[Security Solution] add user name and authentication to generate data…

… script (#155932) ## Summary This PR added additional fields to be populated by the generate_data script: - User name is added in generate alert functions - Currently alert data does not contain user names, this would be beneficial for testing user related features on the alerts page. - Event outcome is specified for `event.category==='authentication'` Alerts page: - user names are showing ![image](https://user-images.githubusercontent.com/18648970/234691639-81d2cd05-812c-44b6-8760-193f6b72d314.png) Explore -> Host -> Pick a host -> Authentication - Showing successful and failed authentications ![image](https://user-images.githubusercontent.com/18648970/234692001-1d7a4ee2-c890-4ddb-b349-c4d3ed91cce7.png)
elastic · May 1, 2023 · ba4d187 · ba4d187
1 parent 5035be8
commit ba4d187
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 4 deletions.
diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
@@ -561,6 +561,10 @@ export class EndpointDocGenerator extends BaseDataGenerator {
         },
       },
       dll: this.getAlertsDefaultDll(),
+      user: {
+        domain: this.randomString(10),
+        name: this.randomString(10),
+      },
     };
   }
 
@@ -663,6 +667,10 @@ export class EndpointDocGenerator extends BaseDataGenerator {
         },
       },
       dll: this.getAlertsDefaultDll(),
+      user: {
+        domain: this.randomString(10),
+        name: this.randomString(10),
+      },
     };
 
     // shellcode_thread memory alert have an additional process field
@@ -865,6 +873,10 @@ export class EndpointDocGenerator extends BaseDataGenerator {
         },
       },
       dll: this.getAlertsDefaultDll(),
+      user: {
+        domain: this.randomString(10),
+        name: this.randomString(10),
+      },
     };
     return newAlert;
   }
@@ -951,6 +963,9 @@ export class EndpointDocGenerator extends BaseDataGenerator {
       ...detailRecordForEventType,
       event: {
         category: options.eventCategory ? options.eventCategory : ['process'],
+        outcome: options.eventCategory?.includes('authentication')
+          ? this.randomChoice(['success', 'failure'])
+          : '',
         kind: 'event',
         type: options.eventType ? options.eventType : ['start'],
         id: this.seededUUIDv4(),

diff --git a/x-pack/plugins/security_solution/common/endpoint/types/index.ts b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
@@ -703,6 +703,7 @@ export type SafeEndpointEvent = Partial<{
   }>;
   event: Partial<{
     category: ECSField<string>;
+    outcome: ECSField<string>;
     type: ECSField<string>;
     id: ECSField<string>;
     kind: ECSField<string>;

diff --git a/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_list.ts b/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_list.ts
@@ -33,17 +33,27 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
       'Actions',
     ],
     [
-      'Host-9qenwrl9ko',
+      'Host-bhdpuumusb',
+      'x',
+      'x',
+      'Unsupported',
+      'Windows',
+      '10.20.160.71, 10.67.81.87',
+      'x',
+      'x',
+      '',
+    ],
+    [
+      'Host-okyc8te0ki',
       'x',
       'x',
       'Warning',
-      'Linux',
-      '10.56.228.101, 10.201.120.140,10.236.180.146',
+      'Windows',
+      '10.244.187.97, 10.45.118.67',
       'x',
       'x',
       '',
     ],
-    ['Host-qw2bti801m', 'x', 'x', 'Failure', 'macOS', '10.244.59.227', 'x', 'x', ''],
     [
       'Host-u5jy6j0pwb',
       'x',