R = ResponseNotes, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetAllNotesArgs { + pageInfo?: Maybe; - filters?: Maybe; + search?: Maybe; - kqlMode?: Maybe; + sort?: Maybe; + } - kqlQuery?: Maybe; - - indexNames?: Maybe; - - notes?: Maybe; - - noteIds?: Maybe; - - pinnedEventIds?: Maybe; - - pinnedEventsSaveObject?: Maybe; - - savedQueryId?: Maybe; - - savedObjectId: string; - - sort?: Maybe; - - status?: Maybe; - - title?: Maybe; - - templateTimelineId?: Maybe; - - templateTimelineVersion?: Maybe; - - timelineType?: Maybe; - - updated?: Maybe; - - updatedBy?: Maybe; - - version: string; -} - -export interface ColumnHeaderResult { - aggregatable?: Maybe; - - category?: Maybe; - - columnHeaderType?: Maybe; - - description?: Maybe; - - example?: Maybe; - - indexes?: Maybe; - - id?: Maybe; - - name?: Maybe; - - placeholder?: Maybe; - - searchable?: Maybe; - - type?: Maybe; -} - -export interface DataProviderResult { - id?: Maybe; - - name?: Maybe; - - enabled?: Maybe; - - excluded?: Maybe; - - kqlQuery?: Maybe; - - queryMatch?: Maybe; - - type?: Maybe; - - and?: Maybe; -} - -export interface QueryMatchResult { - field?: Maybe; - - displayField?: Maybe; - - value?: Maybe; - - displayValue?: Maybe; - - operator?: Maybe; -} - -export interface DateRangePickerResult { - start?: Maybe; - - end?: Maybe; -} - -export interface FavoriteTimelineResult { - fullName?: Maybe; - - userName?: Maybe; - - favoriteDate?: Maybe; -} - -export interface FilterTimelineResult { - exists?: Maybe; - - meta?: Maybe; - - match_all?: Maybe; - - missing?: Maybe; - - query?: Maybe; - - range?: Maybe; - - script?: Maybe; -} - -export interface FilterMetaTimelineResult { - alias?: Maybe; - - controlledBy?: Maybe; - - disabled?: Maybe; - - field?: Maybe; - - formattedValue?: Maybe; - - index?: Maybe; - - key?: Maybe; - - negate?: Maybe; - - params?: Maybe; - - type?: Maybe; - - value?: Maybe; -} - -export interface SerializedFilterQueryResult { - filterQuery?: Maybe; -} - -export interface SerializedKueryQueryResult { - kuery?: Maybe; - - serializedQuery?: Maybe; -} - -export interface KueryFilterQueryResult { - kind?: Maybe; - - expression?: Maybe; -} - -export interface SortTimelineResult { - columnId?: Maybe; - - sortDirection?: Maybe; -} - -export interface ResponseTimelines { - timeline: (Maybe)[]; - - totalCount?: Maybe; - - defaultTimelineCount?: Maybe; - - templateTimelineCount?: Maybe; - - elasticTemplateTimelineCount?: Maybe; - - customTemplateTimelineCount?: Maybe; - - favoriteCount?: Maybe; -} - -export interface Mutation { - /** Persists a note */ - persistNote: ResponseNote; - - deleteNote?: Maybe; - - deleteNoteByTimelineId?: Maybe; - /** Persists a pinned event in a timeline */ - persistPinnedEventOnTimeline?: Maybe; - /** Remove a pinned events in a timeline */ - deletePinnedEventOnTimeline: boolean; - /** Remove all pinned events in a timeline */ - deleteAllPinnedEventsOnTimeline: boolean; - /** Persists a timeline */ - persistTimeline: ResponseTimeline; - - persistFavorite: ResponseFavoriteTimeline; - - deleteTimeline: boolean; -} - -export interface ResponseNote { - code?: Maybe; - - message?: Maybe; - - note: NoteResult; -} - -export interface ResponseTimeline { - code?: Maybe; - - message?: Maybe; - - timeline: TimelineResult; -} - -export interface ResponseFavoriteTimeline { - code?: Maybe; - - message?: Maybe; - - savedObjectId: string; - - version: string; - - favorite?: Maybe; -} - -export interface EcsEdges { - node: Ecs; - - cursor: CursorType; -} - -export interface EventsTimelineData { - edges: EcsEdges[]; - - totalCount: number; - - pageInfo: PageInfo; - - inspect?: Maybe; -} - -export interface OsFields { - platform?: Maybe; - - name?: Maybe; - - full?: Maybe; - - family?: Maybe; - - version?: Maybe; - - kernel?: Maybe; -} - -export interface HostFields { - architecture?: Maybe; - - id?: Maybe; - - ip?: Maybe<(Maybe)[]>; - - mac?: Maybe<(Maybe)[]>; - - name?: Maybe; - - os?: Maybe; - - type?: Maybe; -} - -/** A descriptor of a field in an index */ -export interface IndexField { - /** Where the field belong */ - category: string; - /** Example of field's value */ - example?: Maybe; - /** whether the field's belong to an alias index */ - indexes: (Maybe)[]; - /** The name of the field */ - name: string; - /** The type of the field's values as recognized by Kibana */ - type: string; - /** Whether the field's values can be efficiently searched for */ - searchable: boolean; - /** Whether the field's values can be aggregated */ - aggregatable: boolean; - /** Description of the field */ - description?: Maybe; - - format?: Maybe; - /** the elastic type as mapped in the index */ - esTypes?: Maybe; - - subType?: Maybe; -} - -// ==================================================== -// Arguments -// ==================================================== - -export interface GetNoteQueryArgs { - id: string; -} -export interface GetNotesByTimelineIdQueryArgs { - timelineId: string; -} -export interface GetNotesByEventIdQueryArgs { - eventId: string; -} -export interface GetAllNotesQueryArgs { - pageInfo?: Maybe; - - search?: Maybe; - - sort?: Maybe; -} -export interface GetAllPinnedEventsByTimelineIdQueryArgs { - timelineId: string; -} -export interface SourceQueryArgs { - /** The id of the source */ - id: string; -} -export interface GetOneTimelineQueryArgs { - id: string; -} -export interface GetAllTimelineQueryArgs { - pageInfo: PageInfoTimeline; - - search?: Maybe; - - sort?: Maybe; - - onlyUserFavorite?: Maybe; - - timelineType?: Maybe; - - status?: Maybe; -} -export interface AuthenticationsSourceArgs { - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineSourceArgs { - pagination: PaginationInput; - - sortField: SortField; - - fieldRequested: string[]; - - timerange?: Maybe; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface TimelineDetailsSourceArgs { - eventId: string; - - indexName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface LastEventTimeSourceArgs { - id?: Maybe; - - indexKey: LastEventIndexKey; - - details: LastTimeDetails; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - sort: HostsSortField; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface HostOverviewSourceArgs { - id?: Maybe; - - hostName: string; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface HostFirstLastSeenSourceArgs { - id?: Maybe; - - hostName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; -} -export interface KpiNetworkSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface KpiHostDetailsSourceArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; -} -export interface MatrixHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField: string; - - histogramType: HistogramType; -} -export interface NetworkTopCountriesSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkTopNFlowSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsSourceArgs { - filterQuery?: Maybe; - - id?: Maybe; - - isPtrIncluded: boolean; - - pagination: PaginationInputPaginated; - - sort: NetworkDnsSortField; - - stackByField?: Maybe; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface NetworkDnsHistogramSourceArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; - - docValueFields: DocValueFieldsInput[]; -} -export interface NetworkHttpSourceArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - pagination: PaginationInputPaginated; - - sort: NetworkHttpSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; -} -export interface IndicesExistSourceStatusArgs { - defaultIndex: string[]; -} -export interface IndexFieldsSourceStatusArgs { - defaultIndex: string[]; -} -export interface PersistNoteMutationArgs { - noteId?: Maybe; - - version?: Maybe; - - note: NoteInput; -} -export interface DeleteNoteMutationArgs { - id: string[]; -} -export interface DeleteNoteByTimelineIdMutationArgs { - timelineId: string; - - version?: Maybe; -} -export interface PersistPinnedEventOnTimelineMutationArgs { - pinnedEventId?: Maybe; - - eventId: string; - - timelineId?: Maybe; -} -export interface DeletePinnedEventOnTimelineMutationArgs { - id: string[]; -} -export interface DeleteAllPinnedEventsOnTimelineMutationArgs { - timelineId: string; -} -export interface PersistTimelineMutationArgs { - id?: Maybe; - - version?: Maybe; - - timeline: TimelineInput; -} -export interface PersistFavoriteMutationArgs { - timelineId?: Maybe; -} -export interface DeleteTimelineMutationArgs { - id: string[]; -} - -import { GraphQLResolveInfo, GraphQLScalarType, GraphQLScalarTypeConfig } from 'graphql'; - -export type Resolver = ( - parent: Parent, - args: Args, - context: TContext, - info: GraphQLResolveInfo -) => Promise | Result; - -export interface ISubscriptionResolverObject { - subscribe( - parent: P, - args: Args, - context: TContext, - info: GraphQLResolveInfo - ): AsyncIterator | Promise>; - resolve?( - parent: P, - args: Args, - context: TContext, - info: GraphQLResolveInfo - ): R | Result | Promise; -} - -export type SubscriptionResolver = - | ((...args: any[]) => ISubscriptionResolverObject) - | ISubscriptionResolverObject; - -export type TypeResolveFn = ( - parent: Parent, - context: TContext, - info: GraphQLResolveInfo -) => Maybe; - -export type NextResolverFn = () => Promise; - -export type DirectiveResolverFn = ( - next: NextResolverFn, - source: any, - args: TArgs, - context: TContext, - info: GraphQLResolveInfo -) => TResult | Promise; - -export namespace QueryResolvers { - export interface Resolvers { - getNote?: GetNoteResolver; - - getNotesByTimelineId?: GetNotesByTimelineIdResolver; - - getNotesByEventId?: GetNotesByEventIdResolver; - - getAllNotes?: GetAllNotesResolver; - - getAllPinnedEventsByTimelineId?: GetAllPinnedEventsByTimelineIdResolver< - PinnedEvent[], - TypeParent, - TContext - >; - /** Get a security data source by id */ - source?: SourceResolver; - /** Get a list of all security data sources */ - allSources?: AllSourcesResolver; - - getOneTimeline?: GetOneTimelineResolver; - - getAllTimeline?: GetAllTimelineResolver; - } - - export type GetNoteResolver = Resolver< - R, - Parent, - TContext, - GetNoteArgs - >; - export interface GetNoteArgs { - id: string; - } - - export type GetNotesByTimelineIdResolver< - R = NoteResult[], - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetNotesByTimelineIdArgs { - timelineId: string; - } - - export type GetNotesByEventIdResolver< - R = NoteResult[], - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetNotesByEventIdArgs { - eventId: string; - } - - export type GetAllNotesResolver< - R = ResponseNotes, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetAllNotesArgs { - pageInfo?: Maybe; - - search?: Maybe; - - sort?: Maybe; - } - - export type GetAllPinnedEventsByTimelineIdResolver< - R = PinnedEvent[], - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetAllPinnedEventsByTimelineIdArgs { - timelineId: string; - } - - export type SourceResolver = Resolver< - R, - Parent, - TContext, - SourceArgs - >; - export interface SourceArgs { - /** The id of the source */ - id: string; - } - - export type AllSourcesResolver = Resolver< - R, - Parent, - TContext - >; - export type GetOneTimelineResolver< - R = TimelineResult, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetOneTimelineArgs { - id: string; - } - - export type GetAllTimelineResolver< - R = ResponseTimelines, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface GetAllTimelineArgs { - pageInfo: PageInfoTimeline; - - search?: Maybe; - - sort?: Maybe; - - onlyUserFavorite?: Maybe; - - timelineType?: Maybe; - - status?: Maybe; - } -} - -export namespace NoteResultResolvers { - export interface Resolvers { - eventId?: EventIdResolver, TypeParent, TContext>; - - note?: NoteResolver, TypeParent, TContext>; - - timelineId?: TimelineIdResolver, TypeParent, TContext>; - - noteId?: NoteIdResolver; - - created?: CreatedResolver, TypeParent, TContext>; - - createdBy?: CreatedByResolver, TypeParent, TContext>; - - timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - - updated?: UpdatedResolver, TypeParent, TContext>; - - updatedBy?: UpdatedByResolver, TypeParent, TContext>; - - version?: VersionResolver, TypeParent, TContext>; - } - - export type EventIdResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type NoteResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type TimelineIdResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type NoteIdResolver = Resolver< - R, - Parent, - TContext - >; - export type CreatedResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type CreatedByResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type TimelineVersionResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type UpdatedResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type UpdatedByResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = NoteResult, - TContext = SiemContext - > = Resolver; -} - -export namespace ResponseNotesResolvers { - export interface Resolvers { - notes?: NotesResolver; - - totalCount?: TotalCountResolver, TypeParent, TContext>; - } - - export type NotesResolver< - R = NoteResult[], - Parent = ResponseNotes, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = Maybe, - Parent = ResponseNotes, - TContext = SiemContext - > = Resolver; -} - -export namespace PinnedEventResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - pinnedEventId?: PinnedEventIdResolver; - - eventId?: EventIdResolver, TypeParent, TContext>; - - timelineId?: TimelineIdResolver, TypeParent, TContext>; - - timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - - created?: CreatedResolver, TypeParent, TContext>; - - createdBy?: CreatedByResolver, TypeParent, TContext>; - - updated?: UpdatedResolver, TypeParent, TContext>; - - updatedBy?: UpdatedByResolver, TypeParent, TContext>; - - version?: VersionResolver, TypeParent, TContext>; - } - - export type CodeResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type PinnedEventIdResolver< - R = string, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type EventIdResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type TimelineIdResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type TimelineVersionResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type CreatedResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type CreatedByResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type UpdatedResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type UpdatedByResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = PinnedEvent, - TContext = SiemContext - > = Resolver; -} - -export namespace SourceResolvers { - export interface Resolvers { - /** The id of the source */ - id?: IdResolver; - /** The raw configuration of the source */ - configuration?: ConfigurationResolver; - /** The status of the source */ - status?: StatusResolver; - /** Gets Authentication success and failures based on a timerange */ - Authentications?: AuthenticationsResolver; - - Timeline?: TimelineResolver; - - TimelineDetails?: TimelineDetailsResolver; - - LastEventTime?: LastEventTimeResolver; - /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ - Hosts?: HostsResolver; - - HostOverview?: HostOverviewResolver; - - HostFirstLastSeen?: HostFirstLastSeenResolver; - - KpiNetwork?: KpiNetworkResolver, TypeParent, TContext>; - - KpiHosts?: KpiHostsResolver; - - KpiHostDetails?: KpiHostDetailsResolver; - - MatrixHistogram?: MatrixHistogramResolver; - - NetworkTopCountries?: NetworkTopCountriesResolver< - NetworkTopCountriesData, - TypeParent, - TContext - >; - - NetworkTopNFlow?: NetworkTopNFlowResolver; - - NetworkDns?: NetworkDnsResolver; - - NetworkDnsHistogram?: NetworkDnsHistogramResolver; - - NetworkHttp?: NetworkHttpResolver; - /** Just a simple example to get the app name */ - whoAmI?: WhoAmIResolver, TypeParent, TContext>; - } - - export type IdResolver = Resolver< - R, - Parent, - TContext - >; - export type ConfigurationResolver< - R = SourceConfiguration, - Parent = Source, - TContext = SiemContext - > = Resolver; - export type StatusResolver = Resolver< - R, - Parent, - TContext - >; - export type AuthenticationsResolver< - R = AuthenticationsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface AuthenticationsArgs { - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type TimelineResolver< - R = TimelineData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface TimelineArgs { - pagination: PaginationInput; - - sortField: SortField; - - fieldRequested: string[]; - - timerange?: Maybe; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type TimelineDetailsResolver< - R = TimelineDetailsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface TimelineDetailsArgs { - eventId: string; - - indexName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type LastEventTimeResolver< - R = LastEventTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface LastEventTimeArgs { - id?: Maybe; - - indexKey: LastEventIndexKey; - - details: LastTimeDetails; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type HostsResolver = Resolver< - R, - Parent, - TContext, - HostsArgs - >; - export interface HostsArgs { - id?: Maybe; - - timerange: TimerangeInput; - - pagination: PaginationInputPaginated; - - sort: HostsSortField; - - filterQuery?: Maybe; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type HostOverviewResolver< - R = HostItem, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface HostOverviewArgs { - id?: Maybe; - - hostName: string; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type HostFirstLastSeenResolver< - R = FirstLastSeenHost, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface HostFirstLastSeenArgs { - id?: Maybe; - - hostName: string; - - defaultIndex: string[]; - - docValueFields: DocValueFieldsInput[]; - } - - export type KpiNetworkResolver< - R = Maybe, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface KpiNetworkArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - } - - export type KpiHostsResolver< - R = KpiHostsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface KpiHostsArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - } - - export type KpiHostDetailsResolver< - R = KpiHostDetailsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface KpiHostDetailsArgs { - id?: Maybe; - - timerange: TimerangeInput; - - filterQuery?: Maybe; - - defaultIndex: string[]; - } - - export type MatrixHistogramResolver< - R = MatrixHistogramOverTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface MatrixHistogramArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField: string; - - histogramType: HistogramType; - } - - export type NetworkTopCountriesResolver< - R = NetworkTopCountriesData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkTopCountriesArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type NetworkTopNFlowResolver< - R = NetworkTopNFlowData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkTopNFlowArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - flowTarget: FlowTargetSourceDest; - - pagination: PaginationInputPaginated; - - sort: NetworkTopTablesSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type NetworkDnsResolver< - R = NetworkDnsData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkDnsArgs { - filterQuery?: Maybe; - - id?: Maybe; - - isPtrIncluded: boolean; - - pagination: PaginationInputPaginated; - - sort: NetworkDnsSortField; - - stackByField?: Maybe; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type NetworkDnsHistogramResolver< - R = NetworkDsOverTimeData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkDnsHistogramArgs { - filterQuery?: Maybe; - - defaultIndex: string[]; - - timerange: TimerangeInput; - - stackByField?: Maybe; - - docValueFields: DocValueFieldsInput[]; - } - - export type NetworkHttpResolver< - R = NetworkHttpData, - Parent = Source, - TContext = SiemContext - > = Resolver; - export interface NetworkHttpArgs { - id?: Maybe; - - filterQuery?: Maybe; - - ip?: Maybe; - - pagination: PaginationInputPaginated; - - sort: NetworkHttpSortField; - - timerange: TimerangeInput; - - defaultIndex: string[]; - } - - export type WhoAmIResolver< - R = Maybe, - Parent = Source, - TContext = SiemContext - > = Resolver; -} -/** A set of configuration options for a security data source */ -export namespace SourceConfigurationResolvers { - export interface Resolvers { - /** The field mapping to use for this source */ - fields?: FieldsResolver; - } - - export type FieldsResolver< - R = SourceFields, - Parent = SourceConfiguration, - TContext = SiemContext - > = Resolver; -} -/** A mapping of semantic fields to their document counterparts */ -export namespace SourceFieldsResolvers { - export interface Resolvers { - /** The field to identify a container by */ - container?: ContainerResolver; - /** The fields to identify a host by */ - host?: HostResolver; - /** The fields that may contain the log event message. The first field found win. */ - message?: MessageResolver; - /** The field to identify a pod by */ - pod?: PodResolver; - /** The field to use as a tiebreaker for log events that have identical timestamps */ - tiebreaker?: TiebreakerResolver; - /** The field to use as a timestamp for metrics and logs */ - timestamp?: TimestampResolver; - } - - export type ContainerResolver< - R = string, - Parent = SourceFields, - TContext = SiemContext - > = Resolver; - export type HostResolver = Resolver< - R, - Parent, - TContext - >; - export type MessageResolver< - R = string[], - Parent = SourceFields, - TContext = SiemContext - > = Resolver; - export type PodResolver = Resolver< - R, - Parent, - TContext - >; - export type TiebreakerResolver< - R = string, - Parent = SourceFields, - TContext = SiemContext - > = Resolver; - export type TimestampResolver< - R = string, - Parent = SourceFields, - TContext = SiemContext - > = Resolver; -} -/** The status of an infrastructure data source */ -export namespace SourceStatusResolvers { - export interface Resolvers { - /** Whether the configured alias or wildcard pattern resolve to any auditbeat indices */ - indicesExist?: IndicesExistResolver; - /** The list of fields defined in the index mappings */ - indexFields?: IndexFieldsResolver; - } - - export type IndicesExistResolver< - R = boolean, - Parent = SourceStatus, - TContext = SiemContext - > = Resolver; - export interface IndicesExistArgs { - defaultIndex: string[]; - } - - export type IndexFieldsResolver< - R = string[], - Parent = SourceStatus, - TContext = SiemContext - > = Resolver; - export interface IndexFieldsArgs { - defaultIndex: string[]; - } -} - -export namespace AuthenticationsDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = AuthenticationsEdges[], - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = AuthenticationsData, - TContext = SiemContext - > = Resolver; -} - -export namespace AuthenticationsEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = AuthenticationItem, - Parent = AuthenticationsEdges, - TContext = SiemContext - > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = AuthenticationsEdges, - TContext = SiemContext - > = Resolver; -} - -export namespace AuthenticationItemResolvers { - export interface Resolvers { - _id?: _IdResolver; - - failures?: FailuresResolver; - - successes?: SuccessesResolver; - - user?: UserResolver; - - lastSuccess?: LastSuccessResolver, TypeParent, TContext>; - - lastFailure?: LastFailureResolver, TypeParent, TContext>; - } - - export type _IdResolver< - R = string, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type FailuresResolver< - R = number, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type SuccessesResolver< - R = number, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type UserResolver< - R = UserEcsFields, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type LastSuccessResolver< - R = Maybe, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; - export type LastFailureResolver< - R = Maybe, - Parent = AuthenticationItem, - TContext = SiemContext - > = Resolver; -} - -export namespace UserEcsFieldsResolvers { - export interface Resolvers { - domain?: DomainResolver, TypeParent, TContext>; - - id?: IdResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - full_name?: FullNameResolver, TypeParent, TContext>; - - email?: EmailResolver, TypeParent, TContext>; - - hash?: HashResolver, TypeParent, TContext>; - - group?: GroupResolver, TypeParent, TContext>; - } - - export type DomainResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type IdResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type FullNameResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type EmailResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type HashResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; - export type GroupResolver< - R = Maybe, - Parent = UserEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace LastSourceHostResolvers { - export interface Resolvers { - timestamp?: TimestampResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; - - host?: HostResolver, TypeParent, TContext>; - } - - export type TimestampResolver< - R = Maybe, - Parent = LastSourceHost, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = LastSourceHost, - TContext = SiemContext - > = Resolver; - export type HostResolver< - R = Maybe, - Parent = LastSourceHost, - TContext = SiemContext - > = Resolver; -} - -export namespace SourceEcsFieldsResolvers { - export interface Resolvers { - bytes?: BytesResolver, TypeParent, TContext>; - - ip?: IpResolver, TypeParent, TContext>; - - port?: PortResolver, TypeParent, TContext>; - - domain?: DomainResolver, TypeParent, TContext>; - - geo?: GeoResolver, TypeParent, TContext>; - - packets?: PacketsResolver, TypeParent, TContext>; - } - - export type BytesResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type IpResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type PortResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type GeoResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; - export type PacketsResolver< - R = Maybe, - Parent = SourceEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace GeoEcsFieldsResolvers { - export interface Resolvers { - city_name?: CityNameResolver, TypeParent, TContext>; - - continent_name?: ContinentNameResolver, TypeParent, TContext>; - - country_iso_code?: CountryIsoCodeResolver, TypeParent, TContext>; - - country_name?: CountryNameResolver, TypeParent, TContext>; - - location?: LocationResolver, TypeParent, TContext>; - - region_iso_code?: RegionIsoCodeResolver, TypeParent, TContext>; - - region_name?: RegionNameResolver, TypeParent, TContext>; - } - - export type CityNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type ContinentNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type CountryIsoCodeResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type CountryNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type RegionIsoCodeResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; - export type RegionNameResolver< - R = Maybe, - Parent = GeoEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace LocationResolvers { - export interface Resolvers { - lon?: LonResolver, TypeParent, TContext>; - - lat?: LatResolver, TypeParent, TContext>; - } - - export type LonResolver< - R = Maybe, - Parent = Location, - TContext = SiemContext - > = Resolver; - export type LatResolver< - R = Maybe, - Parent = Location, - TContext = SiemContext - > = Resolver; -} - -export namespace HostEcsFieldsResolvers { - export interface Resolvers { - architecture?: ArchitectureResolver, TypeParent, TContext>; - - id?: IdResolver, TypeParent, TContext>; - - ip?: IpResolver, TypeParent, TContext>; - - mac?: MacResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - os?: OsResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - } - - export type ArchitectureResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type IdResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type IpResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type MacResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type OsResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = HostEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace OsEcsFieldsResolvers { - export interface Resolvers { - platform?: PlatformResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - full?: FullResolver, TypeParent, TContext>; - - family?: FamilyResolver, TypeParent, TContext>; - - version?: VersionResolver, TypeParent, TContext>; - - kernel?: KernelResolver, TypeParent, TContext>; - } - - export type PlatformResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type FullResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type FamilyResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; - export type KernelResolver< - R = Maybe, - Parent = OsEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace CursorTypeResolvers { - export interface Resolvers { - value?: ValueResolver, TypeParent, TContext>; - - tiebreaker?: TiebreakerResolver, TypeParent, TContext>; - } - - export type ValueResolver< - R = Maybe, - Parent = CursorType, - TContext = SiemContext - > = Resolver; - export type TiebreakerResolver< - R = Maybe, - Parent = CursorType, - TContext = SiemContext - > = Resolver; -} - -export namespace PageInfoPaginatedResolvers { - export interface Resolvers { - activePage?: ActivePageResolver; - - fakeTotalCount?: FakeTotalCountResolver; - - showMorePagesIndicator?: ShowMorePagesIndicatorResolver; - } - - export type ActivePageResolver< - R = number, - Parent = PageInfoPaginated, - TContext = SiemContext - > = Resolver; - export type FakeTotalCountResolver< - R = number, - Parent = PageInfoPaginated, - TContext = SiemContext - > = Resolver; - export type ShowMorePagesIndicatorResolver< - R = boolean, - Parent = PageInfoPaginated, - TContext = SiemContext - > = Resolver; -} - -export namespace InspectResolvers { - export interface Resolvers { - dsl?: DslResolver; - - response?: ResponseResolver; - } - - export type DslResolver = Resolver< - R, - Parent, - TContext - >; - export type ResponseResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace TimelineDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = TimelineEdges[], - Parent = TimelineData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = TimelineData, - TContext = SiemContext - > = Resolver; - export type PageInfoResolver< - R = PageInfo, - Parent = TimelineData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = TimelineData, - TContext = SiemContext - > = Resolver; -} - -export namespace TimelineEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = TimelineItem, - Parent = TimelineEdges, - TContext = SiemContext - > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = TimelineEdges, - TContext = SiemContext - > = Resolver; -} - -export namespace TimelineItemResolvers { - export interface Resolvers { - _id?: _IdResolver; - - _index?: _IndexResolver, TypeParent, TContext>; - - data?: DataResolver; - - ecs?: EcsResolver; - } - - export type _IdResolver = Resolver< - R, - Parent, - TContext - >; - export type _IndexResolver< - R = Maybe, - Parent = TimelineItem, - TContext = SiemContext - > = Resolver; - export type DataResolver< - R = TimelineNonEcsData[], - Parent = TimelineItem, - TContext = SiemContext - > = Resolver; - export type EcsResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace TimelineNonEcsDataResolvers { - export interface Resolvers { - field?: FieldResolver; - - value?: ValueResolver, TypeParent, TContext>; - } - - export type FieldResolver< - R = string, - Parent = TimelineNonEcsData, - TContext = SiemContext - > = Resolver; - export type ValueResolver< - R = Maybe, - Parent = TimelineNonEcsData, - TContext = SiemContext - > = Resolver; -} - -export namespace EcsResolvers { - export interface Resolvers { - _id?: _IdResolver; - - _index?: _IndexResolver, TypeParent, TContext>; - - agent?: AgentResolver, TypeParent, TContext>; - - auditd?: AuditdResolver, TypeParent, TContext>; - - destination?: DestinationResolver, TypeParent, TContext>; - - dns?: DnsResolver, TypeParent, TContext>; - - endgame?: EndgameResolver, TypeParent, TContext>; - - event?: EventResolver, TypeParent, TContext>; - - geo?: GeoResolver, TypeParent, TContext>; - - host?: HostResolver, TypeParent, TContext>; - - network?: NetworkResolver, TypeParent, TContext>; - - rule?: RuleResolver, TypeParent, TContext>; - - signal?: SignalResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; - - suricata?: SuricataResolver, TypeParent, TContext>; - - tls?: TlsResolver, TypeParent, TContext>; - - zeek?: ZeekResolver, TypeParent, TContext>; - - http?: HttpResolver, TypeParent, TContext>; - - url?: UrlResolver, TypeParent, TContext>; - - timestamp?: TimestampResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - user?: UserResolver, TypeParent, TContext>; - - winlog?: WinlogResolver, TypeParent, TContext>; - - process?: ProcessResolver, TypeParent, TContext>; - - file?: FileResolver, TypeParent, TContext>; - - system?: SystemResolver, TypeParent, TContext>; - } - - export type _IdResolver = Resolver< - R, - Parent, - TContext - >; - export type _IndexResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type AgentResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type AuditdResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type DestinationResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type DnsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type EndgameResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type EventResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type GeoResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type HostResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type NetworkResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type RuleResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type SignalResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type SuricataResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type TlsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type ZeekResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type HttpResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type UrlResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type TimestampResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type MessageResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type UserResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type WinlogResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type ProcessResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; - export type FileResolver, Parent = Ecs, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type SystemResolver< - R = Maybe, - Parent = Ecs, - TContext = SiemContext - > = Resolver; -} - -export namespace AgentEcsFieldResolvers { - export interface Resolvers { - type?: TypeResolver, TypeParent, TContext>; - } - - export type TypeResolver< - R = Maybe, - Parent = AgentEcsField, - TContext = SiemContext - > = Resolver; -} - -export namespace AuditdEcsFieldsResolvers { - export interface Resolvers { - result?: ResultResolver, TypeParent, TContext>; - - session?: SessionResolver, TypeParent, TContext>; - - data?: DataResolver, TypeParent, TContext>; - - summary?: SummaryResolver, TypeParent, TContext>; - - sequence?: SequenceResolver, TypeParent, TContext>; - } - - export type ResultResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type SessionResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type DataResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type SummaryResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; - export type SequenceResolver< - R = Maybe, - Parent = AuditdEcsFields, - TContext = SiemContext - > = Resolver; -} - -export namespace AuditdDataResolvers { - export interface Resolvers { - acct?: AcctResolver, TypeParent, TContext>; - - terminal?: TerminalResolver, TypeParent, TContext>; - - op?: OpResolver, TypeParent, TContext>; - } - - export type AcctResolver< - R = Maybe, - Parent = AuditdData, - TContext = SiemContext - > = Resolver; - export type TerminalResolver< - R = Maybe, - Parent = AuditdData, - TContext = SiemContext - > = Resolver; - export type OpResolver< - R = Maybe, - Parent = AuditdData, - TContext = SiemContext - > = Resolver; -} - -export namespace SummaryResolvers { - export interface Resolvers { - actor?: ActorResolver, TypeParent, TContext>; - - object?: ObjectResolver, TypeParent, TContext>; - - how?: HowResolver, TypeParent, TContext>; - - message_type?: MessageTypeResolver, TypeParent, TContext>; - - sequence?: SequenceResolver, TypeParent, TContext>; - } - - export type ActorResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type ObjectResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type HowResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type MessageTypeResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; - export type SequenceResolver< - R = Maybe, - Parent = Summary, - TContext = SiemContext - > = Resolver; -} - -export namespace PrimarySecondaryResolvers { - export interface Resolvers { - primary?: PrimaryResolver, TypeParent, TContext>; - - secondary?: SecondaryResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - } - - export type PrimaryResolver< - R = Maybe, - Parent = PrimarySecondary, - TContext = SiemContext - > = Resolver; - export type SecondaryResolver< - R = Maybe, - Parent = PrimarySecondary, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = PrimarySecondary, - TContext = SiemContext - > = Resolver; -} - -export namespace DestinationEcsFieldsResolvers { - export interface Resolvers { - bytes?: BytesResolver, TypeParent, TContext>; - - ip?: IpResolver, TypeParent, TContext>; - - port?: PortResolver, TypeParent, TContext>; - - domain?: DomainResolver, TypeParent, TContext>; - - geo?: GeoResolver, TypeParent, TContext>; + export type GetAllPinnedEventsByTimelineIdResolver< + R = PinnedEvent[], + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface GetAllPinnedEventsByTimelineIdArgs { + timelineId: string; + } - packets?: PacketsResolver, TypeParent, TContext>; + export type SourceResolver = Resolver< + R, + Parent, + TContext, + SourceArgs + >; + export interface SourceArgs { + /** The id of the source */ + id: string; } - export type BytesResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type IpResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type PortResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type GeoResolver< - R = Maybe, - Parent = DestinationEcsFields, - TContext = SiemContext - > = Resolver; - export type PacketsResolver< - R = Maybe, - Parent = DestinationEcsFields, + export type AllSourcesResolver = Resolver< + R, + Parent, + TContext + >; + export type GetOneTimelineResolver< + R = TimelineResult, + Parent = {}, TContext = SiemContext - > = Resolver; -} - -export namespace DnsEcsFieldsResolvers { - export interface Resolvers { - question?: QuestionResolver, TypeParent, TContext>; - - resolved_ip?: ResolvedIpResolver, TypeParent, TContext>; - - response_code?: ResponseCodeResolver, TypeParent, TContext>; + > = Resolver; + export interface GetOneTimelineArgs { + id: string; } - export type QuestionResolver< - R = Maybe, - Parent = DnsEcsFields, - TContext = SiemContext - > = Resolver; - export type ResolvedIpResolver< - R = Maybe, - Parent = DnsEcsFields, - TContext = SiemContext - > = Resolver; - export type ResponseCodeResolver< - R = Maybe, - Parent = DnsEcsFields, + export type GetAllTimelineResolver< + R = ResponseTimelines, + Parent = {}, TContext = SiemContext - > = Resolver; -} - -export namespace DnsQuestionDataResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; + > = Resolver; + export interface GetAllTimelineArgs { + pageInfo: PageInfoTimeline; - type?: TypeResolver, TypeParent, TContext>; - } + search?: Maybe; - export type NameResolver< - R = Maybe, - Parent = DnsQuestionData, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = DnsQuestionData, - TContext = SiemContext - > = Resolver; -} + sort?: Maybe; -export namespace EndgameEcsFieldsResolvers { - export interface Resolvers { - exit_code?: ExitCodeResolver, TypeParent, TContext>; + onlyUserFavorite?: Maybe; - file_name?: FileNameResolver, TypeParent, TContext>; + timelineType?: Maybe; - file_path?: FilePathResolver, TypeParent, TContext>; + status?: Maybe; + } +} - logon_type?: LogonTypeResolver, TypeParent, TContext>; +export namespace NoteResultResolvers { + export interface Resolvers { + eventId?: EventIdResolver, TypeParent, TContext>; - parent_process_name?: ParentProcessNameResolver, TypeParent, TContext>; + note?: NoteResolver, TypeParent, TContext>; - pid?: PidResolver, TypeParent, TContext>; + timelineId?: TimelineIdResolver, TypeParent, TContext>; - process_name?: ProcessNameResolver, TypeParent, TContext>; + noteId?: NoteIdResolver; - subject_domain_name?: SubjectDomainNameResolver, TypeParent, TContext>; + created?: CreatedResolver, TypeParent, TContext>; - subject_logon_id?: SubjectLogonIdResolver, TypeParent, TContext>; + createdBy?: CreatedByResolver, TypeParent, TContext>; - subject_user_name?: SubjectUserNameResolver, TypeParent, TContext>; + timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - target_domain_name?: TargetDomainNameResolver, TypeParent, TContext>; + updated?: UpdatedResolver, TypeParent, TContext>; - target_logon_id?: TargetLogonIdResolver, TypeParent, TContext>; + updatedBy?: UpdatedByResolver, TypeParent, TContext>; - target_user_name?: TargetUserNameResolver, TypeParent, TContext>; + version?: VersionResolver, TypeParent, TContext>; } - export type ExitCodeResolver< - R = Maybe, - Parent = EndgameEcsFields, - TContext = SiemContext - > = Resolver; - export type FileNameResolver< - R = Maybe, - Parent = EndgameEcsFields, - TContext = SiemContext - > = Resolver; - export type FilePathResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type EventIdResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type LogonTypeResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type NoteResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type ParentProcessNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type TimelineIdResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type PidResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type NoteIdResolver = Resolver< + R, + Parent, + TContext + >; + export type CreatedResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type ProcessNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type CreatedByResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type SubjectDomainNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type TimelineVersionResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type SubjectLogonIdResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type UpdatedResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type SubjectUserNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type UpdatedByResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type TargetDomainNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type VersionResolver< + R = Maybe, + Parent = NoteResult, TContext = SiemContext > = Resolver; - export type TargetLogonIdResolver< - R = Maybe, - Parent = EndgameEcsFields, +} + +export namespace ResponseNotesResolvers { + export interface Resolvers { + notes?: NotesResolver; + + totalCount?: TotalCountResolver, TypeParent, TContext>; + } + + export type NotesResolver< + R = NoteResult[], + Parent = ResponseNotes, TContext = SiemContext > = Resolver; - export type TargetUserNameResolver< - R = Maybe, - Parent = EndgameEcsFields, + export type TotalCountResolver< + R = Maybe, + Parent = ResponseNotes, TContext = SiemContext > = Resolver; } -export namespace EventEcsFieldsResolvers { - export interface Resolvers { - action?: ActionResolver, TypeParent, TContext>; - - category?: CategoryResolver, TypeParent, TContext>; - - code?: CodeResolver, TypeParent, TContext>; - - created?: CreatedResolver, TypeParent, TContext>; - - dataset?: DatasetResolver, TypeParent, TContext>; - - duration?: DurationResolver, TypeParent, TContext>; - - end?: EndResolver, TypeParent, TContext>; - - hash?: HashResolver, TypeParent, TContext>; - - id?: IdResolver, TypeParent, TContext>; +export namespace PinnedEventResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; - kind?: KindResolver, TypeParent, TContext>; + message?: MessageResolver, TypeParent, TContext>; - module?: ModuleResolver, TypeParent, TContext>; + pinnedEventId?: PinnedEventIdResolver; - original?: OriginalResolver, TypeParent, TContext>; + eventId?: EventIdResolver, TypeParent, TContext>; - outcome?: OutcomeResolver, TypeParent, TContext>; + timelineId?: TimelineIdResolver, TypeParent, TContext>; - risk_score?: RiskScoreResolver, TypeParent, TContext>; + timelineVersion?: TimelineVersionResolver, TypeParent, TContext>; - risk_score_norm?: RiskScoreNormResolver, TypeParent, TContext>; + created?: CreatedResolver, TypeParent, TContext>; - severity?: SeverityResolver, TypeParent, TContext>; + createdBy?: CreatedByResolver, TypeParent, TContext>; - start?: StartResolver, TypeParent, TContext>; + updated?: UpdatedResolver, TypeParent, TContext>; - timezone?: TimezoneResolver, TypeParent, TContext>; + updatedBy?: UpdatedByResolver, TypeParent, TContext>; - type?: TypeResolver, TypeParent, TContext>; + version?: VersionResolver, TypeParent, TContext>; } - export type ActionResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type CategoryResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; export type CodeResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type CreatedResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type DatasetResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type DurationResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type EndResolver< - R = Maybe, - Parent = EventEcsFields, - TContext = SiemContext - > = Resolver; - export type HashResolver< - R = Maybe, - Parent = EventEcsFields, + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type IdResolver< - R = Maybe, - Parent = EventEcsFields, + export type MessageResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type KindResolver< - R = Maybe, - Parent = EventEcsFields, + export type PinnedEventIdResolver< + R = string, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type ModuleResolver< - R = Maybe, - Parent = EventEcsFields, + export type EventIdResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type OriginalResolver< - R = Maybe, - Parent = EventEcsFields, + export type TimelineIdResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type OutcomeResolver< - R = Maybe, - Parent = EventEcsFields, + export type TimelineVersionResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type RiskScoreResolver< - R = Maybe, - Parent = EventEcsFields, + export type CreatedResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type RiskScoreNormResolver< - R = Maybe, - Parent = EventEcsFields, + export type CreatedByResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type SeverityResolver< - R = Maybe, - Parent = EventEcsFields, + export type UpdatedResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type StartResolver< - R = Maybe, - Parent = EventEcsFields, + export type UpdatedByResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type TimezoneResolver< - R = Maybe, - Parent = EventEcsFields, + export type VersionResolver< + R = Maybe, + Parent = PinnedEvent, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = EventEcsFields, +} + +export namespace SourceResolvers { + export interface Resolvers { + /** The id of the source */ + id?: IdResolver; + /** The raw configuration of the source */ + configuration?: ConfigurationResolver; + /** The status of the source */ + status?: StatusResolver; + /** Gets Hosts based on timerange and specified criteria, or all events in the timerange if no criteria is specified */ + Hosts?: HostsResolver; + + HostOverview?: HostOverviewResolver; + + HostFirstLastSeen?: HostFirstLastSeenResolver; + } + + export type IdResolver = Resolver< + R, + Parent, + TContext + >; + export type ConfigurationResolver< + R = SourceConfiguration, + Parent = Source, TContext = SiemContext > = Resolver; -} + export type StatusResolver = Resolver< + R, + Parent, + TContext + >; + export type HostsResolver = Resolver< + R, + Parent, + TContext, + HostsArgs + >; + export interface HostsArgs { + id?: Maybe; -export namespace NetworkEcsFieldResolvers { - export interface Resolvers { - bytes?: BytesResolver, TypeParent, TContext>; + timerange: TimerangeInput; - community_id?: CommunityIdResolver, TypeParent, TContext>; + pagination: PaginationInputPaginated; - direction?: DirectionResolver, TypeParent, TContext>; + sort: HostsSortField; - packets?: PacketsResolver, TypeParent, TContext>; + filterQuery?: Maybe; - protocol?: ProtocolResolver, TypeParent, TContext>; + defaultIndex: string[]; - transport?: TransportResolver, TypeParent, TContext>; + docValueFields: DocValueFieldsInput[]; } - export type BytesResolver< - R = Maybe, - Parent = NetworkEcsField, + export type HostOverviewResolver< + R = HostItem, + Parent = Source, TContext = SiemContext - > = Resolver; - export type CommunityIdResolver< - R = Maybe, - Parent = NetworkEcsField, + > = Resolver; + export interface HostOverviewArgs { + id?: Maybe; + + hostName: string; + + timerange: TimerangeInput; + + defaultIndex: string[]; + } + + export type HostFirstLastSeenResolver< + R = FirstLastSeenHost, + Parent = Source, + TContext = SiemContext + > = Resolver; + export interface HostFirstLastSeenArgs { + id?: Maybe; + + hostName: string; + + defaultIndex: string[]; + + docValueFields: DocValueFieldsInput[]; + } +} +/** A set of configuration options for a security data source */ +export namespace SourceConfigurationResolvers { + export interface Resolvers { + /** The field mapping to use for this source */ + fields?: FieldsResolver; + } + + export type FieldsResolver< + R = SourceFields, + Parent = SourceConfiguration, TContext = SiemContext > = Resolver; - export type DirectionResolver< - R = Maybe, - Parent = NetworkEcsField, +} +/** A mapping of semantic fields to their document counterparts */ +export namespace SourceFieldsResolvers { + export interface Resolvers { + /** The field to identify a container by */ + container?: ContainerResolver; + /** The fields to identify a host by */ + host?: HostResolver; + /** The fields that may contain the log event message. The first field found win. */ + message?: MessageResolver; + /** The field to identify a pod by */ + pod?: PodResolver; + /** The field to use as a tiebreaker for log events that have identical timestamps */ + tiebreaker?: TiebreakerResolver; + /** The field to use as a timestamp for metrics and logs */ + timestamp?: TimestampResolver; + } + + export type ContainerResolver< + R = string, + Parent = SourceFields, TContext = SiemContext > = Resolver; - export type PacketsResolver< - R = Maybe, - Parent = NetworkEcsField, + export type HostResolver = Resolver< + R, + Parent, + TContext + >; + export type MessageResolver< + R = string[], + Parent = SourceFields, TContext = SiemContext > = Resolver; - export type ProtocolResolver< - R = Maybe, - Parent = NetworkEcsField, + export type PodResolver = Resolver< + R, + Parent, + TContext + >; + export type TiebreakerResolver< + R = string, + Parent = SourceFields, TContext = SiemContext > = Resolver; - export type TransportResolver< - R = Maybe, - Parent = NetworkEcsField, + export type TimestampResolver< + R = string, + Parent = SourceFields, TContext = SiemContext > = Resolver; } +/** The status of an infrastructure data source */ +export namespace SourceStatusResolvers { + export interface Resolvers { + /** Whether the configured alias or wildcard pattern resolve to any auditbeat indices */ + indicesExist?: IndicesExistResolver; + /** The list of fields defined in the index mappings */ + indexFields?: IndexFieldsResolver; + } -export namespace RuleEcsFieldResolvers { - export interface Resolvers { - reference?: ReferenceResolver, TypeParent, TContext>; + export type IndicesExistResolver< + R = boolean, + Parent = SourceStatus, + TContext = SiemContext + > = Resolver; + export interface IndicesExistArgs { + defaultIndex: string[]; } - export type ReferenceResolver< - R = Maybe, - Parent = RuleEcsField, + export type IndexFieldsResolver< + R = string[], + Parent = SourceStatus, TContext = SiemContext - > = Resolver; + > = Resolver; + export interface IndexFieldsArgs { + defaultIndex: string[]; + } } -export namespace SignalFieldResolvers { - export interface Resolvers { - rule?: RuleResolver, TypeParent, TContext>; +export namespace HostsDataResolvers { + export interface Resolvers { + edges?: EdgesResolver; - original_time?: OriginalTimeResolver, TypeParent, TContext>; + totalCount?: TotalCountResolver; - status?: StatusResolver, TypeParent, TContext>; + pageInfo?: PageInfoResolver; + + inspect?: InspectResolver, TypeParent, TContext>; } - export type RuleResolver< - R = Maybe, - Parent = SignalField, + export type EdgesResolver< + R = HostsEdges[], + Parent = HostsData, TContext = SiemContext > = Resolver; - export type OriginalTimeResolver< - R = Maybe, - Parent = SignalField, + export type TotalCountResolver = Resolver< + R, + Parent, + TContext + >; + export type PageInfoResolver< + R = PageInfoPaginated, + Parent = HostsData, TContext = SiemContext > = Resolver; - export type StatusResolver< - R = Maybe, - Parent = SignalField, + export type InspectResolver< + R = Maybe, + Parent = HostsData, TContext = SiemContext > = Resolver; } -export namespace RuleFieldResolvers { - export interface Resolvers { - id?: IdResolver, TypeParent, TContext>; - - rule_id?: RuleIdResolver, TypeParent, TContext>; - - false_positives?: FalsePositivesResolver; - - saved_id?: SavedIdResolver, TypeParent, TContext>; - - timeline_id?: TimelineIdResolver, TypeParent, TContext>; - - timeline_title?: TimelineTitleResolver, TypeParent, TContext>; - - max_signals?: MaxSignalsResolver, TypeParent, TContext>; - - risk_score?: RiskScoreResolver, TypeParent, TContext>; - - output_index?: OutputIndexResolver, TypeParent, TContext>; - - description?: DescriptionResolver, TypeParent, TContext>; - - from?: FromResolver, TypeParent, TContext>; - - immutable?: ImmutableResolver, TypeParent, TContext>; - - index?: IndexResolver, TypeParent, TContext>; - - interval?: IntervalResolver, TypeParent, TContext>; - - language?: LanguageResolver, TypeParent, TContext>; - - query?: QueryResolver, TypeParent, TContext>; - - references?: ReferencesResolver, TypeParent, TContext>; - - severity?: SeverityResolver, TypeParent, TContext>; - - tags?: TagsResolver, TypeParent, TContext>; - - threat?: ThreatResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - - size?: SizeResolver, TypeParent, TContext>; - - to?: ToResolver, TypeParent, TContext>; - - enabled?: EnabledResolver, TypeParent, TContext>; - - filters?: FiltersResolver, TypeParent, TContext>; +export namespace HostsEdgesResolvers { + export interface Resolvers { + node?: NodeResolver; - created_at?: CreatedAtResolver, TypeParent, TContext>; + cursor?: CursorResolver; + } - updated_at?: UpdatedAtResolver, TypeParent, TContext>; + export type NodeResolver = Resolver< + R, + Parent, + TContext + >; + export type CursorResolver< + R = CursorType, + Parent = HostsEdges, + TContext = SiemContext + > = Resolver; +} - created_by?: CreatedByResolver, TypeParent, TContext>; +export namespace HostItemResolvers { + export interface Resolvers { + _id?: _IdResolver, TypeParent, TContext>; - updated_by?: UpdatedByResolver, TypeParent, TContext>; + cloud?: CloudResolver, TypeParent, TContext>; - version?: VersionResolver, TypeParent, TContext>; + endpoint?: EndpointResolver, TypeParent, TContext>; - note?: NoteResolver, TypeParent, TContext>; + host?: HostResolver, TypeParent, TContext>; - threshold?: ThresholdResolver, TypeParent, TContext>; + inspect?: InspectResolver, TypeParent, TContext>; - exceptions_list?: ExceptionsListResolver, TypeParent, TContext>; + lastSeen?: LastSeenResolver, TypeParent, TContext>; } - export type IdResolver< - R = Maybe, - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type RuleIdResolver< - R = Maybe, - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type FalsePositivesResolver< - R = string[], - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type SavedIdResolver< - R = Maybe, - Parent = RuleField, + export type _IdResolver, Parent = HostItem, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type CloudResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type TimelineIdResolver< - R = Maybe, - Parent = RuleField, + export type EndpointResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type TimelineTitleResolver< - R = Maybe, - Parent = RuleField, + export type HostResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type MaxSignalsResolver< - R = Maybe, - Parent = RuleField, + export type InspectResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type RiskScoreResolver< - R = Maybe, - Parent = RuleField, + export type LastSeenResolver< + R = Maybe, + Parent = HostItem, TContext = SiemContext > = Resolver; - export type OutputIndexResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace CloudFieldsResolvers { + export interface Resolvers { + instance?: InstanceResolver, TypeParent, TContext>; + + machine?: MachineResolver, TypeParent, TContext>; + + provider?: ProviderResolver)[]>, TypeParent, TContext>; + + region?: RegionResolver)[]>, TypeParent, TContext>; + } + + export type InstanceResolver< + R = Maybe, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type DescriptionResolver< - R = Maybe, - Parent = RuleField, + export type MachineResolver< + R = Maybe, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type FromResolver< - R = Maybe, - Parent = RuleField, + export type ProviderResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type ImmutableResolver< - R = Maybe, - Parent = RuleField, + export type RegionResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudFields, TContext = SiemContext > = Resolver; - export type IndexResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace CloudInstanceResolvers { + export interface Resolvers { + id?: IdResolver)[]>, TypeParent, TContext>; + } + + export type IdResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudInstance, TContext = SiemContext > = Resolver; - export type IntervalResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace CloudMachineResolvers { + export interface Resolvers { + type?: TypeResolver)[]>, TypeParent, TContext>; + } + + export type TypeResolver< + R = Maybe<(Maybe)[]>, + Parent = CloudMachine, TContext = SiemContext > = Resolver; - export type LanguageResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace EndpointFieldsResolvers { + export interface Resolvers { + endpointPolicy?: EndpointPolicyResolver, TypeParent, TContext>; + + sensorVersion?: SensorVersionResolver, TypeParent, TContext>; + + policyStatus?: PolicyStatusResolver< + Maybe, + TypeParent, + TContext + >; + } + + export type EndpointPolicyResolver< + R = Maybe, + Parent = EndpointFields, TContext = SiemContext > = Resolver; - export type QueryResolver< - R = Maybe, - Parent = RuleField, + export type SensorVersionResolver< + R = Maybe, + Parent = EndpointFields, TContext = SiemContext > = Resolver; - export type ReferencesResolver< - R = Maybe, - Parent = RuleField, + export type PolicyStatusResolver< + R = Maybe, + Parent = EndpointFields, TContext = SiemContext > = Resolver; - export type SeverityResolver< +} + +export namespace HostEcsFieldsResolvers { + export interface Resolvers { + architecture?: ArchitectureResolver, TypeParent, TContext>; + + id?: IdResolver, TypeParent, TContext>; + + ip?: IpResolver, TypeParent, TContext>; + + mac?: MacResolver, TypeParent, TContext>; + + name?: NameResolver, TypeParent, TContext>; + + os?: OsResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + } + + export type ArchitectureResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type TagsResolver< + export type IdResolver< R = Maybe, - Parent = RuleField, - TContext = SiemContext - > = Resolver; - export type ThreatResolver< - R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type TypeResolver< + export type IpResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type SizeResolver< + export type MacResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type ToResolver< + export type NameResolver< R = Maybe, - Parent = RuleField, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type EnabledResolver< - R = Maybe, - Parent = RuleField, + export type OsResolver< + R = Maybe, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type FiltersResolver< - R = Maybe, - Parent = RuleField, + export type TypeResolver< + R = Maybe, + Parent = HostEcsFields, TContext = SiemContext > = Resolver; - export type CreatedAtResolver< +} + +export namespace OsEcsFieldsResolvers { + export interface Resolvers { + platform?: PlatformResolver, TypeParent, TContext>; + + name?: NameResolver, TypeParent, TContext>; + + full?: FullResolver, TypeParent, TContext>; + + family?: FamilyResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; + + kernel?: KernelResolver, TypeParent, TContext>; + } + + export type PlatformResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type UpdatedAtResolver< + export type NameResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type CreatedByResolver< + export type FullResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type UpdatedByResolver< + export type FamilyResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; export type VersionResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type NoteResolver< + export type KernelResolver< R = Maybe, - Parent = RuleField, + Parent = OsEcsFields, TContext = SiemContext > = Resolver; - export type ThresholdResolver< - R = Maybe, - Parent = RuleField, +} + +export namespace InspectResolvers { + export interface Resolvers { + dsl?: DslResolver; + + response?: ResponseResolver; + } + + export type DslResolver = Resolver< + R, + Parent, + TContext + >; + export type ResponseResolver = Resolver< + R, + Parent, + TContext + >; +} + +export namespace CursorTypeResolvers { + export interface Resolvers { + value?: ValueResolver, TypeParent, TContext>; + + tiebreaker?: TiebreakerResolver, TypeParent, TContext>; + } + + export type ValueResolver< + R = Maybe, + Parent = CursorType, TContext = SiemContext > = Resolver; - export type ExceptionsListResolver< - R = Maybe, - Parent = RuleField, + export type TiebreakerResolver< + R = Maybe, + Parent = CursorType, TContext = SiemContext > = Resolver; } -export namespace SuricataEcsFieldsResolvers { - export interface Resolvers { - eve?: EveResolver, TypeParent, TContext>; +export namespace PageInfoPaginatedResolvers { + export interface Resolvers { + activePage?: ActivePageResolver; + + fakeTotalCount?: FakeTotalCountResolver; + + showMorePagesIndicator?: ShowMorePagesIndicatorResolver; } - export type EveResolver< - R = Maybe, - Parent = SuricataEcsFields, + export type ActivePageResolver< + R = number, + Parent = PageInfoPaginated, + TContext = SiemContext + > = Resolver; + export type FakeTotalCountResolver< + R = number, + Parent = PageInfoPaginated, + TContext = SiemContext + > = Resolver; + export type ShowMorePagesIndicatorResolver< + R = boolean, + Parent = PageInfoPaginated, TContext = SiemContext > = Resolver; } -export namespace SuricataEveDataResolvers { - export interface Resolvers { - alert?: AlertResolver, TypeParent, TContext>; +export namespace FirstLastSeenHostResolvers { + export interface Resolvers { + inspect?: InspectResolver, TypeParent, TContext>; - flow_id?: FlowIdResolver, TypeParent, TContext>; + firstSeen?: FirstSeenResolver, TypeParent, TContext>; - proto?: ProtoResolver, TypeParent, TContext>; + lastSeen?: LastSeenResolver, TypeParent, TContext>; } - export type AlertResolver< - R = Maybe, - Parent = SuricataEveData, + export type InspectResolver< + R = Maybe, + Parent = FirstLastSeenHost, TContext = SiemContext > = Resolver; - export type FlowIdResolver< - R = Maybe, - Parent = SuricataEveData, + export type FirstSeenResolver< + R = Maybe, + Parent = FirstLastSeenHost, TContext = SiemContext > = Resolver; - export type ProtoResolver< - R = Maybe, - Parent = SuricataEveData, + export type LastSeenResolver< + R = Maybe, + Parent = FirstLastSeenHost, TContext = SiemContext > = Resolver; } -export namespace SuricataAlertDataResolvers { - export interface Resolvers { - signature?: SignatureResolver, TypeParent, TContext>; +export namespace TimelineResultResolvers { + export interface Resolvers { + columns?: ColumnsResolver, TypeParent, TContext>; + + created?: CreatedResolver, TypeParent, TContext>; + + createdBy?: CreatedByResolver, TypeParent, TContext>; + + dataProviders?: DataProvidersResolver, TypeParent, TContext>; + + dateRange?: DateRangeResolver, TypeParent, TContext>; + + description?: DescriptionResolver, TypeParent, TContext>; - signature_id?: SignatureIdResolver, TypeParent, TContext>; - } + eventIdToNoteIds?: EventIdToNoteIdsResolver, TypeParent, TContext>; - export type SignatureResolver< - R = Maybe, - Parent = SuricataAlertData, - TContext = SiemContext - > = Resolver; - export type SignatureIdResolver< - R = Maybe, - Parent = SuricataAlertData, - TContext = SiemContext - > = Resolver; -} + eventType?: EventTypeResolver, TypeParent, TContext>; -export namespace TlsEcsFieldsResolvers { - export interface Resolvers { - client_certificate?: ClientCertificateResolver< - Maybe, + excludedRowRendererIds?: ExcludedRowRendererIdsResolver< + Maybe, TypeParent, TContext >; - fingerprints?: FingerprintsResolver, TypeParent, TContext>; + favorite?: FavoriteResolver, TypeParent, TContext>; - server_certificate?: ServerCertificateResolver< - Maybe, + filters?: FiltersResolver, TypeParent, TContext>; + + kqlMode?: KqlModeResolver, TypeParent, TContext>; + + kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + + indexNames?: IndexNamesResolver, TypeParent, TContext>; + + notes?: NotesResolver, TypeParent, TContext>; + + noteIds?: NoteIdsResolver, TypeParent, TContext>; + + pinnedEventIds?: PinnedEventIdsResolver, TypeParent, TContext>; + + pinnedEventsSaveObject?: PinnedEventsSaveObjectResolver< + Maybe, TypeParent, TContext >; + + savedQueryId?: SavedQueryIdResolver, TypeParent, TContext>; + + savedObjectId?: SavedObjectIdResolver; + + sort?: SortResolver, TypeParent, TContext>; + + status?: StatusResolver, TypeParent, TContext>; + + title?: TitleResolver, TypeParent, TContext>; + + templateTimelineId?: TemplateTimelineIdResolver, TypeParent, TContext>; + + templateTimelineVersion?: TemplateTimelineVersionResolver, TypeParent, TContext>; + + timelineType?: TimelineTypeResolver, TypeParent, TContext>; + + updated?: UpdatedResolver, TypeParent, TContext>; + + updatedBy?: UpdatedByResolver, TypeParent, TContext>; + + version?: VersionResolver; } - export type ClientCertificateResolver< - R = Maybe, - Parent = TlsEcsFields, + export type ColumnsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type FingerprintsResolver< - R = Maybe, - Parent = TlsEcsFields, + export type CreatedResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type ServerCertificateResolver< - R = Maybe, - Parent = TlsEcsFields, + export type CreatedByResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsClientCertificateDataResolvers { - export interface Resolvers { - fingerprint?: FingerprintResolver, TypeParent, TContext>; - } - - export type FingerprintResolver< - R = Maybe, - Parent = TlsClientCertificateData, + export type DataProvidersResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace FingerprintDataResolvers { - export interface Resolvers { - sha1?: Sha1Resolver, TypeParent, TContext>; - } - - export type Sha1Resolver< - R = Maybe, - Parent = FingerprintData, + export type DateRangeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsFingerprintsDataResolvers { - export interface Resolvers { - ja3?: Ja3Resolver, TypeParent, TContext>; - } - - export type Ja3Resolver< - R = Maybe, - Parent = TlsFingerprintsData, + export type DescriptionResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsJa3DataResolvers { - export interface Resolvers { - hash?: HashResolver, TypeParent, TContext>; - } - - export type HashResolver< - R = Maybe, - Parent = TlsJa3Data, + export type EventIdToNoteIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace TlsServerCertificateDataResolvers { - export interface Resolvers { - fingerprint?: FingerprintResolver, TypeParent, TContext>; - } - - export type FingerprintResolver< - R = Maybe, - Parent = TlsServerCertificateData, + export type EventTypeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace ZeekEcsFieldsResolvers { - export interface Resolvers { - session_id?: SessionIdResolver, TypeParent, TContext>; - - connection?: ConnectionResolver, TypeParent, TContext>; - - notice?: NoticeResolver, TypeParent, TContext>; - - dns?: DnsResolver, TypeParent, TContext>; - - http?: HttpResolver, TypeParent, TContext>; - - files?: FilesResolver, TypeParent, TContext>; - - ssl?: SslResolver, TypeParent, TContext>; - } - - export type SessionIdResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type ExcludedRowRendererIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type ConnectionResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type FavoriteResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type NoticeResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type FiltersResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type DnsResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type KqlModeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type HttpResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type KqlQueryResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type FilesResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type IndexNamesResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type SslResolver< - R = Maybe, - Parent = ZeekEcsFields, + export type NotesResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace ZeekConnectionDataResolvers { - export interface Resolvers { - local_resp?: LocalRespResolver, TypeParent, TContext>; - - local_orig?: LocalOrigResolver, TypeParent, TContext>; - - missed_bytes?: MissedBytesResolver, TypeParent, TContext>; - - state?: StateResolver, TypeParent, TContext>; - - history?: HistoryResolver, TypeParent, TContext>; - } - - export type LocalRespResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type NoteIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type LocalOrigResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type PinnedEventIdsResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type MissedBytesResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type PinnedEventsSaveObjectResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type StateResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type SavedQueryIdResolver< + R = Maybe, + Parent = TimelineResult, + TContext = SiemContext + > = Resolver; + export type SavedObjectIdResolver< + R = string, + Parent = TimelineResult, + TContext = SiemContext + > = Resolver; + export type SortResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type HistoryResolver< - R = Maybe, - Parent = ZeekConnectionData, + export type StatusResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace ZeekNoticeDataResolvers { - export interface Resolvers { - suppress_for?: SuppressForResolver, TypeParent, TContext>; - - msg?: MsgResolver, TypeParent, TContext>; - - note?: NoteResolver, TypeParent, TContext>; - - sub?: SubResolver, TypeParent, TContext>; - - dst?: DstResolver, TypeParent, TContext>; - - dropped?: DroppedResolver, TypeParent, TContext>; - - peer_descr?: PeerDescrResolver, TypeParent, TContext>; - } - - export type SuppressForResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TitleResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type MsgResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TemplateTimelineIdResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type NoteResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TemplateTimelineVersionResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type SubResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type TimelineTypeResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type DstResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type UpdatedResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type DroppedResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type UpdatedByResolver< + R = Maybe, + Parent = TimelineResult, TContext = SiemContext > = Resolver; - export type PeerDescrResolver< - R = Maybe, - Parent = ZeekNoticeData, + export type VersionResolver< + R = string, + Parent = TimelineResult, TContext = SiemContext > = Resolver; } -export namespace ZeekDnsDataResolvers { - export interface Resolvers { - AA?: AaResolver, TypeParent, TContext>; +export namespace ColumnHeaderResultResolvers { + export interface Resolvers { + aggregatable?: AggregatableResolver, TypeParent, TContext>; - qclass_name?: QclassNameResolver, TypeParent, TContext>; + category?: CategoryResolver, TypeParent, TContext>; - RD?: RdResolver, TypeParent, TContext>; + columnHeaderType?: ColumnHeaderTypeResolver, TypeParent, TContext>; - qtype_name?: QtypeNameResolver, TypeParent, TContext>; + description?: DescriptionResolver, TypeParent, TContext>; - rejected?: RejectedResolver, TypeParent, TContext>; + example?: ExampleResolver, TypeParent, TContext>; - qtype?: QtypeResolver, TypeParent, TContext>; + indexes?: IndexesResolver, TypeParent, TContext>; - query?: QueryResolver, TypeParent, TContext>; + id?: IdResolver, TypeParent, TContext>; - trans_id?: TransIdResolver, TypeParent, TContext>; + name?: NameResolver, TypeParent, TContext>; - qclass?: QclassResolver, TypeParent, TContext>; + placeholder?: PlaceholderResolver, TypeParent, TContext>; - RA?: RaResolver, TypeParent, TContext>; + searchable?: SearchableResolver, TypeParent, TContext>; - TC?: TcResolver, TypeParent, TContext>; + type?: TypeResolver, TypeParent, TContext>; } - export type AaResolver< - R = Maybe, - Parent = ZeekDnsData, + export type AggregatableResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QclassNameResolver< - R = Maybe, - Parent = ZeekDnsData, + export type CategoryResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type RdResolver< - R = Maybe, - Parent = ZeekDnsData, + export type ColumnHeaderTypeResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QtypeNameResolver< - R = Maybe, - Parent = ZeekDnsData, + export type DescriptionResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type RejectedResolver< - R = Maybe, - Parent = ZeekDnsData, + export type ExampleResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QtypeResolver< - R = Maybe, - Parent = ZeekDnsData, + export type IndexesResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QueryResolver< - R = Maybe, - Parent = ZeekDnsData, + export type IdResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type TransIdResolver< - R = Maybe, - Parent = ZeekDnsData, + export type NameResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type QclassResolver< - R = Maybe, - Parent = ZeekDnsData, + export type PlaceholderResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type RaResolver< - R = Maybe, - Parent = ZeekDnsData, + export type SearchableResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; - export type TcResolver< - R = Maybe, - Parent = ZeekDnsData, + export type TypeResolver< + R = Maybe, + Parent = ColumnHeaderResult, TContext = SiemContext > = Resolver; } -export namespace ZeekHttpDataResolvers { - export interface Resolvers { - resp_mime_types?: RespMimeTypesResolver, TypeParent, TContext>; +export namespace DataProviderResultResolvers { + export interface Resolvers { + id?: IdResolver, TypeParent, TContext>; - trans_depth?: TransDepthResolver, TypeParent, TContext>; + name?: NameResolver, TypeParent, TContext>; - status_msg?: StatusMsgResolver, TypeParent, TContext>; + enabled?: EnabledResolver, TypeParent, TContext>; - resp_fuids?: RespFuidsResolver, TypeParent, TContext>; + excluded?: ExcludedResolver, TypeParent, TContext>; - tags?: TagsResolver, TypeParent, TContext>; + kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + + queryMatch?: QueryMatchResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + and?: AndResolver, TypeParent, TContext>; } - export type RespMimeTypesResolver< - R = Maybe, - Parent = ZeekHttpData, + export type IdResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type TransDepthResolver< - R = Maybe, - Parent = ZeekHttpData, + export type NameResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type StatusMsgResolver< - R = Maybe, - Parent = ZeekHttpData, + export type EnabledResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type RespFuidsResolver< - R = Maybe, - Parent = ZeekHttpData, + export type ExcludedResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; - export type TagsResolver< - R = Maybe, - Parent = ZeekHttpData, + export type KqlQueryResolver< + R = Maybe, + Parent = DataProviderResult, + TContext = SiemContext + > = Resolver; + export type QueryMatchResolver< + R = Maybe, + Parent = DataProviderResult, + TContext = SiemContext + > = Resolver; + export type TypeResolver< + R = Maybe, + Parent = DataProviderResult, + TContext = SiemContext + > = Resolver; + export type AndResolver< + R = Maybe, + Parent = DataProviderResult, TContext = SiemContext > = Resolver; } -export namespace ZeekFileDataResolvers { - export interface Resolvers { - session_ids?: SessionIdsResolver, TypeParent, TContext>; - - timedout?: TimedoutResolver, TypeParent, TContext>; - - local_orig?: LocalOrigResolver, TypeParent, TContext>; - - tx_host?: TxHostResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; - - is_orig?: IsOrigResolver, TypeParent, TContext>; - - overflow_bytes?: OverflowBytesResolver, TypeParent, TContext>; - - sha1?: Sha1Resolver, TypeParent, TContext>; - - duration?: DurationResolver, TypeParent, TContext>; - - depth?: DepthResolver, TypeParent, TContext>; - - analyzers?: AnalyzersResolver, TypeParent, TContext>; - - mime_type?: MimeTypeResolver, TypeParent, TContext>; - - rx_host?: RxHostResolver, TypeParent, TContext>; - - total_bytes?: TotalBytesResolver, TypeParent, TContext>; +export namespace QueryMatchResultResolvers { + export interface Resolvers { + field?: FieldResolver, TypeParent, TContext>; - fuid?: FuidResolver, TypeParent, TContext>; + displayField?: DisplayFieldResolver, TypeParent, TContext>; - seen_bytes?: SeenBytesResolver, TypeParent, TContext>; + value?: ValueResolver, TypeParent, TContext>; - missing_bytes?: MissingBytesResolver, TypeParent, TContext>; + displayValue?: DisplayValueResolver, TypeParent, TContext>; - md5?: Md5Resolver, TypeParent, TContext>; + operator?: OperatorResolver, TypeParent, TContext>; } - export type SessionIdsResolver< - R = Maybe, - Parent = ZeekFileData, - TContext = SiemContext - > = Resolver; - export type TimedoutResolver< - R = Maybe, - Parent = ZeekFileData, + export type FieldResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type LocalOrigResolver< - R = Maybe, - Parent = ZeekFileData, + export type DisplayFieldResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type TxHostResolver< - R = Maybe, - Parent = ZeekFileData, + export type ValueResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = ZeekFileData, + export type DisplayValueResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type IsOrigResolver< - R = Maybe, - Parent = ZeekFileData, + export type OperatorResolver< + R = Maybe, + Parent = QueryMatchResult, TContext = SiemContext > = Resolver; - export type OverflowBytesResolver< - R = Maybe, - Parent = ZeekFileData, +} + +export namespace DateRangePickerResultResolvers { + export interface Resolvers { + start?: StartResolver, TypeParent, TContext>; + + end?: EndResolver, TypeParent, TContext>; + } + + export type StartResolver< + R = Maybe, + Parent = DateRangePickerResult, TContext = SiemContext > = Resolver; - export type Sha1Resolver< - R = Maybe, - Parent = ZeekFileData, + export type EndResolver< + R = Maybe, + Parent = DateRangePickerResult, TContext = SiemContext > = Resolver; - export type DurationResolver< - R = Maybe, - Parent = ZeekFileData, +} + +export namespace FavoriteTimelineResultResolvers { + export interface Resolvers { + fullName?: FullNameResolver, TypeParent, TContext>; + + userName?: UserNameResolver, TypeParent, TContext>; + + favoriteDate?: FavoriteDateResolver, TypeParent, TContext>; + } + + export type FullNameResolver< + R = Maybe, + Parent = FavoriteTimelineResult, TContext = SiemContext > = Resolver; - export type DepthResolver< - R = Maybe, - Parent = ZeekFileData, + export type UserNameResolver< + R = Maybe, + Parent = FavoriteTimelineResult, TContext = SiemContext > = Resolver; - export type AnalyzersResolver< - R = Maybe, - Parent = ZeekFileData, + export type FavoriteDateResolver< + R = Maybe, + Parent = FavoriteTimelineResult, TContext = SiemContext > = Resolver; - export type MimeTypeResolver< - R = Maybe, - Parent = ZeekFileData, +} + +export namespace FilterTimelineResultResolvers { + export interface Resolvers { + exists?: ExistsResolver, TypeParent, TContext>; + + meta?: MetaResolver, TypeParent, TContext>; + + match_all?: MatchAllResolver, TypeParent, TContext>; + + missing?: MissingResolver, TypeParent, TContext>; + + query?: QueryResolver, TypeParent, TContext>; + + range?: RangeResolver, TypeParent, TContext>; + + script?: ScriptResolver, TypeParent, TContext>; + } + + export type ExistsResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type RxHostResolver< - R = Maybe, - Parent = ZeekFileData, + export type MetaResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type TotalBytesResolver< - R = Maybe, - Parent = ZeekFileData, + export type MatchAllResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type FuidResolver< - R = Maybe, - Parent = ZeekFileData, + export type MissingResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type SeenBytesResolver< - R = Maybe, - Parent = ZeekFileData, + export type QueryResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type MissingBytesResolver< - R = Maybe, - Parent = ZeekFileData, + export type RangeResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; - export type Md5Resolver< - R = Maybe, - Parent = ZeekFileData, + export type ScriptResolver< + R = Maybe, + Parent = FilterTimelineResult, TContext = SiemContext > = Resolver; } -export namespace ZeekSslDataResolvers { - export interface Resolvers { - cipher?: CipherResolver, TypeParent, TContext>; +export namespace FilterMetaTimelineResultResolvers { + export interface Resolvers { + alias?: AliasResolver, TypeParent, TContext>; - established?: EstablishedResolver, TypeParent, TContext>; + controlledBy?: ControlledByResolver, TypeParent, TContext>; - resumed?: ResumedResolver, TypeParent, TContext>; + disabled?: DisabledResolver, TypeParent, TContext>; - version?: VersionResolver, TypeParent, TContext>; + field?: FieldResolver, TypeParent, TContext>; + + formattedValue?: FormattedValueResolver, TypeParent, TContext>; + + index?: IndexResolver, TypeParent, TContext>; + + key?: KeyResolver, TypeParent, TContext>; + + negate?: NegateResolver, TypeParent, TContext>; + + params?: ParamsResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + value?: ValueResolver, TypeParent, TContext>; } - export type CipherResolver< - R = Maybe, - Parent = ZeekSslData, + export type AliasResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type EstablishedResolver< - R = Maybe, - Parent = ZeekSslData, + export type ControlledByResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type ResumedResolver< - R = Maybe, - Parent = ZeekSslData, + export type DisabledResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type VersionResolver< - R = Maybe, - Parent = ZeekSslData, + export type FieldResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace HttpEcsFieldsResolvers { - export interface Resolvers { - version?: VersionResolver, TypeParent, TContext>; - - request?: RequestResolver, TypeParent, TContext>; - - response?: ResponseResolver, TypeParent, TContext>; - } - - export type VersionResolver< - R = Maybe, - Parent = HttpEcsFields, + export type FormattedValueResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type RequestResolver< - R = Maybe, - Parent = HttpEcsFields, + export type IndexResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type ResponseResolver< - R = Maybe, - Parent = HttpEcsFields, + export type KeyResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; -} - -export namespace HttpRequestDataResolvers { - export interface Resolvers { - method?: MethodResolver, TypeParent, TContext>; - - body?: BodyResolver, TypeParent, TContext>; - - referrer?: ReferrerResolver, TypeParent, TContext>; - - bytes?: BytesResolver, TypeParent, TContext>; - } - - export type MethodResolver< - R = Maybe, - Parent = HttpRequestData, + export type NegateResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type BodyResolver< - R = Maybe, - Parent = HttpRequestData, + export type ParamsResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type ReferrerResolver< - R = Maybe, - Parent = HttpRequestData, + export type TypeResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; - export type BytesResolver< - R = Maybe, - Parent = HttpRequestData, + export type ValueResolver< + R = Maybe, + Parent = FilterMetaTimelineResult, TContext = SiemContext > = Resolver; } -export namespace HttpBodyDataResolvers { - export interface Resolvers { - content?: ContentResolver, TypeParent, TContext>; - - bytes?: BytesResolver, TypeParent, TContext>; +export namespace SerializedFilterQueryResultResolvers { + export interface Resolvers { + filterQuery?: FilterQueryResolver, TypeParent, TContext>; } - export type ContentResolver< - R = Maybe, - Parent = HttpBodyData, - TContext = SiemContext - > = Resolver; - export type BytesResolver< - R = Maybe, - Parent = HttpBodyData, + export type FilterQueryResolver< + R = Maybe, + Parent = SerializedFilterQueryResult, TContext = SiemContext > = Resolver; } -export namespace HttpResponseDataResolvers { - export interface Resolvers { - status_code?: StatusCodeResolver, TypeParent, TContext>; - - body?: BodyResolver, TypeParent, TContext>; +export namespace SerializedKueryQueryResultResolvers { + export interface Resolvers { + kuery?: KueryResolver, TypeParent, TContext>; - bytes?: BytesResolver, TypeParent, TContext>; + serializedQuery?: SerializedQueryResolver, TypeParent, TContext>; } - export type StatusCodeResolver< - R = Maybe, - Parent = HttpResponseData, - TContext = SiemContext - > = Resolver; - export type BodyResolver< - R = Maybe, - Parent = HttpResponseData, + export type KueryResolver< + R = Maybe, + Parent = SerializedKueryQueryResult, TContext = SiemContext > = Resolver; - export type BytesResolver< - R = Maybe, - Parent = HttpResponseData, + export type SerializedQueryResolver< + R = Maybe, + Parent = SerializedKueryQueryResult, TContext = SiemContext > = Resolver; } -export namespace UrlEcsFieldsResolvers { - export interface Resolvers { - domain?: DomainResolver, TypeParent, TContext>; - - original?: OriginalResolver, TypeParent, TContext>; - - username?: UsernameResolver, TypeParent, TContext>; +export namespace KueryFilterQueryResultResolvers { + export interface Resolvers { + kind?: KindResolver, TypeParent, TContext>; - password?: PasswordResolver, TypeParent, TContext>; + expression?: ExpressionResolver, TypeParent, TContext>; } - export type DomainResolver< - R = Maybe, - Parent = UrlEcsFields, - TContext = SiemContext - > = Resolver; - export type OriginalResolver< - R = Maybe, - Parent = UrlEcsFields, - TContext = SiemContext - > = Resolver; - export type UsernameResolver< - R = Maybe, - Parent = UrlEcsFields, + export type KindResolver< + R = Maybe, + Parent = KueryFilterQueryResult, TContext = SiemContext > = Resolver; - export type PasswordResolver< - R = Maybe, - Parent = UrlEcsFields, + export type ExpressionResolver< + R = Maybe, + Parent = KueryFilterQueryResult, TContext = SiemContext > = Resolver; } -export namespace WinlogEcsFieldsResolvers { - export interface Resolvers { - event_id?: EventIdResolver, TypeParent, TContext>; +export namespace SortTimelineResultResolvers { + export interface Resolvers { + columnId?: ColumnIdResolver, TypeParent, TContext>; + + sortDirection?: SortDirectionResolver, TypeParent, TContext>; } - export type EventIdResolver< - R = Maybe, - Parent = WinlogEcsFields, + export type ColumnIdResolver< + R = Maybe, + Parent = SortTimelineResult, + TContext = SiemContext + > = Resolver; + export type SortDirectionResolver< + R = Maybe, + Parent = SortTimelineResult, TContext = SiemContext > = Resolver; } -export namespace ProcessEcsFieldsResolvers { - export interface Resolvers { - hash?: HashResolver, TypeParent, TContext>; - - pid?: PidResolver, TypeParent, TContext>; - - name?: NameResolver, TypeParent, TContext>; - - ppid?: PpidResolver, TypeParent, TContext>; +export namespace ResponseTimelinesResolvers { + export interface Resolvers { + timeline?: TimelineResolver<(Maybe)[], TypeParent, TContext>; - args?: ArgsResolver, TypeParent, TContext>; + totalCount?: TotalCountResolver, TypeParent, TContext>; - entity_id?: EntityIdResolver, TypeParent, TContext>; + defaultTimelineCount?: DefaultTimelineCountResolver, TypeParent, TContext>; - executable?: ExecutableResolver, TypeParent, TContext>; + templateTimelineCount?: TemplateTimelineCountResolver, TypeParent, TContext>; - title?: TitleResolver, TypeParent, TContext>; + elasticTemplateTimelineCount?: ElasticTemplateTimelineCountResolver< + Maybe, + TypeParent, + TContext + >; - thread?: ThreadResolver, TypeParent, TContext>; + customTemplateTimelineCount?: CustomTemplateTimelineCountResolver< + Maybe, + TypeParent, + TContext + >; - working_directory?: WorkingDirectoryResolver, TypeParent, TContext>; + favoriteCount?: FavoriteCountResolver, TypeParent, TContext>; } - export type HashResolver< - R = Maybe, - Parent = ProcessEcsFields, - TContext = SiemContext - > = Resolver; - export type PidResolver< - R = Maybe, - Parent = ProcessEcsFields, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = ProcessEcsFields, - TContext = SiemContext - > = Resolver; - export type PpidResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type TimelineResolver< + R = (Maybe)[], + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type ArgsResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type TotalCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type EntityIdResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type DefaultTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type ExecutableResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type TemplateTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type TitleResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type ElasticTemplateTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type ThreadResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type CustomTemplateTimelineCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; - export type WorkingDirectoryResolver< - R = Maybe, - Parent = ProcessEcsFields, + export type FavoriteCountResolver< + R = Maybe, + Parent = ResponseTimelines, TContext = SiemContext > = Resolver; } -export namespace ProcessHashDataResolvers { - export interface Resolvers { - md5?: Md5Resolver, TypeParent, TContext>; +export namespace MutationResolvers { + export interface Resolvers { + /** Persists a note */ + persistNote?: PersistNoteResolver; - sha1?: Sha1Resolver, TypeParent, TContext>; + deleteNote?: DeleteNoteResolver, TypeParent, TContext>; - sha256?: Sha256Resolver, TypeParent, TContext>; + deleteNoteByTimelineId?: DeleteNoteByTimelineIdResolver, TypeParent, TContext>; + /** Persists a pinned event in a timeline */ + persistPinnedEventOnTimeline?: PersistPinnedEventOnTimelineResolver< + Maybe, + TypeParent, + TContext + >; + /** Remove a pinned events in a timeline */ + deletePinnedEventOnTimeline?: DeletePinnedEventOnTimelineResolver< + boolean, + TypeParent, + TContext + >; + /** Remove all pinned events in a timeline */ + deleteAllPinnedEventsOnTimeline?: DeleteAllPinnedEventsOnTimelineResolver< + boolean, + TypeParent, + TContext + >; + /** Persists a timeline */ + persistTimeline?: PersistTimelineResolver; + + persistFavorite?: PersistFavoriteResolver; + + deleteTimeline?: DeleteTimelineResolver; } - export type Md5Resolver< - R = Maybe, - Parent = ProcessHashData, - TContext = SiemContext - > = Resolver; - export type Sha1Resolver< - R = Maybe, - Parent = ProcessHashData, - TContext = SiemContext - > = Resolver; - export type Sha256Resolver< - R = Maybe, - Parent = ProcessHashData, - TContext = SiemContext - > = Resolver; -} + export type PersistNoteResolver = Resolver< + R, + Parent, + TContext, + PersistNoteArgs + >; + export interface PersistNoteArgs { + noteId?: Maybe; -export namespace ThreadResolvers { - export interface Resolvers { - id?: IdResolver, TypeParent, TContext>; + version?: Maybe; - start?: StartResolver, TypeParent, TContext>; + note: NoteInput; } - export type IdResolver< - R = Maybe, - Parent = Thread, - TContext = SiemContext - > = Resolver; - export type StartResolver< - R = Maybe, - Parent = Thread, + export type DeleteNoteResolver< + R = Maybe, + Parent = {}, TContext = SiemContext - > = Resolver; -} + > = Resolver; + export interface DeleteNoteArgs { + id: string[]; + } -export namespace FileFieldsResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; + export type DeleteNoteByTimelineIdResolver< + R = Maybe, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface DeleteNoteByTimelineIdArgs { + timelineId: string; - path?: PathResolver, TypeParent, TContext>; + version?: Maybe; + } - target_path?: TargetPathResolver, TypeParent, TContext>; + export type PersistPinnedEventOnTimelineResolver< + R = Maybe, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface PersistPinnedEventOnTimelineArgs { + pinnedEventId?: Maybe; - extension?: ExtensionResolver, TypeParent, TContext>; + eventId: string; - type?: TypeResolver, TypeParent, TContext>; + timelineId?: Maybe; + } - device?: DeviceResolver, TypeParent, TContext>; + export type DeletePinnedEventOnTimelineResolver< + R = boolean, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface DeletePinnedEventOnTimelineArgs { + id: string[]; + } - inode?: InodeResolver, TypeParent, TContext>; + export type DeleteAllPinnedEventsOnTimelineResolver< + R = boolean, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface DeleteAllPinnedEventsOnTimelineArgs { + timelineId: string; + } - uid?: UidResolver, TypeParent, TContext>; + export type PersistTimelineResolver< + R = ResponseTimeline, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface PersistTimelineArgs { + id?: Maybe; - owner?: OwnerResolver, TypeParent, TContext>; + version?: Maybe; - gid?: GidResolver, TypeParent, TContext>; + timeline: TimelineInput; + } - group?: GroupResolver, TypeParent, TContext>; + export type PersistFavoriteResolver< + R = ResponseFavoriteTimeline, + Parent = {}, + TContext = SiemContext + > = Resolver; + export interface PersistFavoriteArgs { + timelineId?: Maybe; + } - mode?: ModeResolver, TypeParent, TContext>; + export type DeleteTimelineResolver = Resolver< + R, + Parent, + TContext, + DeleteTimelineArgs + >; + export interface DeleteTimelineArgs { + id: string[]; + } +} - size?: SizeResolver, TypeParent, TContext>; +export namespace ResponseNoteResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; - mtime?: MtimeResolver, TypeParent, TContext>; + message?: MessageResolver, TypeParent, TContext>; - ctime?: CtimeResolver, TypeParent, TContext>; + note?: NoteResolver; } - export type NameResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type PathResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type TargetPathResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type ExtensionResolver< - R = Maybe, - Parent = FileFields, - TContext = SiemContext - > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = FileFields, + export type CodeResolver< + R = Maybe, + Parent = ResponseNote, TContext = SiemContext > = Resolver; - export type DeviceResolver< - R = Maybe, - Parent = FileFields, + export type MessageResolver< + R = Maybe, + Parent = ResponseNote, TContext = SiemContext > = Resolver; - export type InodeResolver< - R = Maybe, - Parent = FileFields, + export type NoteResolver< + R = NoteResult, + Parent = ResponseNote, TContext = SiemContext > = Resolver; - export type UidResolver< - R = Maybe, - Parent = FileFields, +} + +export namespace ResponseTimelineResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; + + message?: MessageResolver, TypeParent, TContext>; + + timeline?: TimelineResolver; + } + + export type CodeResolver< + R = Maybe, + Parent = ResponseTimeline, TContext = SiemContext > = Resolver; - export type OwnerResolver< - R = Maybe, - Parent = FileFields, + export type MessageResolver< + R = Maybe, + Parent = ResponseTimeline, TContext = SiemContext > = Resolver; - export type GidResolver< - R = Maybe, - Parent = FileFields, + export type TimelineResolver< + R = TimelineResult, + Parent = ResponseTimeline, TContext = SiemContext > = Resolver; - export type GroupResolver< - R = Maybe, - Parent = FileFields, +} + +export namespace ResponseFavoriteTimelineResolvers { + export interface Resolvers { + code?: CodeResolver, TypeParent, TContext>; + + message?: MessageResolver, TypeParent, TContext>; + + savedObjectId?: SavedObjectIdResolver; + + version?: VersionResolver; + + favorite?: FavoriteResolver, TypeParent, TContext>; + } + + export type CodeResolver< + R = Maybe, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type ModeResolver< - R = Maybe, - Parent = FileFields, + export type MessageResolver< + R = Maybe, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type SizeResolver< - R = Maybe, - Parent = FileFields, + export type SavedObjectIdResolver< + R = string, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type MtimeResolver< - R = Maybe, - Parent = FileFields, + export type VersionResolver< + R = string, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; - export type CtimeResolver< - R = Maybe, - Parent = FileFields, + export type FavoriteResolver< + R = Maybe, + Parent = ResponseFavoriteTimeline, TContext = SiemContext > = Resolver; } -export namespace SystemEcsFieldResolvers { - export interface Resolvers { - audit?: AuditResolver, TypeParent, TContext>; +export namespace EventEcsFieldsResolvers { + export interface Resolvers { + action?: ActionResolver, TypeParent, TContext>; - auth?: AuthResolver, TypeParent, TContext>; - } + category?: CategoryResolver, TypeParent, TContext>; - export type AuditResolver< - R = Maybe, - Parent = SystemEcsField, - TContext = SiemContext - > = Resolver; - export type AuthResolver< - R = Maybe, - Parent = SystemEcsField, - TContext = SiemContext - > = Resolver; -} + code?: CodeResolver, TypeParent, TContext>; + + created?: CreatedResolver, TypeParent, TContext>; + + dataset?: DatasetResolver, TypeParent, TContext>; + + duration?: DurationResolver, TypeParent, TContext>; + + end?: EndResolver, TypeParent, TContext>; + + hash?: HashResolver, TypeParent, TContext>; -export namespace AuditEcsFieldsResolvers { - export interface Resolvers { - package?: PackageResolver, TypeParent, TContext>; - } + id?: IdResolver, TypeParent, TContext>; - export type PackageResolver< - R = Maybe, - Parent = AuditEcsFields, - TContext = SiemContext - > = Resolver; -} + kind?: KindResolver, TypeParent, TContext>; -export namespace PackageEcsFieldsResolvers { - export interface Resolvers { - arch?: ArchResolver, TypeParent, TContext>; + module?: ModuleResolver, TypeParent, TContext>; - entity_id?: EntityIdResolver, TypeParent, TContext>; + original?: OriginalResolver, TypeParent, TContext>; - name?: NameResolver, TypeParent, TContext>; + outcome?: OutcomeResolver, TypeParent, TContext>; - size?: SizeResolver, TypeParent, TContext>; + risk_score?: RiskScoreResolver, TypeParent, TContext>; - summary?: SummaryResolver, TypeParent, TContext>; + risk_score_norm?: RiskScoreNormResolver, TypeParent, TContext>; - version?: VersionResolver, TypeParent, TContext>; + severity?: SeverityResolver, TypeParent, TContext>; + + start?: StartResolver, TypeParent, TContext>; + + timezone?: TimezoneResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; } - export type ArchResolver< + export type ActionResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type EntityIdResolver< + export type CategoryResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type NameResolver< + export type CodeResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type SizeResolver< + export type CreatedResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type DatasetResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type DurationResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type SummaryResolver< + export type EndResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type VersionResolver< + export type HashResolver< R = Maybe, - Parent = PackageEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace AuthEcsFieldsResolvers { - export interface Resolvers { - ssh?: SshResolver, TypeParent, TContext>; - } - - export type SshResolver< - R = Maybe, - Parent = AuthEcsFields, + export type IdResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace SshEcsFieldsResolvers { - export interface Resolvers { - method?: MethodResolver, TypeParent, TContext>; - - signature?: SignatureResolver, TypeParent, TContext>; - } - - export type MethodResolver< + export type KindResolver< R = Maybe, - Parent = SshEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type SignatureResolver< + export type ModuleResolver< R = Maybe, - Parent = SshEcsFields, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace PageInfoResolvers { - export interface Resolvers { - endCursor?: EndCursorResolver, TypeParent, TContext>; - - hasNextPage?: HasNextPageResolver, TypeParent, TContext>; - } - - export type EndCursorResolver< - R = Maybe, - Parent = PageInfo, + export type OriginalResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type HasNextPageResolver< - R = Maybe, - Parent = PageInfo, + export type OutcomeResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace TimelineDetailsDataResolvers { - export interface Resolvers { - data?: DataResolver, TypeParent, TContext>; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type DataResolver< - R = Maybe, - Parent = TimelineDetailsData, + export type RiskScoreResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = TimelineDetailsData, + export type RiskScoreNormResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace DetailItemResolvers { - export interface Resolvers { - field?: FieldResolver; - - values?: ValuesResolver, TypeParent, TContext>; - - originalValue?: OriginalValueResolver, TypeParent, TContext>; - } - - export type FieldResolver = Resolver< - R, - Parent, - TContext - >; - export type ValuesResolver< + export type SeverityResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type StartResolver< + R = Maybe, + Parent = EventEcsFields, + TContext = SiemContext + > = Resolver; + export type TimezoneResolver< R = Maybe, - Parent = DetailItem, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; - export type OriginalValueResolver< - R = Maybe, - Parent = DetailItem, + export type TypeResolver< + R = Maybe, + Parent = EventEcsFields, TContext = SiemContext > = Resolver; } -export namespace LastEventTimeDataResolvers { - export interface Resolvers { - lastSeen?: LastSeenResolver, TypeParent, TContext>; +export namespace LocationResolvers { + export interface Resolvers { + lon?: LonResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + lat?: LatResolver, TypeParent, TContext>; } - export type LastSeenResolver< - R = Maybe, - Parent = LastEventTimeData, + export type LonResolver< + R = Maybe, + Parent = Location, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = LastEventTimeData, + export type LatResolver< + R = Maybe, + Parent = Location, TContext = SiemContext > = Resolver; } -export namespace HostsDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; +export namespace GeoEcsFieldsResolvers { + export interface Resolvers { + city_name?: CityNameResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + continent_name?: ContinentNameResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + country_iso_code?: CountryIsoCodeResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + country_name?: CountryNameResolver, TypeParent, TContext>; + + location?: LocationResolver, TypeParent, TContext>; + + region_iso_code?: RegionIsoCodeResolver, TypeParent, TContext>; + + region_name?: RegionNameResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = HostsEdges[], - Parent = HostsData, + export type CityNameResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; - export type TotalCountResolver = Resolver< - R, - Parent, - TContext - >; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = HostsData, + export type ContinentNameResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = HostsData, + export type CountryIsoCodeResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace HostsEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver = Resolver< - R, - Parent, - TContext - >; - export type CursorResolver< - R = CursorType, - Parent = HostsEdges, + export type CountryNameResolver< + R = Maybe, + Parent = GeoEcsFields, TContext = SiemContext > = Resolver; -} - -export namespace HostItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - cloud?: CloudResolver, TypeParent, TContext>; - - endpoint?: EndpointResolver, TypeParent, TContext>; + export type LocationResolver< + R = Maybe, + Parent = GeoEcsFields, + TContext = SiemContext + > = Resolver; + export type RegionIsoCodeResolver< + R = Maybe, + Parent = GeoEcsFields, + TContext = SiemContext + > = Resolver; + export type RegionNameResolver< + R = Maybe, + Parent = GeoEcsFields, + TContext = SiemContext + > = Resolver; +} - host?: HostResolver, TypeParent, TContext>; +export namespace PrimarySecondaryResolvers { + export interface Resolvers { + primary?: PrimaryResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + secondary?: SecondaryResolver, TypeParent, TContext>; - lastSeen?: LastSeenResolver, TypeParent, TContext>; + type?: TypeResolver, TypeParent, TContext>; } - export type _IdResolver, Parent = HostItem, TContext = SiemContext> = Resolver< - R, - Parent, - TContext - >; - export type CloudResolver< - R = Maybe, - Parent = HostItem, - TContext = SiemContext - > = Resolver; - export type EndpointResolver< - R = Maybe, - Parent = HostItem, - TContext = SiemContext - > = Resolver; - export type HostResolver< - R = Maybe, - Parent = HostItem, + export type PrimaryResolver< + R = Maybe, + Parent = PrimarySecondary, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = HostItem, + export type SecondaryResolver< + R = Maybe, + Parent = PrimarySecondary, TContext = SiemContext > = Resolver; - export type LastSeenResolver< - R = Maybe, - Parent = HostItem, + export type TypeResolver< + R = Maybe, + Parent = PrimarySecondary, TContext = SiemContext > = Resolver; } -export namespace CloudFieldsResolvers { - export interface Resolvers { - instance?: InstanceResolver, TypeParent, TContext>; +export namespace SummaryResolvers { + export interface Resolvers { + actor?: ActorResolver, TypeParent, TContext>; - machine?: MachineResolver, TypeParent, TContext>; + object?: ObjectResolver, TypeParent, TContext>; - provider?: ProviderResolver)[]>, TypeParent, TContext>; + how?: HowResolver, TypeParent, TContext>; - region?: RegionResolver)[]>, TypeParent, TContext>; + message_type?: MessageTypeResolver, TypeParent, TContext>; + + sequence?: SequenceResolver, TypeParent, TContext>; } - export type InstanceResolver< - R = Maybe, - Parent = CloudFields, + export type ActorResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; - export type MachineResolver< - R = Maybe, - Parent = CloudFields, + export type ObjectResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; - export type ProviderResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudFields, + export type HowResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; - export type RegionResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudFields, + export type MessageTypeResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; -} - -export namespace CloudInstanceResolvers { - export interface Resolvers { - id?: IdResolver)[]>, TypeParent, TContext>; - } - - export type IdResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudInstance, + export type SequenceResolver< + R = Maybe, + Parent = Summary, TContext = SiemContext > = Resolver; } -export namespace CloudMachineResolvers { - export interface Resolvers { - type?: TypeResolver)[]>, TypeParent, TContext>; +export namespace AgentEcsFieldResolvers { + export interface Resolvers { + type?: TypeResolver, TypeParent, TContext>; } export type TypeResolver< - R = Maybe<(Maybe)[]>, - Parent = CloudMachine, - TContext = SiemContext - > = Resolver; -} - -export namespace EndpointFieldsResolvers { - export interface Resolvers { - endpointPolicy?: EndpointPolicyResolver, TypeParent, TContext>; - - sensorVersion?: SensorVersionResolver, TypeParent, TContext>; - - policyStatus?: PolicyStatusResolver< - Maybe, - TypeParent, - TContext - >; - } - - export type EndpointPolicyResolver< - R = Maybe, - Parent = EndpointFields, - TContext = SiemContext - > = Resolver; - export type SensorVersionResolver< - R = Maybe, - Parent = EndpointFields, - TContext = SiemContext - > = Resolver; - export type PolicyStatusResolver< - R = Maybe, - Parent = EndpointFields, + R = Maybe, + Parent = AgentEcsField, TContext = SiemContext > = Resolver; } -export namespace FirstLastSeenHostResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; +export namespace AuditdDataResolvers { + export interface Resolvers { + acct?: AcctResolver, TypeParent, TContext>; - firstSeen?: FirstSeenResolver, TypeParent, TContext>; + terminal?: TerminalResolver, TypeParent, TContext>; - lastSeen?: LastSeenResolver, TypeParent, TContext>; + op?: OpResolver, TypeParent, TContext>; } - export type InspectResolver< - R = Maybe, - Parent = FirstLastSeenHost, + export type AcctResolver< + R = Maybe, + Parent = AuditdData, TContext = SiemContext > = Resolver; - export type FirstSeenResolver< - R = Maybe, - Parent = FirstLastSeenHost, + export type TerminalResolver< + R = Maybe, + Parent = AuditdData, TContext = SiemContext > = Resolver; - export type LastSeenResolver< - R = Maybe, - Parent = FirstLastSeenHost, + export type OpResolver< + R = Maybe, + Parent = AuditdData, TContext = SiemContext > = Resolver; } -export namespace KpiNetworkDataResolvers { - export interface Resolvers { - networkEvents?: NetworkEventsResolver, TypeParent, TContext>; - - uniqueFlowId?: UniqueFlowIdResolver, TypeParent, TContext>; - - uniqueSourcePrivateIps?: UniqueSourcePrivateIpsResolver, TypeParent, TContext>; - - uniqueSourcePrivateIpsHistogram?: UniqueSourcePrivateIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; - - uniqueDestinationPrivateIps?: UniqueDestinationPrivateIpsResolver< - Maybe, - TypeParent, - TContext - >; +export namespace AuditdEcsFieldsResolvers { + export interface Resolvers { + result?: ResultResolver, TypeParent, TContext>; - uniqueDestinationPrivateIpsHistogram?: UniqueDestinationPrivateIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + session?: SessionResolver, TypeParent, TContext>; - dnsQueries?: DnsQueriesResolver, TypeParent, TContext>; + data?: DataResolver, TypeParent, TContext>; - tlsHandshakes?: TlsHandshakesResolver, TypeParent, TContext>; + summary?: SummaryResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + sequence?: SequenceResolver, TypeParent, TContext>; } - export type NetworkEventsResolver< - R = Maybe, - Parent = KpiNetworkData, - TContext = SiemContext - > = Resolver; - export type UniqueFlowIdResolver< - R = Maybe, - Parent = KpiNetworkData, - TContext = SiemContext - > = Resolver; - export type UniqueSourcePrivateIpsResolver< - R = Maybe, - Parent = KpiNetworkData, + export type ResultResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourcePrivateIpsHistogramResolver< - R = Maybe, - Parent = KpiNetworkData, + export type SessionResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationPrivateIpsResolver< - R = Maybe, - Parent = KpiNetworkData, + export type DataResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationPrivateIpsHistogramResolver< - R = Maybe, - Parent = KpiNetworkData, + export type SummaryResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type DnsQueriesResolver< - R = Maybe, - Parent = KpiNetworkData, + export type SequenceResolver< + R = Maybe, + Parent = AuditdEcsFields, TContext = SiemContext > = Resolver; - export type TlsHandshakesResolver< - R = Maybe, - Parent = KpiNetworkData, +} + +export namespace ThreadResolvers { + export interface Resolvers { + id?: IdResolver, TypeParent, TContext>; + + start?: StartResolver, TypeParent, TContext>; + } + + export type IdResolver< + R = Maybe, + Parent = Thread, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = KpiNetworkData, + export type StartResolver< + R = Maybe, + Parent = Thread, TContext = SiemContext > = Resolver; } -export namespace KpiNetworkHistogramDataResolvers { - export interface Resolvers { - x?: XResolver, TypeParent, TContext>; +export namespace ProcessHashDataResolvers { + export interface Resolvers { + md5?: Md5Resolver, TypeParent, TContext>; + + sha1?: Sha1Resolver, TypeParent, TContext>; - y?: YResolver, TypeParent, TContext>; + sha256?: Sha256Resolver, TypeParent, TContext>; } - export type XResolver< - R = Maybe, - Parent = KpiNetworkHistogramData, + export type Md5Resolver< + R = Maybe, + Parent = ProcessHashData, TContext = SiemContext > = Resolver; - export type YResolver< - R = Maybe, - Parent = KpiNetworkHistogramData, + export type Sha1Resolver< + R = Maybe, + Parent = ProcessHashData, + TContext = SiemContext + > = Resolver; + export type Sha256Resolver< + R = Maybe, + Parent = ProcessHashData, TContext = SiemContext > = Resolver; } -export namespace KpiHostsDataResolvers { - export interface Resolvers { - hosts?: HostsResolver, TypeParent, TContext>; - - hostsHistogram?: HostsHistogramResolver, TypeParent, TContext>; +export namespace ProcessEcsFieldsResolvers { + export interface Resolvers { + hash?: HashResolver, TypeParent, TContext>; - authSuccess?: AuthSuccessResolver, TypeParent, TContext>; + pid?: PidResolver, TypeParent, TContext>; - authSuccessHistogram?: AuthSuccessHistogramResolver< - Maybe, - TypeParent, - TContext - >; + name?: NameResolver, TypeParent, TContext>; - authFailure?: AuthFailureResolver, TypeParent, TContext>; + ppid?: PpidResolver, TypeParent, TContext>; - authFailureHistogram?: AuthFailureHistogramResolver< - Maybe, - TypeParent, - TContext - >; + args?: ArgsResolver, TypeParent, TContext>; - uniqueSourceIps?: UniqueSourceIpsResolver, TypeParent, TContext>; + entity_id?: EntityIdResolver, TypeParent, TContext>; - uniqueSourceIpsHistogram?: UniqueSourceIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + executable?: ExecutableResolver, TypeParent, TContext>; - uniqueDestinationIps?: UniqueDestinationIpsResolver, TypeParent, TContext>; + title?: TitleResolver, TypeParent, TContext>; - uniqueDestinationIpsHistogram?: UniqueDestinationIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + thread?: ThreadResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + working_directory?: WorkingDirectoryResolver, TypeParent, TContext>; } - export type HostsResolver< - R = Maybe, - Parent = KpiHostsData, - TContext = SiemContext - > = Resolver; - export type HostsHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type HashResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthSuccessResolver< - R = Maybe, - Parent = KpiHostsData, + export type PidResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthSuccessHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type NameResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthFailureResolver< - R = Maybe, - Parent = KpiHostsData, + export type PpidResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type AuthFailureHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type ArgsResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsResolver< - R = Maybe, - Parent = KpiHostsData, + export type EntityIdResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type ExecutableResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsResolver< - R = Maybe, - Parent = KpiHostsData, + export type TitleResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsHistogramResolver< - R = Maybe, - Parent = KpiHostsData, + export type ThreadResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = KpiHostsData, + export type WorkingDirectoryResolver< + R = Maybe, + Parent = ProcessEcsFields, TContext = SiemContext > = Resolver; } -export namespace KpiHostHistogramDataResolvers { - export interface Resolvers { - x?: XResolver, TypeParent, TContext>; +export namespace SourceEcsFieldsResolvers { + export interface Resolvers { + bytes?: BytesResolver, TypeParent, TContext>; + + ip?: IpResolver, TypeParent, TContext>; + + port?: PortResolver, TypeParent, TContext>; + + domain?: DomainResolver, TypeParent, TContext>; + + geo?: GeoResolver, TypeParent, TContext>; - y?: YResolver, TypeParent, TContext>; + packets?: PacketsResolver, TypeParent, TContext>; } - export type XResolver< - R = Maybe, - Parent = KpiHostHistogramData, + export type BytesResolver< + R = Maybe, + Parent = SourceEcsFields, TContext = SiemContext > = Resolver; - export type YResolver< - R = Maybe, - Parent = KpiHostHistogramData, + export type IpResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type PortResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type DomainResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type GeoResolver< + R = Maybe, + Parent = SourceEcsFields, + TContext = SiemContext + > = Resolver; + export type PacketsResolver< + R = Maybe, + Parent = SourceEcsFields, TContext = SiemContext > = Resolver; } -export namespace KpiHostDetailsDataResolvers { - export interface Resolvers { - authSuccess?: AuthSuccessResolver, TypeParent, TContext>; - - authSuccessHistogram?: AuthSuccessHistogramResolver< - Maybe, - TypeParent, - TContext - >; - - authFailure?: AuthFailureResolver, TypeParent, TContext>; - - authFailureHistogram?: AuthFailureHistogramResolver< - Maybe, - TypeParent, - TContext - >; +export namespace DestinationEcsFieldsResolvers { + export interface Resolvers { + bytes?: BytesResolver, TypeParent, TContext>; - uniqueSourceIps?: UniqueSourceIpsResolver, TypeParent, TContext>; + ip?: IpResolver, TypeParent, TContext>; - uniqueSourceIpsHistogram?: UniqueSourceIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + port?: PortResolver, TypeParent, TContext>; - uniqueDestinationIps?: UniqueDestinationIpsResolver, TypeParent, TContext>; + domain?: DomainResolver, TypeParent, TContext>; - uniqueDestinationIpsHistogram?: UniqueDestinationIpsHistogramResolver< - Maybe, - TypeParent, - TContext - >; + geo?: GeoResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + packets?: PacketsResolver, TypeParent, TContext>; } - export type AuthSuccessResolver< - R = Maybe, - Parent = KpiHostDetailsData, - TContext = SiemContext - > = Resolver; - export type AuthSuccessHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, - TContext = SiemContext - > = Resolver; - export type AuthFailureResolver< - R = Maybe, - Parent = KpiHostDetailsData, - TContext = SiemContext - > = Resolver; - export type AuthFailureHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type BytesResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type IpResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueSourceIpsHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type PortResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type DomainResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type UniqueDestinationIpsHistogramResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type GeoResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = KpiHostDetailsData, + export type PacketsResolver< + R = Maybe, + Parent = DestinationEcsFields, TContext = SiemContext > = Resolver; } -export namespace MatrixHistogramOverTimeDataResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; - - matrixHistogramData?: MatrixHistogramDataResolver< - MatrixOverTimeHistogramData[], - TypeParent, - TContext - >; +export namespace DnsQuestionDataResolvers { + export interface Resolvers { + name?: NameResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + type?: TypeResolver, TypeParent, TContext>; } - export type InspectResolver< - R = Maybe, - Parent = MatrixHistogramOverTimeData, - TContext = SiemContext - > = Resolver; - export type MatrixHistogramDataResolver< - R = MatrixOverTimeHistogramData[], - Parent = MatrixHistogramOverTimeData, + export type NameResolver< + R = Maybe, + Parent = DnsQuestionData, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = MatrixHistogramOverTimeData, + export type TypeResolver< + R = Maybe, + Parent = DnsQuestionData, TContext = SiemContext > = Resolver; } -export namespace MatrixOverTimeHistogramDataResolvers { - export interface Resolvers { - x?: XResolver, TypeParent, TContext>; +export namespace DnsEcsFieldsResolvers { + export interface Resolvers { + question?: QuestionResolver, TypeParent, TContext>; - y?: YResolver, TypeParent, TContext>; + resolved_ip?: ResolvedIpResolver, TypeParent, TContext>; - g?: GResolver, TypeParent, TContext>; + response_code?: ResponseCodeResolver, TypeParent, TContext>; } - export type XResolver< - R = Maybe, - Parent = MatrixOverTimeHistogramData, + export type QuestionResolver< + R = Maybe, + Parent = DnsEcsFields, TContext = SiemContext > = Resolver; - export type YResolver< - R = Maybe, - Parent = MatrixOverTimeHistogramData, + export type ResolvedIpResolver< + R = Maybe, + Parent = DnsEcsFields, TContext = SiemContext > = Resolver; - export type GResolver< - R = Maybe, - Parent = MatrixOverTimeHistogramData, + export type ResponseCodeResolver< + R = Maybe, + Parent = DnsEcsFields, TContext = SiemContext > = Resolver; } -export namespace NetworkTopCountriesDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; +export namespace EndgameEcsFieldsResolvers { + export interface Resolvers { + exit_code?: ExitCodeResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + file_name?: FileNameResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + file_path?: FilePathResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + logon_type?: LogonTypeResolver, TypeParent, TContext>; + + parent_process_name?: ParentProcessNameResolver, TypeParent, TContext>; + + pid?: PidResolver, TypeParent, TContext>; + + process_name?: ProcessNameResolver, TypeParent, TContext>; + + subject_domain_name?: SubjectDomainNameResolver, TypeParent, TContext>; + + subject_logon_id?: SubjectLogonIdResolver, TypeParent, TContext>; + + subject_user_name?: SubjectUserNameResolver, TypeParent, TContext>; + + target_domain_name?: TargetDomainNameResolver, TypeParent, TContext>; + + target_logon_id?: TargetLogonIdResolver, TypeParent, TContext>; + + target_user_name?: TargetUserNameResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = NetworkTopCountriesEdges[], - Parent = NetworkTopCountriesData, + export type ExitCodeResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type FileNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type FilePathResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type LogonTypeResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type ParentProcessNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type PidResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type ProcessNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type SubjectDomainNameResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type SubjectLogonIdResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkTopCountriesData, + export type SubjectUserNameResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkTopCountriesData, + export type TargetDomainNameResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkTopCountriesData, + export type TargetLogonIdResolver< + R = Maybe, + Parent = EndgameEcsFields, + TContext = SiemContext + > = Resolver; + export type TargetUserNameResolver< + R = Maybe, + Parent = EndgameEcsFields, TContext = SiemContext > = Resolver; } -export namespace NetworkTopCountriesEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; +export namespace SuricataAlertDataResolvers { + export interface Resolvers { + signature?: SignatureResolver, TypeParent, TContext>; - cursor?: CursorResolver; + signature_id?: SignatureIdResolver, TypeParent, TContext>; } - export type NodeResolver< - R = NetworkTopCountriesItem, - Parent = NetworkTopCountriesEdges, + export type SignatureResolver< + R = Maybe, + Parent = SuricataAlertData, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkTopCountriesEdges, + export type SignatureIdResolver< + R = Maybe, + Parent = SuricataAlertData, TContext = SiemContext > = Resolver; } -export namespace NetworkTopCountriesItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - source?: SourceResolver, TypeParent, TContext>; +export namespace SuricataEveDataResolvers { + export interface Resolvers { + alert?: AlertResolver, TypeParent, TContext>; - destination?: DestinationResolver, TypeParent, TContext>; + flow_id?: FlowIdResolver, TypeParent, TContext>; - network?: NetworkResolver, TypeParent, TContext>; + proto?: ProtoResolver, TypeParent, TContext>; } - export type _IdResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, + export type AlertResolver< + R = Maybe, + Parent = SuricataEveData, TContext = SiemContext > = Resolver; - export type DestinationResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, + export type FlowIdResolver< + R = Maybe, + Parent = SuricataEveData, TContext = SiemContext > = Resolver; - export type NetworkResolver< - R = Maybe, - Parent = NetworkTopCountriesItem, + export type ProtoResolver< + R = Maybe, + Parent = SuricataEveData, TContext = SiemContext > = Resolver; } -export namespace TopCountriesItemSourceResolvers { - export interface Resolvers { - country?: CountryResolver, TypeParent, TContext>; - - destination_ips?: DestinationIpsResolver, TypeParent, TContext>; - - flows?: FlowsResolver, TypeParent, TContext>; +export namespace SuricataEcsFieldsResolvers { + export interface Resolvers { + eve?: EveResolver, TypeParent, TContext>; + } - location?: LocationResolver, TypeParent, TContext>; + export type EveResolver< + R = Maybe, + Parent = SuricataEcsFields, + TContext = SiemContext + > = Resolver; +} - source_ips?: SourceIpsResolver, TypeParent, TContext>; +export namespace TlsJa3DataResolvers { + export interface Resolvers { + hash?: HashResolver, TypeParent, TContext>; } - export type CountryResolver< - R = Maybe, - Parent = TopCountriesItemSource, + export type HashResolver< + R = Maybe, + Parent = TlsJa3Data, TContext = SiemContext > = Resolver; - export type DestinationIpsResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace FingerprintDataResolvers { + export interface Resolvers { + sha1?: Sha1Resolver, TypeParent, TContext>; + } + + export type Sha1Resolver< + R = Maybe, + Parent = FingerprintData, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace TlsClientCertificateDataResolvers { + export interface Resolvers { + fingerprint?: FingerprintResolver, TypeParent, TContext>; + } + + export type FingerprintResolver< + R = Maybe, + Parent = TlsClientCertificateData, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace TlsServerCertificateDataResolvers { + export interface Resolvers { + fingerprint?: FingerprintResolver, TypeParent, TContext>; + } + + export type FingerprintResolver< + R = Maybe, + Parent = TlsServerCertificateData, TContext = SiemContext > = Resolver; - export type SourceIpsResolver< - R = Maybe, - Parent = TopCountriesItemSource, +} + +export namespace TlsFingerprintsDataResolvers { + export interface Resolvers { + ja3?: Ja3Resolver, TypeParent, TContext>; + } + + export type Ja3Resolver< + R = Maybe, + Parent = TlsFingerprintsData, TContext = SiemContext > = Resolver; } -export namespace GeoItemResolvers { - export interface Resolvers { - geo?: GeoResolver, TypeParent, TContext>; +export namespace TlsEcsFieldsResolvers { + export interface Resolvers { + client_certificate?: ClientCertificateResolver< + Maybe, + TypeParent, + TContext + >; + + fingerprints?: FingerprintsResolver, TypeParent, TContext>; - flowTarget?: FlowTargetResolver, TypeParent, TContext>; + server_certificate?: ServerCertificateResolver< + Maybe, + TypeParent, + TContext + >; } - export type GeoResolver< - R = Maybe, - Parent = GeoItem, + export type ClientCertificateResolver< + R = Maybe, + Parent = TlsEcsFields, + TContext = SiemContext + > = Resolver; + export type FingerprintsResolver< + R = Maybe, + Parent = TlsEcsFields, TContext = SiemContext > = Resolver; - export type FlowTargetResolver< - R = Maybe, - Parent = GeoItem, + export type ServerCertificateResolver< + R = Maybe, + Parent = TlsEcsFields, TContext = SiemContext > = Resolver; } -export namespace TopCountriesItemDestinationResolvers { - export interface Resolvers { - country?: CountryResolver, TypeParent, TContext>; +export namespace ZeekConnectionDataResolvers { + export interface Resolvers { + local_resp?: LocalRespResolver, TypeParent, TContext>; - destination_ips?: DestinationIpsResolver, TypeParent, TContext>; + local_orig?: LocalOrigResolver, TypeParent, TContext>; - flows?: FlowsResolver, TypeParent, TContext>; + missed_bytes?: MissedBytesResolver, TypeParent, TContext>; - location?: LocationResolver, TypeParent, TContext>; + state?: StateResolver, TypeParent, TContext>; - source_ips?: SourceIpsResolver, TypeParent, TContext>; + history?: HistoryResolver, TypeParent, TContext>; } - export type CountryResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type LocalRespResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type DestinationIpsResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type LocalOrigResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type MissedBytesResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type StateResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; - export type SourceIpsResolver< - R = Maybe, - Parent = TopCountriesItemDestination, + export type HistoryResolver< + R = Maybe, + Parent = ZeekConnectionData, TContext = SiemContext > = Resolver; } -export namespace TopNetworkTablesEcsFieldResolvers { - export interface Resolvers { - bytes_in?: BytesInResolver, TypeParent, TContext>; +export namespace ZeekNoticeDataResolvers { + export interface Resolvers { + suppress_for?: SuppressForResolver, TypeParent, TContext>; - bytes_out?: BytesOutResolver, TypeParent, TContext>; - } + msg?: MsgResolver, TypeParent, TContext>; - export type BytesInResolver< - R = Maybe, - Parent = TopNetworkTablesEcsField, - TContext = SiemContext - > = Resolver; - export type BytesOutResolver< - R = Maybe, - Parent = TopNetworkTablesEcsField, - TContext = SiemContext - > = Resolver; -} + note?: NoteResolver, TypeParent, TContext>; -export namespace NetworkTopNFlowDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; + sub?: SubResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + dst?: DstResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + dropped?: DroppedResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + peer_descr?: PeerDescrResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = NetworkTopNFlowEdges[], - Parent = NetworkTopNFlowData, + export type SuppressForResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkTopNFlowData, + export type MsgResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkTopNFlowData, + export type NoteResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkTopNFlowData, + export type SubResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; -} - -export namespace NetworkTopNFlowEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = NetworkTopNFlowItem, - Parent = NetworkTopNFlowEdges, + export type DstResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkTopNFlowEdges, + export type DroppedResolver< + R = Maybe, + Parent = ZeekNoticeData, + TContext = SiemContext + > = Resolver; + export type PeerDescrResolver< + R = Maybe, + Parent = ZeekNoticeData, TContext = SiemContext > = Resolver; } -export namespace NetworkTopNFlowItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; +export namespace ZeekDnsDataResolvers { + export interface Resolvers { + AA?: AaResolver, TypeParent, TContext>; - source?: SourceResolver, TypeParent, TContext>; + qclass_name?: QclassNameResolver, TypeParent, TContext>; - destination?: DestinationResolver, TypeParent, TContext>; + RD?: RdResolver, TypeParent, TContext>; - network?: NetworkResolver, TypeParent, TContext>; - } + qtype_name?: QtypeNameResolver, TypeParent, TContext>; - export type _IdResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; - export type SourceResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; - export type DestinationResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; - export type NetworkResolver< - R = Maybe, - Parent = NetworkTopNFlowItem, - TContext = SiemContext - > = Resolver; -} + rejected?: RejectedResolver, TypeParent, TContext>; -export namespace TopNFlowItemSourceResolvers { - export interface Resolvers { - autonomous_system?: AutonomousSystemResolver, TypeParent, TContext>; + qtype?: QtypeResolver, TypeParent, TContext>; - domain?: DomainResolver, TypeParent, TContext>; + query?: QueryResolver, TypeParent, TContext>; - ip?: IpResolver, TypeParent, TContext>; + trans_id?: TransIdResolver, TypeParent, TContext>; - location?: LocationResolver, TypeParent, TContext>; + qclass?: QclassResolver, TypeParent, TContext>; - flows?: FlowsResolver, TypeParent, TContext>; + RA?: RaResolver, TypeParent, TContext>; - destination_ips?: DestinationIpsResolver, TypeParent, TContext>; + TC?: TcResolver, TypeParent, TContext>; } - export type AutonomousSystemResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type AaResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type QclassNameResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type IpResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type RdResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type QtypeNameResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type RejectedResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type DestinationIpsResolver< - R = Maybe, - Parent = TopNFlowItemSource, + export type QtypeResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; -} - -export namespace AutonomousSystemItemResolvers { - export interface Resolvers { - name?: NameResolver, TypeParent, TContext>; - - number?: NumberResolver, TypeParent, TContext>; - } - - export type NameResolver< - R = Maybe, - Parent = AutonomousSystemItem, + export type QueryResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; - export type NumberResolver< - R = Maybe, - Parent = AutonomousSystemItem, + export type TransIdResolver< + R = Maybe, + Parent = ZeekDnsData, + TContext = SiemContext + > = Resolver; + export type QclassResolver< + R = Maybe, + Parent = ZeekDnsData, + TContext = SiemContext + > = Resolver; + export type RaResolver< + R = Maybe, + Parent = ZeekDnsData, + TContext = SiemContext + > = Resolver; + export type TcResolver< + R = Maybe, + Parent = ZeekDnsData, TContext = SiemContext > = Resolver; } -export namespace TopNFlowItemDestinationResolvers { - export interface Resolvers { - autonomous_system?: AutonomousSystemResolver, TypeParent, TContext>; +export namespace FileFieldsResolvers { + export interface Resolvers { + name?: NameResolver, TypeParent, TContext>; + + path?: PathResolver, TypeParent, TContext>; + + target_path?: TargetPathResolver, TypeParent, TContext>; + + extension?: ExtensionResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + device?: DeviceResolver, TypeParent, TContext>; + + inode?: InodeResolver, TypeParent, TContext>; + + uid?: UidResolver, TypeParent, TContext>; + + owner?: OwnerResolver, TypeParent, TContext>; + + gid?: GidResolver, TypeParent, TContext>; - domain?: DomainResolver, TypeParent, TContext>; + group?: GroupResolver, TypeParent, TContext>; - ip?: IpResolver, TypeParent, TContext>; + mode?: ModeResolver, TypeParent, TContext>; - location?: LocationResolver, TypeParent, TContext>; + size?: SizeResolver, TypeParent, TContext>; - flows?: FlowsResolver, TypeParent, TContext>; + mtime?: MtimeResolver, TypeParent, TContext>; - source_ips?: SourceIpsResolver, TypeParent, TContext>; + ctime?: CtimeResolver, TypeParent, TContext>; } - export type AutonomousSystemResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type NameResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type DomainResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type PathResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type IpResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type TargetPathResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type LocationResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type ExtensionResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type FlowsResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type TypeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type SourceIpsResolver< - R = Maybe, - Parent = TopNFlowItemDestination, + export type DeviceResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; -} - -export namespace NetworkDnsDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - - histogram?: HistogramResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = NetworkDnsEdges[], - Parent = NetworkDnsData, + export type InodeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkDnsData, + export type UidResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkDnsData, + export type OwnerResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkDnsData, + export type GidResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type HistogramResolver< - R = Maybe, - Parent = NetworkDnsData, + export type GroupResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; -} - -export namespace NetworkDnsEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; - - cursor?: CursorResolver; - } - - export type NodeResolver< - R = NetworkDnsItem, - Parent = NetworkDnsEdges, + export type ModeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkDnsEdges, + export type SizeResolver< + R = Maybe, + Parent = FileFields, + TContext = SiemContext + > = Resolver; + export type MtimeResolver< + R = Maybe, + Parent = FileFields, + TContext = SiemContext + > = Resolver; + export type CtimeResolver< + R = Maybe, + Parent = FileFields, TContext = SiemContext > = Resolver; } -export namespace NetworkDnsItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - dnsBytesIn?: DnsBytesInResolver, TypeParent, TContext>; +export namespace ZeekHttpDataResolvers { + export interface Resolvers { + resp_mime_types?: RespMimeTypesResolver, TypeParent, TContext>; - dnsBytesOut?: DnsBytesOutResolver, TypeParent, TContext>; + trans_depth?: TransDepthResolver, TypeParent, TContext>; - dnsName?: DnsNameResolver, TypeParent, TContext>; + status_msg?: StatusMsgResolver, TypeParent, TContext>; - queryCount?: QueryCountResolver, TypeParent, TContext>; + resp_fuids?: RespFuidsResolver, TypeParent, TContext>; - uniqueDomains?: UniqueDomainsResolver, TypeParent, TContext>; + tags?: TagsResolver, TypeParent, TContext>; } - export type _IdResolver< - R = Maybe, - Parent = NetworkDnsItem, - TContext = SiemContext - > = Resolver; - export type DnsBytesInResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type RespMimeTypesResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type DnsBytesOutResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type TransDepthResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type DnsNameResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type StatusMsgResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type QueryCountResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type RespFuidsResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; - export type UniqueDomainsResolver< - R = Maybe, - Parent = NetworkDnsItem, + export type TagsResolver< + R = Maybe, + Parent = ZeekHttpData, TContext = SiemContext > = Resolver; } -export namespace MatrixOverOrdinalHistogramDataResolvers { - export interface Resolvers { - x?: XResolver; - - y?: YResolver; +export namespace HttpBodyDataResolvers { + export interface Resolvers { + content?: ContentResolver, TypeParent, TContext>; - g?: GResolver; + bytes?: BytesResolver, TypeParent, TContext>; } - export type XResolver< - R = string, - Parent = MatrixOverOrdinalHistogramData, - TContext = SiemContext - > = Resolver; - export type YResolver< - R = number, - Parent = MatrixOverOrdinalHistogramData, + export type ContentResolver< + R = Maybe, + Parent = HttpBodyData, TContext = SiemContext > = Resolver; - export type GResolver< - R = string, - Parent = MatrixOverOrdinalHistogramData, + export type BytesResolver< + R = Maybe, + Parent = HttpBodyData, TContext = SiemContext > = Resolver; } -export namespace NetworkDsOverTimeDataResolvers { - export interface Resolvers { - inspect?: InspectResolver, TypeParent, TContext>; +export namespace HttpRequestDataResolvers { + export interface Resolvers { + method?: MethodResolver, TypeParent, TContext>; - matrixHistogramData?: MatrixHistogramDataResolver< - MatrixOverTimeHistogramData[], - TypeParent, - TContext - >; + body?: BodyResolver, TypeParent, TContext>; - totalCount?: TotalCountResolver; + referrer?: ReferrerResolver, TypeParent, TContext>; + + bytes?: BytesResolver, TypeParent, TContext>; } - export type InspectResolver< - R = Maybe, - Parent = NetworkDsOverTimeData, + export type MethodResolver< + R = Maybe, + Parent = HttpRequestData, TContext = SiemContext > = Resolver; - export type MatrixHistogramDataResolver< - R = MatrixOverTimeHistogramData[], - Parent = NetworkDsOverTimeData, + export type BodyResolver< + R = Maybe, + Parent = HttpRequestData, TContext = SiemContext > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkDsOverTimeData, + export type ReferrerResolver< + R = Maybe, + Parent = HttpRequestData, + TContext = SiemContext + > = Resolver; + export type BytesResolver< + R = Maybe, + Parent = HttpRequestData, TContext = SiemContext > = Resolver; } -export namespace NetworkHttpDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; +export namespace HttpResponseDataResolvers { + export interface Resolvers { + status_code?: StatusCodeResolver, TypeParent, TContext>; - pageInfo?: PageInfoResolver; + body?: BodyResolver, TypeParent, TContext>; - inspect?: InspectResolver, TypeParent, TContext>; + bytes?: BytesResolver, TypeParent, TContext>; } - export type EdgesResolver< - R = NetworkHttpEdges[], - Parent = NetworkHttpData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = NetworkHttpData, + export type StatusCodeResolver< + R = Maybe, + Parent = HttpResponseData, TContext = SiemContext > = Resolver; - export type PageInfoResolver< - R = PageInfoPaginated, - Parent = NetworkHttpData, + export type BodyResolver< + R = Maybe, + Parent = HttpResponseData, TContext = SiemContext > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = NetworkHttpData, + export type BytesResolver< + R = Maybe, + Parent = HttpResponseData, TContext = SiemContext > = Resolver; } -export namespace NetworkHttpEdgesResolvers { - export interface Resolvers { - node?: NodeResolver; +export namespace HttpEcsFieldsResolvers { + export interface Resolvers { + version?: VersionResolver, TypeParent, TContext>; + + request?: RequestResolver, TypeParent, TContext>; - cursor?: CursorResolver; + response?: ResponseResolver, TypeParent, TContext>; } - export type NodeResolver< - R = NetworkHttpItem, - Parent = NetworkHttpEdges, + export type VersionResolver< + R = Maybe, + Parent = HttpEcsFields, TContext = SiemContext > = Resolver; - export type CursorResolver< - R = CursorType, - Parent = NetworkHttpEdges, + export type RequestResolver< + R = Maybe, + Parent = HttpEcsFields, + TContext = SiemContext + > = Resolver; + export type ResponseResolver< + R = Maybe, + Parent = HttpEcsFields, TContext = SiemContext > = Resolver; } -export namespace NetworkHttpItemResolvers { - export interface Resolvers { - _id?: _IdResolver, TypeParent, TContext>; - - domains?: DomainsResolver; - - lastHost?: LastHostResolver, TypeParent, TContext>; - - lastSourceIp?: LastSourceIpResolver, TypeParent, TContext>; - - methods?: MethodsResolver; +export namespace UrlEcsFieldsResolvers { + export interface Resolvers { + domain?: DomainResolver, TypeParent, TContext>; - path?: PathResolver, TypeParent, TContext>; + original?: OriginalResolver, TypeParent, TContext>; - requestCount?: RequestCountResolver, TypeParent, TContext>; + username?: UsernameResolver, TypeParent, TContext>; - statuses?: StatusesResolver; + password?: PasswordResolver, TypeParent, TContext>; } - export type _IdResolver< - R = Maybe, - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type DomainsResolver< - R = string[], - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type LastHostResolver< - R = Maybe, - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type LastSourceIpResolver< - R = Maybe, - Parent = NetworkHttpItem, - TContext = SiemContext - > = Resolver; - export type MethodsResolver< - R = string[], - Parent = NetworkHttpItem, + export type DomainResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; - export type PathResolver< - R = Maybe, - Parent = NetworkHttpItem, + export type OriginalResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; - export type RequestCountResolver< - R = Maybe, - Parent = NetworkHttpItem, + export type UsernameResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; - export type StatusesResolver< - R = string[], - Parent = NetworkHttpItem, + export type PasswordResolver< + R = Maybe, + Parent = UrlEcsFields, TContext = SiemContext > = Resolver; } -export namespace SayMyNameResolvers { - export interface Resolvers { - /** The id of the source */ - appName?: AppNameResolver; - } - - export type AppNameResolver = Resolver< - R, - Parent, - TContext - >; -} - -export namespace TimelineResultResolvers { - export interface Resolvers { - columns?: ColumnsResolver, TypeParent, TContext>; - - created?: CreatedResolver, TypeParent, TContext>; - - createdBy?: CreatedByResolver, TypeParent, TContext>; - - dataProviders?: DataProvidersResolver, TypeParent, TContext>; - - dateRange?: DateRangeResolver, TypeParent, TContext>; - - description?: DescriptionResolver, TypeParent, TContext>; - - eventIdToNoteIds?: EventIdToNoteIdsResolver, TypeParent, TContext>; - - eventType?: EventTypeResolver, TypeParent, TContext>; - - excludedRowRendererIds?: ExcludedRowRendererIdsResolver< - Maybe, - TypeParent, - TContext - >; - - favorite?: FavoriteResolver, TypeParent, TContext>; - - filters?: FiltersResolver, TypeParent, TContext>; - - kqlMode?: KqlModeResolver, TypeParent, TContext>; +export namespace ZeekFileDataResolvers { + export interface Resolvers { + session_ids?: SessionIdsResolver, TypeParent, TContext>; - kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + timedout?: TimedoutResolver, TypeParent, TContext>; - indexNames?: IndexNamesResolver, TypeParent, TContext>; + local_orig?: LocalOrigResolver, TypeParent, TContext>; - notes?: NotesResolver, TypeParent, TContext>; + tx_host?: TxHostResolver, TypeParent, TContext>; - noteIds?: NoteIdsResolver, TypeParent, TContext>; + source?: SourceResolver, TypeParent, TContext>; - pinnedEventIds?: PinnedEventIdsResolver, TypeParent, TContext>; + is_orig?: IsOrigResolver, TypeParent, TContext>; - pinnedEventsSaveObject?: PinnedEventsSaveObjectResolver< - Maybe, - TypeParent, - TContext - >; + overflow_bytes?: OverflowBytesResolver, TypeParent, TContext>; - savedQueryId?: SavedQueryIdResolver, TypeParent, TContext>; + sha1?: Sha1Resolver, TypeParent, TContext>; - savedObjectId?: SavedObjectIdResolver; + duration?: DurationResolver, TypeParent, TContext>; - sort?: SortResolver, TypeParent, TContext>; + depth?: DepthResolver, TypeParent, TContext>; - status?: StatusResolver, TypeParent, TContext>; + analyzers?: AnalyzersResolver, TypeParent, TContext>; - title?: TitleResolver, TypeParent, TContext>; + mime_type?: MimeTypeResolver, TypeParent, TContext>; - templateTimelineId?: TemplateTimelineIdResolver, TypeParent, TContext>; + rx_host?: RxHostResolver, TypeParent, TContext>; - templateTimelineVersion?: TemplateTimelineVersionResolver, TypeParent, TContext>; + total_bytes?: TotalBytesResolver, TypeParent, TContext>; - timelineType?: TimelineTypeResolver, TypeParent, TContext>; + fuid?: FuidResolver, TypeParent, TContext>; - updated?: UpdatedResolver, TypeParent, TContext>; + seen_bytes?: SeenBytesResolver, TypeParent, TContext>; - updatedBy?: UpdatedByResolver, TypeParent, TContext>; + missing_bytes?: MissingBytesResolver, TypeParent, TContext>; - version?: VersionResolver; + md5?: Md5Resolver, TypeParent, TContext>; } - export type ColumnsResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type CreatedResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type CreatedByResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type DataProvidersResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type DateRangeResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type DescriptionResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type EventIdToNoteIdsResolver< - R = Maybe, - Parent = TimelineResult, - TContext = SiemContext - > = Resolver; - export type EventTypeResolver< - R = Maybe, - Parent = TimelineResult, + export type SessionIdsResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type ExcludedRowRendererIdsResolver< - R = Maybe, - Parent = TimelineResult, + export type TimedoutResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type FavoriteResolver< - R = Maybe, - Parent = TimelineResult, + export type LocalOrigResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type FiltersResolver< - R = Maybe, - Parent = TimelineResult, + export type TxHostResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type KqlModeResolver< - R = Maybe, - Parent = TimelineResult, + export type SourceResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type KqlQueryResolver< - R = Maybe, - Parent = TimelineResult, + export type IsOrigResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type IndexNamesResolver< - R = Maybe, - Parent = TimelineResult, + export type OverflowBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type NotesResolver< - R = Maybe, - Parent = TimelineResult, + export type Sha1Resolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type NoteIdsResolver< - R = Maybe, - Parent = TimelineResult, + export type DurationResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type PinnedEventIdsResolver< - R = Maybe, - Parent = TimelineResult, + export type DepthResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type PinnedEventsSaveObjectResolver< - R = Maybe, - Parent = TimelineResult, + export type AnalyzersResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type SavedQueryIdResolver< - R = Maybe, - Parent = TimelineResult, + export type MimeTypeResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type SavedObjectIdResolver< - R = string, - Parent = TimelineResult, + export type RxHostResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type SortResolver< - R = Maybe, - Parent = TimelineResult, + export type TotalBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type StatusResolver< - R = Maybe, - Parent = TimelineResult, + export type FuidResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TitleResolver< - R = Maybe, - Parent = TimelineResult, + export type SeenBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TemplateTimelineIdResolver< - R = Maybe, - Parent = TimelineResult, + export type MissingBytesResolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TemplateTimelineVersionResolver< - R = Maybe, - Parent = TimelineResult, + export type Md5Resolver< + R = Maybe, + Parent = ZeekFileData, TContext = SiemContext > = Resolver; - export type TimelineTypeResolver< - R = Maybe, - Parent = TimelineResult, +} + +export namespace ZeekSslDataResolvers { + export interface Resolvers { + cipher?: CipherResolver, TypeParent, TContext>; + + established?: EstablishedResolver, TypeParent, TContext>; + + resumed?: ResumedResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; + } + + export type CipherResolver< + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; - export type UpdatedResolver< - R = Maybe, - Parent = TimelineResult, + export type EstablishedResolver< + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; - export type UpdatedByResolver< - R = Maybe, - Parent = TimelineResult, + export type ResumedResolver< + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; export type VersionResolver< - R = string, - Parent = TimelineResult, + R = Maybe, + Parent = ZeekSslData, TContext = SiemContext > = Resolver; } -export namespace ColumnHeaderResultResolvers { - export interface Resolvers { - aggregatable?: AggregatableResolver, TypeParent, TContext>; - - category?: CategoryResolver, TypeParent, TContext>; - - columnHeaderType?: ColumnHeaderTypeResolver, TypeParent, TContext>; - - description?: DescriptionResolver, TypeParent, TContext>; - - example?: ExampleResolver, TypeParent, TContext>; +export namespace ZeekEcsFieldsResolvers { + export interface Resolvers { + session_id?: SessionIdResolver, TypeParent, TContext>; - indexes?: IndexesResolver, TypeParent, TContext>; + connection?: ConnectionResolver, TypeParent, TContext>; - id?: IdResolver, TypeParent, TContext>; + notice?: NoticeResolver, TypeParent, TContext>; - name?: NameResolver, TypeParent, TContext>; + dns?: DnsResolver, TypeParent, TContext>; - placeholder?: PlaceholderResolver, TypeParent, TContext>; + http?: HttpResolver, TypeParent, TContext>; - searchable?: SearchableResolver, TypeParent, TContext>; + files?: FilesResolver, TypeParent, TContext>; - type?: TypeResolver, TypeParent, TContext>; + ssl?: SslResolver, TypeParent, TContext>; } - export type AggregatableResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type SessionIdResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type CategoryResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type ConnectionResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type ColumnHeaderTypeResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type NoticeResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type DescriptionResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type DnsResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type ExampleResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type HttpResolver< + R = Maybe, + Parent = ZeekEcsFields, TContext = SiemContext > = Resolver; - export type IndexesResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type FilesResolver< + R = Maybe, + Parent = ZeekEcsFields, + TContext = SiemContext + > = Resolver; + export type SslResolver< + R = Maybe, + Parent = ZeekEcsFields, + TContext = SiemContext + > = Resolver; +} + +export namespace UserEcsFieldsResolvers { + export interface Resolvers { + domain?: DomainResolver, TypeParent, TContext>; + + id?: IdResolver, TypeParent, TContext>; + + name?: NameResolver, TypeParent, TContext>; + + full_name?: FullNameResolver, TypeParent, TContext>; + + email?: EmailResolver, TypeParent, TContext>; + + hash?: HashResolver, TypeParent, TContext>; + + group?: GroupResolver, TypeParent, TContext>; + } + + export type DomainResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; export type IdResolver< - R = Maybe, - Parent = ColumnHeaderResult, + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; export type NameResolver< - R = Maybe, - Parent = ColumnHeaderResult, + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; - export type PlaceholderResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type FullNameResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; - export type SearchableResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type EmailResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = ColumnHeaderResult, + export type HashResolver< + R = Maybe, + Parent = UserEcsFields, + TContext = SiemContext + > = Resolver; + export type GroupResolver< + R = Maybe, + Parent = UserEcsFields, TContext = SiemContext > = Resolver; } -export namespace DataProviderResultResolvers { - export interface Resolvers { - id?: IdResolver, TypeParent, TContext>; +export namespace WinlogEcsFieldsResolvers { + export interface Resolvers { + event_id?: EventIdResolver, TypeParent, TContext>; + } - name?: NameResolver, TypeParent, TContext>; + export type EventIdResolver< + R = Maybe, + Parent = WinlogEcsFields, + TContext = SiemContext + > = Resolver; +} - enabled?: EnabledResolver, TypeParent, TContext>; +export namespace NetworkEcsFieldResolvers { + export interface Resolvers { + bytes?: BytesResolver, TypeParent, TContext>; - excluded?: ExcludedResolver, TypeParent, TContext>; + community_id?: CommunityIdResolver, TypeParent, TContext>; - kqlQuery?: KqlQueryResolver, TypeParent, TContext>; + direction?: DirectionResolver, TypeParent, TContext>; - queryMatch?: QueryMatchResolver, TypeParent, TContext>; + packets?: PacketsResolver, TypeParent, TContext>; - type?: TypeResolver, TypeParent, TContext>; + protocol?: ProtocolResolver, TypeParent, TContext>; - and?: AndResolver, TypeParent, TContext>; + transport?: TransportResolver, TypeParent, TContext>; } - export type IdResolver< - R = Maybe, - Parent = DataProviderResult, - TContext = SiemContext - > = Resolver; - export type NameResolver< - R = Maybe, - Parent = DataProviderResult, - TContext = SiemContext - > = Resolver; - export type EnabledResolver< - R = Maybe, - Parent = DataProviderResult, + export type BytesResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type ExcludedResolver< - R = Maybe, - Parent = DataProviderResult, + export type CommunityIdResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type KqlQueryResolver< - R = Maybe, - Parent = DataProviderResult, + export type DirectionResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type QueryMatchResolver< - R = Maybe, - Parent = DataProviderResult, + export type PacketsResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = DataProviderResult, + export type ProtocolResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; - export type AndResolver< - R = Maybe, - Parent = DataProviderResult, + export type TransportResolver< + R = Maybe, + Parent = NetworkEcsField, TContext = SiemContext > = Resolver; } -export namespace QueryMatchResultResolvers { - export interface Resolvers { - field?: FieldResolver, TypeParent, TContext>; +export namespace PackageEcsFieldsResolvers { + export interface Resolvers { + arch?: ArchResolver, TypeParent, TContext>; - displayField?: DisplayFieldResolver, TypeParent, TContext>; + entity_id?: EntityIdResolver, TypeParent, TContext>; - value?: ValueResolver, TypeParent, TContext>; + name?: NameResolver, TypeParent, TContext>; - displayValue?: DisplayValueResolver, TypeParent, TContext>; + size?: SizeResolver, TypeParent, TContext>; - operator?: OperatorResolver, TypeParent, TContext>; + summary?: SummaryResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; } - export type FieldResolver< - R = Maybe, - Parent = QueryMatchResult, + export type ArchResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type DisplayFieldResolver< - R = Maybe, - Parent = QueryMatchResult, + export type EntityIdResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type ValueResolver< - R = Maybe, - Parent = QueryMatchResult, + export type NameResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type DisplayValueResolver< - R = Maybe, - Parent = QueryMatchResult, + export type SizeResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; - export type OperatorResolver< - R = Maybe, - Parent = QueryMatchResult, + export type SummaryResolver< + R = Maybe, + Parent = PackageEcsFields, + TContext = SiemContext + > = Resolver; + export type VersionResolver< + R = Maybe, + Parent = PackageEcsFields, TContext = SiemContext > = Resolver; } -export namespace DateRangePickerResultResolvers { - export interface Resolvers { - start?: StartResolver, TypeParent, TContext>; +export namespace AuditEcsFieldsResolvers { + export interface Resolvers { + package?: PackageResolver, TypeParent, TContext>; + } - end?: EndResolver, TypeParent, TContext>; + export type PackageResolver< + R = Maybe, + Parent = AuditEcsFields, + TContext = SiemContext + > = Resolver; +} + +export namespace SshEcsFieldsResolvers { + export interface Resolvers { + method?: MethodResolver, TypeParent, TContext>; + + signature?: SignatureResolver, TypeParent, TContext>; } - export type StartResolver< - R = Maybe, - Parent = DateRangePickerResult, + export type MethodResolver< + R = Maybe, + Parent = SshEcsFields, TContext = SiemContext > = Resolver; - export type EndResolver< - R = Maybe, - Parent = DateRangePickerResult, + export type SignatureResolver< + R = Maybe, + Parent = SshEcsFields, TContext = SiemContext > = Resolver; } -export namespace FavoriteTimelineResultResolvers { - export interface Resolvers { - fullName?: FullNameResolver, TypeParent, TContext>; - - userName?: UserNameResolver, TypeParent, TContext>; - - favoriteDate?: FavoriteDateResolver, TypeParent, TContext>; +export namespace AuthEcsFieldsResolvers { + export interface Resolvers { + ssh?: SshResolver, TypeParent, TContext>; } - export type FullNameResolver< - R = Maybe, - Parent = FavoriteTimelineResult, + export type SshResolver< + R = Maybe, + Parent = AuthEcsFields, TContext = SiemContext > = Resolver; - export type UserNameResolver< - R = Maybe, - Parent = FavoriteTimelineResult, +} + +export namespace SystemEcsFieldResolvers { + export interface Resolvers { + audit?: AuditResolver, TypeParent, TContext>; + + auth?: AuthResolver, TypeParent, TContext>; + } + + export type AuditResolver< + R = Maybe, + Parent = SystemEcsField, TContext = SiemContext > = Resolver; - export type FavoriteDateResolver< - R = Maybe, - Parent = FavoriteTimelineResult, + export type AuthResolver< + R = Maybe, + Parent = SystemEcsField, TContext = SiemContext > = Resolver; } -export namespace FilterTimelineResultResolvers { - export interface Resolvers { - exists?: ExistsResolver, TypeParent, TContext>; +export namespace RuleFieldResolvers { + export interface Resolvers { + id?: IdResolver, TypeParent, TContext>; - meta?: MetaResolver, TypeParent, TContext>; + rule_id?: RuleIdResolver, TypeParent, TContext>; - match_all?: MatchAllResolver, TypeParent, TContext>; + false_positives?: FalsePositivesResolver; - missing?: MissingResolver, TypeParent, TContext>; + saved_id?: SavedIdResolver, TypeParent, TContext>; - query?: QueryResolver, TypeParent, TContext>; + timeline_id?: TimelineIdResolver, TypeParent, TContext>; - range?: RangeResolver, TypeParent, TContext>; + timeline_title?: TimelineTitleResolver, TypeParent, TContext>; - script?: ScriptResolver, TypeParent, TContext>; + max_signals?: MaxSignalsResolver, TypeParent, TContext>; + + risk_score?: RiskScoreResolver, TypeParent, TContext>; + + output_index?: OutputIndexResolver, TypeParent, TContext>; + + description?: DescriptionResolver, TypeParent, TContext>; + + from?: FromResolver, TypeParent, TContext>; + + immutable?: ImmutableResolver, TypeParent, TContext>; + + index?: IndexResolver, TypeParent, TContext>; + + interval?: IntervalResolver, TypeParent, TContext>; + + language?: LanguageResolver, TypeParent, TContext>; + + query?: QueryResolver, TypeParent, TContext>; + + references?: ReferencesResolver, TypeParent, TContext>; + + severity?: SeverityResolver, TypeParent, TContext>; + + tags?: TagsResolver, TypeParent, TContext>; + + threat?: ThreatResolver, TypeParent, TContext>; + + type?: TypeResolver, TypeParent, TContext>; + + size?: SizeResolver, TypeParent, TContext>; + + to?: ToResolver, TypeParent, TContext>; + + enabled?: EnabledResolver, TypeParent, TContext>; + + filters?: FiltersResolver, TypeParent, TContext>; + + created_at?: CreatedAtResolver, TypeParent, TContext>; + + updated_at?: UpdatedAtResolver, TypeParent, TContext>; + + created_by?: CreatedByResolver, TypeParent, TContext>; + + updated_by?: UpdatedByResolver, TypeParent, TContext>; + + version?: VersionResolver, TypeParent, TContext>; + + note?: NoteResolver, TypeParent, TContext>; + + threshold?: ThresholdResolver, TypeParent, TContext>; + + exceptions_list?: ExceptionsListResolver, TypeParent, TContext>; } - export type ExistsResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type IdResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type MetaResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type RuleIdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type FalsePositivesResolver< + R = string[], + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type SavedIdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type TimelineIdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type TimelineTitleResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type MaxSignalsResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type RiskScoreResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type OutputIndexResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type MatchAllResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type DescriptionResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type MissingResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type FromResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type QueryResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type ImmutableResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type RangeResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type IndexResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ScriptResolver< - R = Maybe, - Parent = FilterTimelineResult, + export type IntervalResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace FilterMetaTimelineResultResolvers { - export interface Resolvers { - alias?: AliasResolver, TypeParent, TContext>; - - controlledBy?: ControlledByResolver, TypeParent, TContext>; - - disabled?: DisabledResolver, TypeParent, TContext>; - - field?: FieldResolver, TypeParent, TContext>; - - formattedValue?: FormattedValueResolver, TypeParent, TContext>; - - index?: IndexResolver, TypeParent, TContext>; - - key?: KeyResolver, TypeParent, TContext>; - - negate?: NegateResolver, TypeParent, TContext>; - - params?: ParamsResolver, TypeParent, TContext>; - - type?: TypeResolver, TypeParent, TContext>; - - value?: ValueResolver, TypeParent, TContext>; - } - - export type AliasResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type LanguageResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ControlledByResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type QueryResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type DisabledResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type ReferencesResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type FieldResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type SeverityResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type FormattedValueResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type TagsResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type IndexResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type ThreatResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type KeyResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type TypeResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type NegateResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type SizeResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ParamsResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type ToResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type TypeResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type EnabledResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ValueResolver< - R = Maybe, - Parent = FilterMetaTimelineResult, + export type FiltersResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace SerializedFilterQueryResultResolvers { - export interface Resolvers { - filterQuery?: FilterQueryResolver, TypeParent, TContext>; - } - - export type FilterQueryResolver< - R = Maybe, - Parent = SerializedFilterQueryResult, + export type CreatedAtResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace SerializedKueryQueryResultResolvers { - export interface Resolvers { - kuery?: KueryResolver, TypeParent, TContext>; - - serializedQuery?: SerializedQueryResolver, TypeParent, TContext>; - } - - export type KueryResolver< - R = Maybe, - Parent = SerializedKueryQueryResult, + export type UpdatedAtResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type SerializedQueryResolver< - R = Maybe, - Parent = SerializedKueryQueryResult, + export type CreatedByResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace KueryFilterQueryResultResolvers { - export interface Resolvers { - kind?: KindResolver, TypeParent, TContext>; - - expression?: ExpressionResolver, TypeParent, TContext>; - } - - export type KindResolver< - R = Maybe, - Parent = KueryFilterQueryResult, + export type UpdatedByResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type ExpressionResolver< - R = Maybe, - Parent = KueryFilterQueryResult, + export type VersionResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; -} - -export namespace SortTimelineResultResolvers { - export interface Resolvers { - columnId?: ColumnIdResolver, TypeParent, TContext>; - - sortDirection?: SortDirectionResolver, TypeParent, TContext>; - } - - export type ColumnIdResolver< - R = Maybe, - Parent = SortTimelineResult, + export type NoteResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; - export type SortDirectionResolver< - R = Maybe, - Parent = SortTimelineResult, + export type ThresholdResolver< + R = Maybe, + Parent = RuleField, + TContext = SiemContext + > = Resolver; + export type ExceptionsListResolver< + R = Maybe, + Parent = RuleField, TContext = SiemContext > = Resolver; } -export namespace ResponseTimelinesResolvers { - export interface Resolvers { - timeline?: TimelineResolver<(Maybe)[], TypeParent, TContext>; - - totalCount?: TotalCountResolver, TypeParent, TContext>; - - defaultTimelineCount?: DefaultTimelineCountResolver, TypeParent, TContext>; - - templateTimelineCount?: TemplateTimelineCountResolver, TypeParent, TContext>; - - elasticTemplateTimelineCount?: ElasticTemplateTimelineCountResolver< - Maybe, - TypeParent, - TContext - >; +export namespace SignalFieldResolvers { + export interface Resolvers { + rule?: RuleResolver, TypeParent, TContext>; - customTemplateTimelineCount?: CustomTemplateTimelineCountResolver< - Maybe, - TypeParent, - TContext - >; + original_time?: OriginalTimeResolver, TypeParent, TContext>; - favoriteCount?: FavoriteCountResolver, TypeParent, TContext>; + status?: StatusResolver, TypeParent, TContext>; } - export type TimelineResolver< - R = (Maybe)[], - Parent = ResponseTimelines, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = Maybe, - Parent = ResponseTimelines, - TContext = SiemContext - > = Resolver; - export type DefaultTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, - TContext = SiemContext - > = Resolver; - export type TemplateTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, + export type RuleResolver< + R = Maybe, + Parent = SignalField, TContext = SiemContext > = Resolver; - export type ElasticTemplateTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, + export type OriginalTimeResolver< + R = Maybe, + Parent = SignalField, TContext = SiemContext > = Resolver; - export type CustomTemplateTimelineCountResolver< - R = Maybe, - Parent = ResponseTimelines, + export type StatusResolver< + R = Maybe, + Parent = SignalField, TContext = SiemContext > = Resolver; - export type FavoriteCountResolver< - R = Maybe, - Parent = ResponseTimelines, +} + +export namespace RuleEcsFieldResolvers { + export interface Resolvers { + reference?: ReferenceResolver, TypeParent, TContext>; + } + + export type ReferenceResolver< + R = Maybe, + Parent = RuleEcsField, TContext = SiemContext > = Resolver; } -export namespace MutationResolvers { - export interface Resolvers { - /** Persists a note */ - persistNote?: PersistNoteResolver; +export namespace EcsResolvers { + export interface Resolvers { + _id?: _IdResolver; - deleteNote?: DeleteNoteResolver, TypeParent, TContext>; + _index?: _IndexResolver, TypeParent, TContext>; - deleteNoteByTimelineId?: DeleteNoteByTimelineIdResolver, TypeParent, TContext>; - /** Persists a pinned event in a timeline */ - persistPinnedEventOnTimeline?: PersistPinnedEventOnTimelineResolver< - Maybe, - TypeParent, - TContext - >; - /** Remove a pinned events in a timeline */ - deletePinnedEventOnTimeline?: DeletePinnedEventOnTimelineResolver< - boolean, - TypeParent, - TContext - >; - /** Remove all pinned events in a timeline */ - deleteAllPinnedEventsOnTimeline?: DeleteAllPinnedEventsOnTimelineResolver< - boolean, - TypeParent, - TContext - >; - /** Persists a timeline */ - persistTimeline?: PersistTimelineResolver; + agent?: AgentResolver, TypeParent, TContext>; - persistFavorite?: PersistFavoriteResolver; + auditd?: AuditdResolver, TypeParent, TContext>; - deleteTimeline?: DeleteTimelineResolver; - } + destination?: DestinationResolver, TypeParent, TContext>; - export type PersistNoteResolver = Resolver< - R, - Parent, - TContext, - PersistNoteArgs - >; - export interface PersistNoteArgs { - noteId?: Maybe; + dns?: DnsResolver, TypeParent, TContext>; - version?: Maybe; + endgame?: EndgameResolver, TypeParent, TContext>; - note: NoteInput; - } + event?: EventResolver, TypeParent, TContext>; - export type DeleteNoteResolver< - R = Maybe, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeleteNoteArgs { - id: string[]; - } + geo?: GeoResolver, TypeParent, TContext>; - export type DeleteNoteByTimelineIdResolver< - R = Maybe, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeleteNoteByTimelineIdArgs { - timelineId: string; + host?: HostResolver, TypeParent, TContext>; - version?: Maybe; - } + network?: NetworkResolver, TypeParent, TContext>; - export type PersistPinnedEventOnTimelineResolver< - R = Maybe, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface PersistPinnedEventOnTimelineArgs { - pinnedEventId?: Maybe; + rule?: RuleResolver, TypeParent, TContext>; - eventId: string; + signal?: SignalResolver, TypeParent, TContext>; - timelineId?: Maybe; - } + source?: SourceResolver, TypeParent, TContext>; - export type DeletePinnedEventOnTimelineResolver< - R = boolean, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeletePinnedEventOnTimelineArgs { - id: string[]; - } + suricata?: SuricataResolver, TypeParent, TContext>; - export type DeleteAllPinnedEventsOnTimelineResolver< - R = boolean, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface DeleteAllPinnedEventsOnTimelineArgs { - timelineId: string; - } + tls?: TlsResolver, TypeParent, TContext>; - export type PersistTimelineResolver< - R = ResponseTimeline, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface PersistTimelineArgs { - id?: Maybe; + zeek?: ZeekResolver, TypeParent, TContext>; - version?: Maybe; + http?: HttpResolver, TypeParent, TContext>; - timeline: TimelineInput; - } + url?: UrlResolver, TypeParent, TContext>; - export type PersistFavoriteResolver< - R = ResponseFavoriteTimeline, - Parent = {}, - TContext = SiemContext - > = Resolver; - export interface PersistFavoriteArgs { - timelineId?: Maybe; - } + timestamp?: TimestampResolver, TypeParent, TContext>; - export type DeleteTimelineResolver = Resolver< - R, - Parent, - TContext, - DeleteTimelineArgs - >; - export interface DeleteTimelineArgs { - id: string[]; - } -} + message?: MessageResolver, TypeParent, TContext>; -export namespace ResponseNoteResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; + user?: UserResolver, TypeParent, TContext>; - message?: MessageResolver, TypeParent, TContext>; + winlog?: WinlogResolver, TypeParent, TContext>; - note?: NoteResolver; + process?: ProcessResolver, TypeParent, TContext>; + + file?: FileResolver, TypeParent, TContext>; + + system?: SystemResolver, TypeParent, TContext>; } - export type CodeResolver< - R = Maybe, - Parent = ResponseNote, + export type _IdResolver = Resolver< + R, + Parent, + TContext + >; + export type _IndexResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type AgentResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = ResponseNote, + export type AuditdResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type NoteResolver< - R = NoteResult, - Parent = ResponseNote, + export type DestinationResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; -} - -export namespace ResponseTimelineResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - timeline?: TimelineResolver; - } - - export type CodeResolver< - R = Maybe, - Parent = ResponseTimeline, + export type DnsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type EndgameResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type EventResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type GeoResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type HostResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type NetworkResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type RuleResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type SignalResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type SourceResolver< + R = Maybe, + Parent = Ecs, + TContext = SiemContext + > = Resolver; + export type SuricataResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = ResponseTimeline, + export type TlsResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type ZeekResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type TimelineResolver< - R = TimelineResult, - Parent = ResponseTimeline, + export type HttpResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; -} - -export namespace ResponseFavoriteTimelineResolvers { - export interface Resolvers { - code?: CodeResolver, TypeParent, TContext>; - - message?: MessageResolver, TypeParent, TContext>; - - savedObjectId?: SavedObjectIdResolver; - - version?: VersionResolver; - - favorite?: FavoriteResolver, TypeParent, TContext>; - } - - export type CodeResolver< - R = Maybe, - Parent = ResponseFavoriteTimeline, + export type UrlResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type TimestampResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type MessageResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type MessageResolver< - R = Maybe, - Parent = ResponseFavoriteTimeline, + export type UserResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type SavedObjectIdResolver< - R = string, - Parent = ResponseFavoriteTimeline, + export type WinlogResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type VersionResolver< - R = string, - Parent = ResponseFavoriteTimeline, + export type ProcessResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; - export type FavoriteResolver< - R = Maybe, - Parent = ResponseFavoriteTimeline, + export type FileResolver, Parent = Ecs, TContext = SiemContext> = Resolver< + R, + Parent, + TContext + >; + export type SystemResolver< + R = Maybe, + Parent = Ecs, TContext = SiemContext > = Resolver; } @@ -8064,39 +5764,6 @@ export namespace EcsEdgesResolvers { >; } -export namespace EventsTimelineDataResolvers { - export interface Resolvers { - edges?: EdgesResolver; - - totalCount?: TotalCountResolver; - - pageInfo?: PageInfoResolver; - - inspect?: InspectResolver, TypeParent, TContext>; - } - - export type EdgesResolver< - R = EcsEdges[], - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; - export type TotalCountResolver< - R = number, - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; - export type PageInfoResolver< - R = PageInfo, - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; - export type InspectResolver< - R = Maybe, - Parent = EventsTimelineData, - TContext = SiemContext - > = Resolver; -} - export namespace OsFieldsResolvers { export interface Resolvers { platform?: PlatformResolver, TypeParent, TContext>; @@ -8281,6 +5948,25 @@ export namespace IndexFieldResolvers { > = Resolver; } +export namespace PageInfoResolvers { + export interface Resolvers { + endCursor?: EndCursorResolver, TypeParent, TContext>; + + hasNextPage?: HasNextPageResolver, TypeParent, TContext>; + } + + export type EndCursorResolver< + R = Maybe, + Parent = PageInfo, + TContext = SiemContext + > = Resolver; + export type HasNextPageResolver< + R = Maybe, + Parent = PageInfo, + TContext = SiemContext + > = Resolver; +} + /** Directs the executor to skip this field or fragment when the `if` argument is true. */ export type SkipDirectiveResolver = DirectiveResolverFn< Result, @@ -8320,25 +6006,22 @@ export interface ToStringArrayScalarConfig extends GraphQLScalarTypeConfig { name: 'Date'; } -export interface ToNumberArrayScalarConfig extends GraphQLScalarTypeConfig { - name: 'ToNumberArray'; -} -export interface ToDateArrayScalarConfig extends GraphQLScalarTypeConfig { - name: 'ToDateArray'; -} -export interface ToBooleanArrayScalarConfig extends GraphQLScalarTypeConfig { - name: 'ToBooleanArray'; -} export interface ToAnyScalarConfig extends GraphQLScalarTypeConfig { name: 'ToAny'; } -export interface EsValueScalarConfig extends GraphQLScalarTypeConfig { - name: 'EsValue'; -} export interface ToStringArrayNoNullableScalarConfig extends GraphQLScalarTypeConfig { name: 'ToStringArrayNoNullable'; } +export interface ToDateArrayScalarConfig extends GraphQLScalarTypeConfig { + name: 'ToDateArray'; +} +export interface ToNumberArrayScalarConfig extends GraphQLScalarTypeConfig { + name: 'ToNumberArray'; +} +export interface ToBooleanArrayScalarConfig extends GraphQLScalarTypeConfig { + name: 'ToBooleanArray'; +} export interface ToIFieldSubTypeNonNullableScalarConfig extends GraphQLScalarTypeConfig { name: 'ToIFieldSubTypeNonNullable'; @@ -8353,73 +6036,6 @@ export type IResolvers = { SourceConfiguration?: SourceConfigurationResolvers.Resolvers; SourceFields?: SourceFieldsResolvers.Resolvers; SourceStatus?: SourceStatusResolvers.Resolvers; - AuthenticationsData?: AuthenticationsDataResolvers.Resolvers; - AuthenticationsEdges?: AuthenticationsEdgesResolvers.Resolvers; - AuthenticationItem?: AuthenticationItemResolvers.Resolvers; - UserEcsFields?: UserEcsFieldsResolvers.Resolvers; - LastSourceHost?: LastSourceHostResolvers.Resolvers; - SourceEcsFields?: SourceEcsFieldsResolvers.Resolvers; - GeoEcsFields?: GeoEcsFieldsResolvers.Resolvers; - Location?: LocationResolvers.Resolvers; - HostEcsFields?: HostEcsFieldsResolvers.Resolvers; - OsEcsFields?: OsEcsFieldsResolvers.Resolvers; - CursorType?: CursorTypeResolvers.Resolvers; - PageInfoPaginated?: PageInfoPaginatedResolvers.Resolvers; - Inspect?: InspectResolvers.Resolvers; - TimelineData?: TimelineDataResolvers.Resolvers; - TimelineEdges?: TimelineEdgesResolvers.Resolvers; - TimelineItem?: TimelineItemResolvers.Resolvers; - TimelineNonEcsData?: TimelineNonEcsDataResolvers.Resolvers; - Ecs?: EcsResolvers.Resolvers; - AgentEcsField?: AgentEcsFieldResolvers.Resolvers; - AuditdEcsFields?: AuditdEcsFieldsResolvers.Resolvers; - AuditdData?: AuditdDataResolvers.Resolvers; - Summary?: SummaryResolvers.Resolvers; - PrimarySecondary?: PrimarySecondaryResolvers.Resolvers; - DestinationEcsFields?: DestinationEcsFieldsResolvers.Resolvers; - DnsEcsFields?: DnsEcsFieldsResolvers.Resolvers; - DnsQuestionData?: DnsQuestionDataResolvers.Resolvers; - EndgameEcsFields?: EndgameEcsFieldsResolvers.Resolvers; - EventEcsFields?: EventEcsFieldsResolvers.Resolvers; - NetworkEcsField?: NetworkEcsFieldResolvers.Resolvers; - RuleEcsField?: RuleEcsFieldResolvers.Resolvers; - SignalField?: SignalFieldResolvers.Resolvers; - RuleField?: RuleFieldResolvers.Resolvers; - SuricataEcsFields?: SuricataEcsFieldsResolvers.Resolvers; - SuricataEveData?: SuricataEveDataResolvers.Resolvers; - SuricataAlertData?: SuricataAlertDataResolvers.Resolvers; - TlsEcsFields?: TlsEcsFieldsResolvers.Resolvers; - TlsClientCertificateData?: TlsClientCertificateDataResolvers.Resolvers; - FingerprintData?: FingerprintDataResolvers.Resolvers; - TlsFingerprintsData?: TlsFingerprintsDataResolvers.Resolvers; - TlsJa3Data?: TlsJa3DataResolvers.Resolvers; - TlsServerCertificateData?: TlsServerCertificateDataResolvers.Resolvers; - ZeekEcsFields?: ZeekEcsFieldsResolvers.Resolvers; - ZeekConnectionData?: ZeekConnectionDataResolvers.Resolvers; - ZeekNoticeData?: ZeekNoticeDataResolvers.Resolvers; - ZeekDnsData?: ZeekDnsDataResolvers.Resolvers; - ZeekHttpData?: ZeekHttpDataResolvers.Resolvers; - ZeekFileData?: ZeekFileDataResolvers.Resolvers; - ZeekSslData?: ZeekSslDataResolvers.Resolvers; - HttpEcsFields?: HttpEcsFieldsResolvers.Resolvers; - HttpRequestData?: HttpRequestDataResolvers.Resolvers; - HttpBodyData?: HttpBodyDataResolvers.Resolvers; - HttpResponseData?: HttpResponseDataResolvers.Resolvers; - UrlEcsFields?: UrlEcsFieldsResolvers.Resolvers; - WinlogEcsFields?: WinlogEcsFieldsResolvers.Resolvers; - ProcessEcsFields?: ProcessEcsFieldsResolvers.Resolvers; - ProcessHashData?: ProcessHashDataResolvers.Resolvers; - Thread?: ThreadResolvers.Resolvers; - FileFields?: FileFieldsResolvers.Resolvers; - SystemEcsField?: SystemEcsFieldResolvers.Resolvers; - AuditEcsFields?: AuditEcsFieldsResolvers.Resolvers; - PackageEcsFields?: PackageEcsFieldsResolvers.Resolvers; - AuthEcsFields?: AuthEcsFieldsResolvers.Resolvers; - SshEcsFields?: SshEcsFieldsResolvers.Resolvers; - PageInfo?: PageInfoResolvers.Resolvers; - TimelineDetailsData?: TimelineDetailsDataResolvers.Resolvers; - DetailItem?: DetailItemResolvers.Resolvers; - LastEventTimeData?: LastEventTimeDataResolvers.Resolvers; HostsData?: HostsDataResolvers.Resolvers; HostsEdges?: HostsEdgesResolvers.Resolvers; HostItem?: HostItemResolvers.Resolvers; @@ -8427,36 +6043,12 @@ export type IResolvers = { CloudInstance?: CloudInstanceResolvers.Resolvers; CloudMachine?: CloudMachineResolvers.Resolvers; EndpointFields?: EndpointFieldsResolvers.Resolvers; + HostEcsFields?: HostEcsFieldsResolvers.Resolvers; + OsEcsFields?: OsEcsFieldsResolvers.Resolvers; + Inspect?: InspectResolvers.Resolvers; + CursorType?: CursorTypeResolvers.Resolvers; + PageInfoPaginated?: PageInfoPaginatedResolvers.Resolvers; FirstLastSeenHost?: FirstLastSeenHostResolvers.Resolvers; - KpiNetworkData?: KpiNetworkDataResolvers.Resolvers; - KpiNetworkHistogramData?: KpiNetworkHistogramDataResolvers.Resolvers; - KpiHostsData?: KpiHostsDataResolvers.Resolvers; - KpiHostHistogramData?: KpiHostHistogramDataResolvers.Resolvers; - KpiHostDetailsData?: KpiHostDetailsDataResolvers.Resolvers; - MatrixHistogramOverTimeData?: MatrixHistogramOverTimeDataResolvers.Resolvers; - MatrixOverTimeHistogramData?: MatrixOverTimeHistogramDataResolvers.Resolvers; - NetworkTopCountriesData?: NetworkTopCountriesDataResolvers.Resolvers; - NetworkTopCountriesEdges?: NetworkTopCountriesEdgesResolvers.Resolvers; - NetworkTopCountriesItem?: NetworkTopCountriesItemResolvers.Resolvers; - TopCountriesItemSource?: TopCountriesItemSourceResolvers.Resolvers; - GeoItem?: GeoItemResolvers.Resolvers; - TopCountriesItemDestination?: TopCountriesItemDestinationResolvers.Resolvers; - TopNetworkTablesEcsField?: TopNetworkTablesEcsFieldResolvers.Resolvers; - NetworkTopNFlowData?: NetworkTopNFlowDataResolvers.Resolvers; - NetworkTopNFlowEdges?: NetworkTopNFlowEdgesResolvers.Resolvers; - NetworkTopNFlowItem?: NetworkTopNFlowItemResolvers.Resolvers; - TopNFlowItemSource?: TopNFlowItemSourceResolvers.Resolvers; - AutonomousSystemItem?: AutonomousSystemItemResolvers.Resolvers; - TopNFlowItemDestination?: TopNFlowItemDestinationResolvers.Resolvers; - NetworkDnsData?: NetworkDnsDataResolvers.Resolvers; - NetworkDnsEdges?: NetworkDnsEdgesResolvers.Resolvers; - NetworkDnsItem?: NetworkDnsItemResolvers.Resolvers; - MatrixOverOrdinalHistogramData?: MatrixOverOrdinalHistogramDataResolvers.Resolvers; - NetworkDsOverTimeData?: NetworkDsOverTimeDataResolvers.Resolvers; - NetworkHttpData?: NetworkHttpDataResolvers.Resolvers; - NetworkHttpEdges?: NetworkHttpEdgesResolvers.Resolvers; - NetworkHttpItem?: NetworkHttpItemResolvers.Resolvers; - SayMyName?: SayMyNameResolvers.Resolvers; TimelineResult?: TimelineResultResolvers.Resolvers; ColumnHeaderResult?: ColumnHeaderResultResolvers.Resolvers; DataProviderResult?: DataProviderResultResolvers.Resolvers; @@ -8474,19 +6066,68 @@ export type IResolvers = { ResponseNote?: ResponseNoteResolvers.Resolvers; ResponseTimeline?: ResponseTimelineResolvers.Resolvers; ResponseFavoriteTimeline?: ResponseFavoriteTimelineResolvers.Resolvers; + EventEcsFields?: EventEcsFieldsResolvers.Resolvers; + Location?: LocationResolvers.Resolvers; + GeoEcsFields?: GeoEcsFieldsResolvers.Resolvers; + PrimarySecondary?: PrimarySecondaryResolvers.Resolvers; + Summary?: SummaryResolvers.Resolvers; + AgentEcsField?: AgentEcsFieldResolvers.Resolvers; + AuditdData?: AuditdDataResolvers.Resolvers; + AuditdEcsFields?: AuditdEcsFieldsResolvers.Resolvers; + Thread?: ThreadResolvers.Resolvers; + ProcessHashData?: ProcessHashDataResolvers.Resolvers; + ProcessEcsFields?: ProcessEcsFieldsResolvers.Resolvers; + SourceEcsFields?: SourceEcsFieldsResolvers.Resolvers; + DestinationEcsFields?: DestinationEcsFieldsResolvers.Resolvers; + DnsQuestionData?: DnsQuestionDataResolvers.Resolvers; + DnsEcsFields?: DnsEcsFieldsResolvers.Resolvers; + EndgameEcsFields?: EndgameEcsFieldsResolvers.Resolvers; + SuricataAlertData?: SuricataAlertDataResolvers.Resolvers; + SuricataEveData?: SuricataEveDataResolvers.Resolvers; + SuricataEcsFields?: SuricataEcsFieldsResolvers.Resolvers; + TlsJa3Data?: TlsJa3DataResolvers.Resolvers; + FingerprintData?: FingerprintDataResolvers.Resolvers; + TlsClientCertificateData?: TlsClientCertificateDataResolvers.Resolvers; + TlsServerCertificateData?: TlsServerCertificateDataResolvers.Resolvers; + TlsFingerprintsData?: TlsFingerprintsDataResolvers.Resolvers; + TlsEcsFields?: TlsEcsFieldsResolvers.Resolvers; + ZeekConnectionData?: ZeekConnectionDataResolvers.Resolvers; + ZeekNoticeData?: ZeekNoticeDataResolvers.Resolvers; + ZeekDnsData?: ZeekDnsDataResolvers.Resolvers; + FileFields?: FileFieldsResolvers.Resolvers; + ZeekHttpData?: ZeekHttpDataResolvers.Resolvers; + HttpBodyData?: HttpBodyDataResolvers.Resolvers; + HttpRequestData?: HttpRequestDataResolvers.Resolvers; + HttpResponseData?: HttpResponseDataResolvers.Resolvers; + HttpEcsFields?: HttpEcsFieldsResolvers.Resolvers; + UrlEcsFields?: UrlEcsFieldsResolvers.Resolvers; + ZeekFileData?: ZeekFileDataResolvers.Resolvers; + ZeekSslData?: ZeekSslDataResolvers.Resolvers; + ZeekEcsFields?: ZeekEcsFieldsResolvers.Resolvers; + UserEcsFields?: UserEcsFieldsResolvers.Resolvers; + WinlogEcsFields?: WinlogEcsFieldsResolvers.Resolvers; + NetworkEcsField?: NetworkEcsFieldResolvers.Resolvers; + PackageEcsFields?: PackageEcsFieldsResolvers.Resolvers; + AuditEcsFields?: AuditEcsFieldsResolvers.Resolvers; + SshEcsFields?: SshEcsFieldsResolvers.Resolvers; + AuthEcsFields?: AuthEcsFieldsResolvers.Resolvers; + SystemEcsField?: SystemEcsFieldResolvers.Resolvers; + RuleField?: RuleFieldResolvers.Resolvers; + SignalField?: SignalFieldResolvers.Resolvers; + RuleEcsField?: RuleEcsFieldResolvers.Resolvers; + Ecs?: EcsResolvers.Resolvers; EcsEdges?: EcsEdgesResolvers.Resolvers; - EventsTimelineData?: EventsTimelineDataResolvers.Resolvers; OsFields?: OsFieldsResolvers.Resolvers; HostFields?: HostFieldsResolvers.Resolvers; IndexField?: IndexFieldResolvers.Resolvers; + PageInfo?: PageInfoResolvers.Resolvers; ToStringArray?: GraphQLScalarType; Date?: GraphQLScalarType; - ToNumberArray?: GraphQLScalarType; - ToDateArray?: GraphQLScalarType; - ToBooleanArray?: GraphQLScalarType; ToAny?: GraphQLScalarType; - EsValue?: GraphQLScalarType; ToStringArrayNoNullable?: GraphQLScalarType; + ToDateArray?: GraphQLScalarType; + ToNumberArray?: GraphQLScalarType; + ToBooleanArray?: GraphQLScalarType; ToIFieldSubTypeNonNullable?: GraphQLScalarType; } & { [typeName: string]: never }; diff --git a/x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts b/x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts deleted file mode 100644 index 6ef7f1ae8a2eb..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/who_am_i/index.ts +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export { createWhoAmIResolvers } from './resolvers'; -export { whoAmISchema } from './schema.gql'; diff --git a/x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts b/x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts deleted file mode 100644 index 065edfb99ccea..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/who_am_i/resolvers.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { SourceResolvers } from '../../graphql/types'; -import { AppResolverOf, ChildResolverOf } from '../../lib/framework'; -import { QuerySourceResolver } from '../sources/resolvers'; - -export type QueryWhoAmIResolver = ChildResolverOf< - AppResolverOf, - QuerySourceResolver ->; - -export const createWhoAmIResolvers = (): { - Source: { - whoAmI: QueryWhoAmIResolver; - }; -} => ({ - Source: { - async whoAmI(root, args) { - return { - appName: 'SIEM', - }; - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts b/x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts deleted file mode 100644 index 0a264cd2988fe..0000000000000 --- a/x-pack/plugins/security_solution/server/graphql/who_am_i/schema.gql.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import gql from 'graphql-tag'; - -export const whoAmISchema = gql` - type SayMyName { - "The id of the source" - appName: String! - } - - extend type Source { - "Just a simple example to get the app name" - whoAmI: SayMyName - } -`; diff --git a/x-pack/plugins/security_solution/server/init_server.ts b/x-pack/plugins/security_solution/server/init_server.ts index 3d2833f1c6c60..997240a33ad22 100644 --- a/x-pack/plugins/security_solution/server/init_server.ts +++ b/x-pack/plugins/security_solution/server/init_server.ts @@ -6,13 +6,8 @@ import { IResolvers, makeExecutableSchema } from 'graphql-tools'; import { schemas } from './graphql'; -import { createAuthenticationsResolvers } from './graphql/authentications'; import { createScalarToStringArrayValueResolvers } from './graphql/ecs'; -import { createEsValueResolvers, createEventsResolvers } from './graphql/events'; import { createHostsResolvers } from './graphql/hosts'; -import { createKpiHostsResolvers } from './graphql/kpi_hosts'; -import { createKpiNetworkResolvers } from './graphql/kpi_network'; -import { createNetworkResolvers } from './graphql/network'; import { createNoteResolvers } from './graphql/note'; import { createPinnedEventResolvers } from './graphql/pinned_event'; import { createScalarDateResolvers } from './graphql/scalar_date'; @@ -23,24 +18,16 @@ import { createScalarToNumberArrayValueResolvers } from './graphql/scalar_to_num import { createSourceStatusResolvers } from './graphql/source_status'; import { createSourcesResolvers } from './graphql/sources'; import { createTimelineResolvers } from './graphql/timeline'; -import { createWhoAmIResolvers } from './graphql/who_am_i'; import { AppBackendLibs } from './lib/types'; -import { createMatrixHistogramResolvers } from './graphql/matrix_histogram'; export const initServer = (libs: AppBackendLibs) => { const schema = makeExecutableSchema({ resolvers: [ - createAuthenticationsResolvers(libs) as IResolvers, - createEsValueResolvers() as IResolvers, - createEventsResolvers(libs) as IResolvers, createHostsResolvers(libs) as IResolvers, - createKpiNetworkResolvers(libs) as IResolvers, - createMatrixHistogramResolvers(libs) as IResolvers, createNoteResolvers(libs) as IResolvers, createPinnedEventResolvers(libs) as IResolvers, createSourcesResolvers(libs) as IResolvers, createScalarToStringArrayValueResolvers() as IResolvers, - createNetworkResolvers(libs) as IResolvers, createScalarDateResolvers() as IResolvers, createScalarToDateArrayValueResolvers() as IResolvers, createScalarToAnyValueResolvers() as IResolvers, @@ -49,8 +36,6 @@ export const initServer = (libs: AppBackendLibs) => { createSourcesResolvers(libs) as IResolvers, createSourceStatusResolvers(libs) as IResolvers, createTimelineResolvers(libs) as IResolvers, - createWhoAmIResolvers() as IResolvers, - createKpiHostsResolvers(libs) as IResolvers, ], typeDefs: schemas, }); diff --git a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts deleted file mode 100644 index d037164a34efb..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { AuthenticationsEdges } from '../../graphql/types'; - -import { formatAuthenticationData } from './elasticsearch_adapter'; -import { auditdFieldsMap } from './query.dsl'; -import { AuthenticationHit } from './types'; - -describe('authentications elasticsearch_adapter', () => { - describe('#formatAuthenticationsData', () => { - const hit: AuthenticationHit = { - _index: 'index-123', - _type: 'type-123', - _id: 'id-123', - _score: 10, - _source: { - '@timestamp': 'time-1', - }, - cursor: 'cursor-1', - sort: [0], - user: 'Evan', - failures: 10, - successes: 20, - }; - - test('it formats a authentication with an empty set', () => { - const fields: readonly string[] = ['']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a source ip correctly', () => { - const fields: readonly string[] = ['lastSuccess.source.ip']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a host name only', () => { - const fields: readonly string[] = ['lastSuccess.host.name']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a host id only', () => { - const fields: readonly string[] = ['lastSuccess.host.id']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a authentications with a host name and id correctly', () => { - const fields: readonly string[] = ['lastSuccess.host.name', 'lastSuccess.host.id']; - const data = formatAuthenticationData(fields, hit, auditdFieldsMap); - const expected: AuthenticationsEdges = { - cursor: { - tiebreaker: null, - value: 'cursor-1', - }, - node: { - _id: 'id-123', - failures: 10, - successes: 20, - user: { - name: ['Evan'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts deleted file mode 100644 index 724297fac7b67..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/elasticsearch_adapter.ts +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { AuthenticationsData, AuthenticationsEdges } from '../../graphql/types'; -import { mergeFieldsWithHit, inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, RequestOptionsPaginated } from '../framework'; -import { TermAggregation } from '../types'; -import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; - -import { auditdFieldsMap, buildQuery } from './query.dsl'; -import { - AuthenticationBucket, - AuthenticationData, - AuthenticationHit, - AuthenticationsAdapter, -} from './types'; - -export class ElasticsearchAuthenticationAdapter implements AuthenticationsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getAuthentications( - request: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise { - const dsl = buildQuery(options); - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.user_count.value', response); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const hits: AuthenticationHit[] = getOr( - [], - 'aggregations.group_by_users.buckets', - response - ).map((bucket: AuthenticationBucket) => ({ - _id: getOr( - `${bucket.key}+${bucket.doc_count}`, - 'failures.lastFailure.hits.hits[0].id', - bucket - ), - _source: { - lastSuccess: getOr(null, 'successes.lastSuccess.hits.hits[0]._source', bucket), - lastFailure: getOr(null, 'failures.lastFailure.hits.hits[0]._source', bucket), - }, - user: bucket.key, - failures: bucket.failures.doc_count, - successes: bucket.successes.doc_count, - })); - const authenticationEdges: AuthenticationsEdges[] = hits.map((hit) => - formatAuthenticationData(options.fields, hit, auditdFieldsMap) - ); - - const edges = authenticationEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - inspect, - edges, - totalCount, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - }; - } -} - -export const formatAuthenticationData = ( - fields: readonly string[], - hit: AuthenticationHit, - fieldMap: Readonly> -): AuthenticationsEdges => - fields.reduce( - (flattenedFields, fieldName) => { - if (hit.cursor) { - flattenedFields.cursor.value = hit.cursor; - } - flattenedFields.node = { - ...flattenedFields.node, - ...{ - _id: hit._id, - user: { name: [hit.user] }, - failures: hit.failures, - successes: hit.successes, - }, - }; - return mergeFieldsWithHit(fieldName, flattenedFields, fieldMap, hit); - }, - { - node: { - failures: 0, - successes: 0, - _id: '', - user: { - name: [''], - }, - }, - cursor: { - value: '', - tiebreaker: null, - }, - } - ); diff --git a/x-pack/plugins/security_solution/server/lib/authentications/index.ts b/x-pack/plugins/security_solution/server/lib/authentications/index.ts deleted file mode 100644 index c1b93818943db..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/index.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { AuthenticationsData } from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; - -import { AuthenticationsAdapter } from './types'; - -export class Authentications { - constructor(private readonly adapter: AuthenticationsAdapter) {} - - public async getAuthentications( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise { - return this.adapter.getAuthentications(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts b/x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts deleted file mode 100644 index b6b72cd37efaa..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/query.dsl.ts +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isEmpty } from 'lodash/fp'; - -import { createQueryFilterClauses } from '../../utils/build_query'; -import { reduceFields } from '../../utils/build_query/reduce_fields'; -import { hostFieldsMap, sourceFieldsMap } from '../ecs_fields'; -import { extendMap } from '../ecs_fields/extend_map'; -import { RequestOptionsPaginated } from '../framework'; - -export const auditdFieldsMap: Readonly> = { - latest: '@timestamp', - 'lastSuccess.timestamp': 'lastSuccess.@timestamp', - 'lastFailure.timestamp': 'lastFailure.@timestamp', - ...{ ...extendMap('lastSuccess', sourceFieldsMap) }, - ...{ ...extendMap('lastSuccess', hostFieldsMap) }, - ...{ ...extendMap('lastFailure', sourceFieldsMap) }, - ...{ ...extendMap('lastFailure', hostFieldsMap) }, -}; - -export const buildQuery = ({ - fields, - filterQuery, - timerange: { from, to }, - pagination: { querySize }, - defaultIndex, - docValueFields, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestOptionsPaginated) => { - const esFields = reduceFields(fields, { ...hostFieldsMap, ...sourceFieldsMap }); - - const filter = [ - ...createQueryFilterClauses(filterQuery), - { term: { 'event.category': 'authentication' } }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const agg = { - user_count: { - cardinality: { - field: 'user.name', - }, - }, - }; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - ...agg, - group_by_users: { - terms: { - size: querySize, - field: 'user.name', - order: [{ 'successes.doc_count': 'desc' }, { 'failures.doc_count': 'desc' }], - }, - aggs: { - failures: { - filter: { - term: { - 'event.outcome': 'failure', - }, - }, - aggs: { - lastFailure: { - top_hits: { - size: 1, - _source: esFields, - sort: [{ '@timestamp': { order: 'desc' } }], - }, - }, - }, - }, - successes: { - filter: { - term: { - 'event.outcome': 'success', - }, - }, - aggs: { - lastSuccess: { - top_hits: { - size: 1, - _source: esFields, - sort: [{ '@timestamp': { order: 'desc' } }], - }, - }, - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - }, - track_total_hits: false, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/authentications/types.ts b/x-pack/plugins/security_solution/server/lib/authentications/types.ts deleted file mode 100644 index 2d2c7ba547c09..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/authentications/types.ts +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { AuthenticationsData, LastSourceHost } from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; -import { Hit, SearchHit, TotalHit } from '../types'; - -export interface AuthenticationsAdapter { - getAuthentications( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise; -} - -type StringOrNumber = string | number; -export interface AuthenticationHit extends Hit { - _source: { - '@timestamp': string; - lastSuccess?: LastSourceHost; - lastFailure?: LastSourceHost; - }; - user: string; - failures: number; - successes: number; - cursor?: string; - sort: StringOrNumber[]; -} - -export interface AuthenticationBucket { - key: { - user_uid: string; - }; - doc_count: number; - failures: { - doc_count: number; - }; - successes: { - doc_count: number; - }; - authentication: { - hits: { - total: TotalHit; - hits: ArrayLike; - }; - }; -} - -export interface AuthenticationData extends SearchHit { - sort: string[]; - aggregations: { - process_count: { - value: number; - }; - group_by_process: { - after_key: string; - buckets: AuthenticationBucket[]; - }; - }; -} diff --git a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts index 6348ee930a109..433ee4a5f99fa 100644 --- a/x-pack/plugins/security_solution/server/lib/compose/kibana.ts +++ b/x-pack/plugins/security_solution/server/lib/compose/kibana.ts @@ -7,26 +7,17 @@ import { CoreSetup } from '../../../../../../src/core/server'; import { SetupPlugins } from '../../plugin'; -import { Authentications } from '../authentications'; -import { ElasticsearchAuthenticationAdapter } from '../authentications/elasticsearch_adapter'; -import { ElasticsearchEventsAdapter, Events } from '../events'; import { KibanaBackendFrameworkAdapter } from '../framework/kibana_framework_adapter'; import { ElasticsearchHostsAdapter, Hosts } from '../hosts'; -import { KpiHosts } from '../kpi_hosts'; -import { ElasticsearchKpiHostsAdapter } from '../kpi_hosts/elasticsearch_adapter'; import { ElasticsearchIndexFieldAdapter, IndexFields } from '../index_fields'; -import { KpiNetwork } from '../kpi_network'; -import { ElasticsearchKpiNetworkAdapter } from '../kpi_network/elasticsearch_adapter'; -import { ElasticsearchNetworkAdapter, Network } from '../network'; import { ElasticsearchSourceStatusAdapter, SourceStatus } from '../source_status'; import { ConfigurationSourcesAdapter, Sources } from '../sources'; import { AppBackendLibs, AppDomainLibs } from '../types'; import * as note from '../note/saved_object'; import * as pinnedEvent from '../pinned_event/saved_object'; import * as timeline from '../timeline/saved_object'; -import { ElasticsearchMatrixHistogramAdapter, MatrixHistogram } from '../matrix_histogram'; import { EndpointAppContext } from '../../endpoint/types'; export function compose( @@ -40,14 +31,8 @@ export function compose( const sourceStatus = new SourceStatus(new ElasticsearchSourceStatusAdapter(framework)); const domainLibs: AppDomainLibs = { - authentications: new Authentications(new ElasticsearchAuthenticationAdapter(framework)), - events: new Events(new ElasticsearchEventsAdapter(framework)), fields: new IndexFields(new ElasticsearchIndexFieldAdapter()), hosts: new Hosts(new ElasticsearchHostsAdapter(framework, endpointContext)), - kpiHosts: new KpiHosts(new ElasticsearchKpiHostsAdapter(framework)), - kpiNetwork: new KpiNetwork(new ElasticsearchKpiNetworkAdapter(framework)), - matrixHistogram: new MatrixHistogram(new ElasticsearchMatrixHistogramAdapter(framework)), - network: new Network(new ElasticsearchNetworkAdapter(framework)), }; const libs: AppBackendLibs = { diff --git a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts deleted file mode 100644 index 42dc13d84fd98..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,549 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { EcsEdges, TimelineDetailsData } from '../../graphql/types'; -import { eventFieldsMap } from '../ecs_fields'; -import { FrameworkAdapter, FrameworkRequest } from '../framework'; - -import { - ElasticsearchEventsAdapter, - formatEventsData, - formatTimelineData, - getFieldCategory, -} from './elasticsearch_adapter'; -import { - mockDetailsQueryDsl, - mockOptions, - mockQueryDsl, - mockRequest, - mockResponseMap, - mockResponseSearchTimelineDetails, - mockTimelineDetailsResult, -} from './mock'; -import { EventHit } from './types'; - -jest.mock('./query.dsl', () => { - return { - buildQuery: jest.fn(() => mockQueryDsl), - buildDetailsQuery: jest.fn(() => mockDetailsQueryDsl), - }; -}); - -describe('events elasticsearch_adapter', () => { - const hit: EventHit = { - _index: 'index-123', - _type: 'type-123', - _id: 'id-123', - _score: 10, - aggregations: {}, - _source: { - '@timestamp': ['time-1'], - host: { - name: ['hostname-1'], - ip: ['hostip-1'], - }, - suricata: { - eve: { - alert: { - category: 'suricata-category-1', - signature: ['suricata-signature-1'], - signature_id: [5000], - severity: 1, - }, - flow_id: [100], - proto: ['suricata-proto-1'], - }, - }, - source: { - ip: ['source-ip-1'], - port: [100], - }, - destination: { - ip: ['destination-ip-1'], - port: [200], - geo: { - region_name: ['geo-region-1'], - country_iso_code: ['geo-iso-code-1'], - }, - }, - event: { - action: ['event-action-1'], - module: ['event-module-1'], - type: ['event-type-1'], - category: ['event-category-1'], - severity: [1], - id: ['event-id-1'], - }, - }, - sort: ['123567890', '1234'], - }; - - describe('#formatEventsData', () => { - test('it formats an event with a source of hostname correctly', () => { - const fields: readonly string[] = ['host.name']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - host: { - name: ['hostname-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a source of host ip correctly', () => { - const fields: readonly string[] = ['host.ip']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - host: { - ip: ['hostip-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a event category correctly', () => { - const fields: readonly string[] = ['event.category']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - category: ['event-category-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a event id correctly', () => { - const fields: readonly string[] = ['event.id']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - id: ['event-id-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a event module correctly', () => { - const fields: readonly string[] = ['event.module']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - module: ['event-module-1'], - }, - }, - }; - expect(data).toEqual(expected); - }); - - test('it formats an event with a event action correctly', () => { - const fields: readonly string[] = ['event.action']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - action: ['event-action-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a event severity correctly', () => { - const fields: readonly string[] = ['event.severity']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - event: { - severity: [1], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve flow id correctly', () => { - const fields: readonly string[] = ['suricata.eve.flow_id']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - flow_id: [100], - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve proto correctly', () => { - const fields: readonly string[] = ['suricata.eve.proto']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - proto: ['suricata-proto-1'], - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve alert signature correctly', () => { - const fields: readonly string[] = ['suricata.eve.alert.signature']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - alert: { - signature: ['suricata-signature-1'], - }, - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a suricata eve alert signature id correctly', () => { - const fields: readonly string[] = ['suricata.eve.alert.signature_id']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - suricata: { - eve: { - alert: { - signature_id: [5000], - }, - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a source ip correctly', () => { - const fields: readonly string[] = ['source.ip']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - source: { - ip: ['source-ip-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a source port correctly', () => { - const fields: readonly string[] = ['source.port']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - source: { - port: [100], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a destination ip correctly', () => { - const fields: readonly string[] = ['destination.ip']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - destination: { - ip: ['destination-ip-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a destination port correctly', () => { - const fields: readonly string[] = ['destination.port']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - destination: { - port: [200], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a geo region name correctly', () => { - const fields: readonly string[] = ['geo.region_name']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - geo: { - region_name: ['geo-region-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a geo country iso code correctly', () => { - const fields: readonly string[] = ['geo.country_iso_code']; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - geo: { - country_iso_code: ['geo-iso-code-1'], - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats an event with a lot of fields correctly', () => { - const fields: readonly string[] = [ - 'host.name', - 'host.ip', - 'suricata.eve.proto', - 'suricata.eve.alert.signature_id', - 'geo.region_name', - ]; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { - cursor: { - tiebreaker: '1234', - value: '123567890', - }, - node: { - _id: 'id-123', - _index: 'index-123', - host: { - name: ['hostname-1'], - ip: ['hostip-1'], - }, - geo: { - region_name: ['geo-region-1'], - }, - suricata: { - eve: { - proto: ['suricata-proto-1'], - alert: { - signature_id: [5000], - }, - }, - }, - }, - }; - - expect(data).toEqual(expected); - }); - - test('it formats a event data if fields are empty', () => { - const fields: readonly string[] = []; - const data = formatEventsData(fields, hit, eventFieldsMap); - const expected: EcsEdges = { cursor: { tiebreaker: null, value: '' }, node: { _id: '' } }; - - expect(data).toEqual(expected); - }); - }); - - describe('#formatTimelineData', () => { - test('it formats TimelineEdges from hit as expected ', () => { - const datafields: readonly string[] = [ - '@timestamp', - 'host.name', - 'suricata.eve.alert.signature_id', - ]; - const ecsfields: readonly string[] = ['host.name', 'suricata.eve.alert.signature_id']; - const data = formatTimelineData(datafields, ecsfields, hit, eventFieldsMap); - // TODO: Re-add TimelineEdges back once we settle on if data can contain numbers or not. - // otherwise delete this test. - const expected = { - cursor: { tiebreaker: '1234', value: '123567890' }, - node: { - _id: 'id-123', - _index: 'index-123', - data: [ - { field: 'host.name', value: ['hostname-1'] }, - { field: 'suricata.eve.alert.signature_id', value: [5000] }, - { field: '@timestamp', value: ['time-1'] }, - ], - ecs: { - _id: 'id-123', - _index: 'index-123', - host: { name: ['hostname-1'] }, - suricata: { eve: { alert: { signature_id: [5000] } } }, - }, - }, - }; - expect(data).toEqual(expected); - }); - }); - - describe('Timeline Details', () => { - test('Happy Path ', async () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockImplementation((req: FrameworkRequest, method: string) => { - if (method === 'search') { - return mockResponseSearchTimelineDetails; - } - return mockResponseMap; - }); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - const EsNetworkTimelineDetail = new ElasticsearchEventsAdapter(mockFramework); - const data: TimelineDetailsData = await EsNetworkTimelineDetail.getTimelineDetails( - mockRequest as FrameworkRequest, - mockOptions - ); - - expect(data).toEqual(mockTimelineDetailsResult); - }); - describe('getFieldCategory', () => { - test('should return field category when passed field', () => { - const data = getFieldCategory('agent.id'); - expect(data).toEqual('agent'); - }); - test('should return "base" when passed a category of type "baseCategoryField"', () => { - const data = getFieldCategory('@timestamp'); - expect(data).toEqual('base'); - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts deleted file mode 100644 index 8b656272ecc99..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/elasticsearch_adapter.ts +++ /dev/null @@ -1,264 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - cloneDeep, - get, - getOr, - has, - isEmpty, - isNumber, - isObject, - isString, - last, - merge, - uniq, -} from 'lodash/fp'; - -import { - DetailItem, - EcsEdges, - LastEventTimeData, - TimelineData, - TimelineDetailsData, - TimelineEdges, -} from '../../graphql/types'; -import { reduceFields } from '../../utils/build_query/reduce_fields'; -import { mergeFieldsWithHit, inspectStringifyObject } from '../../utils/build_query'; -import { eventFieldsMap } from '../ecs_fields'; -import { FrameworkAdapter, FrameworkRequest } from '../framework'; -import { TermAggregation } from '../types'; - -import { buildDetailsQuery, buildTimelineQuery } from './query.dsl'; -import { buildLastEventTimeQuery } from './query.last_event_time.dsl'; -import { - EventHit, - EventsAdapter, - LastEventTimeHit, - LastEventTimeRequestOptions, - RequestDetailsOptions, - TimelineRequestOptions, -} from './types'; - -const baseCategoryFields = ['@timestamp', 'labels', 'message', 'tags']; - -export class ElasticsearchEventsAdapter implements EventsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getTimelineData( - request: FrameworkRequest, - options: TimelineRequestOptions - ): Promise { - const { fieldRequested, ...queryOptions } = cloneDeep(options); - queryOptions.fields = uniq([ - ...fieldRequested, - ...reduceFields(queryOptions.fields, eventFieldsMap), - ]); - const dsl = buildTimelineQuery(queryOptions); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { limit } = options.pagination; - const totalCount = getOr(0, 'hits.total.value', response); - const hits = response.hits.hits; - const timelineEdges: TimelineEdges[] = hits.map((hit) => - formatTimelineData(options.fieldRequested, options.fields, hit, eventFieldsMap) - ); - const hasNextPage = timelineEdges.length === limit + 1; - const edges = hasNextPage ? timelineEdges.splice(0, limit) : timelineEdges; - const lastCursor = get('cursor', last(edges)); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - - return { edges, inspect, pageInfo: { hasNextPage, endCursor: lastCursor }, totalCount }; - } - - public async getTimelineDetails( - request: FrameworkRequest, - options: RequestDetailsOptions - ): Promise { - const dsl = buildDetailsQuery(options.indexName, options.eventId, options.docValueFields ?? []); - const searchResponse = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - - const sourceData = getOr({}, 'hits.hits.0._source', searchResponse); - const hitsData = getOr({}, 'hits.hits.0', searchResponse); - delete hitsData._source; - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(searchResponse)], - }; - const data = getDataFromHits(merge(sourceData, hitsData)); - - return { - data, - inspect, - }; - } - - public async getLastEventTimeData( - request: FrameworkRequest, - options: LastEventTimeRequestOptions - ): Promise { - const dsl = buildLastEventTimeQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - return { - inspect, - lastSeen: getOr(null, 'aggregations.last_seen_event.value_as_string', response), - }; - } -} - -export const formatEventsData = ( - fields: readonly string[], - hit: EventHit, - fieldMap: Readonly> -) => - fields.reduce( - (flattenedFields, fieldName) => { - flattenedFields.node._id = hit._id; - flattenedFields.node._index = hit._index; - if (hit.sort && hit.sort.length > 1) { - flattenedFields.cursor.value = hit.sort[0]; - flattenedFields.cursor.tiebreaker = hit.sort[1]; - } - return mergeFieldsWithHit(fieldName, flattenedFields, fieldMap, hit); - }, - { - node: { _id: '' }, - cursor: { - value: '', - tiebreaker: null, - }, - } - ); - -export const formatTimelineData = ( - dataFields: readonly string[], - ecsFields: readonly string[], - hit: EventHit, - fieldMap: Readonly> -) => - uniq([...ecsFields, ...dataFields]).reduce( - (flattenedFields, fieldName) => { - flattenedFields.node._id = hit._id; - flattenedFields.node._index = hit._index; - flattenedFields.node.ecs._id = hit._id; - flattenedFields.node.ecs._index = hit._index; - if (hit.sort && hit.sort.length > 1) { - flattenedFields.cursor.value = hit.sort[0]; - flattenedFields.cursor.tiebreaker = hit.sort[1]; - } - return mergeTimelineFieldsWithHit( - fieldName, - flattenedFields, - fieldMap, - hit, - dataFields, - ecsFields - ); - }, - { - node: { ecs: { _id: '' }, data: [], _id: '', _index: '' }, - cursor: { - value: '', - tiebreaker: null, - }, - } - ); - -const specialFields = ['_id', '_index', '_type', '_score']; - -const mergeTimelineFieldsWithHit = ( - fieldName: string, - flattenedFields: T, - fieldMap: Readonly>, - hit: { _source: {} }, - dataFields: readonly string[], - ecsFields: readonly string[] -) => { - if (fieldMap[fieldName] != null || dataFields.includes(fieldName)) { - const esField = dataFields.includes(fieldName) ? fieldName : fieldMap[fieldName]; - if (has(esField, hit._source) || specialFields.includes(esField)) { - const objectWithProperty = { - node: { - ...get('node', flattenedFields), - data: dataFields.includes(fieldName) - ? [ - ...get('node.data', flattenedFields), - { - field: fieldName, - value: specialFields.includes(esField) - ? get(esField, hit) - : get(esField, hit._source), - }, - ] - : get('node.data', flattenedFields), - ecs: ecsFields.includes(fieldName) - ? { - ...get('node.ecs', flattenedFields), - ...fieldName - .split('.') - .reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)), - } - : get('node.ecs', flattenedFields), - }, - }; - return merge(flattenedFields, objectWithProperty); - } else { - return flattenedFields; - } - } else { - return flattenedFields; - } -}; - -export const getFieldCategory = (field: string): string => { - const fieldCategory = field.split('.')[0]; - if (!isEmpty(fieldCategory) && baseCategoryFields.includes(fieldCategory)) { - return 'base'; - } - return fieldCategory; -}; - -const getDataFromHits = (sources: EventSource, category?: string, path?: string): DetailItem[] => - Object.keys(sources).reduce((accumulator, source) => { - const item: EventSource = get(source, sources); - if (Array.isArray(item) || isString(item) || isNumber(item)) { - const field = path ? `${path}.${source}` : source; - const fieldCategory = getFieldCategory(field); - return [ - ...accumulator, - { - category: fieldCategory, - field, - values: item, - originalValue: item, - } as DetailItem, - ]; - } else if (isObject(item)) { - return [ - ...accumulator, - ...getDataFromHits(item, category || source, path ? `${path}.${source}` : source), - ]; - } - return accumulator; - }, []); diff --git a/x-pack/plugins/security_solution/server/lib/events/index.ts b/x-pack/plugins/security_solution/server/lib/events/index.ts deleted file mode 100644 index 9c1f87aa3d8bf..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/index.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { LastEventTimeData, TimelineData, TimelineDetailsData } from '../../graphql/types'; -import { FrameworkRequest } from '../framework'; -export * from './elasticsearch_adapter'; -import { - EventsAdapter, - TimelineRequestOptions, - LastEventTimeRequestOptions, - RequestDetailsOptions, -} from './types'; - -export class Events { - constructor(private readonly adapter: EventsAdapter) {} - - public async getTimelineData( - req: FrameworkRequest, - options: TimelineRequestOptions - ): Promise { - return this.adapter.getTimelineData(req, options); - } - - public async getTimelineDetails( - req: FrameworkRequest, - options: RequestDetailsOptions - ): Promise { - return this.adapter.getTimelineDetails(req, options); - } - - public async getLastEventTimeData( - req: FrameworkRequest, - options: LastEventTimeRequestOptions - ): Promise { - return this.adapter.getLastEventTimeData(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/events/mock.ts b/x-pack/plugins/security_solution/server/lib/events/mock.ts deleted file mode 100644 index a3350a08c7d34..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/mock.ts +++ /dev/null @@ -1,3412 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { cloneDeep } from 'lodash/fp'; -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { RequestDetailsOptions } from './types'; - -export const mockResponseSearchTimelineDetails = { - took: 5, - timed_out: false, - _shards: { - total: 1, - successful: 1, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 1, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'auditbeat-8.0.0-2019.03.29-000003', - _type: '_doc', - _id: 'TUfUymkBCQofM5eXGBYL', - _score: 1, - _source: { - '@timestamp': '2019-03-29T19:01:23.420Z', - service: { - type: 'auditd', - }, - user: { - audit: { - id: 'unset', - }, - group: { - id: '0', - name: 'root', - }, - effective: { - group: { - id: '0', - name: 'root', - }, - id: '0', - name: 'root', - }, - filesystem: { - group: { - name: 'root', - id: '0', - }, - name: 'root', - id: '0', - }, - saved: { - group: { - id: '0', - name: 'root', - }, - id: '0', - name: 'root', - }, - id: '0', - name: 'root', - }, - process: { - executable: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - working_directory: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat', - pid: 15990, - ppid: 1, - title: - '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat -e -c /root/go/src/github.com/elastic/beats/x-pack/auditbeat/au', - name: 'auditbeat', - }, - host: { - architecture: 'x86_64', - os: { - name: 'Ubuntu', - kernel: '4.15.0-45-generic', - codename: 'bionic', - platform: 'ubuntu', - version: '18.04.2 LTS (Bionic Beaver)', - family: 'debian', - }, - id: '7c21f5ed03b04d0299569d221fe18bbc', - containerized: false, - name: 'zeek-london', - ip: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - mac: ['42:66:42:19:b3:b9'], - hostname: 'zeek-london', - }, - cloud: { - provider: 'digitalocean', - instance: { - id: '136398786', - }, - region: 'lon1', - }, - file: { - device: '00:00', - inode: '3926', - mode: '0644', - uid: '0', - gid: '0', - owner: 'root', - group: 'root', - path: '/etc/passwd', - }, - auditd: { - session: 'unset', - data: { - tty: '(none)', - a3: '0', - a2: '80000', - syscall: 'openat', - a1: '7fe0f63df220', - a0: 'ffffff9c', - arch: 'x86_64', - exit: '12', - }, - summary: { - actor: { - primary: 'unset', - secondary: 'root', - }, - object: { - primary: '/etc/passwd', - type: 'file', - }, - how: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - }, - paths: [ - { - rdev: '00:00', - cap_fe: '0', - nametype: 'NORMAL', - ogid: '0', - ouid: '0', - inode: '3926', - item: '0', - mode: '0100644', - name: '/etc/passwd', - cap_fi: '0000000000000000', - cap_fp: '0000000000000000', - cap_fver: '0', - dev: 'fc:01', - }, - ], - message_type: 'syscall', - sequence: 8817905, - result: 'success', - }, - event: { - category: 'audit-rule', - action: 'opened-file', - original: [ - 'type=SYSCALL msg=audit(1553886083.420:8817905): arch=c000003e syscall=257 success=yes exit=12 a0=ffffff9c a1=7fe0f63df220 a2=80000 a3=0 items=1 ppid=1 pid=15990 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditbeat" exe="/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat" key=(null)', - 'type=CWD msg=audit(1553886083.420:8817905): cwd="/root/go/src/github.com/elastic/beats/x-pack/auditbeat"', - 'type=PATH msg=audit(1553886083.420:8817905): item=0 name="/etc/passwd" inode=3926 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0', - 'type=PROCTITLE msg=audit(1553886083.420:8817905): proctitle=2F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F617564697462656174002D65002D63002F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F6175', - ], - module: 'auditd', - }, - ecs: { - version: '1.0.0', - }, - agent: { - ephemeral_id: '6d541d59-52d0-4e70-b4d2-2660c0a99ff7', - hostname: 'zeek-london', - id: 'cc1f4183-36c6-45c4-b21b-7ce70c3572db', - version: '8.0.0', - type: 'auditbeat', - }, - }, - }, - ], - }, -}; -export const mockOptions: RequestDetailsOptions = { - indexName: 'auditbeat-8.0.0-2019.03.29-000003', - eventId: 'TUfUymkBCQofM5eXGBYL', - defaultIndex: DEFAULT_INDEX_PATTERN, -}; - -export const mockRequest = { - body: { - operationName: 'GetNetworkTopNFlowQuery', - variables: { - indexName: 'auditbeat-8.0.0-2019.03.29-000003', - eventId: 'TUfUymkBCQofM5eXGBYL', - }, - query: `query GetTimelineDetailsQuery($eventId: String!, $indexName: String!) { - source(id: "default") { - TimelineDetails(eventId: $eventId, indexName: $indexName) { - data { - category - description - example - field - type - values - originalValue - } - } - } - }`, - }, -}; - -export const mockResponseMap = { - 'auditbeat-8.0.0-2019.03.29-000003': { - mappings: { - _meta: { - beat: 'auditbeat', - version: '8.0.0', - }, - dynamic_templates: [ - { - 'container.labels': { - path_match: 'container.labels.*', - match_mapping_type: 'string', - mapping: { - type: 'keyword', - }, - }, - }, - { - fields: { - path_match: 'fields.*', - match_mapping_type: 'string', - mapping: { - type: 'keyword', - }, - }, - }, - { - 'docker.container.labels': { - path_match: 'docker.container.labels.*', - match_mapping_type: 'string', - mapping: { - type: 'keyword', - }, - }, - }, - { - strings_as_keyword: { - match_mapping_type: 'string', - mapping: { - ignore_above: 1024, - type: 'keyword', - }, - }, - }, - ], - date_detection: false, - properties: { - '@timestamp': { - type: 'date', - }, - agent: { - properties: { - ephemeral_id: { - type: 'keyword', - ignore_above: 1024, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - auditd: { - properties: { - data: { - properties: { - a0: { - type: 'keyword', - ignore_above: 1024, - }, - a1: { - type: 'keyword', - ignore_above: 1024, - }, - a2: { - type: 'keyword', - ignore_above: 1024, - }, - a3: { - type: 'keyword', - ignore_above: 1024, - }, - 'a[0-3]': { - type: 'keyword', - ignore_above: 1024, - }, - acct: { - type: 'keyword', - ignore_above: 1024, - }, - acl: { - type: 'keyword', - ignore_above: 1024, - }, - action: { - type: 'keyword', - ignore_above: 1024, - }, - added: { - type: 'keyword', - ignore_above: 1024, - }, - addr: { - type: 'keyword', - ignore_above: 1024, - }, - apparmor: { - type: 'keyword', - ignore_above: 1024, - }, - arch: { - type: 'keyword', - ignore_above: 1024, - }, - argc: { - type: 'keyword', - ignore_above: 1024, - }, - audit_backlog_limit: { - type: 'keyword', - ignore_above: 1024, - }, - audit_backlog_wait_time: { - type: 'keyword', - ignore_above: 1024, - }, - audit_enabled: { - type: 'keyword', - ignore_above: 1024, - }, - audit_failure: { - type: 'keyword', - ignore_above: 1024, - }, - banners: { - type: 'keyword', - ignore_above: 1024, - }, - bool: { - type: 'keyword', - ignore_above: 1024, - }, - bus: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fe: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fi: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fp: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fver: { - type: 'keyword', - ignore_above: 1024, - }, - cap_pe: { - type: 'keyword', - ignore_above: 1024, - }, - cap_pi: { - type: 'keyword', - ignore_above: 1024, - }, - cap_pp: { - type: 'keyword', - ignore_above: 1024, - }, - capability: { - type: 'keyword', - ignore_above: 1024, - }, - cgroup: { - type: 'keyword', - ignore_above: 1024, - }, - changed: { - type: 'keyword', - ignore_above: 1024, - }, - cipher: { - type: 'keyword', - ignore_above: 1024, - }, - class: { - type: 'keyword', - ignore_above: 1024, - }, - cmd: { - type: 'keyword', - ignore_above: 1024, - }, - code: { - type: 'keyword', - ignore_above: 1024, - }, - compat: { - type: 'keyword', - ignore_above: 1024, - }, - daddr: { - type: 'keyword', - ignore_above: 1024, - }, - data: { - type: 'keyword', - ignore_above: 1024, - }, - 'default-context': { - type: 'keyword', - ignore_above: 1024, - }, - dev: { - type: 'keyword', - ignore_above: 1024, - }, - device: { - type: 'keyword', - ignore_above: 1024, - }, - dir: { - type: 'keyword', - ignore_above: 1024, - }, - direction: { - type: 'keyword', - ignore_above: 1024, - }, - dmac: { - type: 'keyword', - ignore_above: 1024, - }, - dport: { - type: 'keyword', - ignore_above: 1024, - }, - enforcing: { - type: 'keyword', - ignore_above: 1024, - }, - entries: { - type: 'keyword', - ignore_above: 1024, - }, - exit: { - type: 'keyword', - ignore_above: 1024, - }, - fam: { - type: 'keyword', - ignore_above: 1024, - }, - family: { - type: 'keyword', - ignore_above: 1024, - }, - fd: { - type: 'keyword', - ignore_above: 1024, - }, - fe: { - type: 'keyword', - ignore_above: 1024, - }, - feature: { - type: 'keyword', - ignore_above: 1024, - }, - fi: { - type: 'keyword', - ignore_above: 1024, - }, - file: { - type: 'keyword', - ignore_above: 1024, - }, - flags: { - type: 'keyword', - ignore_above: 1024, - }, - format: { - type: 'keyword', - ignore_above: 1024, - }, - fp: { - type: 'keyword', - ignore_above: 1024, - }, - fver: { - type: 'keyword', - ignore_above: 1024, - }, - grantors: { - type: 'keyword', - ignore_above: 1024, - }, - grp: { - type: 'keyword', - ignore_above: 1024, - }, - hook: { - type: 'keyword', - ignore_above: 1024, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - icmp_type: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - igid: { - type: 'keyword', - ignore_above: 1024, - }, - 'img-ctx': { - type: 'keyword', - ignore_above: 1024, - }, - inif: { - type: 'keyword', - ignore_above: 1024, - }, - ino: { - type: 'keyword', - ignore_above: 1024, - }, - inode: { - type: 'keyword', - ignore_above: 1024, - }, - inode_gid: { - type: 'keyword', - ignore_above: 1024, - }, - inode_uid: { - type: 'keyword', - ignore_above: 1024, - }, - invalid_context: { - type: 'keyword', - ignore_above: 1024, - }, - ioctlcmd: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'keyword', - ignore_above: 1024, - }, - ipid: { - type: 'keyword', - ignore_above: 1024, - }, - 'ipx-net': { - type: 'keyword', - ignore_above: 1024, - }, - item: { - type: 'keyword', - ignore_above: 1024, - }, - items: { - type: 'keyword', - ignore_above: 1024, - }, - iuid: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - kind: { - type: 'keyword', - ignore_above: 1024, - }, - ksize: { - type: 'keyword', - ignore_above: 1024, - }, - laddr: { - type: 'keyword', - ignore_above: 1024, - }, - len: { - type: 'keyword', - ignore_above: 1024, - }, - list: { - type: 'keyword', - ignore_above: 1024, - }, - lport: { - type: 'keyword', - ignore_above: 1024, - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - macproto: { - type: 'keyword', - ignore_above: 1024, - }, - maj: { - type: 'keyword', - ignore_above: 1024, - }, - major: { - type: 'keyword', - ignore_above: 1024, - }, - minor: { - type: 'keyword', - ignore_above: 1024, - }, - mode: { - type: 'keyword', - ignore_above: 1024, - }, - model: { - type: 'keyword', - ignore_above: 1024, - }, - msg: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - nametype: { - type: 'keyword', - ignore_above: 1024, - }, - nargs: { - type: 'keyword', - ignore_above: 1024, - }, - net: { - type: 'keyword', - ignore_above: 1024, - }, - new: { - type: 'keyword', - ignore_above: 1024, - }, - 'new-chardev': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-disk': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-enabled': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-fs': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-level': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-log_passwd': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-mem': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-net': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-range': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-rng': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-role': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-seuser': { - type: 'keyword', - ignore_above: 1024, - }, - 'new-vcpu': { - type: 'keyword', - ignore_above: 1024, - }, - new_gid: { - type: 'keyword', - ignore_above: 1024, - }, - new_lock: { - type: 'keyword', - ignore_above: 1024, - }, - new_pe: { - type: 'keyword', - ignore_above: 1024, - }, - new_pi: { - type: 'keyword', - ignore_above: 1024, - }, - new_pp: { - type: 'keyword', - ignore_above: 1024, - }, - 'nlnk-fam': { - type: 'keyword', - ignore_above: 1024, - }, - 'nlnk-grp': { - type: 'keyword', - ignore_above: 1024, - }, - 'nlnk-pid': { - type: 'keyword', - ignore_above: 1024, - }, - oauid: { - type: 'keyword', - ignore_above: 1024, - }, - obj: { - type: 'keyword', - ignore_above: 1024, - }, - obj_gid: { - type: 'keyword', - ignore_above: 1024, - }, - obj_uid: { - type: 'keyword', - ignore_above: 1024, - }, - ocomm: { - type: 'keyword', - ignore_above: 1024, - }, - oflag: { - type: 'keyword', - ignore_above: 1024, - }, - old: { - type: 'keyword', - ignore_above: 1024, - }, - 'old-auid': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-chardev': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-disk': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-enabled': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-fs': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-level': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-log_passwd': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-mem': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-net': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-range': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-rng': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-role': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-ses': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-seuser': { - type: 'keyword', - ignore_above: 1024, - }, - 'old-vcpu': { - type: 'keyword', - ignore_above: 1024, - }, - old_enforcing: { - type: 'keyword', - ignore_above: 1024, - }, - old_lock: { - type: 'keyword', - ignore_above: 1024, - }, - old_pe: { - type: 'keyword', - ignore_above: 1024, - }, - old_pi: { - type: 'keyword', - ignore_above: 1024, - }, - old_pp: { - type: 'keyword', - ignore_above: 1024, - }, - old_prom: { - type: 'keyword', - ignore_above: 1024, - }, - old_val: { - type: 'keyword', - ignore_above: 1024, - }, - op: { - type: 'keyword', - ignore_above: 1024, - }, - opid: { - type: 'keyword', - ignore_above: 1024, - }, - oses: { - type: 'keyword', - ignore_above: 1024, - }, - outif: { - type: 'keyword', - ignore_above: 1024, - }, - parent: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - per: { - type: 'keyword', - ignore_above: 1024, - }, - perm: { - type: 'keyword', - ignore_above: 1024, - }, - perm_mask: { - type: 'keyword', - ignore_above: 1024, - }, - permissive: { - type: 'keyword', - ignore_above: 1024, - }, - pfs: { - type: 'keyword', - ignore_above: 1024, - }, - printer: { - type: 'keyword', - ignore_above: 1024, - }, - prom: { - type: 'keyword', - ignore_above: 1024, - }, - proto: { - type: 'keyword', - ignore_above: 1024, - }, - qbytes: { - type: 'keyword', - ignore_above: 1024, - }, - range: { - type: 'keyword', - ignore_above: 1024, - }, - rdev: { - type: 'keyword', - ignore_above: 1024, - }, - reason: { - type: 'keyword', - ignore_above: 1024, - }, - removed: { - type: 'keyword', - ignore_above: 1024, - }, - res: { - type: 'keyword', - ignore_above: 1024, - }, - resrc: { - type: 'keyword', - ignore_above: 1024, - }, - rport: { - type: 'keyword', - ignore_above: 1024, - }, - sauid: { - type: 'keyword', - ignore_above: 1024, - }, - scontext: { - type: 'keyword', - ignore_above: 1024, - }, - 'selected-context': { - type: 'keyword', - ignore_above: 1024, - }, - seperm: { - type: 'keyword', - ignore_above: 1024, - }, - seperms: { - type: 'keyword', - ignore_above: 1024, - }, - seqno: { - type: 'keyword', - ignore_above: 1024, - }, - seresult: { - type: 'keyword', - ignore_above: 1024, - }, - ses: { - type: 'keyword', - ignore_above: 1024, - }, - seuser: { - type: 'keyword', - ignore_above: 1024, - }, - sig: { - type: 'keyword', - ignore_above: 1024, - }, - sigev_signo: { - type: 'keyword', - ignore_above: 1024, - }, - smac: { - type: 'keyword', - ignore_above: 1024, - }, - socket: { - properties: { - addr: { - type: 'keyword', - ignore_above: 1024, - }, - family: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'keyword', - ignore_above: 1024, - }, - saddr: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - spid: { - type: 'keyword', - ignore_above: 1024, - }, - sport: { - type: 'keyword', - ignore_above: 1024, - }, - state: { - type: 'keyword', - ignore_above: 1024, - }, - subj: { - type: 'keyword', - ignore_above: 1024, - }, - success: { - type: 'keyword', - ignore_above: 1024, - }, - syscall: { - type: 'keyword', - ignore_above: 1024, - }, - table: { - type: 'keyword', - ignore_above: 1024, - }, - tclass: { - type: 'keyword', - ignore_above: 1024, - }, - tcontext: { - type: 'keyword', - ignore_above: 1024, - }, - terminal: { - type: 'keyword', - ignore_above: 1024, - }, - tty: { - type: 'keyword', - ignore_above: 1024, - }, - unit: { - type: 'keyword', - ignore_above: 1024, - }, - uri: { - type: 'keyword', - ignore_above: 1024, - }, - uuid: { - type: 'keyword', - ignore_above: 1024, - }, - val: { - type: 'keyword', - ignore_above: 1024, - }, - ver: { - type: 'keyword', - ignore_above: 1024, - }, - virt: { - type: 'keyword', - ignore_above: 1024, - }, - vm: { - type: 'keyword', - ignore_above: 1024, - }, - 'vm-ctx': { - type: 'keyword', - ignore_above: 1024, - }, - 'vm-pid': { - type: 'keyword', - ignore_above: 1024, - }, - watch: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - message_type: { - type: 'keyword', - ignore_above: 1024, - }, - paths: { - properties: { - cap_fe: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fi: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fp: { - type: 'keyword', - ignore_above: 1024, - }, - cap_fver: { - type: 'keyword', - ignore_above: 1024, - }, - dev: { - type: 'keyword', - ignore_above: 1024, - }, - inode: { - type: 'keyword', - ignore_above: 1024, - }, - item: { - type: 'keyword', - ignore_above: 1024, - }, - mode: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - nametype: { - type: 'keyword', - ignore_above: 1024, - }, - obj_domain: { - type: 'keyword', - ignore_above: 1024, - }, - obj_level: { - type: 'keyword', - ignore_above: 1024, - }, - obj_role: { - type: 'keyword', - ignore_above: 1024, - }, - obj_user: { - type: 'keyword', - ignore_above: 1024, - }, - objtype: { - type: 'keyword', - ignore_above: 1024, - }, - ogid: { - type: 'keyword', - ignore_above: 1024, - }, - ouid: { - type: 'keyword', - ignore_above: 1024, - }, - rdev: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - result: { - type: 'keyword', - ignore_above: 1024, - }, - sequence: { - type: 'long', - }, - session: { - type: 'keyword', - ignore_above: 1024, - }, - summary: { - properties: { - actor: { - properties: { - primary: { - type: 'keyword', - ignore_above: 1024, - }, - secondary: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - how: { - type: 'keyword', - ignore_above: 1024, - }, - object: { - properties: { - primary: { - type: 'keyword', - ignore_above: 1024, - }, - secondary: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - }, - }, - client: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - port: { - type: 'long', - }, - }, - }, - cloud: { - properties: { - account: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - availability_zone: { - type: 'keyword', - ignore_above: 1024, - }, - instance: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - machine: { - properties: { - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - project: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - provider: { - type: 'keyword', - ignore_above: 1024, - }, - region: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - container: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - image: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - tag: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - labels: { - type: 'object', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - runtime: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - destination: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'long', - }, - }, - }, - docker: { - properties: { - container: { - properties: { - labels: { - type: 'object', - }, - }, - }, - }, - }, - ecs: { - properties: { - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - error: { - properties: { - code: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - message: { - type: 'text', - norms: false, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - event: { - properties: { - action: { - type: 'keyword', - ignore_above: 1024, - }, - category: { - type: 'keyword', - ignore_above: 1024, - }, - created: { - type: 'date', - }, - dataset: { - type: 'keyword', - ignore_above: 1024, - }, - duration: { - type: 'long', - }, - end: { - type: 'date', - }, - hash: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - kind: { - type: 'keyword', - ignore_above: 1024, - }, - module: { - type: 'keyword', - ignore_above: 1024, - }, - origin: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - index: false, - doc_values: false, - ignore_above: 1024, - }, - outcome: { - type: 'keyword', - ignore_above: 1024, - }, - risk_score: { - type: 'float', - }, - risk_score_norm: { - type: 'float', - }, - severity: { - type: 'long', - }, - start: { - type: 'date', - }, - timezone: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - fields: { - type: 'object', - }, - file: { - properties: { - ctime: { - type: 'date', - }, - device: { - type: 'keyword', - ignore_above: 1024, - }, - extension: { - type: 'keyword', - ignore_above: 1024, - }, - gid: { - type: 'keyword', - ignore_above: 1024, - }, - group: { - type: 'keyword', - ignore_above: 1024, - }, - inode: { - type: 'keyword', - ignore_above: 1024, - }, - mode: { - type: 'keyword', - ignore_above: 1024, - }, - mtime: { - type: 'date', - }, - origin: { - type: 'keyword', - fields: { - raw: { - type: 'keyword', - ignore_above: 1024, - }, - }, - ignore_above: 1024, - }, - owner: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - selinux: { - properties: { - domain: { - type: 'keyword', - ignore_above: 1024, - }, - level: { - type: 'keyword', - ignore_above: 1024, - }, - role: { - type: 'keyword', - ignore_above: 1024, - }, - user: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - setgid: { - type: 'boolean', - }, - setuid: { - type: 'boolean', - }, - size: { - type: 'long', - }, - target_path: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - uid: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - geoip: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hash: { - properties: { - blake2b_256: { - type: 'keyword', - ignore_above: 1024, - }, - blake2b_384: { - type: 'keyword', - ignore_above: 1024, - }, - blake2b_512: { - type: 'keyword', - ignore_above: 1024, - }, - md5: { - type: 'keyword', - ignore_above: 1024, - }, - sha1: { - type: 'keyword', - ignore_above: 1024, - }, - sha224: { - type: 'keyword', - ignore_above: 1024, - }, - sha256: { - type: 'keyword', - ignore_above: 1024, - }, - sha384: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_224: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_256: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_384: { - type: 'keyword', - ignore_above: 1024, - }, - sha3_512: { - type: 'keyword', - ignore_above: 1024, - }, - sha512: { - type: 'keyword', - ignore_above: 1024, - }, - sha512_224: { - type: 'keyword', - ignore_above: 1024, - }, - sha512_256: { - type: 'keyword', - ignore_above: 1024, - }, - xxh64: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - host: { - properties: { - architecture: { - type: 'keyword', - ignore_above: 1024, - }, - containerized: { - type: 'boolean', - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - codename: { - type: 'keyword', - ignore_above: 1024, - }, - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - http: { - properties: { - request: { - properties: { - body: { - properties: { - bytes: { - type: 'long', - }, - content: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - bytes: { - type: 'long', - }, - method: { - type: 'keyword', - ignore_above: 1024, - }, - referrer: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - response: { - properties: { - body: { - properties: { - bytes: { - type: 'long', - }, - content: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - bytes: { - type: 'long', - }, - status_code: { - type: 'long', - }, - }, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - kubernetes: { - properties: { - annotations: { - type: 'object', - }, - container: { - properties: { - image: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - labels: { - type: 'object', - }, - namespace: { - type: 'keyword', - ignore_above: 1024, - }, - node: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - pod: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - uid: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - labels: { - type: 'object', - }, - log: { - properties: { - level: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - index: false, - doc_values: false, - ignore_above: 1024, - }, - }, - }, - message: { - type: 'text', - norms: false, - }, - network: { - properties: { - application: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - community_id: { - type: 'keyword', - ignore_above: 1024, - }, - direction: { - type: 'keyword', - ignore_above: 1024, - }, - forwarded_ip: { - type: 'ip', - }, - iana_number: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - protocol: { - type: 'keyword', - ignore_above: 1024, - }, - transport: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - observer: { - properties: { - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - serial_number: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - vendor: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - organization: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - process: { - properties: { - args: { - type: 'keyword', - ignore_above: 1024, - }, - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - executable: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - pid: { - type: 'long', - }, - ppid: { - type: 'long', - }, - start: { - type: 'date', - }, - thread: { - properties: { - id: { - type: 'long', - }, - }, - }, - title: { - type: 'keyword', - ignore_above: 1024, - }, - working_directory: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - related: { - properties: { - ip: { - type: 'ip', - }, - }, - }, - server: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - port: { - type: 'long', - }, - }, - }, - service: { - properties: { - ephemeral_id: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - state: { - type: 'keyword', - ignore_above: 1024, - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - socket: { - properties: { - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - source: { - properties: { - address: { - type: 'keyword', - ignore_above: 1024, - }, - bytes: { - type: 'long', - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - geo: { - properties: { - city_name: { - type: 'keyword', - ignore_above: 1024, - }, - continent_name: { - type: 'keyword', - ignore_above: 1024, - }, - country_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - country_name: { - type: 'keyword', - ignore_above: 1024, - }, - location: { - type: 'geo_point', - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - region_iso_code: { - type: 'keyword', - ignore_above: 1024, - }, - region_name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - packets: { - type: 'long', - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'long', - }, - }, - }, - system: { - properties: { - audit: { - properties: { - host: { - properties: { - architecture: { - type: 'keyword', - ignore_above: 1024, - }, - boottime: { - type: 'date', - }, - containerized: { - type: 'boolean', - }, - hostname: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - ip: { - type: 'ip', - }, - mac: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - timezone: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - offset: { - properties: { - sec: { - type: 'long', - }, - }, - }, - }, - }, - uptime: { - type: 'long', - }, - }, - }, - package: { - properties: { - arch: { - type: 'keyword', - ignore_above: 1024, - }, - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - installtime: { - type: 'date', - }, - license: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - release: { - type: 'keyword', - ignore_above: 1024, - }, - size: { - type: 'long', - }, - summary: { - type: 'keyword', - ignore_above: 1024, - }, - url: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - user: { - properties: { - dir: { - type: 'keyword', - ignore_above: 1024, - }, - gid: { - type: 'keyword', - ignore_above: 1024, - }, - group: { - properties: { - gid: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - password: { - properties: { - last_changed: { - type: 'date', - }, - type: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - shell: { - type: 'keyword', - ignore_above: 1024, - }, - uid: { - type: 'keyword', - ignore_above: 1024, - }, - user_information: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - }, - }, - tags: { - type: 'keyword', - ignore_above: 1024, - }, - url: { - properties: { - domain: { - type: 'keyword', - ignore_above: 1024, - }, - fragment: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - ignore_above: 1024, - }, - password: { - type: 'keyword', - ignore_above: 1024, - }, - path: { - type: 'keyword', - ignore_above: 1024, - }, - port: { - type: 'long', - }, - query: { - type: 'keyword', - ignore_above: 1024, - }, - scheme: { - type: 'keyword', - ignore_above: 1024, - }, - username: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - user: { - properties: { - audit: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - effective: { - properties: { - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - email: { - type: 'keyword', - ignore_above: 1024, - }, - entity_id: { - type: 'keyword', - ignore_above: 1024, - }, - filesystem: { - properties: { - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - full_name: { - type: 'keyword', - ignore_above: 1024, - }, - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - hash: { - type: 'keyword', - ignore_above: 1024, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - name_map: { - type: 'object', - }, - ogid: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - ouid: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - saved: { - properties: { - group: { - properties: { - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - id: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - selinux: { - properties: { - category: { - type: 'keyword', - ignore_above: 1024, - }, - domain: { - type: 'keyword', - ignore_above: 1024, - }, - level: { - type: 'keyword', - ignore_above: 1024, - }, - role: { - type: 'keyword', - ignore_above: 1024, - }, - user: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - terminal: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - user_agent: { - properties: { - device: { - properties: { - name: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - original: { - type: 'keyword', - ignore_above: 1024, - }, - os: { - properties: { - family: { - type: 'keyword', - ignore_above: 1024, - }, - full: { - type: 'keyword', - ignore_above: 1024, - }, - kernel: { - type: 'keyword', - ignore_above: 1024, - }, - name: { - type: 'keyword', - ignore_above: 1024, - }, - platform: { - type: 'keyword', - ignore_above: 1024, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - version: { - type: 'keyword', - ignore_above: 1024, - }, - }, - }, - }, - }, - }, -}; - -export const mockDetailsQueryDsl = { - mockDetailsQueryDsl: 'mockDetailsQueryDsl', -}; - -export const mockQueryDsl = { - mockQueryDsl: 'mockQueryDsl', -}; - -const mockTimelineDetailsInspectResponse = cloneDeep(mockResponseSearchTimelineDetails); -// @ts-expect-error -delete mockTimelineDetailsInspectResponse.hits.hits[0]._source; - -export const mockTimelineDetailsResult = { - inspect: { - dsl: [JSON.stringify(mockDetailsQueryDsl, null, 2)], - response: [JSON.stringify(mockTimelineDetailsInspectResponse, null, 2)], - }, - data: [ - { - category: 'base', - field: '@timestamp', - values: '2019-03-29T19:01:23.420Z', - originalValue: '2019-03-29T19:01:23.420Z', - }, - { - category: 'service', - field: 'service.type', - values: 'auditd', - originalValue: 'auditd', - }, - { - category: 'user', - field: 'user.audit.id', - values: 'unset', - originalValue: 'unset', - }, - { - category: 'user', - field: 'user.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.effective.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.effective.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.effective.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.effective.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.filesystem.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.filesystem.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.filesystem.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.filesystem.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.saved.group.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.saved.group.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.saved.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.saved.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'user', - field: 'user.id', - values: '0', - originalValue: '0', - }, - { - category: 'user', - field: 'user.name', - values: 'root', - originalValue: 'root', - }, - { - category: 'process', - field: 'process.executable', - values: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - originalValue: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - }, - { - category: 'process', - field: 'process.working_directory', - values: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat', - originalValue: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat', - }, - { - category: 'process', - field: 'process.pid', - values: 15990, - originalValue: 15990, - }, - { - category: 'process', - field: 'process.ppid', - values: 1, - originalValue: 1, - }, - { - category: 'process', - field: 'process.title', - values: - '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat -e -c /root/go/src/github.com/elastic/beats/x-pack/auditbeat/au', - originalValue: - '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat -e -c /root/go/src/github.com/elastic/beats/x-pack/auditbeat/au', - }, - { - category: 'process', - field: 'process.name', - values: 'auditbeat', - originalValue: 'auditbeat', - }, - { - category: 'host', - field: 'host.architecture', - values: 'x86_64', - originalValue: 'x86_64', - }, - { - category: 'host', - field: 'host.os.name', - values: 'Ubuntu', - originalValue: 'Ubuntu', - }, - { - category: 'host', - field: 'host.os.kernel', - values: '4.15.0-45-generic', - originalValue: '4.15.0-45-generic', - }, - { - category: 'host', - field: 'host.os.codename', - values: 'bionic', - originalValue: 'bionic', - }, - { - category: 'host', - field: 'host.os.platform', - values: 'ubuntu', - originalValue: 'ubuntu', - }, - { - category: 'host', - field: 'host.os.version', - values: '18.04.2 LTS (Bionic Beaver)', - originalValue: '18.04.2 LTS (Bionic Beaver)', - }, - { - category: 'host', - field: 'host.os.family', - values: 'debian', - originalValue: 'debian', - }, - { - category: 'host', - field: 'host.id', - values: '7c21f5ed03b04d0299569d221fe18bbc', - originalValue: '7c21f5ed03b04d0299569d221fe18bbc', - }, - { - category: 'host', - field: 'host.name', - values: 'zeek-london', - originalValue: 'zeek-london', - }, - { - category: 'host', - field: 'host.ip', - values: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - originalValue: ['46.101.3.136', '10.16.0.5', 'fe80::4066:42ff:fe19:b3b9'], - }, - { - category: 'host', - field: 'host.mac', - values: ['42:66:42:19:b3:b9'], - originalValue: ['42:66:42:19:b3:b9'], - }, - { - category: 'host', - field: 'host.hostname', - values: 'zeek-london', - originalValue: 'zeek-london', - }, - { - category: 'cloud', - field: 'cloud.provider', - values: 'digitalocean', - originalValue: 'digitalocean', - }, - { - category: 'cloud', - field: 'cloud.instance.id', - values: '136398786', - originalValue: '136398786', - }, - { - category: 'cloud', - field: 'cloud.region', - values: 'lon1', - originalValue: 'lon1', - }, - { - category: 'file', - field: 'file.device', - values: '00:00', - originalValue: '00:00', - }, - { - category: 'file', - field: 'file.inode', - values: '3926', - originalValue: '3926', - }, - { - category: 'file', - field: 'file.mode', - values: '0644', - originalValue: '0644', - }, - { - category: 'file', - field: 'file.uid', - values: '0', - originalValue: '0', - }, - { - category: 'file', - field: 'file.gid', - values: '0', - originalValue: '0', - }, - { - category: 'file', - field: 'file.owner', - values: 'root', - originalValue: 'root', - }, - { - category: 'file', - field: 'file.group', - values: 'root', - originalValue: 'root', - }, - { - category: 'file', - field: 'file.path', - values: '/etc/passwd', - originalValue: '/etc/passwd', - }, - { - category: 'auditd', - field: 'auditd.session', - values: 'unset', - originalValue: 'unset', - }, - { - category: 'auditd', - field: 'auditd.data.tty', - values: '(none)', - originalValue: '(none)', - }, - { - category: 'auditd', - field: 'auditd.data.a3', - values: '0', - originalValue: '0', - }, - { - category: 'auditd', - field: 'auditd.data.a2', - values: '80000', - originalValue: '80000', - }, - { - category: 'auditd', - field: 'auditd.data.syscall', - values: 'openat', - originalValue: 'openat', - }, - { - category: 'auditd', - field: 'auditd.data.a1', - values: '7fe0f63df220', - originalValue: '7fe0f63df220', - }, - { - category: 'auditd', - field: 'auditd.data.a0', - values: 'ffffff9c', - originalValue: 'ffffff9c', - }, - { - category: 'auditd', - field: 'auditd.data.arch', - values: 'x86_64', - originalValue: 'x86_64', - }, - { - category: 'auditd', - field: 'auditd.data.exit', - values: '12', - originalValue: '12', - }, - { - category: 'auditd', - field: 'auditd.summary.actor.primary', - values: 'unset', - originalValue: 'unset', - }, - { - category: 'auditd', - field: 'auditd.summary.actor.secondary', - values: 'root', - originalValue: 'root', - }, - { - category: 'auditd', - field: 'auditd.summary.object.primary', - values: '/etc/passwd', - originalValue: '/etc/passwd', - }, - { - category: 'auditd', - field: 'auditd.summary.object.type', - values: 'file', - originalValue: 'file', - }, - { - category: 'auditd', - field: 'auditd.summary.how', - values: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - originalValue: '/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat', - }, - { - category: 'auditd', - field: 'auditd.paths', - values: [ - { - rdev: '00:00', - cap_fe: '0', - nametype: 'NORMAL', - ogid: '0', - ouid: '0', - inode: '3926', - item: '0', - mode: '0100644', - name: '/etc/passwd', - cap_fi: '0000000000000000', - cap_fp: '0000000000000000', - cap_fver: '0', - dev: 'fc:01', - }, - ], - originalValue: [ - { - rdev: '00:00', - cap_fe: '0', - nametype: 'NORMAL', - ogid: '0', - ouid: '0', - inode: '3926', - item: '0', - mode: '0100644', - name: '/etc/passwd', - cap_fi: '0000000000000000', - cap_fp: '0000000000000000', - cap_fver: '0', - dev: 'fc:01', - }, - ], - }, - { - category: 'auditd', - field: 'auditd.message_type', - values: 'syscall', - originalValue: 'syscall', - }, - { - category: 'auditd', - field: 'auditd.sequence', - values: 8817905, - originalValue: 8817905, - }, - { - category: 'auditd', - field: 'auditd.result', - values: 'success', - originalValue: 'success', - }, - { - category: 'event', - field: 'event.category', - values: 'audit-rule', - originalValue: 'audit-rule', - }, - { - category: 'event', - field: 'event.action', - values: 'opened-file', - originalValue: 'opened-file', - }, - { - category: 'event', - field: 'event.original', - values: [ - 'type=SYSCALL msg=audit(1553886083.420:8817905): arch=c000003e syscall=257 success=yes exit=12 a0=ffffff9c a1=7fe0f63df220 a2=80000 a3=0 items=1 ppid=1 pid=15990 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditbeat" exe="/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat" key=(null)', - 'type=CWD msg=audit(1553886083.420:8817905): cwd="/root/go/src/github.com/elastic/beats/x-pack/auditbeat"', - 'type=PATH msg=audit(1553886083.420:8817905): item=0 name="/etc/passwd" inode=3926 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0', - 'type=PROCTITLE msg=audit(1553886083.420:8817905): proctitle=2F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F617564697462656174002D65002D63002F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F6175', - ], - originalValue: [ - 'type=SYSCALL msg=audit(1553886083.420:8817905): arch=c000003e syscall=257 success=yes exit=12 a0=ffffff9c a1=7fe0f63df220 a2=80000 a3=0 items=1 ppid=1 pid=15990 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="auditbeat" exe="/root/go/src/github.com/elastic/beats/x-pack/auditbeat/auditbeat" key=(null)', - 'type=CWD msg=audit(1553886083.420:8817905): cwd="/root/go/src/github.com/elastic/beats/x-pack/auditbeat"', - 'type=PATH msg=audit(1553886083.420:8817905): item=0 name="/etc/passwd" inode=3926 dev=fc:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0', - 'type=PROCTITLE msg=audit(1553886083.420:8817905): proctitle=2F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F617564697462656174002D65002D63002F726F6F742F676F2F7372632F6769746875622E636F6D2F656C61737469632F62656174732F782D7061636B2F6175646974626561742F6175', - ], - }, - { - category: 'event', - field: 'event.module', - values: 'auditd', - originalValue: 'auditd', - }, - { - category: 'ecs', - field: 'ecs.version', - values: '1.0.0', - originalValue: '1.0.0', - }, - { - category: 'agent', - field: 'agent.ephemeral_id', - values: '6d541d59-52d0-4e70-b4d2-2660c0a99ff7', - originalValue: '6d541d59-52d0-4e70-b4d2-2660c0a99ff7', - }, - { - category: 'agent', - field: 'agent.hostname', - values: 'zeek-london', - originalValue: 'zeek-london', - }, - { - category: 'agent', - field: 'agent.id', - values: 'cc1f4183-36c6-45c4-b21b-7ce70c3572db', - originalValue: 'cc1f4183-36c6-45c4-b21b-7ce70c3572db', - }, - { - category: 'agent', - field: 'agent.version', - values: '8.0.0', - originalValue: '8.0.0', - }, - { - category: 'agent', - field: 'agent.type', - values: 'auditbeat', - originalValue: 'auditbeat', - }, - { - category: '_index', - field: '_index', - values: 'auditbeat-8.0.0-2019.03.29-000003', - originalValue: 'auditbeat-8.0.0-2019.03.29-000003', - }, - { - category: '_type', - field: '_type', - values: '_doc', - originalValue: '_doc', - }, - { - category: '_id', - field: '_id', - values: 'TUfUymkBCQofM5eXGBYL', - originalValue: 'TUfUymkBCQofM5eXGBYL', - }, - { - category: '_score', - field: '_score', - values: 1, - originalValue: 1, - }, - ], -}; diff --git a/x-pack/plugins/security_solution/server/lib/events/query.dsl.ts b/x-pack/plugins/security_solution/server/lib/events/query.dsl.ts deleted file mode 100644 index 143ef1e9d5bf0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/query.dsl.ts +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { isEmpty } from 'lodash/fp'; - -import { SortField, TimerangeInput, DocValueFieldsInput } from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestOptions } from '../framework'; -import { SortRequest } from '../types'; - -import { TimerangeFilter } from './types'; - -export const buildTimelineQuery = (options: RequestOptions) => { - const { limit, cursor, tiebreaker } = options.pagination; - const { fields, filterQuery } = options; - const filterClause = [...createQueryFilterClauses(filterQuery)]; - const defaultIndex = options.defaultIndex; - - const getTimerangeFilter = (timerange: TimerangeInput | undefined): TimerangeFilter[] => { - if (timerange) { - const { to, from } = timerange; - return [ - { - range: { - [options.sourceConfiguration.fields.timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - } - return []; - }; - - const filter = [...filterClause, ...getTimerangeFilter(options.timerange), { match_all: {} }]; - - const getSortField = (sortField: SortField) => { - if (sortField.sortFieldId) { - const field: string = - sortField.sortFieldId === 'timestamp' ? '@timestamp' : sortField.sortFieldId; - - return [ - { [field]: sortField.direction }, - { [options.sourceConfiguration.fields.tiebreaker]: sortField.direction }, - ]; - } - return []; - }; - - const sort: SortRequest = getSortField(options.sortField!); - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - ...(isEmpty(options.docValueFields) ? { docvalue_fields: options.docValueFields } : {}), - query: { - bool: { - filter, - }, - }, - size: limit + 1, - track_total_hits: true, - sort, - _source: fields, - }, - }; - - if (cursor && tiebreaker) { - return { - ...dslQuery, - body: { - ...dslQuery.body, - search_after: [cursor, tiebreaker], - }, - }; - } - - return dslQuery; -}; - -export const buildDetailsQuery = ( - indexName: string, - id: string, - docValueFields: DocValueFieldsInput[] -) => ({ - allowNoIndices: true, - index: indexName, - ignoreUnavailable: true, - body: { - docvalue_fields: docValueFields, - query: { - terms: { - _id: [id], - }, - }, - }, - size: 1, -}); diff --git a/x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts deleted file mode 100644 index 02badd3ccee8f..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/query.last_event_time.dsl.ts +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isEmpty } from 'lodash/fp'; - -import { assertUnreachable } from '../../../common/utility_types'; -import { LastEventTimeRequestOptions } from './types'; -import { LastEventIndexKey } from '../../graphql/types'; - -interface EventIndices { - [key: string]: string[]; -} - -export const buildLastEventTimeQuery = ({ - indexKey, - details, - defaultIndex, - docValueFields, -}: LastEventTimeRequestOptions) => { - const indicesToQuery: EventIndices = { - hosts: defaultIndex, - network: defaultIndex, - }; - const getHostDetailsFilter = (hostName: string) => [{ term: { 'host.name': hostName } }]; - const getIpDetailsFilter = (ip: string) => [ - { term: { 'source.ip': ip } }, - { term: { 'destination.ip': ip } }, - ]; - const getQuery = (eventIndexKey: LastEventIndexKey) => { - switch (eventIndexKey) { - case LastEventIndexKey.ipDetails: - if (details.ip) { - return { - allowNoIndices: true, - index: indicesToQuery.network, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - last_seen_event: { max: { field: '@timestamp' } }, - }, - query: { bool: { should: getIpDetailsFilter(details.ip) } }, - size: 0, - track_total_hits: false, - }, - }; - } - throw new Error('buildLastEventTimeQuery - no IP argument provided'); - case LastEventIndexKey.hostDetails: - if (details.hostName) { - return { - allowNoIndices: true, - index: indicesToQuery.hosts, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - last_seen_event: { max: { field: '@timestamp' } }, - }, - query: { bool: { filter: getHostDetailsFilter(details.hostName) } }, - size: 0, - track_total_hits: false, - }, - }; - } - throw new Error('buildLastEventTimeQuery - no hostName argument provided'); - case LastEventIndexKey.hosts: - case LastEventIndexKey.network: - return { - allowNoIndices: true, - index: indicesToQuery[indexKey], - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - last_seen_event: { max: { field: '@timestamp' } }, - }, - query: { match_all: {} }, - size: 0, - track_total_hits: false, - }, - }; - default: - return assertUnreachable(eventIndexKey); - } - }; - return getQuery(indexKey); -}; diff --git a/x-pack/plugins/security_solution/server/lib/events/types.ts b/x-pack/plugins/security_solution/server/lib/events/types.ts deleted file mode 100644 index aae2360e42e65..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/events/types.ts +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - LastEventIndexKey, - LastEventTimeData, - LastTimeDetails, - SourceConfiguration, - TimelineData, - TimelineDetailsData, - DocValueFieldsInput, -} from '../../graphql/types'; -import { FrameworkRequest, RequestOptions, RequestOptionsPaginated } from '../framework'; -import { SearchHit } from '../types'; - -export interface EventsAdapter { - getTimelineData(req: FrameworkRequest, options: TimelineRequestOptions): Promise; - getTimelineDetails( - req: FrameworkRequest, - options: RequestDetailsOptions - ): Promise; - getLastEventTimeData( - req: FrameworkRequest, - options: LastEventTimeRequestOptions - ): Promise; -} - -export interface TimelineRequestOptions extends RequestOptions { - fieldRequested: string[]; -} - -export interface EventsRequestOptions extends RequestOptionsPaginated { - fieldRequested: string[]; -} - -export interface EventSource { - // eslint-disable-next-line @typescript-eslint/no-explicit-any - [field: string]: any; -} - -export interface EventHit extends SearchHit { - sort: string[]; - _source: EventSource; - aggregations: { - // eslint-disable-next-line @typescript-eslint/no-explicit-any - [agg: string]: any; - }; -} - -export interface LastEventTimeHit extends SearchHit { - aggregations: { - last_seen_event: { - value_as_string: string; - }; - }; -} -export interface LastEventTimeRequestOptions { - indexKey: LastEventIndexKey; - details: LastTimeDetails; - sourceConfiguration: SourceConfiguration; - defaultIndex: string[]; - docValueFields: DocValueFieldsInput[]; -} - -export interface TimerangeFilter { - range: { - [timestamp: string]: { - gte: string; - lte: string; - format: string; - }; - }; -} - -export interface RequestDetailsOptions { - indexName: string; - eventId: string; - defaultIndex: string[]; - docValueFields?: DocValueFieldsInput[]; -} - -interface EventsOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface EventsActionGroupData { - key: number; - events: { - bucket: EventsOverTimeHistogramData[]; - }; - doc_count: number; -} diff --git a/x-pack/plugins/security_solution/server/lib/framework/types.ts b/x-pack/plugins/security_solution/server/lib/framework/types.ts index 68b40b72866b1..1f626d9fb2dc7 100644 --- a/x-pack/plugins/security_solution/server/lib/framework/types.ts +++ b/x-pack/plugins/security_solution/server/lib/framework/types.ts @@ -16,8 +16,6 @@ import { SortField, SourceConfiguration, TimerangeInput, - Maybe, - HistogramType, DocValueFieldsInput, } from '../../graphql/types'; @@ -119,11 +117,6 @@ export interface RequestBasicOptions { docValueFields?: DocValueFieldsInput[]; } -export interface MatrixHistogramRequestOptions extends RequestBasicOptions { - stackByField: Maybe; - histogramType: HistogramType; -} - export interface RequestOptions extends RequestBasicOptions { pagination: PaginationInput; fields: readonly string[]; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts deleted file mode 100644 index 059d15220b619..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.test.ts +++ /dev/null @@ -1,282 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkAdapter, FrameworkRequest } from '../framework'; - -import { ElasticsearchKpiHostsAdapter } from './elasticsearch_adapter'; -import { - mockKpiHostsAuthQuery, - mockKpiHostDetailsAuthQuery, - mockHostsQuery, - mockKpiHostsUniqueIpsQuery, - mockKpiHostDetailsUniqueIpsQuery, - mockKpiHostsMsearchOptions, - mockKpiHostsOptions, - mockKpiHostDetailsOptions, - mockKpiHostsRequest, - mockKpiHostDetailsRequest, - mockKpiHostsResponse, - mockKpiHostDetailsResponse, - mockKpiHostsResult, - mockKpiHostDetailsResult, - mockKpiHostDetailsDsl, - mockKpiHostsQueryDsl, - mockKpiHostDetailsMsearchOptions, - mockKpiHostsResponseNodata, - mockKpiHostDetailsResponseNoData, -} from './mock'; -import { buildAuthQuery } from './query_authentication.dsl'; -import { buildUniqueIpsQuery } from './query_unique_ips.dsl'; -import { buildHostsQuery } from './query_hosts.dsl'; -import { KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; - -jest.mock('./query_authentication.dsl', () => { - return { - buildAuthQuery: jest.fn(), - }; -}); -jest.mock('./query_unique_ips.dsl', () => { - return { - buildUniqueIpsQuery: jest.fn(), - }; -}); -jest.mock('./query_hosts.dsl', () => { - return { - buildHostsQuery: jest.fn(), - }; -}); - -describe('getKpiHosts', () => { - let data: KpiHostsData; - const mockCallWithRequest = jest.fn(); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - let EsKpiHosts: ElasticsearchKpiHostsAdapter; - - describe('getKpiHosts - call stack', () => { - beforeAll(async () => { - (buildUniqueIpsQuery as jest.Mock).mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockReturnValue(mockKpiHostsUniqueIpsQuery); - (buildAuthQuery as jest.Mock).mockReset(); - (buildAuthQuery as jest.Mock).mockReturnValue(mockKpiHostsAuthQuery); - (buildHostsQuery as jest.Mock).mockReset(); - (buildHostsQuery as jest.Mock).mockReturnValue(mockHostsQuery); - mockCallWithRequest.mockResolvedValue(mockKpiHostsResponse); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHosts( - mockKpiHostsRequest as FrameworkRequest, - mockKpiHostsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockRestore(); - (buildUniqueIpsQuery as jest.Mock).mockClear(); - (buildAuthQuery as jest.Mock).mockClear(); - (buildHostsQuery as jest.Mock).mockClear(); - }); - - test('should build general query with correct option', () => { - expect(buildUniqueIpsQuery).toHaveBeenCalledWith(mockKpiHostsOptions); - }); - - test('should build auth query with correct option', () => { - expect(buildAuthQuery).toHaveBeenCalledWith(mockKpiHostsOptions); - }); - - test('should build hosts query with correct option', () => { - expect(buildHostsQuery).toHaveBeenCalledWith(mockKpiHostsOptions); - }); - - test('should send msearch request', () => { - expect(mockCallWithRequest).toHaveBeenCalledWith( - mockKpiHostsRequest, - 'msearch', - mockKpiHostsMsearchOptions - ); - }); - - test('Happy Path - get Data', () => { - expect(data).toEqual(mockKpiHostsResult); - }); - }); - - describe('Unhappy Path - No data', () => { - beforeAll(async () => { - (buildUniqueIpsQuery as jest.Mock).mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockReturnValue(mockKpiHostsUniqueIpsQuery); - (buildAuthQuery as jest.Mock).mockReset(); - (buildAuthQuery as jest.Mock).mockReturnValue(mockKpiHostsAuthQuery); - (buildHostsQuery as jest.Mock).mockReset(); - (buildHostsQuery as jest.Mock).mockReturnValue(mockHostsQuery); - mockCallWithRequest.mockResolvedValue(mockKpiHostsResponseNodata); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHosts( - mockKpiHostsRequest as FrameworkRequest, - mockKpiHostsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockClear(); - (buildAuthQuery as jest.Mock).mockClear(); - (buildHostsQuery as jest.Mock).mockClear(); - }); - - test('getKpiHosts - response without data', async () => { - expect(data).toEqual({ - inspect: { - dsl: mockKpiHostsQueryDsl, - response: [ - JSON.stringify(mockKpiHostsResponseNodata.responses[0], null, 2), - JSON.stringify(mockKpiHostsResponseNodata.responses[1], null, 2), - JSON.stringify(mockKpiHostsResponseNodata.responses[2], null, 2), - ], - }, - hosts: null, - hostsHistogram: null, - authSuccess: null, - authSuccessHistogram: null, - authFailure: null, - authFailureHistogram: null, - uniqueSourceIps: null, - uniqueSourceIpsHistogram: null, - uniqueDestinationIps: null, - uniqueDestinationIpsHistogram: null, - }); - }); - }); -}); - -describe('getKpiHostDetails', () => { - let data: KpiHostDetailsData; - const mockCallWithRequest = jest.fn(); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - let EsKpiHosts: ElasticsearchKpiHostsAdapter; - - describe('getKpiHostDetails - call stack', () => { - beforeAll(async () => { - (buildUniqueIpsQuery as jest.Mock).mockReset(); - (buildUniqueIpsQuery as jest.Mock).mockReturnValue(mockKpiHostDetailsUniqueIpsQuery); - (buildAuthQuery as jest.Mock).mockReset(); - (buildAuthQuery as jest.Mock).mockReturnValue(mockKpiHostDetailsAuthQuery); - (buildHostsQuery as jest.Mock).mockReset(); - mockCallWithRequest.mockReset(); - mockCallWithRequest.mockResolvedValue(mockKpiHostDetailsResponse); - - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHostDetails( - mockKpiHostDetailsRequest as FrameworkRequest, - mockKpiHostDetailsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockRestore(); - (buildUniqueIpsQuery as jest.Mock).mockClear(); - (buildAuthQuery as jest.Mock).mockClear(); - (buildHostsQuery as jest.Mock).mockClear(); - }); - - test('should build unique Ip query with correct option', () => { - expect(buildUniqueIpsQuery).toHaveBeenCalledWith(mockKpiHostDetailsOptions); - }); - - test('should build auth query with correct option', () => { - expect(buildAuthQuery).toHaveBeenCalledWith(mockKpiHostDetailsOptions); - }); - - test('should not build hosts query', () => { - expect(buildHostsQuery).not.toHaveBeenCalled(); - }); - - test('should send msearch request', () => { - expect(mockCallWithRequest).toHaveBeenCalledWith( - mockKpiHostDetailsRequest, - 'msearch', - mockKpiHostDetailsMsearchOptions - ); - }); - }); - - describe('Happy Path - get Data', () => { - beforeAll(async () => { - mockCallWithRequest.mockResolvedValue(mockKpiHostDetailsResponse); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHostDetails( - mockKpiHostDetailsRequest as FrameworkRequest, - mockKpiHostDetailsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - }); - - test('getKpiHostDetails - response with data', () => { - expect(data).toEqual(mockKpiHostDetailsResult); - }); - }); - - describe('Unhappy Path - no Data', () => { - beforeEach(async () => { - mockCallWithRequest.mockResolvedValue(mockKpiHostDetailsResponseNoData); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiHosts = new ElasticsearchKpiHostsAdapter(mockFramework); - data = await EsKpiHosts.getKpiHostDetails( - mockKpiHostDetailsRequest as FrameworkRequest, - mockKpiHostDetailsOptions - ); - }); - - afterAll(() => { - mockCallWithRequest.mockRestore(); - }); - - test('getKpiHostDetails - response without data', async () => { - expect(data).toEqual({ - inspect: { - dsl: mockKpiHostDetailsDsl, - response: [ - JSON.stringify(mockKpiHostDetailsResponseNoData.responses[0]), - JSON.stringify(mockKpiHostDetailsResponseNoData.responses[1]), - ], - }, - authSuccess: null, - authSuccessHistogram: null, - authFailure: null, - authFailureHistogram: null, - uniqueSourceIps: null, - uniqueSourceIpsHistogram: null, - uniqueDestinationIps: null, - uniqueDestinationIpsHistogram: null, - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts deleted file mode 100644 index 01d005be68010..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/elasticsearch_adapter.ts +++ /dev/null @@ -1,205 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { FrameworkAdapter, FrameworkRequest, RequestBasicOptions } from '../framework'; -import { TermAggregation } from '../types'; -import { buildHostsQuery } from './query_hosts.dsl'; -import { buildAuthQuery } from './query_authentication.dsl'; -import { buildUniqueIpsQuery } from './query_unique_ips.dsl'; -import { - KpiHostsAdapter, - KpiHostsESMSearchBody, - KpiHostsAuthHit, - KpiHostHistogram, - KpiHostGeneralHistogramCount, - KpiHostAuthHistogramCount, - KpiHostsUniqueIpsHit, - KpiHostsHostsHit, -} from './types'; -import { KpiHostHistogramData, KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; - -const formatGeneralHistogramData = ( - data: Array> -): KpiHostHistogramData[] | null => { - return data && data.length > 0 - ? data.map(({ key, count }) => ({ - x: key, - y: count.value, - })) - : null; -}; - -const formatAuthHistogramData = ( - data: Array> -): KpiHostHistogramData[] | null => { - return data && data.length > 0 - ? data.map(({ key, count }) => ({ - x: key, - y: count.doc_count, - })) - : null; -}; - -export class ElasticsearchKpiHostsAdapter implements KpiHostsAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getKpiHosts( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - const hostsQuery: KpiHostsESMSearchBody[] = buildHostsQuery(options); - const uniqueIpsQuery: KpiHostsESMSearchBody[] = buildUniqueIpsQuery(options); - const authQuery: KpiHostsESMSearchBody[] = buildAuthQuery(options); - const response = await this.framework.callWithRequest< - KpiHostsHostsHit | KpiHostsUniqueIpsHit | KpiHostsAuthHit, - TermAggregation - >(request, 'msearch', { - body: [...hostsQuery, ...authQuery, ...uniqueIpsQuery], - }); - - const hostsHistogram = getOr( - null, - 'responses.0.aggregations.hosts_histogram.buckets', - response - ); - const authSuccessHistogram = getOr( - null, - 'responses.1.aggregations.authentication_success_histogram.buckets', - response - ); - const authFailureHistogram = getOr( - null, - 'responses.1.aggregations.authentication_failure_histogram.buckets', - response - ); - const uniqueSourceIpsHistogram = getOr( - null, - 'responses.2.aggregations.unique_source_ips_histogram.buckets', - response - ); - const uniqueDestinationIpsHistogram = getOr( - null, - 'responses.2.aggregations.unique_destination_ips_histogram.buckets', - response - ); - - const inspect = { - dsl: [ - inspectStringifyObject({ ...hostsQuery[0], body: hostsQuery[1] }), - inspectStringifyObject({ - ...authQuery[0], - body: authQuery[1], - }), - inspectStringifyObject({ - ...uniqueIpsQuery[0], - body: uniqueIpsQuery[1], - }), - ], - response: [ - inspectStringifyObject(response.responses[0]), - inspectStringifyObject(response.responses[1]), - inspectStringifyObject(response.responses[2]), - ], - }; - return { - inspect, - hosts: getOr(null, 'responses.0.aggregations.hosts.value', response), - hostsHistogram: formatGeneralHistogramData(hostsHistogram), - authSuccess: getOr( - null, - 'responses.1.aggregations.authentication_success.doc_count', - response - ), - authSuccessHistogram: formatAuthHistogramData(authSuccessHistogram), - authFailure: getOr( - null, - 'responses.1.aggregations.authentication_failure.doc_count', - response - ), - authFailureHistogram: formatAuthHistogramData(authFailureHistogram), - uniqueSourceIps: getOr(null, 'responses.2.aggregations.unique_source_ips.value', response), - uniqueSourceIpsHistogram: formatGeneralHistogramData(uniqueSourceIpsHistogram), - uniqueDestinationIps: getOr( - null, - 'responses.2.aggregations.unique_destination_ips.value', - response - ), - uniqueDestinationIpsHistogram: formatGeneralHistogramData(uniqueDestinationIpsHistogram), - }; - } - - public async getKpiHostDetails( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - const uniqueIpsQuery: KpiHostsESMSearchBody[] = buildUniqueIpsQuery(options); - const authQuery: KpiHostsESMSearchBody[] = buildAuthQuery(options); - const response = await this.framework.callWithRequest< - KpiHostsUniqueIpsHit | KpiHostsAuthHit, - TermAggregation - >(request, 'msearch', { - body: [...authQuery, ...uniqueIpsQuery], - }); - - const authSuccessHistogram = getOr( - null, - 'responses.0.aggregations.authentication_success_histogram.buckets', - response - ); - const authFailureHistogram = getOr( - null, - 'responses.0.aggregations.authentication_failure_histogram.buckets', - response - ); - const uniqueSourceIpsHistogram = getOr( - null, - 'responses.1.aggregations.unique_source_ips_histogram.buckets', - response - ); - const uniqueDestinationIpsHistogram = getOr( - null, - 'responses.1.aggregations.unique_destination_ips_histogram.buckets', - response - ); - const inspect = { - dsl: [ - inspectStringifyObject({ ...authQuery[0], body: authQuery[1] }), - inspectStringifyObject({ ...uniqueIpsQuery[0], body: uniqueIpsQuery[1] }), - ], - response: [ - inspectStringifyObject(response.responses[0]), - inspectStringifyObject(response.responses[1]), - ], - }; - - return { - inspect, - authSuccess: getOr( - null, - 'responses.0.aggregations.authentication_success.doc_count', - response - ), - authSuccessHistogram: formatAuthHistogramData(authSuccessHistogram), - authFailure: getOr( - null, - 'responses.0.aggregations.authentication_failure.doc_count', - response - ), - authFailureHistogram: formatAuthHistogramData(authFailureHistogram), - uniqueSourceIps: getOr(null, 'responses.1.aggregations.unique_source_ips.value', response), - uniqueSourceIpsHistogram: formatGeneralHistogramData(uniqueSourceIpsHistogram), - uniqueDestinationIps: getOr( - null, - 'responses.1.aggregations.unique_destination_ips.value', - response - ), - uniqueDestinationIpsHistogram: formatGeneralHistogramData(uniqueDestinationIpsHistogram), - }; - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts deleted file mode 100644 index 838eb5d9bcef9..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.test.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isKpiHostDetailsQuery } from './helpers'; -import { mockKpiHostsOptions, mockKpiHostDetailsOptions } from './mock'; - -describe('helpers', () => { - const table: Array<[typeof mockKpiHostDetailsOptions, boolean]> = [ - [mockKpiHostsOptions, false], - [mockKpiHostDetailsOptions, true], - ]; - - describe.each(table)('isHostDetails', (option, expected) => { - test(`it should tell if it is kpiHostDetails option`, () => { - expect(isKpiHostDetailsQuery(option)).toBe(expected); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts deleted file mode 100644 index 189921a18bc53..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/helpers.ts +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { RequestBasicOptions } from '../framework'; - -export const isKpiHostDetailsQuery = (options: RequestBasicOptions): boolean => { - return options.filterQuery !== undefined && Object.keys(options.filterQuery).length > 0; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts deleted file mode 100644 index 6d1e88d54171a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/index.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkRequest, RequestBasicOptions } from '../framework'; - -import { KpiHostsAdapter } from './types'; -import { KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; - -export class KpiHosts { - constructor(private readonly adapter: KpiHostsAdapter) {} - - public async getKpiHosts( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getKpiHosts(req, options); - } - - public async getKpiHostDetails( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getKpiHostDetails(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts deleted file mode 100644 index 876d2f9c16bed..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/mock.ts +++ /dev/null @@ -1,606 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { RequestBasicOptions } from '../framework/types'; - -const FROM = '2019-05-03T13:24:00.660Z'; -const TO = '2019-05-04T13:24:00.660Z'; - -export const mockKpiHostsOptions: RequestBasicOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: TO, from: FROM }, - filterQuery: undefined, -}; - -export const mockKpiHostDetailsOptions: RequestBasicOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: TO, from: FROM }, - filterQuery: { term: { 'host.name': 'beats-ci-immutable-ubuntu-1604-1560970771368235343' } }, -}; - -export const mockKpiHostsRequest = { - body: { - operationName: 'GetKpiHostsQuery', - variables: { - sourceId: 'default', - timerange: { interval: '12h', from: FROM, to: TO }, - filterQuery: '', - }, - query: - 'fragment KpiHostChartFields on KpiHostHistogramData {\n x\n y\n __typename\n}\n\nquery GetKpiHostsQuery($sourceId: ID!, $timerange: TimerangeInput!, $filterQuery: String, $defaultIndex: [String!]!) {\n source(id: $sourceId) {\n id\n KpiHosts(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) {\n hosts\n hostsHistogram {\n ...KpiHostChartFields\n __typename\n }\n authSuccess\n authSuccessHistogram {\n ...KpiHostChartFields\n __typename\n }\n authFailure\n authFailureHistogram {\n ...KpiHostChartFields\n __typename\n }\n uniqueSourceIps\n uniqueSourceIpsHistogram {\n ...KpiHostChartFields\n __typename\n }\n uniqueDestinationIps\n uniqueDestinationIpsHistogram {\n ...KpiHostChartFields\n __typename\n }\n __typename\n }\n __typename\n }\n}\n', - }, -}; - -export const mockKpiHostDetailsRequest = { - body: { - operationName: 'GetKpiHostDetailsQuery', - variables: { - sourceId: 'default', - timerange: { interval: '12h', from: FROM, to: TO }, - filterQuery: { term: { 'host.name': 'beats-ci-immutable-ubuntu-1604-1560970771368235343' } }, - }, - query: - 'fragment KpiHostDetailsChartFields on KpiHostHistogramData {\n x\n y\n __typename\n}\n\nquery GetKpiHostDetailsQuery($sourceId: ID!, $timerange: TimerangeInput!, $filterQuery: String, $defaultIndex: [String!]!, $hostName: String!) {\n source(id: $sourceId) {\n id\n KpiHostDetails(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex, hostName: $hostName) {\n authSuccess\n authSuccessHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n authFailure\n authFailureHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n uniqueSourceIps\n uniqueSourceIpsHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n uniqueDestinationIps\n uniqueDestinationIpsHistogram {\n ...KpiHostDetailsChartFields\n __typename\n }\n __typename\n }\n __typename\n }\n}\n', - }, -}; - -const mockUniqueIpsResponse = { - took: 1234, - timed_out: false, - _shards: { - total: 71, - successful: 71, - skipped: 65, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - unique_destination_ips: { - value: 1954, - }, - unique_destination_ips_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 3158515, - count: { - value: 1809, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 703032, - count: { - value: 407, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 1780, - count: { - value: 64, - }, - }, - ], - interval: '12h', - }, - unique_source_ips: { - value: 1407, - }, - unique_source_ips_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 3158515, - count: { - value: 1182, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 703032, - count: { - value: 364, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 1780, - count: { - value: 63, - }, - }, - ], - interval: '12h', - }, - }, - status: 200, -}; - -const mockAuthResponse = { - took: 320, - timed_out: false, - _shards: { - total: 71, - successful: 71, - skipped: 65, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - authentication_success: { - doc_count: 61, - }, - authentication_failure: { - doc_count: 15722, - }, - authentication_failure_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 11739, - count: { - doc_count: 11731, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 4031, - count: { - doc_count: 3979, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 13, - count: { - doc_count: 12, - }, - }, - ], - interval: '12h', - }, - authentication_success_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 11739, - count: { - doc_count: 8, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 4031, - count: { - doc_count: 52, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 13, - count: { - doc_count: 1, - }, - }, - ], - interval: '12h', - }, - }, - status: 200, -}; - -const mockHostsReponse = { - took: 1234, - timed_out: false, - _shards: { - total: 71, - successful: 71, - skipped: 65, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - hosts: { - value: 986, - }, - hosts_histogram: { - buckets: [ - { - key_as_string: '2019-05-03T13:00:00.000Z', - key: 1556888400000, - doc_count: 3158515, - count: { - value: 919, - }, - }, - { - key_as_string: '2019-05-04T01:00:00.000Z', - key: 1556931600000, - doc_count: 703032, - count: { - value: 82, - }, - }, - { - key_as_string: '2019-05-04T13:00:00.000Z', - key: 1556974800000, - doc_count: 1780, - count: { - value: 4, - }, - }, - ], - interval: '12h', - }, - }, - status: 200, -}; - -export const mockKpiHostsResponse = { - took: 4405, - responses: [mockHostsReponse, mockAuthResponse, mockUniqueIpsResponse], -}; - -export const mockKpiHostsResponseNodata = { responses: [null, null, null] }; - -const mockMsearchHeader = { - index: DEFAULT_INDEX_PATTERN, - allowNoIndices: true, - ignoreUnavailable: true, -}; - -const mockHostNameFilter = { - term: { 'host.name': 'beats-ci-immutable-ubuntu-1604-1560970771368235343' }, -}; -const mockTimerangeFilter = { range: { '@timestamp': { gte: FROM, lte: TO } } }; - -export const mockHostsQuery = [ - mockMsearchHeader, - { - aggregations: { - hosts: { cardinality: { field: 'host.name' } }, - hosts_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { cardinality: { field: 'host.name' } } }, - }, - }, - query: { - bool: { filter: [{ range: { '@timestamp': mockTimerangeFilter } }] }, - }, - size: 0, - track_total_hits: false, - }, -]; - -const mockUniqueIpsAggs = { - unique_source_ips: { cardinality: { field: 'source.ip' } }, - unique_source_ips_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { cardinality: { field: 'source.ip' } } }, - }, - unique_destination_ips: { cardinality: { field: 'destination.ip' } }, - unique_destination_ips_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { cardinality: { field: 'destination.ip' } } }, - }, -}; - -export const mockKpiHostsUniqueIpsQuery = [ - mockMsearchHeader, - { - aggregations: mockUniqueIpsAggs, - query: { - bool: { filter: [mockTimerangeFilter] }, - }, - size: 0, - track_total_hits: false, - }, -]; - -export const mockKpiHostDetailsUniqueIpsQuery = [ - mockMsearchHeader, - { - aggregations: mockUniqueIpsAggs, - query: { - bool: { filter: [mockHostNameFilter, mockTimerangeFilter] }, - }, - size: 0, - track_total_hits: false, - }, -]; - -const mockAuthAggs = { - authentication_success: { filter: { term: { 'event.outcome': 'success' } } }, - authentication_success_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { filter: { term: { 'event.outcome': 'success' } } } }, - }, - authentication_failure: { filter: { term: { 'event.outcome': 'failure' } } }, - authentication_failure_histogram: { - auto_date_histogram: { field: '@timestamp', buckets: '6' }, - aggs: { count: { filter: { term: { 'event.outcome': 'failure' } } } }, - }, -}; - -const mockAuthFilter = { - bool: { - filter: [ - { - term: { - 'event.category': 'authentication', - }, - }, - ], - }, -}; - -export const mockKpiHostsAuthQuery = [ - mockMsearchHeader, - { - aggs: mockAuthAggs, - query: { - bool: { - filter: [mockAuthFilter, mockTimerangeFilter], - }, - }, - size: 0, - track_total_hits: false, - }, -]; - -export const mockKpiHostDetailsAuthQuery = [ - mockMsearchHeader, - { - aggs: mockAuthAggs, - query: { - bool: { - filter: [mockHostNameFilter, mockAuthFilter, mockTimerangeFilter], - }, - }, - size: 0, - track_total_hits: false, - }, -]; - -export const mockKpiHostsMsearchOptions = { - body: [...mockHostsQuery, ...mockKpiHostsAuthQuery, ...mockKpiHostsUniqueIpsQuery], -}; - -export const mockKpiHostDetailsMsearchOptions = { - body: [...mockKpiHostDetailsAuthQuery, ...mockKpiHostDetailsUniqueIpsQuery], -}; - -export const mockKpiHostsQueryDsl = [ - JSON.stringify({ ...mockHostsQuery[0], body: mockHostsQuery[1] }, null, 2), - JSON.stringify({ ...mockKpiHostsAuthQuery[0], body: mockKpiHostsAuthQuery[1] }, null, 2), - JSON.stringify( - { ...mockKpiHostsUniqueIpsQuery[0], body: mockKpiHostsUniqueIpsQuery[1] }, - null, - 2 - ), -]; - -export const mockKpiHostsResult = { - inspect: { - dsl: mockKpiHostsQueryDsl, - response: [ - JSON.stringify(mockKpiHostsResponse.responses[0], null, 2), - JSON.stringify(mockKpiHostsResponse.responses[1], null, 2), - JSON.stringify(mockKpiHostsResponse.responses[2], null, 2), - ], - }, - hosts: 986, - hostsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 919, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 82, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 4, - }, - ], - authSuccess: 61, - authSuccessHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 8, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 52, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 1, - }, - ], - authFailure: 15722, - authFailureHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 11731, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 3979, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 12, - }, - ], - uniqueSourceIps: 1407, - uniqueSourceIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1182, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 364, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 63, - }, - ], - uniqueDestinationIps: 1954, - uniqueDestinationIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1809, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 407, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 64, - }, - ], -}; - -export const mockKpiHostDetailsResponse = { - took: 4405, - responses: [mockAuthResponse, mockUniqueIpsResponse], -}; - -export const mockKpiHostDetailsResponseNoData = { - took: 4405, - responses: [null, null], -}; - -export const mockKpiHostDetailsDsl = [ - JSON.stringify( - { ...mockKpiHostDetailsAuthQuery[0], body: mockKpiHostDetailsAuthQuery[1] }, - null, - 2 - ), - JSON.stringify( - { ...mockKpiHostDetailsUniqueIpsQuery[0], body: mockKpiHostDetailsUniqueIpsQuery[1] }, - null, - 2 - ), -]; - -export const mockKpiHostDetailsResult = { - inspect: { - dsl: mockKpiHostDetailsDsl, - response: [ - JSON.stringify(mockKpiHostDetailsResponse.responses[0], null, 2), - JSON.stringify(mockKpiHostDetailsResponse.responses[1], null, 2), - ], - }, - authSuccess: 61, - authSuccessHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 8, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 52, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 1, - }, - ], - authFailure: 15722, - authFailureHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 11731, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 3979, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 12, - }, - ], - uniqueSourceIps: 1407, - uniqueSourceIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1182, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 364, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 63, - }, - ], - uniqueDestinationIps: 1954, - uniqueDestinationIpsHistogram: [ - { - x: new Date('2019-05-03T13:00:00.000Z').valueOf(), - y: 1809, - }, - { - x: new Date('2019-05-04T01:00:00.000Z').valueOf(), - y: 407, - }, - { - x: new Date('2019-05-04T13:00:00.000Z').valueOf(), - y: 64, - }, - ], -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts deleted file mode 100644 index b6da35f75b16a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.test.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - mockKpiHostsOptions, - mockKpiHostsAuthQuery, - mockKpiHostDetailsOptions, - mockKpiHostDetailsAuthQuery, -} from './mock'; -import { buildAuthQuery } from './query_authentication.dsl'; - -const table = [ - [mockKpiHostsOptions, mockKpiHostsAuthQuery] as [ - typeof mockKpiHostsOptions, - typeof mockKpiHostsAuthQuery - ], - [mockKpiHostDetailsOptions, mockKpiHostDetailsAuthQuery] as [ - typeof mockKpiHostDetailsOptions, - typeof mockKpiHostDetailsAuthQuery - ], -]; - -describe.each(table)('buildAuthQuery', (option, expected) => { - test(`returns correct query by option type`, () => { - expect(buildAuthQuery(option)).toMatchObject(expected); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts deleted file mode 100644 index ee9e6cd5a66c5..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_authentication.dsl.ts +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { KpiHostsESMSearchBody } from './types'; -import { RequestBasicOptions } from '../framework'; - -export const buildAuthQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiHostsESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - bool: { - filter: [ - { - term: { - 'event.category': 'authentication', - }, - }, - ], - }, - }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggs: { - authentication_success: { - filter: { - term: { - 'event.outcome': 'success', - }, - }, - }, - authentication_success_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - filter: { - term: { - 'event.outcome': 'success', - }, - }, - }, - }, - }, - authentication_failure: { - filter: { - term: { - 'event.outcome': 'failure', - }, - }, - }, - authentication_failure_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - filter: { - term: { - 'event.outcome': 'failure', - }, - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts deleted file mode 100644 index 0c1d7d4ae9de7..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_hosts.dsl.ts +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { KpiHostsESMSearchBody } from './types'; -import { RequestBasicOptions } from '../framework'; - -export const buildHostsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiHostsESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggregations: { - hosts: { - cardinality: { - field: 'host.name', - }, - }, - hosts_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: 'host.name', - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts deleted file mode 100644 index 2309bc029d861..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.test.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - mockKpiHostsOptions, - mockKpiHostsUniqueIpsQuery, - mockKpiHostDetailsOptions, - mockKpiHostDetailsUniqueIpsQuery, -} from './mock'; -import { buildUniqueIpsQuery } from './query_unique_ips.dsl'; - -const table: Array<[typeof mockKpiHostDetailsOptions, typeof mockKpiHostDetailsUniqueIpsQuery]> = [ - [mockKpiHostsOptions, mockKpiHostsUniqueIpsQuery], - [mockKpiHostDetailsOptions, mockKpiHostDetailsUniqueIpsQuery], -]; - -describe.each(table)('buildUniqueIpsQuery', (option, expected) => { - test(`returns correct query by option type`, () => { - expect(buildUniqueIpsQuery(option)).toMatchObject(expected); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts deleted file mode 100644 index 9813f73101235..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/query_unique_ips.dsl.ts +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { KpiHostsESMSearchBody } from './types'; -import { RequestBasicOptions } from '../framework'; - -export const buildUniqueIpsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiHostsESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggregations: { - unique_source_ips: { - cardinality: { - field: 'source.ip', - }, - }, - unique_source_ips_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: 'source.ip', - }, - }, - }, - }, - unique_destination_ips: { - cardinality: { - field: 'destination.ip', - }, - }, - unique_destination_ips_histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: 'destination.ip', - }, - }, - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts b/x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts deleted file mode 100644 index acc6ae5a340fa..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_hosts/types.ts +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { FrameworkRequest, RequestBasicOptions } from '../framework'; -import { MSearchHeader, SearchHit } from '../types'; -import { KpiHostsData, KpiHostDetailsData } from '../../graphql/types'; - -export interface KpiHostsAdapter { - getKpiHosts(request: FrameworkRequest, options: RequestBasicOptions): Promise; - getKpiHostDetails( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise; -} - -export interface KpiHostHistogram { - key_as_string: string; - key: number; - doc_count: number; - count: T; -} - -export interface KpiHostGeneralHistogramCount { - value: number; -} - -export interface KpiHostAuthHistogramCount { - doc_count: number; -} - -export interface KpiHostsHostsHit extends SearchHit { - aggregations: { - hosts: { - value: number; - }; - hosts_histogram: { - buckets: Array>; - }; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} - -export interface KpiHostsUniqueIpsHit extends SearchHit { - aggregations: { - unique_source_ips: { - value: number; - }; - unique_source_ips_histogram: { - buckets: Array>; - }; - unique_destination_ips: { - value: number; - }; - unique_destination_ips_histogram: { - buckets: Array>; - }; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} - -export interface KpiHostsAuthHit extends SearchHit { - aggregations: { - authentication_success: { - doc_count: number; - }; - authentication_success_histogram: { - buckets: Array>; - }; - authentication_failure: { - doc_count: number; - }; - authentication_failure_histogram: { - buckets: Array>; - }; - }; - _shards: { - total: number; - successful: number; - skipped: number; - failed: number; - }; - hits: { - max_score: number | null; - hits: []; - }; - took: number; - timeout: number; -} - -export interface KpiHostsBody { - query?: object; - aggregations?: object; - size?: number; - track_total_hits?: boolean; -} - -export type KpiHostsESMSearchBody = KpiHostsBody | MSearchHeader; - -export interface EventModuleAttributeQuery { - agentType: 'auditbeat' | 'winlogbeat' | 'filebeat'; - eventModule?: 'file_integrity' | 'auditd'; -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts deleted file mode 100644 index 58ee7c9aa1cf8..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/elastic_adapter.test.ts +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - mockMsearchOptions, - mockOptions, - mockRequest, - mockResponse, - mockResult, - mockNetworkEventsQueryDsl, - mockUniqueFlowIdsQueryDsl, - mockUniquePrvateIpsQueryDsl, - mockDnsQueryDsl, - mockTlsHandshakesQueryDsl, - mockResultNoData, - mockResponseNoData, -} from './mock'; -import { buildNetworkEventsQuery } from './query_network_events'; -import { buildUniqueFlowIdsQuery } from './query_unique_flow'; -import { buildDnsQuery } from './query_dns.dsl'; -import { buildTlsHandshakeQuery } from './query_tls_handshakes.dsl'; -import { buildUniquePrvateIpQuery } from './query_unique_private_ips.dsl'; -import { KpiNetworkData } from '../../graphql/types'; -import { ElasticsearchKpiNetworkAdapter } from './elasticsearch_adapter'; -import { FrameworkRequest, FrameworkAdapter } from '../framework'; - -jest.mock('./query_network_events', () => { - return { buildNetworkEventsQuery: jest.fn() }; -}); -jest.mock('./query_unique_flow', () => { - return { buildUniqueFlowIdsQuery: jest.fn() }; -}); -jest.mock('./query_dns.dsl', () => { - return { buildDnsQuery: jest.fn() }; -}); -jest.mock('./query_tls_handshakes.dsl', () => { - return { buildTlsHandshakeQuery: jest.fn() }; -}); -jest.mock('./query_unique_private_ips.dsl', () => { - return { buildUniquePrvateIpQuery: jest.fn() }; -}); - -describe('Network Kpi elasticsearch_adapter', () => { - let data: KpiNetworkData; - - const mockCallWithRequest = jest.fn(); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - - let EsKpiNetwork: ElasticsearchKpiNetworkAdapter; - - describe('getKpiNetwork - call stack', () => { - beforeAll(async () => { - (buildNetworkEventsQuery as jest.Mock).mockReset(); - (buildNetworkEventsQuery as jest.Mock).mockReturnValue(mockNetworkEventsQueryDsl); - (buildUniqueFlowIdsQuery as jest.Mock).mockReset(); - (buildUniqueFlowIdsQuery as jest.Mock).mockReturnValue(mockUniqueFlowIdsQueryDsl); - (buildDnsQuery as jest.Mock).mockReset(); - (buildDnsQuery as jest.Mock).mockReturnValue(mockDnsQueryDsl); - (buildUniquePrvateIpQuery as jest.Mock).mockReset(); - (buildUniquePrvateIpQuery as jest.Mock).mockReturnValue(mockUniquePrvateIpsQueryDsl); - (buildTlsHandshakeQuery as jest.Mock).mockReset(); - (buildTlsHandshakeQuery as jest.Mock).mockReturnValue(mockTlsHandshakesQueryDsl); - - mockCallWithRequest.mockResolvedValue(mockResponse); - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - EsKpiNetwork = new ElasticsearchKpiNetworkAdapter(mockFramework); - data = await EsKpiNetwork.getKpiNetwork(mockRequest as FrameworkRequest, mockOptions); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - (buildNetworkEventsQuery as jest.Mock).mockClear(); - (buildUniqueFlowIdsQuery as jest.Mock).mockClear(); - (buildDnsQuery as jest.Mock).mockClear(); - (buildUniquePrvateIpQuery as jest.Mock).mockClear(); - (buildTlsHandshakeQuery as jest.Mock).mockClear(); - }); - - test('should build query for network events with correct option', () => { - expect(buildNetworkEventsQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for unique flow IDs with correct option', () => { - expect(buildUniqueFlowIdsQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for unique private ip with correct option', () => { - expect(buildUniquePrvateIpQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for dns with correct option', () => { - expect(buildDnsQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should build query for tls handshakes with correct option', () => { - expect(buildTlsHandshakeQuery).toHaveBeenCalledWith(mockOptions); - }); - - test('should send msearch request', () => { - expect(mockCallWithRequest).toHaveBeenCalledWith(mockRequest, 'msearch', mockMsearchOptions); - }); - - test('Happy Path - get Data', () => { - expect(data).toEqual(mockResult); - }); - }); - - describe('Unhappy Path - No data', () => { - beforeAll(async () => { - mockCallWithRequest.mockResolvedValue(mockResponseNoData); - (buildNetworkEventsQuery as jest.Mock).mockClear(); - (buildUniqueFlowIdsQuery as jest.Mock).mockClear(); - (buildDnsQuery as jest.Mock).mockClear(); - (buildUniquePrvateIpQuery as jest.Mock).mockClear(); - (buildTlsHandshakeQuery as jest.Mock).mockClear(); - - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - EsKpiNetwork = new ElasticsearchKpiNetworkAdapter(mockFramework); - data = await EsKpiNetwork.getKpiNetwork(mockRequest as FrameworkRequest, mockOptions); - }); - - afterAll(() => { - mockCallWithRequest.mockReset(); - (buildNetworkEventsQuery as jest.Mock).mockClear(); - (buildUniqueFlowIdsQuery as jest.Mock).mockClear(); - (buildDnsQuery as jest.Mock).mockClear(); - (buildUniquePrvateIpQuery as jest.Mock).mockClear(); - (buildTlsHandshakeQuery as jest.Mock).mockClear(); - }); - - test('getKpiNetwork - response without data', async () => { - expect(data).toEqual(mockResultNoData); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts deleted file mode 100644 index 11d8299725f2a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/elasticsearch_adapter.ts +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, RequestBasicOptions } from '../framework'; - -import { buildDnsQuery } from './query_dns.dsl'; -import { buildTlsHandshakeQuery } from './query_tls_handshakes.dsl'; -import { buildUniquePrvateIpQuery } from './query_unique_private_ips.dsl'; -import { - KpiNetworkHit, - KpiNetworkAdapter, - KpiNetworkESMSearchBody, - KpiNetworkGeneralHit, - KpiNetworkUniquePrivateIpsHit, -} from './types'; -import { TermAggregation } from '../types'; -import { KpiNetworkHistogramData, KpiNetworkData } from '../../graphql/types'; -import { buildNetworkEventsQuery } from './query_network_events'; -import { buildUniqueFlowIdsQuery } from './query_unique_flow'; - -const formatHistogramData = ( - data: Array<{ key: number; count: { value: number } }> -): KpiNetworkHistogramData[] | null => { - return data && data.length > 0 - ? data.map(({ key, count }) => { - return { - x: key, - y: getOr(null, 'value', count), - }; - }) - : null; -}; - -export class ElasticsearchKpiNetworkAdapter implements KpiNetworkAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getKpiNetwork( - request: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - const networkEventsQuery: KpiNetworkESMSearchBody[] = buildNetworkEventsQuery(options); - const uniqueFlowIdsQuery: KpiNetworkESMSearchBody[] = buildUniqueFlowIdsQuery(options); - const uniquePrivateIpsQuery: KpiNetworkESMSearchBody[] = buildUniquePrvateIpQuery(options); - const dnsQuery: KpiNetworkESMSearchBody[] = buildDnsQuery(options); - const tlsHandshakesQuery: KpiNetworkESMSearchBody[] = buildTlsHandshakeQuery(options); - const response = await this.framework.callWithRequest< - KpiNetworkGeneralHit | KpiNetworkHit | KpiNetworkUniquePrivateIpsHit, - TermAggregation - >(request, 'msearch', { - body: [ - ...networkEventsQuery, - ...dnsQuery, - ...uniquePrivateIpsQuery, - ...uniqueFlowIdsQuery, - ...tlsHandshakesQuery, - ], - }); - const uniqueSourcePrivateIpsHistogram = getOr( - null, - 'responses.2.aggregations.source.histogram.buckets', - response - ); - const uniqueDestinationPrivateIpsHistogram = getOr( - null, - 'responses.2.aggregations.destination.histogram.buckets', - response - ); - - const inspect = { - dsl: [ - inspectStringifyObject({ ...networkEventsQuery[0], body: networkEventsQuery[1] }), - inspectStringifyObject({ ...dnsQuery[0], body: dnsQuery[1] }), - inspectStringifyObject({ ...uniquePrivateIpsQuery[0], body: uniquePrivateIpsQuery[1] }), - inspectStringifyObject({ ...uniqueFlowIdsQuery[0], body: uniqueFlowIdsQuery[1] }), - inspectStringifyObject({ ...tlsHandshakesQuery[0], body: tlsHandshakesQuery[1] }), - ], - response: [ - inspectStringifyObject(response.responses[0]), - inspectStringifyObject(response.responses[1]), - inspectStringifyObject(response.responses[2]), - inspectStringifyObject(response.responses[3]), - inspectStringifyObject(response.responses[4]), - ], - }; - return { - inspect, - networkEvents: getOr(null, 'responses.0.hits.total.value', response), - dnsQueries: getOr(null, 'responses.1.hits.total.value', response), - uniqueSourcePrivateIps: getOr( - null, - 'responses.2.aggregations.source.unique_private_ips.value', - response - ), - uniqueSourcePrivateIpsHistogram: formatHistogramData(uniqueSourcePrivateIpsHistogram), - uniqueDestinationPrivateIps: getOr( - null, - 'responses.2.aggregations.destination.unique_private_ips.value', - response - ), - uniqueDestinationPrivateIpsHistogram: formatHistogramData( - uniqueDestinationPrivateIpsHistogram - ), - uniqueFlowId: getOr(null, 'responses.3.aggregations.unique_flow_id.value', response), - tlsHandshakes: getOr(null, 'responses.4.hits.total.value', response), - }; - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts deleted file mode 100644 index ed98e0226475c..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/helpers.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -export const getIpFilter = () => [ - { - bool: { - should: [ - { - exists: { - field: 'source.ip', - }, - }, - { - exists: { - field: 'destination.ip', - }, - }, - ], - minimum_should_match: 1, - }, - }, -]; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/index.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/index.ts deleted file mode 100644 index b27026a462f5c..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/index.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkRequest, RequestBasicOptions } from '../framework'; - -import { KpiNetworkAdapter } from './types'; -import { KpiNetworkData } from '../../graphql/types'; - -export class KpiNetwork { - constructor(private readonly adapter: KpiNetworkAdapter) {} - - public async getKpiNetwork( - req: FrameworkRequest, - options: RequestBasicOptions - ): Promise { - return this.adapter.getKpiNetwork(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts deleted file mode 100644 index fc9b64ae0746f..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/mock.ts +++ /dev/null @@ -1,335 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { RequestBasicOptions } from '../framework/types'; - -export const mockOptions: RequestBasicOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: '2019-02-11T02:26:46.071Z', from: '2019-02-10T02:26:46.071Z' }, - filterQuery: {}, -}; - -export const mockRequest = { - body: { - operationName: 'GetKpiNetworkQuery', - variables: { - sourceId: 'default', - timerange: { - interval: '12h', - from: '2019-05-09T23:48:41.842Z', - to: '2019-05-10T23:48:41.842Z', - }, - filterQuery: '', - }, - query: - 'fragment KpiNetworkChartFields on KpiNetworkHistogramData {\n x\n y\n __typename\n}\n\nquery GetKpiNetworkQuery($sourceId: ID!, $timerange: TimerangeInput!, $filterQuery: String, $defaultIndex: [String!]!) {\n source(id: $sourceId) {\n id\n KpiNetwork(timerange: $timerange, filterQuery: $filterQuery, defaultIndex: $defaultIndex) {\n networkEvents\n uniqueFlowId\n uniqueSourcePrivateIps\n uniqueSourcePrivateIpsHistogram {\n ...KpiNetworkChartFields\n __typename\n }\n uniqueDestinationPrivateIps\n uniqueDestinationPrivateIpsHistogram {\n ...KpiNetworkChartFields\n __typename\n }\n dnsQueries\n tlsHandshakes\n __typename\n }\n __typename\n }\n}\n', - }, -}; - -export const mockResponse = { - responses: [ - { - took: 384, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 733106, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - status: 200, - }, - { - took: 64, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 10942, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - status: 200, - }, - { - took: 224, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 480755, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - aggregations: { - source: { - histogram: { - buckets: [ - { - key_as_string: '2019-05-09T23:00:00.000Z', - key: 1557442800000, - doc_count: 42109, - count: { - value: 14, - }, - }, - { - key_as_string: '2019-05-10T11:00:00.000Z', - key: 1557486000000, - doc_count: 437160, - count: { - value: 385, - }, - }, - { - key_as_string: '2019-05-10T23:00:00.000Z', - key: 1557529200000, - doc_count: 1486, - count: { - value: 7, - }, - }, - ], - interval: '12h', - }, - unique_private_ips: { - value: 387, - }, - }, - destination: { - histogram: { - buckets: [ - { - key_as_string: '2019-05-09T23:00:00.000Z', - key: 1557442800000, - doc_count: 36253, - count: { - value: 11, - }, - }, - { - key_as_string: '2019-05-10T11:00:00.000Z', - key: 1557486000000, - doc_count: 421719, - count: { - value: 877, - }, - }, - { - key_as_string: '2019-05-10T23:00:00.000Z', - key: 1557529200000, - doc_count: 1311, - count: { - value: 7, - }, - }, - ], - interval: '12h', - }, - unique_private_ips: { - value: 878, - }, - }, - }, - status: 200, - }, - { - took: 384, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 733106, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - aggregations: { - unique_flow_id: { - value: 195415, - }, - }, - status: 200, - }, - { - took: 57, - timed_out: false, - _shards: { - total: 10, - successful: 10, - skipped: 0, - failed: 0, - }, - hits: { - total: { - value: 54482, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - status: 200, - }, - ], -}; -const mockMsearchHeader = { - index: 'defaultIndex', - allowNoIndices: true, - ignoreUnavailable: true, -}; -const mockMsearchBody = { - query: {}, - aggregations: {}, - size: 0, - track_total_hits: false, -}; -export const mockNetworkEventsQueryDsl = [mockMsearchHeader, mockMsearchBody]; -export const mockUniqueFlowIdsQueryDsl = [ - mockMsearchHeader, - { mockUniqueFlowIdsQueryDsl: 'mockUniqueFlowIdsQueryDsl' }, -]; -export const mockUniquePrvateIpsQueryDsl = [ - mockMsearchHeader, - { mockUniquePrvateIpsQueryDsl: 'mockUniquePrvateIpsQueryDsl' }, -]; -export const mockDnsQueryDsl = [mockMsearchHeader, { mockDnsQueryDsl: 'mockDnsQueryDsl' }]; -export const mockTlsHandshakesQueryDsl = [ - mockMsearchHeader, - { mockTlsHandshakesQueryDsl: 'mockTlsHandshakesQueryDsl' }, -]; - -export const mockMsearchOptions = { - body: [ - ...mockNetworkEventsQueryDsl, - ...mockDnsQueryDsl, - ...mockUniquePrvateIpsQueryDsl, - ...mockUniqueFlowIdsQueryDsl, - ...mockTlsHandshakesQueryDsl, - ], -}; - -const mockDsl = [ - JSON.stringify({ ...mockNetworkEventsQueryDsl[0], body: mockNetworkEventsQueryDsl[1] }, null, 2), - JSON.stringify({ ...mockDnsQueryDsl[0], body: mockDnsQueryDsl[1] }, null, 2), - JSON.stringify( - { ...mockUniquePrvateIpsQueryDsl[0], body: mockUniquePrvateIpsQueryDsl[1] }, - null, - 2 - ), - JSON.stringify({ ...mockUniqueFlowIdsQueryDsl[0], body: mockUniqueFlowIdsQueryDsl[1] }, null, 2), - JSON.stringify({ ...mockTlsHandshakesQueryDsl[0], body: mockTlsHandshakesQueryDsl[1] }, null, 2), -]; - -export const mockResult = { - inspect: { - dsl: mockDsl, - response: [ - JSON.stringify(mockResponse.responses[0], null, 2), - JSON.stringify(mockResponse.responses[1], null, 2), - JSON.stringify(mockResponse.responses[2], null, 2), - JSON.stringify(mockResponse.responses[3], null, 2), - JSON.stringify(mockResponse.responses[4], null, 2), - ], - }, - dnsQueries: 10942, - networkEvents: 733106, - tlsHandshakes: 54482, - uniqueDestinationPrivateIps: 878, - uniqueDestinationPrivateIpsHistogram: [ - { - x: new Date('2019-05-09T23:00:00.000Z').valueOf(), - y: 11, - }, - { - x: new Date('2019-05-10T11:00:00.000Z').valueOf(), - y: 877, - }, - { - x: new Date('2019-05-10T23:00:00.000Z').valueOf(), - y: 7, - }, - ], - uniqueFlowId: 195415, - uniqueSourcePrivateIps: 387, - uniqueSourcePrivateIpsHistogram: [ - { - x: new Date('2019-05-09T23:00:00.000Z').valueOf(), - y: 14, - }, - { - x: new Date('2019-05-10T11:00:00.000Z').valueOf(), - y: 385, - }, - { - x: new Date('2019-05-10T23:00:00.000Z').valueOf(), - y: 7, - }, - ], -}; - -export const mockResponseNoData = { - responses: [null, null, null, null, null], -}; - -export const mockResultNoData = { - inspect: { - dsl: mockDsl, - response: [ - JSON.stringify(mockResponseNoData.responses[0], null, 2), - JSON.stringify(mockResponseNoData.responses[1], null, 2), - JSON.stringify(mockResponseNoData.responses[2], null, 2), - JSON.stringify(mockResponseNoData.responses[3], null, 2), - JSON.stringify(mockResponseNoData.responses[4], null, 2), - ], - }, - networkEvents: null, - uniqueFlowId: null, - uniqueSourcePrivateIps: null, - uniqueSourcePrivateIpsHistogram: null, - uniqueDestinationPrivateIps: null, - uniqueDestinationPrivateIpsHistogram: null, - dnsQueries: null, - tlsHandshakes: null, -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts deleted file mode 100644 index b3dba9b1d0fab..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_dns.dsl.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; - -const getDnsQueryFilter = () => [ - { - bool: { - should: [ - { - exists: { - field: 'dns.question.name', - }, - }, - { - term: { - 'suricata.eve.dns.type': { - value: 'query', - }, - }, - }, - { - exists: { - field: 'zeek.dns.query', - }, - }, - ], - minimum_should_match: 1, - }, - }, -]; - -export const buildDnsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - ...getDnsQueryFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts deleted file mode 100644 index 17f705fe98d03..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_network_events.ts +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; -import { getIpFilter } from './helpers'; - -export const buildNetworkEventsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - ...getIpFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts deleted file mode 100644 index 5032863e7d324..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_tls_handshakes.dsl.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; -import { getIpFilter } from './helpers'; - -const getTlsHandshakesQueryFilter = () => [ - { - bool: { - should: [ - { - exists: { - field: 'tls.version', - }, - }, - { - exists: { - field: 'suricata.eve.tls.version', - }, - }, - { - exists: { - field: 'zeek.ssl.version', - }, - }, - ], - minimum_should_match: 1, - }, - }, -]; - -export const buildTlsHandshakeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...getIpFilter(), - ...createQueryFilterClauses(filterQuery), - ...getTlsHandshakesQueryFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts deleted file mode 100644 index fb717df2b4608..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_flow.ts +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody } from './types'; -import { getIpFilter } from './helpers'; - -export const buildUniqueFlowIdsQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - ...getIpFilter(), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - }, - { - aggregations: { - unique_flow_id: { - cardinality: { - field: 'network.community_id', - }, - }, - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts deleted file mode 100644 index 77d6efdcfdaa0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/query_unique_private_ips.dsl.ts +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { createQueryFilterClauses } from '../../utils/build_query'; -import { RequestBasicOptions } from '../framework'; - -import { KpiNetworkESMSearchBody, UniquePrivateAttributeQuery } from './types'; - -const getUniquePrivateIpsFilter = (attrQuery: UniquePrivateAttributeQuery) => ({ - bool: { - should: [ - { - term: { - [`${attrQuery}.ip`]: '10.0.0.0/8', - }, - }, - { - term: { - [`${attrQuery}.ip`]: '192.168.0.0/16', - }, - }, - { - term: { - [`${attrQuery}.ip`]: '172.16.0.0/12', - }, - }, - { - term: { - [`${attrQuery}.ip`]: 'fd00::/8', - }, - }, - ], - minimum_should_match: 1, - }, -}); - -const getAggs = (attrQuery: 'source' | 'destination') => ({ - [attrQuery]: { - filter: getUniquePrivateIpsFilter(attrQuery), - aggs: { - unique_private_ips: { - cardinality: { - field: `${attrQuery}.ip`, - }, - }, - histogram: { - auto_date_histogram: { - field: '@timestamp', - buckets: '6', - }, - aggs: { - count: { - cardinality: { - field: `${attrQuery}.ip`, - }, - }, - }, - }, - }, - }, -}); - -export const buildUniquePrvateIpQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, -}: RequestBasicOptions): KpiNetworkESMSearchBody[] => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = [ - { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - }, - { - aggregations: { - ...getAggs('source'), - ...getAggs('destination'), - }, - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: false, - }, - ]; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/kpi_network/types.ts b/x-pack/plugins/security_solution/server/lib/kpi_network/types.ts deleted file mode 100644 index b0a00e0ba968f..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/kpi_network/types.ts +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { FrameworkRequest, RequestBasicOptions } from '../framework'; -import { MSearchHeader, SearchHit } from '../types'; -import { KpiNetworkHistogramData, KpiNetworkData } from '../../graphql/types'; - -export interface KpiNetworkAdapter { - getKpiNetwork(request: FrameworkRequest, options: RequestBasicOptions): Promise; -} - -export interface KpiNetworkHit { - hits: { - total: { - value: number; - }; - }; -} - -export interface KpiNetworkGeneralHit extends SearchHit, KpiNetworkHit { - aggregations: { - unique_flow_id: { - value: number; - }; - }; -} - -export interface KpiNetworkUniquePrivateIpsHit extends SearchHit { - aggregations: { - unique_private_ips: { - value: number; - }; - histogram: { - buckets: [KpiNetworkHistogramData]; - }; - }; -} - -export interface KpiNetworkBody { - query?: object; - aggregations?: object; - size?: number; - track_total_hits?: boolean; -} - -export type KpiNetworkESMSearchBody = KpiNetworkBody | MSearchHeader; - -export type UniquePrivateAttributeQuery = 'source' | 'destination'; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts deleted file mode 100644 index f661fe165130e..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticsearch_adapter.ts +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getOr } from 'lodash/fp'; - -import { MatrixHistogramOverTimeData, HistogramType } from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; -import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -import { MatrixHistogramAdapter, MatrixHistogramDataConfig, MatrixHistogramHit } from './types'; -import { TermAggregation } from '../types'; -import { buildAnomaliesOverTimeQuery } from './query.anomalies_over_time.dsl'; -import { buildDnsHistogramQuery } from './query_dns_histogram.dsl'; -import { buildEventsOverTimeQuery } from './query.events_over_time.dsl'; -import { getDnsParsedData, getGenericData } from './utils'; -import { buildAuthenticationsOverTimeQuery } from './query.authentications_over_time.dsl'; -import { buildAlertsHistogramQuery } from './query_alerts.dsl'; - -const matrixHistogramConfig: MatrixHistogramDataConfig = { - [HistogramType.alerts]: { - buildDsl: buildAlertsHistogramQuery, - aggName: 'aggregations.alertsGroup.buckets', - parseKey: 'alerts.buckets', - }, - [HistogramType.anomalies]: { - buildDsl: buildAnomaliesOverTimeQuery, - aggName: 'aggregations.anomalyActionGroup.buckets', - parseKey: 'anomalies.buckets', - }, - [HistogramType.authentications]: { - buildDsl: buildAuthenticationsOverTimeQuery, - aggName: 'aggregations.eventActionGroup.buckets', - parseKey: 'events.buckets', - }, - [HistogramType.dns]: { - buildDsl: buildDnsHistogramQuery, - aggName: 'aggregations.NetworkDns.buckets', - parseKey: 'dns.buckets', - parser: getDnsParsedData, - }, - [HistogramType.events]: { - buildDsl: buildEventsOverTimeQuery, - aggName: 'aggregations.eventActionGroup.buckets', - parseKey: 'events.buckets', - }, -}; - -export class ElasticsearchMatrixHistogramAdapter implements MatrixHistogramAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getHistogramData( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - const myConfig = getOr(null, options.histogramType, matrixHistogramConfig); - if (myConfig == null) { - throw new Error(`This histogram type ${options.histogramType} is unknown to the server side`); - } - const dsl = myConfig.buildDsl(options); - const response = await this.framework.callWithRequest< - MatrixHistogramHit, - TermAggregation - >(request, 'search', dsl); - const totalCount = getOr(0, 'hits.total.value', response); - const matrixHistogramData = getOr([], myConfig.aggName, response); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - - return { - inspect, - matrixHistogramData: myConfig.parser - ? myConfig.parser(matrixHistogramData, myConfig.parseKey) - : getGenericData(matrixHistogramData, myConfig.parseKey), - totalCount, - }; - } -} diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts deleted file mode 100644 index 0b63785d2203b..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/elasticseatch_adapter.test.ts +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { FrameworkAdapter, FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; - -import expect from '@kbn/expect'; -import { ElasticsearchMatrixHistogramAdapter } from './elasticsearch_adapter'; -import { - mockRequest, - mockOptions, - mockAlertsHistogramDataResponse, - mockAlertsHistogramQueryDsl, - mockAlertsHistogramDataFormattedResponse, -} from './mock'; - -jest.mock('./query_alerts.dsl', () => { - return { - buildAlertsHistogramQuery: jest.fn(() => mockAlertsHistogramQueryDsl), - }; -}); - -describe('alerts elasticsearch_adapter', () => { - describe('getAlertsHistogramData', () => { - test('Happy Path ', async () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockImplementation((req: FrameworkRequest, method: string) => { - return mockAlertsHistogramDataResponse; - }); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - const adapter = new ElasticsearchMatrixHistogramAdapter(mockFramework); - const data = await adapter.getHistogramData( - (mockRequest as unknown) as FrameworkRequest, - (mockOptions as unknown) as MatrixHistogramRequestOptions - ); - - expect(data).to.eql({ - matrixHistogramData: mockAlertsHistogramDataFormattedResponse, - inspect: { - dsl: ['"mockAlertsHistogramQueryDsl"'], - response: [JSON.stringify(mockAlertsHistogramDataResponse, null, 2)], - }, - totalCount: 1599508, - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts deleted file mode 100644 index 900a6ab619ae0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/index.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -export * from './elasticsearch_adapter'; -import { MatrixHistogramAdapter } from './types'; -import { MatrixHistogramOverTimeData } from '../../graphql/types'; - -export class MatrixHistogram { - constructor(private readonly adapter: MatrixHistogramAdapter) {} - - public async getMatrixHistogramData( - req: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise { - return this.adapter.getHistogramData(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts deleted file mode 100644 index 1d1ebfff936d2..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/mock.ts +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { HistogramType } from '../../graphql/types'; - -export const mockAlertsHistogramDataResponse = { - took: 513, - timed_out: false, - _shards: { - total: 62, - successful: 61, - skipped: 0, - failed: 1, - failures: [ - { - shard: 0, - index: 'auditbeat-7.2.0', - node: 'jBC5kcOeT1exvECDMrk5Ug', - reason: { - type: 'illegal_argument_exception', - reason: - 'Fielddata is disabled on text fields by default. Set fielddata=true on [event.module] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead.', - }, - }, - ], - }, - hits: { - total: { - value: 1599508, - relation: 'eq', - }, - max_score: null, - hits: [], - }, - aggregations: { - alertsGroup: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 802087, - buckets: [ - { - key: 'All others', - doc_count: 451519, - alerts: { - buckets: [ - { - key_as_string: '2019-12-15T09:30:00.000Z', - key: 1576402200000, - doc_count: 3008, - }, - { - key_as_string: '2019-12-15T10:00:00.000Z', - key: 1576404000000, - doc_count: 8671, - }, - ], - }, - }, - { - key: 'suricata', - doc_count: 345902, - alerts: { - buckets: [ - { - key_as_string: '2019-12-15T09:30:00.000Z', - key: 1576402200000, - doc_count: 1785, - }, - { - key_as_string: '2019-12-15T10:00:00.000Z', - key: 1576404000000, - doc_count: 5342, - }, - ], - }, - }, - ], - }, - }, -}; -export const mockAlertsHistogramDataFormattedResponse = [ - { - x: 1576402200000, - y: 3008, - g: 'All others', - }, - { - x: 1576404000000, - y: 8671, - g: 'All others', - }, - { - x: 1576402200000, - y: 1785, - g: 'suricata', - }, - { - x: 1576404000000, - y: 5342, - g: 'suricata', - }, -]; -export const mockAlertsHistogramQueryDsl = 'mockAlertsHistogramQueryDsl'; -export const mockRequest = 'mockRequest'; -export const mockOptions = { - sourceConfiguration: { field: {} }, - timerange: { - to: 9999, - from: 1234, - }, - defaultIndex: DEFAULT_INDEX_PATTERN, - filterQuery: '', - stackByField: 'event.module', - histogramType: HistogramType.alerts, -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts deleted file mode 100644 index fb4e666cda964..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.anomalies_over_time.dsl.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import moment from 'moment'; - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -export const buildAnomaliesOverTimeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - stackByField = 'job_id', -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - timestamp: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = 'timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - return { - anomalyActionGroup: { - terms: { - field: stackByField, - order: { - _count: 'desc', - }, - size: 10, - }, - aggs: { - anomalies: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggs: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts deleted file mode 100644 index 174cc907214a9..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.authentications_over_time.dsl.ts +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import moment from 'moment'; - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -export const buildAuthenticationsOverTimeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField = 'event.outcome', -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - bool: { - must: [ - { - term: { - 'event.category': 'authentication', - }, - }, - ], - }, - }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - return { - eventActionGroup: { - terms: { - field: stackByField, - include: ['success', 'failure'], - order: { - _count: 'desc', - }, - size: 2, - }, - aggs: { - events: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts deleted file mode 100644 index fa7c1b9e55b9e..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query.events_over_time.dsl.ts +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import moment from 'moment'; - -import { showAllOthersBucket } from '../../../common/constants'; -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -import * as i18n from './translations'; - -export const buildEventsOverTimeQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField = 'event.action', -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - - const missing = - stackByField != null && showAllOthersBucket.includes(stackByField) - ? { - missing: stackByField?.endsWith('.ip') ? '0.0.0.0' : i18n.ALL_OTHERS, - } - : {}; - - return { - eventActionGroup: { - terms: { - field: stackByField, - ...missing, - order: { - _count: 'desc', - }, - size: 10, - }, - aggs: { - events: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts deleted file mode 100644 index dd45109672480..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_alerts.dsl.ts +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import moment from 'moment'; - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { buildTimelineQuery } from '../events/query.dsl'; -import { RequestOptions, MatrixHistogramRequestOptions } from '../framework'; - -export const buildAlertsQuery = (options: RequestOptions) => { - const eventsQuery = buildTimelineQuery(options); - const eventsFilter = eventsQuery.body.query.bool.filter; - const alertsFilter = [ - ...createQueryFilterClauses({ match: { 'event.kind': { query: 'alert' } } }), - ]; - - return { - ...eventsQuery, - body: { - ...eventsQuery.body, - query: { - bool: { - filter: [...eventsFilter, ...alertsFilter], - }, - }, - }, - }; -}; - -export const buildAlertsHistogramQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField, -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - bool: { - filter: [ - { - bool: { - should: [ - { - match: { - 'event.kind': 'alert', - }, - }, - ], - minimum_should_match: 1, - }, - }, - ], - }, - }, - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - min_doc_count: 0, - extended_bounds: { - min: moment(from).valueOf(), - max: moment(to).valueOf(), - }, - }, - }; - return { - alertsGroup: { - terms: { - field: stackByField, - missing: 'All others', - order: { - _count: 'desc', - }, - size: 10, - }, - aggs: { - alerts: dateHistogram, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts deleted file mode 100644 index 7e71263988957..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/query_dns_histogram.dsl.ts +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; -import { MatrixHistogramRequestOptions } from '../framework'; - -export const buildDnsHistogramQuery = ({ - filterQuery, - timerange: { from, to }, - defaultIndex, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField, -}: MatrixHistogramRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const getHistogramAggregation = () => { - const interval = calculateTimeSeriesInterval(from, to); - const histogramTimestampField = '@timestamp'; - const dateHistogram = { - date_histogram: { - field: histogramTimestampField, - fixed_interval: interval, - }, - }; - - return { - NetworkDns: { - ...dateHistogram, - aggs: { - dns: { - terms: { - field: stackByField, - order: { - orderAgg: 'desc', - }, - size: 10, - }, - aggs: { - orderAgg: { - cardinality: { - field: 'dns.question.name', - }, - }, - }, - }, - }, - }, - }; - }; - - const dslQuery = { - index: defaultIndex, - allowNoIndices: true, - ignoreUnavailable: true, - body: { - aggregations: getHistogramAggregation(), - query: { - bool: { - filter, - }, - }, - size: 0, - track_total_hits: true, - }, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts deleted file mode 100644 index 0e46f5cff1445..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/translations.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { i18n } from '@kbn/i18n'; - -export const ALL_OTHERS = i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.histogram.allOthersGroupingLabel', - { - defaultMessage: 'All others', - } -); diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts deleted file mode 100644 index 87ea4b81f5fba..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/types.ts +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - MatrixHistogramOverTimeData, - HistogramType, - MatrixOverTimeHistogramData, -} from '../../graphql/types'; -import { FrameworkRequest, MatrixHistogramRequestOptions } from '../framework'; -import { SearchHit } from '../types'; -import { EventHit } from '../events/types'; -import { AuthenticationHit } from '../authentications/types'; - -export interface HistogramBucket { - key: number; - doc_count: number; -} - -interface AlertsGroupData { - key: string; - doc_count: number; - alerts: { - buckets: HistogramBucket[]; - }; -} - -interface AnomaliesOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface AnomaliesActionGroupData { - key: number; - anomalies: { - bucket: AnomaliesOverTimeHistogramData[]; - }; - doc_count: number; -} - -export interface AnomalySource { - [field: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any -} - -export interface AnomalyHit extends SearchHit { - sort: string[]; - _source: AnomalySource; - aggregations: { - [agg: string]: any; // eslint-disable-line @typescript-eslint/no-explicit-any - }; -} - -interface EventsOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface EventsActionGroupData { - key: number; - events: { - bucket: EventsOverTimeHistogramData[]; - }; - doc_count: number; -} - -export interface DnsHistogramSubBucket { - key: string; - doc_count: number; - orderAgg: { - value: number; - }; -} -interface DnsHistogramBucket { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: DnsHistogramSubBucket[]; -} - -export interface DnsHistogramGroupData { - key: number; - doc_count: number; - key_as_string: string; - histogram: DnsHistogramBucket; -} - -export interface MatrixHistogramSchema { - buildDsl: (options: MatrixHistogramRequestOptions) => {}; - aggName: string; - parseKey: string; - parser?: ( - data: MatrixHistogramParseData, - keyBucket: string - ) => MatrixOverTimeHistogramData[]; -} - -export type MatrixHistogramParseData = T extends HistogramType.alerts - ? AlertsGroupData[] - : T extends HistogramType.anomalies - ? AnomaliesActionGroupData[] - : T extends HistogramType.dns - ? DnsHistogramGroupData[] - : T extends HistogramType.authentications - ? AuthenticationsActionGroupData[] - : T extends HistogramType.events - ? EventsActionGroupData[] - : never; - -export type MatrixHistogramHit = T extends HistogramType.alerts - ? EventHit - : T extends HistogramType.anomalies - ? AnomalyHit - : T extends HistogramType.dns - ? EventHit - : T extends HistogramType.authentications - ? AuthenticationHit - : T extends HistogramType.events - ? EventHit - : never; - -export type MatrixHistogramDataConfig = Record>; -interface AuthenticationsOverTimeHistogramData { - key_as_string: string; - key: number; - doc_count: number; -} - -export interface AuthenticationsActionGroupData { - key: number; - events: { - bucket: AuthenticationsOverTimeHistogramData[]; - }; - doc_count: number; -} - -export interface MatrixHistogramAdapter { - getHistogramData( - request: FrameworkRequest, - options: MatrixHistogramRequestOptions - ): Promise; -} diff --git a/x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts b/x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts deleted file mode 100644 index 4a6a38421f42a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/matrix_histogram/utils.ts +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { get, getOr } from 'lodash/fp'; -import { MatrixHistogramParseData, DnsHistogramSubBucket, HistogramBucket } from './types'; -import { MatrixOverTimeHistogramData } from '../../graphql/types'; - -export const getDnsParsedData = ( - data: MatrixHistogramParseData, - keyBucket: string -): MatrixOverTimeHistogramData[] => { - let result: MatrixOverTimeHistogramData[] = []; - data.forEach((bucketData: unknown) => { - const time = get('key', bucketData); - const histData = getOr([], keyBucket, bucketData).map( - // eslint-disable-next-line @typescript-eslint/naming-convention - ({ key, doc_count }: DnsHistogramSubBucket) => ({ - x: time, - y: doc_count, - g: key, - }) - ); - result = [...result, ...histData]; - }); - return result; -}; - -export const getGenericData = ( - data: MatrixHistogramParseData, - keyBucket: string -): MatrixOverTimeHistogramData[] => { - let result: MatrixOverTimeHistogramData[] = []; - data.forEach((bucketData: unknown) => { - const group = get('key', bucketData); - const histData = getOr([], keyBucket, bucketData).map( - // eslint-disable-next-line @typescript-eslint/naming-convention - ({ key, doc_count }: HistogramBucket) => ({ - x: key, - y: doc_count, - g: group, - }) - ); - result = [...result, ...histData]; - }); - - return result; -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap b/x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap deleted file mode 100644 index 50454fcb6b351..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/__snapshots__/elastic_adapter.test.ts.snap +++ /dev/null @@ -1,1366 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Network Top N flow elasticsearch_adapter with FlowTarget=source Unhappy Path - No geo data getNetworkTopNFlow 1`] = ` -Object { - "edges": Array [ - Object { - "cursor": Object { - "tiebreaker": null, - "value": "1.1.1.1", - }, - "node": Object { - "_id": "1.1.1.1", - "network": Object { - "bytes_in": 11276023407, - "bytes_out": 1025631, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.1.net", - ], - "flows": 1234567, - "ip": "1.1.1.1", - "location": null, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "2.2.2.2", - }, - "node": Object { - "_id": "2.2.2.2", - "network": Object { - "bytes_in": 5469323342, - "bytes_out": 2811441, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.2.net", - ], - "flows": 1234567, - "ip": "2.2.2.2", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "3.3.3.3", - }, - "node": Object { - "_id": "3.3.3.3", - "network": Object { - "bytes_in": 3807671322, - "bytes_out": 4494034, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.3.com", - "test.3-duplicate.com", - ], - "flows": 1234567, - "ip": "3.3.3.3", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "4.4.4.4", - }, - "node": Object { - "_id": "4.4.4.4", - "network": Object { - "bytes_in": 166517626, - "bytes_out": 3194782, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.4.com", - ], - "flows": 1234567, - "ip": "4.4.4.4", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "5.5.5.5", - }, - "node": Object { - "_id": "5.5.5.5", - "network": Object { - "bytes_in": 104785026, - "bytes_out": 1838597, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.5.com", - ], - "flows": 1234567, - "ip": "5.5.5.5", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "6.6.6.6", - }, - "node": Object { - "_id": "6.6.6.6", - "network": Object { - "bytes_in": 28804250, - "bytes_out": 482982, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.6.com", - ], - "flows": 1234567, - "ip": "6.6.6.6", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "7.7.7.7", - }, - "node": Object { - "_id": "7.7.7.7", - "network": Object { - "bytes_in": 23032363, - "bytes_out": 400623, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.7.com", - ], - "flows": 1234567, - "ip": "7.7.7.7", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "8.8.8.8", - }, - "node": Object { - "_id": "8.8.8.8", - "network": Object { - "bytes_in": 21424889, - "bytes_out": 344357, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.8.com", - ], - "flows": 1234567, - "ip": "8.8.8.8", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "9.9.9.9", - }, - "node": Object { - "_id": "9.9.9.9", - "network": Object { - "bytes_in": 19205000, - "bytes_out": 355663, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.9.com", - ], - "flows": 1234567, - "ip": "9.9.9.9", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - Object { - "cursor": Object { - "tiebreaker": null, - "value": "10.10.10.10", - }, - "node": Object { - "_id": "10.10.10.10", - "network": Object { - "bytes_in": 11407633, - "bytes_out": 199360, - }, - "source": Object { - "autonomous_system": Object { - "name": "Level 3 Parent, LLC", - "number": 3356, - }, - "destination_ips": 345345, - "domain": Array [ - "test.10.com", - ], - "flows": 1234567, - "ip": "10.10.10.10", - "location": Object { - "flowTarget": "source", - "geo": Object { - "city_name": "Philadelphia", - "continent_name": "North America", - "country_iso_code": "US", - "location": Object { - "lat": 39.9359, - "lon": -75.1534, - }, - "region_iso_code": "US-PA", - "region_name": "Pennsylvania", - }, - }, - }, - }, - }, - ], - "inspect": Object { - "dsl": Array [ - "{ - \\"mockTopNFlowQueryDsl\\": \\"mockTopNFlowQueryDsl\\" -}", - ], - "response": Array [ - "{ - \\"took\\": 122, - \\"timed_out\\": false, - \\"_shards\\": { - \\"total\\": 11, - \\"successful\\": 11, - \\"skipped\\": 0, - \\"failed\\": 0 - }, - \\"hits\\": { - \\"max_score\\": null, - \\"hits\\": [] - }, - \\"aggregations\\": { - \\"top_n_flow_count\\": { - \\"value\\": 545 - }, - \\"source\\": { - \\"buckets\\": [ - { - \\"key\\": \\"1.1.1.1\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 11276023407 - }, - \\"bytes_out\\": { - \\"value\\": 1025631 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.1.net\\" - } - ] - } - }, - { - \\"key\\": \\"2.2.2.2\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 5469323342 - }, - \\"bytes_out\\": { - \\"value\\": 2811441 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.2.net\\" - } - ] - } - }, - { - \\"key\\": \\"3.3.3.3\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 3807671322 - }, - \\"bytes_out\\": { - \\"value\\": 4494034 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.3.com\\" - }, - { - \\"key\\": \\"test.3-duplicate.com\\" - } - ] - } - }, - { - \\"key\\": \\"4.4.4.4\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 166517626 - }, - \\"bytes_out\\": { - \\"value\\": 3194782 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.4.com\\" - } - ] - } - }, - { - \\"key\\": \\"5.5.5.5\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 104785026 - }, - \\"bytes_out\\": { - \\"value\\": 1838597 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.5.com\\" - } - ] - } - }, - { - \\"key\\": \\"6.6.6.6\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 28804250 - }, - \\"bytes_out\\": { - \\"value\\": 482982 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"doc_count_error_upper_bound\\": 0, - \\"sum_other_doc_count\\": 31, - \\"buckets\\": [ - { - \\"key\\": \\"test.6.com\\" - } - ] - } - }, - { - \\"key\\": \\"7.7.7.7\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 23032363 - }, - \\"bytes_out\\": { - \\"value\\": 400623 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"doc_count_error_upper_bound\\": 0, - \\"sum_other_doc_count\\": 0, - \\"buckets\\": [ - { - \\"key\\": \\"test.7.com\\" - } - ] - } - }, - { - \\"key\\": \\"8.8.8.8\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 21424889 - }, - \\"bytes_out\\": { - \\"value\\": 344357 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.8.com\\" - } - ] - } - }, - { - \\"key\\": \\"9.9.9.9\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 19205000 - }, - \\"bytes_out\\": { - \\"value\\": 355663 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.9.com\\" - } - ] - } - }, - { - \\"key\\": \\"10.10.10.10\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 11407633 - }, - \\"bytes_out\\": { - \\"value\\": 199360 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.10.com\\" - } - ] - } - }, - { - \\"key\\": \\"11.11.11.11\\", - \\"flows\\": { - \\"value\\": 1234567 - }, - \\"destination_ips\\": { - \\"value\\": 345345 - }, - \\"bytes_in\\": { - \\"value\\": 11393327 - }, - \\"bytes_out\\": { - \\"value\\": 195914 - }, - \\"location\\": { - \\"doc_count\\": 14, - \\"top_geo\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"geo\\": { - \\"continent_name\\": \\"North America\\", - \\"region_iso_code\\": \\"US-PA\\", - \\"city_name\\": \\"Philadelphia\\", - \\"country_iso_code\\": \\"US\\", - \\"region_name\\": \\"Pennsylvania\\", - \\"location\\": { - \\"lon\\": -75.1534, - \\"lat\\": 39.9359 - } - } - } - } - } - ] - } - } - }, - \\"autonomous_system\\": { - \\"doc_count\\": 14, - \\"top_as\\": { - \\"hits\\": { - \\"total\\": { - \\"value\\": 14, - \\"relation\\": \\"eq\\" - }, - \\"max_score\\": 1, - \\"hits\\": [ - { - \\"_index\\": \\"filebeat-8.0.0-2019.06.19-000005\\", - \\"_type\\": \\"_doc\\", - \\"_id\\": \\"dd4fa2d4bd-692279846149410\\", - \\"_score\\": 1, - \\"_source\\": { - \\"source\\": { - \\"as\\": { - \\"number\\": 3356, - \\"organization\\": { - \\"name\\": \\"Level 3 Parent, LLC\\" - } - } - } - } - } - ] - } - } - }, - \\"domain\\": { - \\"buckets\\": [ - { - \\"key\\": \\"test.11.com\\" - } - ] - } - } - ] - } - } -}", - ], - }, - "pageInfo": Object { - "activePage": 0, - "fakeTotalCount": 50, - "showMorePagesIndicator": true, - }, - "totalCount": 545, -} -`; diff --git a/x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts b/x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts deleted file mode 100644 index eab461ee07ca7..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/elastic_adapter.test.ts +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { cloneDeep } from 'lodash/fp'; - -import { FlowTargetSourceDest, NetworkTopNFlowData } from '../../graphql/types'; -import { FrameworkAdapter, FrameworkRequest } from '../framework'; - -import { ElasticsearchNetworkAdapter } from './elasticsearch_adapter'; -import { - mockOptions, - mockRequest, - mockResponse, - mockResult, - mockOptionsIp, - mockRequestIp, - mockResponseIp, - mockResultIp, - mockTopNFlowQueryDsl, -} from './mock'; - -jest.mock('./query_top_n_flow.dsl', () => { - const r = jest.requireActual('./query_top_n_flow.dsl'); - return { - ...r, - buildTopNFlowQuery: jest.fn(() => mockTopNFlowQueryDsl), - }; -}); - -describe('Network Top N flow elasticsearch_adapter with FlowTarget=source', () => { - describe('Happy Path - get Data', () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - getIndexPatternsService: jest.fn(), - registerGraphQLEndpoint: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data).toEqual(mockResult); - }); - }); - - describe('Unhappy Path - No data', () => { - const mockNoDataResponse = cloneDeep(mockResponse); - mockNoDataResponse.aggregations.top_n_flow_count.value = 0; - mockNoDataResponse.aggregations[FlowTargetSourceDest.source].buckets = []; - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockNoDataResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data).toEqual({ - inspect: { - dsl: [JSON.stringify(mockTopNFlowQueryDsl, null, 2)], - response: [JSON.stringify(mockNoDataResponse, null, 2)], - }, - edges: [], - pageInfo: { - activePage: 0, - fakeTotalCount: 0, - showMorePagesIndicator: false, - }, - totalCount: 0, - }); - }); - }); - - describe('Unhappy Path - No geo data', () => { - const mockCallWithRequest = jest.fn(); - const mockNoGeoDataResponse = cloneDeep(mockResponse); - // sometimes bad things happen to good ecs - mockNoGeoDataResponse.aggregations[ - FlowTargetSourceDest.source - ].buckets[0].location.top_geo.hits.hits = []; - mockCallWithRequest.mockResolvedValue(mockNoGeoDataResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - getIndexPatternsService: jest.fn(), - registerGraphQLEndpoint: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data).toMatchSnapshot(); - }); - }); - - describe('No pagination', () => { - const mockNoPaginationResponse = cloneDeep(mockResponse); - mockNoPaginationResponse.aggregations.top_n_flow_count.value = 10; - mockNoPaginationResponse.aggregations[ - FlowTargetSourceDest.source - ].buckets = mockNoPaginationResponse.aggregations[FlowTargetSourceDest.source].buckets.slice( - 0, - -1 - ); - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockNoPaginationResponse); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - registerGraphQLEndpoint: jest.fn(), - getIndexPatternsService: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequest as FrameworkRequest, - mockOptions - ); - expect(data.pageInfo.showMorePagesIndicator).toBeFalsy(); - }); - }); - - describe('Filter by IP', () => { - const mockCallWithRequest = jest.fn(); - mockCallWithRequest.mockResolvedValue(mockResponseIp); - const mockFramework: FrameworkAdapter = { - callWithRequest: mockCallWithRequest, - getIndexPatternsService: jest.fn(), - registerGraphQLEndpoint: jest.fn(), - }; - jest.doMock('../framework', () => ({ - callWithRequest: mockCallWithRequest, - })); - - test('getNetworkTopNFlow', async () => { - const EsNetworkTopNFlow = new ElasticsearchNetworkAdapter(mockFramework); - const data: NetworkTopNFlowData = await EsNetworkTopNFlow.getNetworkTopNFlow( - mockRequestIp as FrameworkRequest, - mockOptionsIp - ); - expect(data).toEqual(mockResultIp); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts b/x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts deleted file mode 100644 index d12d225cc8908..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/elasticsearch_adapter.ts +++ /dev/null @@ -1,361 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { get, getOr } from 'lodash/fp'; - -import { - FlowTargetSourceDest, - AutonomousSystemItem, - GeoItem, - NetworkDnsData, - NetworkDnsEdges, - NetworkTopCountriesData, - NetworkTopCountriesEdges, - NetworkTopNFlowData, - NetworkHttpData, - NetworkHttpEdges, - NetworkTopNFlowEdges, -} from '../../graphql/types'; -import { inspectStringifyObject } from '../../utils/build_query'; -import { DatabaseSearchResponse, FrameworkAdapter, FrameworkRequest } from '../framework'; -import { TermAggregation } from '../types'; -import { DEFAULT_MAX_TABLE_QUERY_SIZE } from '../../../common/constants'; - -import { - NetworkDnsRequestOptions, - NetworkTopCountriesRequestOptions, - NetworkHttpRequestOptions, - NetworkTopNFlowRequestOptions, -} from './index'; -import { buildDnsQuery } from './query_dns.dsl'; -import { buildTopNFlowQuery, getOppositeField } from './query_top_n_flow.dsl'; -import { buildHttpQuery } from './query_http.dsl'; -import { buildTopCountriesQuery } from './query_top_countries.dsl'; -import { - NetworkAdapter, - NetworkDnsBuckets, - NetworkTopCountriesBuckets, - NetworkHttpBuckets, - NetworkTopNFlowBuckets, -} from './types'; - -export class ElasticsearchNetworkAdapter implements NetworkAdapter { - constructor(private readonly framework: FrameworkAdapter) {} - - public async getNetworkTopCountries( - request: FrameworkRequest, - options: NetworkTopCountriesRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildTopCountriesQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.top_countries_count.value', response); - const networkTopCountriesEdges: NetworkTopCountriesEdges[] = getTopCountriesEdges( - response, - options - ); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkTopCountriesEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } - - public async getNetworkTopNFlow( - request: FrameworkRequest, - options: NetworkTopNFlowRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildTopNFlowQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.top_n_flow_count.value', response); - const networkTopNFlowEdges: NetworkTopNFlowEdges[] = getTopNFlowEdges(response, options); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkTopNFlowEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } - - public async getNetworkDns( - request: FrameworkRequest, - options: NetworkDnsRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildDnsQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.dns_count.value', response); - const networkDnsEdges: NetworkDnsEdges[] = formatDnsEdges( - getOr([], 'aggregations.dns_name_query_count.buckets', response) - ); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkDnsEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } - - public async getNetworkHttp( - request: FrameworkRequest, - options: NetworkHttpRequestOptions - ): Promise { - if (options.pagination && options.pagination.querySize >= DEFAULT_MAX_TABLE_QUERY_SIZE) { - throw new Error(`No query size above ${DEFAULT_MAX_TABLE_QUERY_SIZE}`); - } - const dsl = buildHttpQuery(options); - const response = await this.framework.callWithRequest( - request, - 'search', - dsl - ); - const { activePage, cursorStart, fakePossibleCount, querySize } = options.pagination; - const totalCount = getOr(0, 'aggregations.http_count.value', response); - const networkHttpEdges: NetworkHttpEdges[] = getHttpEdges(response); - const fakeTotalCount = fakePossibleCount <= totalCount ? fakePossibleCount : totalCount; - const edges = networkHttpEdges.splice(cursorStart, querySize - cursorStart); - const inspect = { - dsl: [inspectStringifyObject(dsl)], - response: [inspectStringifyObject(response)], - }; - const showMorePagesIndicator = totalCount > fakeTotalCount; - - return { - edges, - inspect, - pageInfo: { - activePage: activePage ? activePage : 0, - fakeTotalCount, - showMorePagesIndicator, - }, - totalCount, - }; - } -} - -const getTopNFlowEdges = ( - response: DatabaseSearchResponse, - options: NetworkTopNFlowRequestOptions -): NetworkTopNFlowEdges[] => { - return formatTopNFlowEdges( - getOr([], `aggregations.${options.flowTarget}.buckets`, response), - options.flowTarget - ); -}; - -const getTopCountriesEdges = ( - response: DatabaseSearchResponse, - options: NetworkTopCountriesRequestOptions -): NetworkTopCountriesEdges[] => { - return formatTopCountriesEdges( - getOr([], `aggregations.${options.flowTarget}.buckets`, response), - options.flowTarget - ); -}; - -const getHttpEdges = ( - response: DatabaseSearchResponse -): NetworkHttpEdges[] => { - return formatHttpEdges(getOr([], `aggregations.url.buckets`, response)); -}; - -const getFlowTargetFromString = (flowAsString: string) => - flowAsString === 'source' ? FlowTargetSourceDest.source : FlowTargetSourceDest.destination; - -const getGeoItem = (result: NetworkTopNFlowBuckets): GeoItem | null => - result.location.top_geo.hits.hits.length > 0 && result.location.top_geo.hits.hits[0]._source - ? { - geo: getOr( - '', - `location.top_geo.hits.hits[0]._source.${ - Object.keys(result.location.top_geo.hits.hits[0]._source)[0] - }.geo`, - result - ), - flowTarget: getFlowTargetFromString( - Object.keys(result.location.top_geo.hits.hits[0]._source)[0] - ), - } - : null; - -const getAsItem = (result: NetworkTopNFlowBuckets): AutonomousSystemItem | null => - result.autonomous_system.top_as.hits.hits.length > 0 && - result.autonomous_system.top_as.hits.hits[0]._source - ? { - number: getOr( - null, - `autonomous_system.top_as.hits.hits[0]._source.${ - Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] - }.as.number`, - result - ), - name: getOr( - '', - `autonomous_system.top_as.hits.hits[0]._source.${ - Object.keys(result.autonomous_system.top_as.hits.hits[0]._source)[0] - }.as.organization.name`, - result - ), - } - : null; - -const formatTopNFlowEdges = ( - buckets: NetworkTopNFlowBuckets[], - flowTarget: FlowTargetSourceDest -): NetworkTopNFlowEdges[] => - buckets.map((bucket: NetworkTopNFlowBuckets) => ({ - node: { - _id: bucket.key, - [flowTarget]: { - domain: bucket.domain.buckets.map((bucketDomain) => bucketDomain.key), - ip: bucket.key, - location: getGeoItem(bucket), - autonomous_system: getAsItem(bucket), - flows: getOr(0, 'flows.value', bucket), - [`${getOppositeField(flowTarget)}_ips`]: getOr( - 0, - `${getOppositeField(flowTarget)}_ips.value`, - bucket - ), - }, - network: { - bytes_in: getOr(0, 'bytes_in.value', bucket), - bytes_out: getOr(0, 'bytes_out.value', bucket), - }, - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const formatTopCountriesEdges = ( - buckets: NetworkTopCountriesBuckets[], - flowTarget: FlowTargetSourceDest -): NetworkTopCountriesEdges[] => - buckets.map((bucket: NetworkTopCountriesBuckets) => ({ - node: { - _id: bucket.key, - [flowTarget]: { - country: bucket.key, - flows: getOr(0, 'flows.value', bucket), - [`${getOppositeField(flowTarget)}_ips`]: getOr( - 0, - `${getOppositeField(flowTarget)}_ips.value`, - bucket - ), - [`${flowTarget}_ips`]: getOr(0, `${flowTarget}_ips.value`, bucket), - }, - network: { - bytes_in: getOr(0, 'bytes_in.value', bucket), - bytes_out: getOr(0, 'bytes_out.value', bucket), - }, - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const formatDnsEdges = (buckets: NetworkDnsBuckets[]): NetworkDnsEdges[] => - buckets.map((bucket: NetworkDnsBuckets) => ({ - node: { - _id: bucket.key, - dnsBytesIn: getOrNumber('dns_bytes_in.value', bucket), - dnsBytesOut: getOrNumber('dns_bytes_out.value', bucket), - dnsName: bucket.key, - queryCount: bucket.doc_count, - uniqueDomains: getOrNumber('unique_domains.value', bucket), - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const formatHttpEdges = (buckets: NetworkHttpBuckets[]): NetworkHttpEdges[] => - buckets.map((bucket: NetworkHttpBuckets) => ({ - node: { - _id: bucket.key, - domains: bucket.domains.buckets.map(({ key }) => key), - methods: bucket.methods.buckets.map(({ key }) => key), - statuses: bucket.status.buckets.map(({ key }) => `${key}`), - lastHost: get('source.hits.hits[0]._source.host.name', bucket), - lastSourceIp: get('source.hits.hits[0]._source.source.ip', bucket), - path: bucket.key, - requestCount: bucket.doc_count, - }, - cursor: { - value: bucket.key, - tiebreaker: null, - }, - })); - -const getOrNumber = (path: string, bucket: NetworkTopNFlowBuckets | NetworkDnsBuckets) => { - const numb = get(path, bucket); - if (numb == null) { - return null; - } - return numb; -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/index.ts b/x-pack/plugins/security_solution/server/lib/network/index.ts deleted file mode 100644 index 42ce9f0726ddb..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/index.ts +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - FlowTargetSourceDest, - Maybe, - NetworkDnsData, - NetworkDnsSortField, - NetworkHttpData, - NetworkHttpSortField, - NetworkTopCountriesData, - NetworkTopNFlowData, - NetworkTopTablesSortField, -} from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; -export * from './elasticsearch_adapter'; -import { NetworkAdapter } from './types'; - -export * from './types'; - -export interface NetworkTopNFlowRequestOptions extends RequestOptionsPaginated { - networkTopNFlowSort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - ip?: Maybe; -} - -export interface NetworkTopCountriesRequestOptions extends RequestOptionsPaginated { - networkTopCountriesSort: NetworkTopTablesSortField; - flowTarget: FlowTargetSourceDest; - ip?: Maybe; -} - -export interface NetworkHttpRequestOptions extends RequestOptionsPaginated { - networkHttpSort: NetworkHttpSortField; - ip?: Maybe; -} - -export interface NetworkDnsRequestOptions extends RequestOptionsPaginated { - isPtrIncluded: boolean; - networkDnsSortField: NetworkDnsSortField; - stackByField?: Maybe; -} - -export class Network { - constructor(private readonly adapter: NetworkAdapter) {} - - public async getNetworkTopCountries( - req: FrameworkRequest, - options: NetworkTopCountriesRequestOptions - ): Promise { - return this.adapter.getNetworkTopCountries(req, options); - } - - public async getNetworkTopNFlow( - req: FrameworkRequest, - options: NetworkTopNFlowRequestOptions - ): Promise { - return this.adapter.getNetworkTopNFlow(req, options); - } - - public async getNetworkDns( - req: FrameworkRequest, - options: NetworkDnsRequestOptions - ): Promise { - return this.adapter.getNetworkDns(req, options); - } - - public async getNetworkHttp( - req: FrameworkRequest, - options: NetworkHttpRequestOptions - ): Promise { - return this.adapter.getNetworkHttp(req, options); - } -} diff --git a/x-pack/plugins/security_solution/server/lib/network/mock.ts b/x-pack/plugins/security_solution/server/lib/network/mock.ts deleted file mode 100644 index b421f7af56603..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/mock.ts +++ /dev/null @@ -1,1675 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { DEFAULT_INDEX_PATTERN } from '../../../common/constants'; -import { Direction, FlowTargetSourceDest, NetworkTopTablesFields } from '../../graphql/types'; - -import { NetworkTopNFlowRequestOptions } from '.'; - -export const mockOptions: NetworkTopNFlowRequestOptions = { - defaultIndex: DEFAULT_INDEX_PATTERN, - sourceConfiguration: { - fields: { - container: 'docker.container.name', - host: 'beat.hostname', - message: ['message', '@message'], - pod: 'kubernetes.pod.name', - tiebreaker: '_doc', - timestamp: '@timestamp', - }, - }, - timerange: { interval: '12h', to: '2019-02-11T02:26:46.071Z', from: '2019-02-11T02:26:46.071Z' }, - pagination: { - activePage: 0, - cursorStart: 0, - fakePossibleCount: 50, - querySize: 10, - }, - filterQuery: {}, - fields: [ - 'totalCount', - 'source.ip', - 'source.domain', - 'source.__typename', - 'destination.ip', - 'destination.domain', - 'destination.__typename', - 'event.duration', - 'event.__typename', - 'network.bytes_in', - 'network.bytes_out', - 'network.__typename', - '__typename', - 'edges.cursor.value', - 'edges.cursor.__typename', - 'edges.__typename', - 'pageInfo.activePage', - 'pageInfo.__typename', - 'pageInfo.fakeTotalCount', - 'pageInfo.__typename', - 'pageInfo.showMorePagesIndicator', - 'pageInfo.__typename', - '__typename', - ], - networkTopNFlowSort: { field: NetworkTopTablesFields.bytes_out, direction: Direction.desc }, - flowTarget: FlowTargetSourceDest.source, -}; - -export const mockRequest = { - body: { - operationName: 'GetNetworkTopNFlowQuery', - variables: { - filterQuery: '', - flowTarget: FlowTargetSourceDest.source, - pagination: { - activePage: 0, - cursorStart: 0, - fakePossibleCount: 50, - querySize: 10, - }, - sourceId: 'default', - timerange: { interval: '12h', from: 1549765830772, to: 1549852230772 }, - }, - query: ` - query GetNetworkTopNFlowQuery( - $sourceId: ID! - $ip: String - $filterQuery: String - $pagination: PaginationInputPaginated! - $sort: NetworkTopTablesSortField! - $flowTarget: FlowTargetSourceDest! - $timerange: TimerangeInput! - $defaultIndex: [String!]! - $inspect: Boolean! - ) { - source(id: $sourceId) { - id - NetworkTopNFlow( - filterQuery: $filterQuery - flowTarget: $flowTarget - ip: $ip - pagination: $pagination - sort: $sort - timerange: $timerange - defaultIndex: $defaultIndex - ) { - totalCount - edges { - node { - source { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - destination_ips - } - destination { - autonomous_system { - name - number - } - domain - ip - location { - geo { - continent_name - country_name - country_iso_code - city_name - region_iso_code - region_name - } - flowTarget - } - flows - source_ips - } - network { - bytes_in - bytes_out - } - } - cursor { - value - } - } - pageInfo { - activePage - fakeTotalCount - showMorePagesIndicator - } - inspect @include(if: $inspect) { - dsl - response - } - } - } - } -`, - }, -}; - -export const mockResponse = { - took: 122, - timed_out: false, - _shards: { - total: 11, - successful: 11, - skipped: 0, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - top_n_flow_count: { - value: 545, - }, - [FlowTargetSourceDest.source]: { - buckets: [ - { - key: '1.1.1.1', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11276023407, - }, - bytes_out: { - value: 1025631, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.1.net', - }, - ], - }, - }, - { - key: '2.2.2.2', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 5469323342, - }, - bytes_out: { - value: 2811441, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.2.net', - }, - ], - }, - }, - { - key: '3.3.3.3', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 3807671322, - }, - bytes_out: { - value: 4494034, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.3.com', - }, - { - key: 'test.3-duplicate.com', - }, - ], - }, - }, - { - key: '4.4.4.4', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 166517626, - }, - bytes_out: { - value: 3194782, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.4.com', - }, - ], - }, - }, - { - key: '5.5.5.5', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 104785026, - }, - bytes_out: { - value: 1838597, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.5.com', - }, - ], - }, - }, - { - key: '6.6.6.6', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 28804250, - }, - bytes_out: { - value: 482982, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 31, - buckets: [ - { - key: 'test.6.com', - }, - ], - }, - }, - { - key: '7.7.7.7', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 23032363, - }, - bytes_out: { - value: 400623, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - doc_count_error_upper_bound: 0, - sum_other_doc_count: 0, - buckets: [ - { - key: 'test.7.com', - }, - ], - }, - }, - { - key: '8.8.8.8', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 21424889, - }, - bytes_out: { - value: 344357, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.8.com', - }, - ], - }, - }, - { - key: '9.9.9.9', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 19205000, - }, - bytes_out: { - value: 355663, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.9.com', - }, - ], - }, - }, - { - key: '10.10.10.10', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11407633, - }, - bytes_out: { - value: 199360, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.10.com', - }, - ], - }, - }, - { - key: '11.11.11.11', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11393327, - }, - bytes_out: { - value: 195914, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.11.com', - }, - ], - }, - }, - ], - }, - }, -}; - -export const mockTopNFlowQueryDsl = { - mockTopNFlowQueryDsl: 'mockTopNFlowQueryDsl', -}; - -export const mockResult = { - inspect: { - dsl: [JSON.stringify(mockTopNFlowQueryDsl, null, 2)], - response: [JSON.stringify(mockResponse, null, 2)], - }, - edges: [ - { - cursor: { - tiebreaker: null, - value: '1.1.1.1', - }, - node: { - _id: '1.1.1.1', - network: { - bytes_in: 11276023407, - bytes_out: 1025631, - }, - source: { - domain: ['test.1.net'], - ip: '1.1.1.1', - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '2.2.2.2', - }, - node: { - _id: '2.2.2.2', - network: { - bytes_in: 5469323342, - bytes_out: 2811441, - }, - source: { - domain: ['test.2.net'], - ip: '2.2.2.2', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '3.3.3.3', - }, - node: { - _id: '3.3.3.3', - network: { - bytes_in: 3807671322, - bytes_out: 4494034, - }, - source: { - domain: ['test.3.com', 'test.3-duplicate.com'], - ip: '3.3.3.3', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '4.4.4.4', - }, - node: { - _id: '4.4.4.4', - network: { - bytes_in: 166517626, - bytes_out: 3194782, - }, - source: { - domain: ['test.4.com'], - ip: '4.4.4.4', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '5.5.5.5', - }, - node: { - _id: '5.5.5.5', - network: { - bytes_in: 104785026, - bytes_out: 1838597, - }, - source: { - domain: ['test.5.com'], - ip: '5.5.5.5', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '6.6.6.6', - }, - node: { - _id: '6.6.6.6', - network: { - bytes_in: 28804250, - bytes_out: 482982, - }, - source: { - domain: ['test.6.com'], - ip: '6.6.6.6', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '7.7.7.7', - }, - node: { - _id: '7.7.7.7', - network: { - bytes_in: 23032363, - bytes_out: 400623, - }, - source: { - domain: ['test.7.com'], - ip: '7.7.7.7', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '8.8.8.8', - }, - node: { - _id: '8.8.8.8', - network: { - bytes_in: 21424889, - bytes_out: 344357, - }, - source: { - domain: ['test.8.com'], - ip: '8.8.8.8', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '9.9.9.9', - }, - node: { - _id: '9.9.9.9', - network: { - bytes_in: 19205000, - bytes_out: 355663, - }, - source: { - domain: ['test.9.com'], - ip: '9.9.9.9', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - { - cursor: { - tiebreaker: null, - value: '10.10.10.10', - }, - node: { - _id: '10.10.10.10', - network: { - bytes_in: 11407633, - bytes_out: 199360, - }, - source: { - domain: ['test.10.com'], - ip: '10.10.10.10', - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - ], - pageInfo: { - activePage: 0, - fakeTotalCount: 50, - showMorePagesIndicator: true, - }, - totalCount: 545, -}; - -export const mockOptionsIp: NetworkTopNFlowRequestOptions = { - ...mockOptions, - ip: '1.1.1.1', -}; - -export const mockRequestIp = { - ...mockRequest, - body: { - ...mockRequest.body, - variables: { - ...mockRequest.body.variables, - ip: '1.1.1.1', - }, - }, -}; - -export const mockResponseIp = { - took: 122, - timed_out: false, - _shards: { - total: 1, - successful: 1, - skipped: 0, - failed: 0, - }, - hits: { - max_score: null, - hits: [], - }, - aggregations: { - top_n_flow_count: { - value: 1, - }, - [FlowTargetSourceDest.source]: { - buckets: [ - { - key: '1.1.1.1', - flows: { value: 1234567 }, - destination_ips: { value: 345345 }, - bytes_in: { - value: 11276023407, - }, - bytes_out: { - value: 1025631, - }, - location: { - doc_count: 14, - top_geo: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - geo: { - continent_name: 'North America', - region_iso_code: 'US-PA', - city_name: 'Philadelphia', - country_iso_code: 'US', - region_name: 'Pennsylvania', - location: { - lon: -75.1534, - lat: 39.9359, - }, - }, - }, - }, - }, - ], - }, - }, - }, - autonomous_system: { - doc_count: 14, - top_as: { - hits: { - total: { - value: 14, - relation: 'eq', - }, - max_score: 1, - hits: [ - { - _index: 'filebeat-8.0.0-2019.06.19-000005', - _type: '_doc', - _id: 'dd4fa2d4bd-692279846149410', - _score: 1, - _source: { - source: { - as: { - number: 3356, - organization: { - name: 'Level 3 Parent, LLC', - }, - }, - }, - }, - }, - ], - }, - }, - }, - domain: { - buckets: [ - { - key: 'test.1.net', - }, - ], - }, - }, - ], - }, - }, -}; - -export const mockResultIp = { - inspect: { - dsl: [JSON.stringify(mockTopNFlowQueryDsl, null, 2)], - response: [JSON.stringify(mockResponseIp, null, 2)], - }, - edges: [ - { - cursor: { - tiebreaker: null, - value: '1.1.1.1', - }, - node: { - _id: '1.1.1.1', - network: { - bytes_in: 11276023407, - bytes_out: 1025631, - }, - source: { - domain: ['test.1.net'], - ip: '1.1.1.1', - autonomous_system: { - name: 'Level 3 Parent, LLC', - number: 3356, - }, - location: { - flowTarget: 'source', - geo: { - city_name: 'Philadelphia', - continent_name: 'North America', - country_iso_code: 'US', - location: { - lat: 39.9359, - lon: -75.1534, - }, - region_iso_code: 'US-PA', - region_name: 'Pennsylvania', - }, - }, - flows: 1234567, - destination_ips: 345345, - }, - }, - }, - ], - pageInfo: { - activePage: 0, - fakeTotalCount: 1, - showMorePagesIndicator: false, - }, - totalCount: 1, -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts deleted file mode 100644 index 90781e7b48b4a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_dns.dsl.ts +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { isEmpty } from 'lodash/fp'; - -import { assertUnreachable } from '../../../common/utility_types'; -import { Direction, NetworkDnsFields, NetworkDnsSortField } from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { NetworkDnsRequestOptions } from './index'; - -type QueryOrder = - | { _count: Direction } - | { _key: Direction } - | { unique_domains: Direction } - | { dns_bytes_in: Direction } - | { dns_bytes_out: Direction }; - -const getQueryOrder = (networkDnsSortField: NetworkDnsSortField): QueryOrder => { - switch (networkDnsSortField.field) { - case NetworkDnsFields.queryCount: - return { _count: networkDnsSortField.direction }; - case NetworkDnsFields.dnsName: - return { _key: networkDnsSortField.direction }; - case NetworkDnsFields.uniqueDomains: - return { unique_domains: networkDnsSortField.direction }; - case NetworkDnsFields.dnsBytesIn: - return { dns_bytes_in: networkDnsSortField.direction }; - case NetworkDnsFields.dnsBytesOut: - return { dns_bytes_out: networkDnsSortField.direction }; - } - assertUnreachable(networkDnsSortField.field); -}; - -const getCountAgg = () => ({ - dns_count: { - cardinality: { - field: 'dns.question.registered_domain', - }, - }, -}); - -const createIncludePTRFilter = (isPtrIncluded: boolean) => - isPtrIncluded - ? {} - : { - must_not: [ - { - term: { - 'dns.question.type': { - value: 'PTR', - }, - }, - }, - ], - }; - -export const buildDnsQuery = ({ - defaultIndex, - docValueFields, - filterQuery, - isPtrIncluded, - networkDnsSortField, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - stackByField = 'dns.question.registered_domain', - timerange: { from, to }, -}: NetworkDnsRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { - gte: from, - lte: to, - format: 'strict_date_optional_time', - }, - }, - }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - ...(isEmpty(docValueFields) ? { docvalue_fields: docValueFields } : {}), - aggregations: { - ...getCountAgg(), - dns_name_query_count: { - terms: { - field: stackByField, - size: querySize, - order: { - ...getQueryOrder(networkDnsSortField), - }, - }, - aggs: { - unique_domains: { - cardinality: { - field: 'dns.question.name', - }, - }, - dns_bytes_in: { - sum: { - field: 'source.bytes', - }, - }, - dns_bytes_out: { - sum: { - field: 'destination.bytes', - }, - }, - }, - }, - }, - query: { - bool: { - filter, - ...createIncludePTRFilter(isPtrIncluded), - }, - }, - }, - size: 0, - track_total_hits: false, - }; - - return dslQuery; -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts deleted file mode 100644 index a2d1963414be1..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_http.dsl.ts +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -import { NetworkHttpSortField } from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { NetworkHttpRequestOptions } from './index'; - -const getCountAgg = () => ({ - http_count: { - cardinality: { - field: 'url.path', - }, - }, -}); - -export const buildHttpQuery = ({ - defaultIndex, - filterQuery, - networkHttpSort, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, - ip, -}: NetworkHttpRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - { exists: { field: 'http.request.method' } }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggregations: { - ...getCountAgg(), - ...getHttpAggs(networkHttpSort, querySize), - }, - query: { - bool: ip - ? { - filter, - should: [ - { - term: { - 'source.ip': ip, - }, - }, - { - term: { - 'destination.ip': ip, - }, - }, - ], - minimum_should_match: 1, - } - : { - filter, - }, - }, - }, - size: 0, - track_total_hits: false, - }; - return dslQuery; -}; - -const getHttpAggs = (networkHttpSortField: NetworkHttpSortField, querySize: number) => ({ - url: { - terms: { - field: `url.path`, - size: querySize, - order: { - _count: networkHttpSortField.direction, - }, - }, - aggs: { - methods: { - terms: { - field: 'http.request.method', - size: 4, - }, - }, - domains: { - terms: { - field: 'url.domain', - size: 4, - }, - }, - status: { - terms: { - field: 'http.response.status_code', - size: 4, - }, - }, - source: { - top_hits: { - size: 1, - _source: { - includes: ['host.name', 'source.ip'], - }, - }, - }, - }, - }, -}); diff --git a/x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts deleted file mode 100644 index be0b8fb64c76a..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_top_countries.dsl.ts +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - Direction, - FlowTargetSourceDest, - NetworkTopTablesSortField, - NetworkTopTablesFields, -} from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; -import { assertUnreachable } from '../../../common/utility_types'; -import { NetworkTopCountriesRequestOptions } from './index'; - -const getCountAgg = (flowTarget: FlowTargetSourceDest) => ({ - top_countries_count: { - cardinality: { - field: `${flowTarget}.geo.country_iso_code`, - }, - }, -}); - -export const buildTopCountriesQuery = ({ - defaultIndex, - filterQuery, - flowTarget, - networkTopCountriesSort, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, - ip, -}: NetworkTopCountriesRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggregations: { - ...getCountAgg(flowTarget), - ...getFlowTargetAggs(networkTopCountriesSort, flowTarget, querySize), - }, - query: { - bool: ip - ? { - filter, - should: [ - { - term: { - [`${getOppositeField(flowTarget)}.ip`]: ip, - }, - }, - ], - minimum_should_match: 1, - } - : { - filter, - }, - }, - }, - size: 0, - track_total_hits: false, - }; - return dslQuery; -}; - -const getFlowTargetAggs = ( - networkTopCountriesSortField: NetworkTopTablesSortField, - flowTarget: FlowTargetSourceDest, - querySize: number -) => ({ - [flowTarget]: { - terms: { - field: `${flowTarget}.geo.country_iso_code`, - size: querySize, - order: { - ...getQueryOrder(networkTopCountriesSortField), - }, - }, - aggs: { - bytes_in: { - sum: { - field: `${getOppositeField(flowTarget)}.bytes`, - }, - }, - bytes_out: { - sum: { - field: `${flowTarget}.bytes`, - }, - }, - flows: { - cardinality: { - field: 'network.community_id', - }, - }, - source_ips: { - cardinality: { - field: 'source.ip', - }, - }, - destination_ips: { - cardinality: { - field: 'destination.ip', - }, - }, - }, - }, -}); - -export const getOppositeField = (flowTarget: FlowTargetSourceDest): FlowTargetSourceDest => { - switch (flowTarget) { - case FlowTargetSourceDest.source: - return FlowTargetSourceDest.destination; - case FlowTargetSourceDest.destination: - return FlowTargetSourceDest.source; - } - assertUnreachable(flowTarget); -}; - -type QueryOrder = - | { bytes_in: Direction } - | { bytes_out: Direction } - | { flows: Direction } - | { destination_ips: Direction } - | { source_ips: Direction }; - -const getQueryOrder = (networkTopCountriesSortField: NetworkTopTablesSortField): QueryOrder => { - switch (networkTopCountriesSortField.field) { - case NetworkTopTablesFields.bytes_in: - return { bytes_in: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.bytes_out: - return { bytes_out: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.flows: - return { flows: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.destination_ips: - return { destination_ips: networkTopCountriesSortField.direction }; - case NetworkTopTablesFields.source_ips: - return { source_ips: networkTopCountriesSortField.direction }; - } - assertUnreachable(networkTopCountriesSortField.field); -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts b/x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts deleted file mode 100644 index 14a9c5e33aca0..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/query_top_n_flow.dsl.ts +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { assertUnreachable } from '../../../common/utility_types'; -import { - Direction, - FlowTargetSourceDest, - NetworkTopTablesSortField, - NetworkTopTablesFields, -} from '../../graphql/types'; -import { createQueryFilterClauses } from '../../utils/build_query'; - -import { NetworkTopNFlowRequestOptions } from './index'; - -const getCountAgg = (flowTarget: FlowTargetSourceDest) => ({ - top_n_flow_count: { - cardinality: { - field: `${flowTarget}.ip`, - }, - }, -}); - -export const buildTopNFlowQuery = ({ - defaultIndex, - filterQuery, - flowTarget, - networkTopNFlowSort, - pagination: { querySize }, - sourceConfiguration: { - fields: { timestamp }, - }, - timerange: { from, to }, - ip, -}: NetworkTopNFlowRequestOptions) => { - const filter = [ - ...createQueryFilterClauses(filterQuery), - { - range: { - [timestamp]: { gte: from, lte: to, format: 'strict_date_optional_time' }, - }, - }, - ]; - - const dslQuery = { - allowNoIndices: true, - index: defaultIndex, - ignoreUnavailable: true, - body: { - aggregations: { - ...getCountAgg(flowTarget), - ...getFlowTargetAggs(networkTopNFlowSort, flowTarget, querySize), - }, - query: { - bool: ip - ? { - filter, - should: [ - { - term: { - [`${getOppositeField(flowTarget)}.ip`]: ip, - }, - }, - ], - minimum_should_match: 1, - } - : { - filter, - }, - }, - }, - size: 0, - track_total_hits: false, - }; - return dslQuery; -}; - -const getFlowTargetAggs = ( - networkTopNFlowSortField: NetworkTopTablesSortField, - flowTarget: FlowTargetSourceDest, - querySize: number -) => ({ - [flowTarget]: { - terms: { - field: `${flowTarget}.ip`, - size: querySize, - order: { - ...getQueryOrder(networkTopNFlowSortField), - }, - }, - aggs: { - bytes_in: { - sum: { - field: `${getOppositeField(flowTarget)}.bytes`, - }, - }, - bytes_out: { - sum: { - field: `${flowTarget}.bytes`, - }, - }, - domain: { - terms: { - field: `${flowTarget}.domain`, - order: { - timestamp: 'desc', - }, - }, - aggs: { - timestamp: { - max: { - field: '@timestamp', - }, - }, - }, - }, - location: { - filter: { - exists: { - field: `${flowTarget}.geo`, - }, - }, - aggs: { - top_geo: { - top_hits: { - _source: `${flowTarget}.geo.*`, - size: 1, - }, - }, - }, - }, - autonomous_system: { - filter: { - exists: { - field: `${flowTarget}.as`, - }, - }, - aggs: { - top_as: { - top_hits: { - _source: `${flowTarget}.as.*`, - size: 1, - }, - }, - }, - }, - flows: { - cardinality: { - field: 'network.community_id', - }, - }, - [`${getOppositeField(flowTarget)}_ips`]: { - cardinality: { - field: `${getOppositeField(flowTarget)}.ip`, - }, - }, - }, - }, -}); - -export const getOppositeField = (flowTarget: FlowTargetSourceDest): FlowTargetSourceDest => { - switch (flowTarget) { - case FlowTargetSourceDest.source: - return FlowTargetSourceDest.destination; - case FlowTargetSourceDest.destination: - return FlowTargetSourceDest.source; - } - assertUnreachable(flowTarget); -}; - -type QueryOrder = - | { bytes_in: Direction } - | { bytes_out: Direction } - | { flows: Direction } - | { destination_ips: Direction } - | { source_ips: Direction }; - -const getQueryOrder = (networkTopNFlowSortField: NetworkTopTablesSortField): QueryOrder => { - switch (networkTopNFlowSortField.field) { - case NetworkTopTablesFields.bytes_in: - return { bytes_in: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.bytes_out: - return { bytes_out: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.flows: - return { flows: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.destination_ips: - return { destination_ips: networkTopNFlowSortField.direction }; - case NetworkTopTablesFields.source_ips: - return { source_ips: networkTopNFlowSortField.direction }; - } - assertUnreachable(networkTopNFlowSortField.field); -}; diff --git a/x-pack/plugins/security_solution/server/lib/network/types.ts b/x-pack/plugins/security_solution/server/lib/network/types.ts deleted file mode 100644 index b7848be097151..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/network/types.ts +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { - NetworkDnsData, - NetworkHttpData, - NetworkTopCountriesData, - NetworkTopNFlowData, -} from '../../graphql/types'; -import { FrameworkRequest, RequestOptionsPaginated } from '../framework'; -import { TotalValue } from '../types'; -import { NetworkDnsRequestOptions } from '.'; - -export interface NetworkAdapter { - getNetworkTopCountries( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise; - getNetworkTopNFlow( - req: FrameworkRequest, - options: RequestOptionsPaginated - ): Promise; - getNetworkDns(req: FrameworkRequest, options: NetworkDnsRequestOptions): Promise; - getNetworkHttp(req: FrameworkRequest, options: RequestOptionsPaginated): Promise; -} - -export interface GenericBuckets { - key: string; - doc_count: number; -} - -interface LocationHit { - doc_count: number; - top_geo: { - hits: { - total: TotalValue | number; - max_score: number | null; - hits: Array<{ - _source: T; - sort?: [number]; - _index?: string; - _type?: string; - _id?: string; - _score?: number | null; - }>; - }; - }; -} - -interface AutonomousSystemHit { - doc_count: number; - top_as: { - hits: { - total: TotalValue | number; - max_score: number | null; - hits: Array<{ - _source: T; - sort?: [number]; - _index?: string; - _type?: string; - _id?: string; - _score?: number | null; - }>; - }; - }; -} - -interface HttpHit { - hits: { - total: TotalValue | number; - max_score: number | null; - hits: Array<{ - _source: T; - sort?: [number]; - _index?: string; - _type?: string; - _id?: string; - _score?: number | null; - }>; - }; -} - -export interface NetworkTopNFlowBuckets { - key: string; - autonomous_system: AutonomousSystemHit; - bytes_in: { - value: number; - }; - bytes_out: { - value: number; - }; - domain: { - buckets: GenericBuckets[]; - }; - location: LocationHit; - flows: number; - destination_ips?: number; - source_ips?: number; -} - -export interface NetworkTopCountriesBuckets { - country: string; - key: string; - bytes_in: { - value: number; - }; - bytes_out: { - value: number; - }; - flows: number; - destination_ips: number; - source_ips: number; -} - -export interface NetworkDnsBuckets { - key: string; - doc_count: number; - unique_domains: { - value: number; - }; - dns_bytes_in: { - value: number; - }; - dns_bytes_out: { - value: number; - }; -} - -export interface NetworkHttpBuckets { - key: string; - doc_count: number; - domains: { - buckets: GenericBuckets[]; - }; - methods: { - buckets: GenericBuckets[]; - }; - source: HttpHit; - status: { - buckets: GenericBuckets[]; - }; -} - -interface DnsHistogramSubBucket { - key: string; - doc_count: number; - orderAgg: { - value: number; - }; -} -interface DnsHistogramBucket { - doc_count_error_upper_bound: number; - sum_other_doc_count: number; - buckets: DnsHistogramSubBucket[]; -} - -export interface DnsHistogramGroupData { - key: number; - doc_count: number; - key_as_string: string; - histogram: DnsHistogramBucket; -} diff --git a/x-pack/plugins/security_solution/server/lib/types.ts b/x-pack/plugins/security_solution/server/lib/types.ts index 6e233f6e49d3b..7e59280cd1358 100644 --- a/x-pack/plugins/security_solution/server/lib/types.ts +++ b/x-pack/plugins/security_solution/server/lib/types.ts @@ -8,32 +8,20 @@ import { AuthenticatedUser } from '../../../security/common/model'; import { RequestHandlerContext } from '../../../../../src/core/server'; export { ConfigType as Configuration } from '../config'; -import { Authentications } from './authentications'; -import { Events } from './events'; import { FrameworkAdapter, FrameworkRequest } from './framework'; import { Hosts } from './hosts'; import { IndexFields } from './index_fields'; -import { KpiHosts } from './kpi_hosts'; -import { KpiNetwork } from './kpi_network'; -import { Network } from './network'; import { SourceStatus } from './source_status'; import { Sources } from './sources'; import { Note } from './note/saved_object'; import { PinnedEvent } from './pinned_event/saved_object'; import { Timeline } from './timeline/saved_object'; -import { MatrixHistogram } from './matrix_histogram'; export * from './hosts'; export interface AppDomainLibs { - authentications: Authentications; - events: Events; fields: IndexFields; hosts: Hosts; - matrixHistogram: MatrixHistogram; - network: Network; - kpiNetwork: KpiNetwork; - kpiHosts: KpiHosts; } export interface AppBackendLibs extends AppDomainLibs { diff --git a/x-pack/test/api_integration/apis/security_solution/authentications.ts b/x-pack/test/api_integration/apis/security_solution/authentications.ts index 277ac7316e92d..d36f9aeaa8804 100644 --- a/x-pack/test/api_integration/apis/security_solution/authentications.ts +++ b/x-pack/test/api_integration/apis/security_solution/authentications.ts @@ -6,7 +6,9 @@ import expect from '@kbn/expect'; +// @ts-expect-error import { authenticationsQuery } from '../../../../plugins/security_solution/public/hosts/containers/authentications/index.gql_query'; +// @ts-expect-error import { GetAuthenticationsQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/index.js b/x-pack/test/api_integration/apis/security_solution/index.js index a143d94dde172..3d24af4413800 100644 --- a/x-pack/test/api_integration/apis/security_solution/index.js +++ b/x-pack/test/api_integration/apis/security_solution/index.js @@ -6,20 +6,20 @@ export default function ({ loadTestFile }) { describe('Siem GraphQL Endpoints', () => { - loadTestFile(require.resolve('./authentications')); + // loadTestFile(require.resolve('./authentications')); loadTestFile(require.resolve('./hosts')); - loadTestFile(require.resolve('./kpi_network')); - loadTestFile(require.resolve('./kpi_hosts')); - loadTestFile(require.resolve('./network_dns')); - loadTestFile(require.resolve('./network_top_n_flow')); + // loadTestFile(require.resolve('./kpi_network')); + // loadTestFile(require.resolve('./kpi_hosts')); + // loadTestFile(require.resolve('./network_dns')); + // loadTestFile(require.resolve('./network_top_n_flow')); // loadTestFile(require.resolve('./overview_host')); loadTestFile(require.resolve('./saved_objects/notes')); loadTestFile(require.resolve('./saved_objects/pinned_events')); loadTestFile(require.resolve('./saved_objects/timeline')); loadTestFile(require.resolve('./sources')); // loadTestFile(require.resolve('./overview_network')); - loadTestFile(require.resolve('./timeline')); - loadTestFile(require.resolve('./timeline_details')); + // loadTestFile(require.resolve('./timeline')); + // loadTestFile(require.resolve('./timeline_details')); // loadTestFile(require.resolve('./uncommon_processes')); // loadTestFile(require.resolve('./users')); // loadTestFile(require.resolve('./tls')); diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts b/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts index c446fbb149e3a..27e4e02ee7d08 100644 --- a/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts +++ b/x-pack/test/api_integration/apis/security_solution/kpi_host_details.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { kpiHostDetailsQuery } from '../../../../plugins/security_solution/public/hosts/containers/kpi_host_details/index.gql_query'; +// @ts-expect-error import { GetKpiHostDetailsQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts b/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts index dcea52edcddf9..64109bd4d9321 100644 --- a/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts +++ b/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { kpiHostsQuery } from '../../../../plugins/security_solution/public/hosts/containers/kpi_hosts/index.gql_query'; +// @ts-expect-error import { GetKpiHostsQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_network.ts b/x-pack/test/api_integration/apis/security_solution/kpi_network.ts index 654607913d44a..14b061d678898 100644 --- a/x-pack/test/api_integration/apis/security_solution/kpi_network.ts +++ b/x-pack/test/api_integration/apis/security_solution/kpi_network.ts @@ -5,7 +5,9 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { kpiNetworkQuery } from '../../../../plugins/security_solution/public/network/containers/kpi_network/index.gql_query'; +// @ts-expect-error import { GetKpiNetworkQuery } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/network_dns.ts b/x-pack/test/api_integration/apis/security_solution/network_dns.ts index e5f3ed18d32ea..b53e2cc72853a 100644 --- a/x-pack/test/api_integration/apis/security_solution/network_dns.ts +++ b/x-pack/test/api_integration/apis/security_solution/network_dns.ts @@ -5,10 +5,13 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { networkDnsQuery } from '../../../../plugins/security_solution/public/network/containers/network_dns/index.gql_query'; import { Direction, + // @ts-expect-error GetNetworkDnsQuery, + // @ts-expect-error NetworkDnsFields, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; @@ -53,6 +56,7 @@ export default function ({ getService }: FtrProviderContext) { const networkDns = resp.data.source.NetworkDns; expect(networkDns.edges.length).to.be(10); expect(networkDns.totalCount).to.be(44); + // @ts-expect-error expect(networkDns.edges.map((i) => i.node.dnsName).join(',')).to.be( 'aaplimg.com,adgrx.com,akadns.net,akamaiedge.net,amazonaws.com,cbsistatic.com,cdn-apple.com,connman.net,crowbird.com,d1oxlq5h9kq8q5.cloudfront.net' ); @@ -90,6 +94,7 @@ export default function ({ getService }: FtrProviderContext) { const networkDns = resp.data.source.NetworkDns; expect(networkDns.edges.length).to.be(10); expect(networkDns.totalCount).to.be(44); + // @ts-expect-error expect(networkDns.edges.map((i) => i.node.dnsName).join(',')).to.be( 'nflxvideo.net,apple.com,netflix.com,samsungcloudsolution.com,samsungqbe.com,samsungelectronics.com,internetat.tv,samsungcloudsolution.net,samsungosp.com,cbsnews.com' ); diff --git a/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts b/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts index 6033fdfefa4db..81a1924019a55 100644 --- a/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts +++ b/x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts @@ -5,11 +5,14 @@ */ import expect from '@kbn/expect'; +// @ts-expect-error import { networkTopNFlowQuery } from '../../../../plugins/security_solution/public/network/containers/network_top_n_flow/index.gql_query'; import { Direction, FlowTargetSourceDest, + // @ts-expect-error GetNetworkTopNFlowQuery, + // @ts-expect-error NetworkTopTablesFields, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; @@ -55,6 +58,7 @@ export default function ({ getService }: FtrProviderContext) { const networkTopNFlow = resp.data.source.NetworkTopNFlow; expect(networkTopNFlow.edges.length).to.be(EDGE_LENGTH); expect(networkTopNFlow.totalCount).to.be(121); + // @ts-expect-error expect(networkTopNFlow.edges.map((i) => i.node.source!.ip).join(',')).to.be( '10.100.7.196,10.100.7.199,10.100.7.197,10.100.7.198,3.82.33.170,17.249.172.100,10.100.4.1,8.248.209.244,8.248.211.247,8.248.213.244' ); @@ -93,6 +97,7 @@ export default function ({ getService }: FtrProviderContext) { const networkTopNFlow = resp.data.source.NetworkTopNFlow; expect(networkTopNFlow.edges.length).to.be(EDGE_LENGTH); expect(networkTopNFlow.totalCount).to.be(121); + // @ts-expect-error expect(networkTopNFlow.edges.map((i) => i.node.source!.ip).join(',')).to.be( '8.248.209.244,8.248.211.247,8.248.213.244,8.248.223.246,8.250.107.245,8.250.121.236,8.250.125.244,8.253.38.231,8.253.157.112,8.253.157.240' ); diff --git a/x-pack/test/api_integration/apis/security_solution/timeline.ts b/x-pack/test/api_integration/apis/security_solution/timeline.ts index 5bd015a130a5a..8ae562a961431 100644 --- a/x-pack/test/api_integration/apis/security_solution/timeline.ts +++ b/x-pack/test/api_integration/apis/security_solution/timeline.ts @@ -6,9 +6,11 @@ import expect from '@kbn/expect'; +// @ts-expect-error import { timelineQuery } from '../../../../plugins/security_solution/public/timelines/containers/index.gql_query'; import { Direction, + // @ts-expect-error GetTimelineQuery, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; diff --git a/x-pack/test/api_integration/apis/security_solution/timeline_details.ts b/x-pack/test/api_integration/apis/security_solution/timeline_details.ts index 35f419fde894d..559cdc8c29c09 100644 --- a/x-pack/test/api_integration/apis/security_solution/timeline_details.ts +++ b/x-pack/test/api_integration/apis/security_solution/timeline_details.ts @@ -7,9 +7,12 @@ import expect from '@kbn/expect'; import { sortBy } from 'lodash'; +// @ts-expect-error import { timelineDetailsQuery } from '../../../../plugins/security_solution/public/timelines/containers/details/index.gql_query'; import { + // @ts-expect-error DetailItem, + // @ts-expect-error GetTimelineDetailsQuery, } from '../../../../plugins/security_solution/public/graphql/types'; import { FtrProviderContext } from '../../ftr_provider_context'; From 41927d9a63b29836a070fa42b793e828dd60ce0e Mon Sep 17 00:00:00 2001 From: Paul Tavares <56442535+paul-tavares@users.noreply.github.com> Date: Thu, 24 Sep 2020 12:25:08 -0400 Subject: [PATCH 038/120] [SECURITY_SOLUTION][ENDPOINT] Trusted App Create Form show inline validations errors (#78305) * Updated structure for `ValidationResult` type * show errors on the ui if field is invalid * Support for tracking visited fields * Remove use of Snapshots in Trusted Apps tests --- .../trusted_apps_list.test.tsx.snap | 7 + .../trusted_apps_page.test.tsx.snap | 1053 ----------------- .../create_trusted_app_form.test.tsx | 304 +++++ .../components/create_trusted_app_form.tsx | 161 ++- .../components/condition_entry.tsx | 21 +- .../components/condition_group.tsx | 9 +- .../logical_condition_builder.tsx | 3 +- .../trusted_apps/view/trusted_apps_list.tsx | 1 + .../view/trusted_apps_page.test.tsx | 16 +- 9 files changed, 498 insertions(+), 1077 deletions(-) delete mode 100644 x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_page.test.tsx.snap create mode 100644 x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/create_trusted_app_form.test.tsx diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap index 46885bd653dc2..ccd94c63e96c8 100644 --- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/__snapshots__/trusted_apps_list.test.tsx.snap @@ -4,6 +4,7 @@ exports[`TrustedAppsList renders correctly initially 1`] = `
    -
    -
    -
    -
    -
    -

    - Trusted Applications - - - Beta - -

    -
    -
    - View and configure trusted applications -
    -
    -
    -
    - -
    -
    - -
    -
    - -
    -
    -     -
    -
    - - -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    - - - - - - - - - - - - - - - -
    -
    -
    - - Name - -
    -     		-
    - - OS - -
    -     		-
    - - Date Created - -
    -     		-
    - - Created By - -
    -     		-
    - - Actions - -
    -
    -
    - - No items found - -
    -
    -
    -
    -
    -
    -
    - , - "container":
    -
    -
    -
    -
    -

    - Trusted Applications - - - Beta - -

    -
    -
    - View and configure trusted applications -
    -
    -
    -
    - -
    -
    - -
    -
    - -
    -
    -     -
    -
    - - -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    - - - - - - - - - - - - - - - -
    -
    -
    - - Name - -
    -     		-
    - - OS - -
    -     		-
    - - Date Created - -
    -     		-
    - - Created By - -
    -     		-
    - - Actions - -
    -
    -
    - - No items found - -
    -
    -
    -
    -
    -
    -
    , - "debug": [Function], - "findAllByAltText": [Function], - "findAllByDisplayValue": [Function], - "findAllByLabelText": [Function], - "findAllByPlaceholderText": [Function], - "findAllByRole": [Function], - "findAllByTestId": [Function], - "findAllByText": [Function], - "findAllByTitle": [Function], - "findByAltText": [Function], - "findByDisplayValue": [Function], - "findByLabelText": [Function], - "findByPlaceholderText": [Function], - "findByRole": [Function], - "findByTestId": [Function], - "findByText": [Function], - "findByTitle": [Function], - "getAllByAltText": [Function], - "getAllByDisplayValue": [Function], - "getAllByLabelText": [Function], - "getAllByPlaceholderText": [Function], - "getAllByRole": [Function], - "getAllByTestId": [Function], - "getAllByText": [Function], - "getAllByTitle": [Function], - "getByAltText": [Function], - "getByDisplayValue": [Function], - "getByLabelText": [Function], - "getByPlaceholderText": [Function], - "getByRole": [Function], - "getByTestId": [Function], - "getByText": [Function], - "getByTitle": [Function], - "queryAllByAltText": [Function], - "queryAllByDisplayValue": [Function], - "queryAllByLabelText": [Function], - "queryAllByPlaceholderText": [Function], - "queryAllByRole": [Function], - "queryAllByTestId": [Function], - "queryAllByText": [Function], - "queryAllByTitle": [Function], - "queryByAltText": [Function], - "queryByDisplayValue": [Function], - "queryByLabelText": [Function], - "queryByPlaceholderText": [Function], - "queryByRole": [Function], - "queryByTestId": [Function], - "queryByText": [Function], - "queryByTitle": [Function], - "rerender": [Function], - "unmount": [Function], -} -`; - -exports[`TrustedAppsPage when the Add Trusted App button is clicked should display create form 1`] = ` -@media only screen and (min-width:575px) { - -} - -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -
    -
    -
    -
    - -
    -
    -
    -
    - -
    -
    - - Select an option: Windows, is selected - - -
    - - -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    -
    - -
    -
    - - Select an option: Hash, is selected - - -
    - - -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -
    -
    -
    -
    -
    -
    - -
    -
    - -
    -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    -
    -
    - -
    -
    -