use new as ecs field (elastic#43925)

friol · Aug 29, 2019 · b727f6d · b727f6d
1 parent 04da21b
commit b727f6d
Show file tree

Hide file tree

Showing 13 changed files with 105 additions and 63 deletions.
diff --git a/...lugins/siem/public/components/field_renderers/__snapshots__/field_renderers.test.tsx.snap b/...lugins/siem/public/components/field_renderers/__snapshots__/field_renderers.test.tsx.snap
diff --git a/x-pack/legacy/plugins/siem/public/components/field_renderers/field_renderers.test.tsx b/x-pack/legacy/plugins/siem/public/components/field_renderers/field_renderers.test.tsx
@@ -73,8 +73,8 @@ describe('Field Renderers', () => {
   });
 
   describe('#autonomousSystemRenderer', () => {
-    const emptyMock: AutonomousSystem = { as_org: null, asn: null, ip: '10.10.10.10' };
-    const halfEmptyMock: AutonomousSystem = { as_org: null, asn: 'Test ASN', ip: '10.10.10.10' };
+    const emptyMock: AutonomousSystem = { organization: {}, number: null };
+    const halfEmptyMock: AutonomousSystem = { organization: { name: 'Test Org' }, number: null };
 
     test('it renders correctly against snapshot', () => {
       const wrapper = shallow(

diff --git a/x-pack/legacy/plugins/siem/public/components/field_renderers/field_renderers.tsx b/x-pack/legacy/plugins/siem/public/components/field_renderers/field_renderers.tsx
@@ -59,19 +59,21 @@ export const autonomousSystemRenderer = (
   as: AutonomousSystem,
   flowTarget: FlowTarget
 ): React.ReactElement =>
-  as && as.as_org && as.asn ? (
+  as && as.organization && as.organization.name && as.number ? (
     <EuiFlexGroup alignItems="center" gutterSize="none">
       <EuiFlexItem grow={false}>
         <DefaultDraggable
-          id={`${IpOverviewId}-${flowTarget}.autonomous_system.as_org`}
-          field={`${flowTarget}.autonomous_system.as_org`}
-          value={as.as_org}
+          id={`${IpOverviewId}-${flowTarget}.as.organization.name`}
+          field={`${flowTarget}.as.organization.name`}
+          value={as.organization.name}
         />
-        {' /'}
+      </EuiFlexItem>
+      <EuiFlexItem grow={false}>{'/'}</EuiFlexItem>
+      <EuiFlexItem grow={false}>
         <DefaultDraggable
-          id={`${IpOverviewId}-${flowTarget}.autonomous_system.asn`}
-          field={`${flowTarget}.autonomous_system.asn`}
-          value={as.asn}
+          id={`${IpOverviewId}-${flowTarget}.as.number`}
+          field={`${flowTarget}.as.number`}
+          value={`${as.number}`}
         />
       </EuiFlexItem>
     </EuiFlexGroup>

diff --git a/x-pack/legacy/plugins/siem/public/components/page/network/ip_overview/mock.ts b/x-pack/legacy/plugins/siem/public/components/page/network/ip_overview/mock.ts
@@ -11,7 +11,7 @@ export const mockData: Readonly<Record<string, IpOverviewData>> = {
     source: {
       firstSeen: '2019-02-07T17:19:41.636Z',
       lastSeen: '2019-02-07T17:19:41.636Z',
-      autonomousSystem: { as_org: 'Test Org', asn: 'Test ASN', ip: '10.10.10.10' },
+      autonomousSystem: { organization: { name: 'Test Org' }, number: 12345 },
       geo: {
         continent_name: ['North America'],
         city_name: ['New York'],
@@ -28,7 +28,7 @@ export const mockData: Readonly<Record<string, IpOverviewData>> = {
     destination: {
       firstSeen: '2019-02-07T17:19:41.648Z',
       lastSeen: '2019-02-07T17:19:41.648Z',
-      autonomousSystem: { as_org: 'Test Org', asn: 'Test ASN', ip: '10.10.10.10' },
+      autonomousSystem: { organization: { name: 'Test Org' }, number: 12345 },
       geo: {
         continent_name: ['North America'],
         city_name: ['New York'],

diff --git a/x-pack/legacy/plugins/siem/public/containers/ip_overview/index.gql_query.ts b/x-pack/legacy/plugins/siem/public/containers/ip_overview/index.gql_query.ts
@@ -21,9 +21,10 @@ export const ipOverviewQuery = gql`
           firstSeen
           lastSeen
           autonomousSystem {
-            as_org
-            asn
-            ip
+            number
+            organization {
+              name
+            }
           }
           geo {
             continent_name
@@ -42,9 +43,10 @@ export const ipOverviewQuery = gql`
           firstSeen
           lastSeen
           autonomousSystem {
-            as_org
-            asn
-            ip
+            number
+            organization {
+              name
+            }
           }
           geo {
             continent_name

diff --git a/x-pack/legacy/plugins/siem/public/graphql/introspection.json b/x-pack/legacy/plugins/siem/public/graphql/introspection.json
@@ -6071,23 +6071,34 @@
         "description": "",
         "fields": [
           {
-            "name": "as_org",
+            "name": "number",
             "description": "",
             "args": [],
-            "type": { "kind": "SCALAR", "name": "String", "ofType": null },
+            "type": { "kind": "SCALAR", "name": "Float", "ofType": null },
             "isDeprecated": false,
             "deprecationReason": null
           },
           {
-            "name": "asn",
+            "name": "organization",
             "description": "",
             "args": [],
-            "type": { "kind": "SCALAR", "name": "String", "ofType": null },
+            "type": { "kind": "OBJECT", "name": "AutonomousSystemOrganization", "ofType": null },
             "isDeprecated": false,
             "deprecationReason": null
-          },
+          }
+        ],
+        "inputFields": null,
+        "interfaces": [],
+        "enumValues": null,
+        "possibleTypes": null
+      },
+      {
+        "kind": "OBJECT",
+        "name": "AutonomousSystemOrganization",
+        "description": "",
+        "fields": [
           {
-            "name": "ip",
+            "name": "name",
             "description": "",
             "args": [],
             "type": { "kind": "SCALAR", "name": "String", "ofType": null },

diff --git a/x-pack/legacy/plugins/siem/public/graphql/types.ts b/x-pack/legacy/plugins/siem/public/graphql/types.ts
@@ -944,11 +944,13 @@ export interface Overview {
 }
 
 export interface AutonomousSystem {
-  as_org?: string | null;
+  number?: number | null;
 
-  asn?: string | null;
+  organization?: AutonomousSystemOrganization | null;
+}
 
-  ip?: string | null;
+export interface AutonomousSystemOrganization {
+  name?: string | null;
 }
 
 export interface DomainsData {
@@ -2908,11 +2910,15 @@ export namespace GetIpOverviewQuery {
   export type AutonomousSystem = {
     __typename?: 'AutonomousSystem';
 
-    as_org?: string | null;
+    number?: number | null;
 
-    asn?: string | null;
+    organization?: Organization | null;
+  };
 
-    ip?: string | null;
+  export type Organization = {
+    __typename?: 'AutonomousSystemOrganization';
+
+    name?: string | null;
   };
 
   export type Geo = {
@@ -2956,11 +2962,15 @@ export namespace GetIpOverviewQuery {
   export type _AutonomousSystem = {
     __typename?: 'AutonomousSystem';
 
-    as_org?: string | null;
+    number?: number | null;
 
-    asn?: string | null;
+    organization?: _Organization | null;
+  };
 
-    ip?: string | null;
+  export type _Organization = {
+    __typename?: 'AutonomousSystemOrganization';
+
+    name?: string | null;
   };
 
   export type _Geo = {

diff --git a/x-pack/legacy/plugins/siem/server/graphql/ip_details/schema.gql.ts b/x-pack/legacy/plugins/siem/server/graphql/ip_details/schema.gql.ts
@@ -7,10 +7,13 @@
 import gql from 'graphql-tag';
 
 const ipOverviewSchema = gql`
+  type AutonomousSystemOrganization {
+    name: String
+  }
+
   type AutonomousSystem {
-    as_org: String
-    asn: String
-    ip: String
+    number: Float
+    organization: AutonomousSystemOrganization
   }
 
   type Overview {

diff --git a/x-pack/legacy/plugins/siem/server/graphql/types.ts b/x-pack/legacy/plugins/siem/server/graphql/types.ts
@@ -973,11 +973,13 @@ export interface Overview {
 }
 
 export interface AutonomousSystem {
-  as_org?: string | null;
+  number?: number | null;
 
-  asn?: string | null;
+  organization?: AutonomousSystemOrganization | null;
+}
 
-  ip?: string | null;
+export interface AutonomousSystemOrganization {
+  name?: string | null;
 }
 
 export interface DomainsData {
@@ -5554,26 +5556,31 @@ export namespace OverviewResolvers {
 
 export namespace AutonomousSystemResolvers {
   export interface Resolvers<Context = SiemContext, TypeParent = AutonomousSystem> {
-    as_org?: AsOrgResolver<string | null, TypeParent, Context>;
-
-    asn?: AsnResolver<string | null, TypeParent, Context>;
+    number?: NumberResolver<number | null, TypeParent, Context>;
 
-    ip?: IpResolver<string | null, TypeParent, Context>;
+    organization?: OrganizationResolver<AutonomousSystemOrganization | null, TypeParent, Context>;
   }
 
-  export type AsOrgResolver<
-    R = string | null,
+  export type NumberResolver<
+    R = number | null,
     Parent = AutonomousSystem,
     Context = SiemContext
   > = Resolver<R, Parent, Context>;
-  export type AsnResolver<
-    R = string | null,
+  export type OrganizationResolver<
+    R = AutonomousSystemOrganization | null,
     Parent = AutonomousSystem,
     Context = SiemContext
   > = Resolver<R, Parent, Context>;
-  export type IpResolver<
+}
+
+export namespace AutonomousSystemOrganizationResolvers {
+  export interface Resolvers<Context = SiemContext, TypeParent = AutonomousSystemOrganization> {
+    name?: NameResolver<string | null, TypeParent, Context>;
+  }
+
+  export type NameResolver<
     R = string | null,
-    Parent = AutonomousSystem,
+    Parent = AutonomousSystemOrganization,
     Context = SiemContext
   > = Resolver<R, Parent, Context>;
 }

diff --git a/x-pack/legacy/plugins/siem/server/lib/ip_details/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/ip_details/elasticsearch_adapter.ts
@@ -181,10 +181,9 @@ export class ElasticsearchIpOverviewAdapter implements IpDetailsAdapter {
 export const getIpOverviewAgg = (type: string, overviewHit: OverviewHit | {}) => {
   const firstSeen = getOr(null, `firstSeen.value_as_string`, overviewHit);
   const lastSeen = getOr(null, `lastSeen.value_as_string`, overviewHit);
-
   const autonomousSystem: AutonomousSystem | null = getOr(
     null,
-    `autonomousSystem.results.hits.hits[0]._source.autonomous_system`,
+    `as.results.hits.hits[0]._source.${type}.as`,
     overviewHit
   );
   const geoFields: GeoEcsFields | null = getOr(

diff --git a/x-pack/legacy/plugins/siem/server/lib/ip_details/mock.ts b/x-pack/legacy/plugins/siem/server/lib/ip_details/mock.ts
@@ -52,7 +52,7 @@ export const responseAggs: IpOverviewHit = {
         value: 1551388820000,
         value_as_string: '2019-02-28T21:20:20.000Z',
       },
-      autonomous_system: {
+      autonomousSystem: {
         doc_count: 0,
         results: {
           hits: {
@@ -112,7 +112,7 @@ export const responseAggs: IpOverviewHit = {
         value: 1551388804322,
         value_as_string: '2019-02-28T21:20:04.322Z',
       },
-      autonomous_system: {
+      autonomousSystem: {
         doc_count: 0,
         results: {
           hits: {

diff --git a/x-pack/legacy/plugins/siem/server/lib/ip_details/query_overview.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/ip_details/query_overview.dsl.ts
@@ -25,17 +25,17 @@ const getAggs = (type: string, ip: string) => {
             field: '@timestamp',
           },
         },
-        autonomous_system: {
+        as: {
           filter: {
             exists: {
-              field: 'autonomous_system',
+              field: `${type}.as`,
             },
           },
           aggs: {
             results: {
               top_hits: {
                 size: 1,
-                _source: ['autonomous_system'],
+                _source: [`${type}.as`],
                 sort: [
                   {
                     '@timestamp': 'desc',

diff --git a/x-pack/legacy/plugins/siem/server/lib/ip_details/types.ts b/x-pack/legacy/plugins/siem/server/lib/ip_details/types.ts
@@ -45,7 +45,7 @@ export interface OverviewHit {
   };
   doc_count: number;
   geo: ResultHit<object>;
-  autonomous_system: ResultHit<object>;
+  autonomousSystem: ResultHit<object>;
   firstSeen: {
     value: number;
     value_as_string: string;