diff --git a/cypress/integration/1_detectors.spec.js b/cypress/integration/1_detectors.spec.js index 609615dc6..47e8e35f0 100644 --- a/cypress/integration/1_detectors.spec.js +++ b/cypress/integration/1_detectors.spec.js @@ -115,6 +115,7 @@ const validatePendingFieldMappingsPanel = (mappings) => { const fillDetailsForm = (detectorName, dataSource) => { getNameField().type(detectorName); getDataSourceField().selectComboboxItem(dataSource); + getDataSourceField().blur(); getLogTypeField().selectComboboxItem(cypressLogTypeDns); getLogTypeField().blur(); }; @@ -371,7 +372,7 @@ describe('Detectors', () => { getDataSourceField().selectComboboxItem(cypressIndexWindows); getDataSourceField().focus().blur(); - cy.get('.euiCallOut') + cy.get('[data-test-subj="define-detector-diff-log-types-warning"]') .should('be.visible') .contains( 'To avoid issues with field mappings, we recommend creating separate detectors for different log types.' diff --git a/public/pages/CreateDetector/components/DefineDetector/components/DetectionRules/DetectionRules.tsx b/public/pages/CreateDetector/components/DefineDetector/components/DetectionRules/DetectionRules.tsx index 07ab517bd..993ff6a05 100644 --- a/public/pages/CreateDetector/components/DefineDetector/components/DetectionRules/DetectionRules.tsx +++ b/public/pages/CreateDetector/components/DefineDetector/components/DetectionRules/DetectionRules.tsx @@ -9,6 +9,9 @@ import { EuiHorizontalRule, CriteriaWithPagination, EuiText, + EuiEmptyPrompt, + EuiButton, + EuiIcon, } from '@elastic/eui'; import React, { useMemo, useState } from 'react'; @@ -17,6 +20,7 @@ import { RuleItem, RuleItemInfo } from './types/interfaces'; import { RuleViewerFlyout } from '../../../../../Rules/components/RuleViewerFlyout/RuleViewerFlyout'; import { RuleTableItem } from '../../../../../Rules/utils/helpers'; import { RuleItemInfoBase } from '../../../../../../../types'; +import { ROUTES } from '../../../../../../utils/constants'; export interface CreateDetectorRulesState { allRules: RuleItemInfo[]; @@ -26,6 +30,7 @@ export interface CreateDetectorRulesState { } export interface DetectionRulesProps { + detectorType: string; rulesState: CreateDetectorRulesState; loading?: boolean; onRuleToggle: (changedItem: RuleItem, isActive: boolean) => void; @@ -34,6 +39,7 @@ export interface DetectionRulesProps { } export const DetectionRules: React.FC = ({ + detectorType, rulesState, loading, onPageChange, @@ -55,7 +61,7 @@ export const DetectionRules: React.FC = ({ id: rule._id, active: rule.enabled, description: rule._source.description, - library: rule.prePackaged ? 'Sigma' : 'Custom', + library: rule.prePackaged ? 'Standard' : 'Custom', logType: rule._source.category, name: rule._source.title, severity: rule._source.level, @@ -106,14 +112,42 @@ export const DetectionRules: React.FC = ({ isLoading={loading} > - + + {ruleItems.length ? ( + + ) : ( + +

No detection rules {detectorType ? 'to display' : 'selected'}

+ + } + body={ +

+ {detectorType + ? 'There are no applicable detection rules for the selected log type. Consider creating new detection rules.' + : 'Select a log type to be able to select detection rules.'} +

+ } + actions={ + detectorType + ? [ + + Manage  + + , + ] + : undefined + } + /> + )} ); diff --git a/public/pages/CreateDetector/components/DefineDetector/components/DetectorDataSource/DetectorDataSource.tsx b/public/pages/CreateDetector/components/DefineDetector/components/DetectorDataSource/DetectorDataSource.tsx index 8c6539e37..10fdef34f 100644 --- a/public/pages/CreateDetector/components/DefineDetector/components/DetectorDataSource/DetectorDataSource.tsx +++ b/public/pages/CreateDetector/components/DefineDetector/components/DetectorDataSource/DetectorDataSource.tsx @@ -177,6 +177,7 @@ export default class DetectorDataSource extends Component< To avoid issues with field mappings, we recommend creating separate detectors for diff --git a/public/pages/CreateDetector/components/DefineDetector/components/DetectorType/DetectorType.tsx b/public/pages/CreateDetector/components/DefineDetector/components/DetectorType/DetectorType.tsx index be60c2bdf..76649625d 100644 --- a/public/pages/CreateDetector/components/DefineDetector/components/DetectorType/DetectorType.tsx +++ b/public/pages/CreateDetector/components/DefineDetector/components/DetectorType/DetectorType.tsx @@ -94,6 +94,7 @@ export default class DetectorType extends Component { description: ruleItem.description, source: ruleItem.library, ruleId: ruleItem.id, - ruleInfo: { ...ruleItem.ruleInfo, prePackaged: ruleItem.library === 'Sigma' }, + ruleInfo: { ...ruleItem.ruleInfo, prePackaged: ruleItem.library === 'Standard' }, }; }; diff --git a/public/pages/Detectors/components/DetectorRulesView/__snapshots__/DetectorRulesView.test.tsx.snap b/public/pages/Detectors/components/DetectorRulesView/__snapshots__/DetectorRulesView.test.tsx.snap index 3eb63c7c4..b77140d07 100644 --- a/public/pages/Detectors/components/DetectorRulesView/__snapshots__/DetectorRulesView.test.tsx.snap +++ b/public/pages/Detectors/components/DetectorRulesView/__snapshots__/DetectorRulesView.test.tsx.snap @@ -478,7 +478,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", @@ -587,7 +587,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", @@ -768,7 +768,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", @@ -1115,7 +1115,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", diff --git a/public/pages/Detectors/components/UpdateRules/UpdateRules.tsx b/public/pages/Detectors/components/UpdateRules/UpdateRules.tsx index b7c93ce4c..bba87686d 100644 --- a/public/pages/Detectors/components/UpdateRules/UpdateRules.tsx +++ b/public/pages/Detectors/components/UpdateRules/UpdateRules.tsx @@ -97,7 +97,7 @@ export const UpdateDetectorRules: React.FC = (props) = id: rule._id, severity: rule._source.level, logType: rule._source.category, - library: 'Sigma', + library: 'Standard', description: rule._source.description, active: enabledRuleIds.includes(rule._id), ruleInfo: rule, @@ -140,7 +140,7 @@ export const UpdateDetectorRules: React.FC = (props) = .filter((rule) => rule.active); await getRuleFieldsForEnabledRules(withCustomRulesUpdated); break; - case 'Sigma': + case 'Standard': const updatedPrePackgedRules: RuleItem[] = prePackagedRuleItems.map((rule) => rule.id === changedItem.id ? { ...rule, active: isActive } : rule ); diff --git a/public/pages/Detectors/containers/Detector/__snapshots__/DetectorDetails.test.tsx.snap b/public/pages/Detectors/containers/Detector/__snapshots__/DetectorDetails.test.tsx.snap index 0c54d9ea5..c65cd5c4a 100644 --- a/public/pages/Detectors/containers/Detector/__snapshots__/DetectorDetails.test.tsx.snap +++ b/public/pages/Detectors/containers/Detector/__snapshots__/DetectorDetails.test.tsx.snap @@ -3032,7 +3032,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", @@ -3141,7 +3141,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", @@ -3322,7 +3322,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", @@ -3669,7 +3669,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", diff --git a/public/pages/Detectors/containers/DetectorDetailsView/__snapshots__/DetectorDetailsView.test.tsx.snap b/public/pages/Detectors/containers/DetectorDetailsView/__snapshots__/DetectorDetailsView.test.tsx.snap index a9d72d22b..18ef95196 100644 --- a/public/pages/Detectors/containers/DetectorDetailsView/__snapshots__/DetectorDetailsView.test.tsx.snap +++ b/public/pages/Detectors/containers/DetectorDetailsView/__snapshots__/DetectorDetailsView.test.tsx.snap @@ -1856,7 +1856,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", @@ -1965,7 +1965,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", @@ -2146,7 +2146,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", @@ -2493,7 +2493,7 @@ exports[` spec renders the component 1`] = ` "name": "Source", "options": Array [ Object { - "value": "Sigma", + "value": "Standard", }, Object { "value": "Custom", diff --git a/public/pages/LogTypes/components/LogTypeDetails.tsx b/public/pages/LogTypes/components/LogTypeDetails.tsx index 375b7c598..b355ca778 100644 --- a/public/pages/LogTypes/components/LogTypeDetails.tsx +++ b/public/pages/LogTypes/components/LogTypeDetails.tsx @@ -40,9 +40,10 @@ export const LogTypeDetails: React.FC = ({ return ( setIsEditMode(true)}>Edit, ] } diff --git a/public/pages/LogTypes/components/LogTypeDetectionRules.tsx b/public/pages/LogTypes/components/LogTypeDetectionRules.tsx index 88f789fe3..dbc684237 100644 --- a/public/pages/LogTypes/components/LogTypeDetectionRules.tsx +++ b/public/pages/LogTypes/components/LogTypeDetectionRules.tsx @@ -3,11 +3,12 @@ * SPDX-License-Identifier: Apache-2.0 */ -import React from 'react'; +import React, { useState, useCallback } from 'react'; import { RulesTable } from '../../Rules/components/RulesTable/RulesTable'; import { RuleTableItem } from '../../Rules/utils/helpers'; import { ContentPanel } from '../../../components/ContentPanel'; import { EuiButton, EuiFlexGroup, EuiFlexItem, EuiIcon, EuiSpacer, EuiText } from '@elastic/eui'; +import { RuleViewerFlyout } from '../../Rules/components/RuleViewerFlyout/RuleViewerFlyout'; export interface LogTypeDetectionRulesProps { rules: RuleTableItem[]; @@ -20,34 +21,47 @@ export const LogTypeDetectionRules: React.FC = ({ loadingRules, refreshRules, }) => { + const [flyoutData, setFlyoutData] = useState(undefined); + const hideFlyout = useCallback(() => { + setFlyoutData(undefined); + }, []); + return ( - Refresh]} - > - {rules.length === 0 ? ( - - - -

There are no detection rules associated with this log type.

-
-
- - - Create detection rule  - - - - -
- ) : ( - {}} /> - )} -
+ <> + {flyoutData && } + Refresh]} + > + {rules.length === 0 ? ( + + + +

There are no detection rules associated with this log type.

+
+
+ + + Create detection rule  + + + + +
+ ) : ( + + )} +
+ ); }; diff --git a/public/pages/LogTypes/components/LogTypeForm.tsx b/public/pages/LogTypes/components/LogTypeForm.tsx index 49fc9eb13..36e07b48c 100644 --- a/public/pages/LogTypes/components/LogTypeForm.tsx +++ b/public/pages/LogTypes/components/LogTypeForm.tsx @@ -89,7 +89,14 @@ export const LogTypeForm: React.FC = ({ /> - + + {'Description - '} + optional + + } + > { diff --git a/public/pages/LogTypes/containers/CreateLogType.tsx b/public/pages/LogTypes/containers/CreateLogType.tsx index aaf47b297..a9459df30 100644 --- a/public/pages/LogTypes/containers/CreateLogType.tsx +++ b/public/pages/LogTypes/containers/CreateLogType.tsx @@ -44,7 +44,7 @@ export const CreateLogType: React.FC = ({ history, notificat history.push(ROUTES.LOG_TYPES)} diff --git a/public/pages/LogTypes/containers/LogType.tsx b/public/pages/LogTypes/containers/LogType.tsx index 80a42970f..288500161 100644 --- a/public/pages/LogTypes/containers/LogType.tsx +++ b/public/pages/LogTypes/containers/LogType.tsx @@ -66,7 +66,7 @@ export const LogType: React.FC = ({ notifications, history }) => { level: rule._source.level, category: rule._source.category, description: rule._source.description, - source: rule.prePackaged ? 'Sigma' : 'Custom', + source: rule.prePackaged ? 'Standard' : 'Custom', ruleInfo: rule, ruleId: rule._id, })); @@ -193,7 +193,13 @@ export const LogType: React.FC = ({ notifications, history }) => { @@ -214,6 +220,7 @@ export const LogType: React.FC = ({ notifications, history }) => { ); })} + {renderTabContent()} ); diff --git a/public/pages/LogTypes/containers/LogTypes.tsx b/public/pages/LogTypes/containers/LogTypes.tsx index e57e8799f..d02ef5cb3 100644 --- a/public/pages/LogTypes/containers/LogTypes.tsx +++ b/public/pages/LogTypes/containers/LogTypes.tsx @@ -10,7 +10,7 @@ import { CoreServicesContext } from '../../../components/core_services'; import { BREADCRUMBS, ROUTES } from '../../../utils/constants'; import { LogType } from '../../../../types'; import { DataStore } from '../../../store/DataStore'; -import { getLogTypesTableColumns } from '../utils/helpers'; +import { getLogTypesTableColumns, getLogTypesTableSearchConfig } from '../utils/helpers'; import { RouteComponentProps } from 'react-router-dom'; import { useCallback } from 'react'; import { NotificationsStart } from 'opensearch-dashboards/public'; @@ -92,6 +92,7 @@ export const LogTypes: React.FC = ({ history, notifications }) => pagination={{ initialPageSize: 25, }} + search={getLogTypesTableSearchConfig()} sorting={true} />
diff --git a/public/pages/LogTypes/utils/helpers.tsx b/public/pages/LogTypes/utils/helpers.tsx index a651d2a12..0ade054fc 100644 --- a/public/pages/LogTypes/utils/helpers.tsx +++ b/public/pages/LogTypes/utils/helpers.tsx @@ -7,6 +7,8 @@ import React from 'react'; import { EuiButtonIcon, EuiLink, EuiToolTip } from '@elastic/eui'; import { LogType } from '../../../../types'; import { capitalize } from 'lodash'; +import { Search } from '@opensearch-project/oui/src/eui_components/basic_table'; +import { ruleSource } from '../../Rules/utils/constants'; export const getLogTypesTableColumns = ( showDetails: (id: string) => void, @@ -50,3 +52,23 @@ export const getLogTypesTableColumns = ( ], }, ]; + +export const getLogTypesTableSearchConfig = (): Search => { + return { + box: { + placeholder: 'Search log types', + schema: true, + }, + filters: [ + { + type: 'field_value_selection', + field: 'source', + name: 'Source', + multiSelect: 'or', + options: ruleSource.map((source: string) => ({ + value: source, + })), + }, + ], + }; +}; diff --git a/public/pages/Rules/components/RuleContentViewer/RuleContentViewer.tsx b/public/pages/Rules/components/RuleContentViewer/RuleContentViewer.tsx index 193ebfa39..e38440245 100644 --- a/public/pages/Rules/components/RuleContentViewer/RuleContentViewer.tsx +++ b/public/pages/Rules/components/RuleContentViewer/RuleContentViewer.tsx @@ -95,7 +95,7 @@ export const RuleContentViewer: React.FC = ({ Source - {prePackaged ? 'Sigma' : 'Custom'} + {prePackaged ? 'Standard' : 'Custom'} {prePackaged ? ( diff --git a/public/pages/Rules/components/RuleViewerFlyout/RuleViewFlyoutHeaderActions.tsx b/public/pages/Rules/components/RuleViewerFlyout/RuleViewFlyoutHeaderActions.tsx index 5d8056be3..1d46c36c4 100644 --- a/public/pages/Rules/components/RuleViewerFlyout/RuleViewFlyoutHeaderActions.tsx +++ b/public/pages/Rules/components/RuleViewerFlyout/RuleViewFlyoutHeaderActions.tsx @@ -25,7 +25,7 @@ export const RuleViewerFlyoutHeaderActions: React.FC { - return ruleSource === 'Sigma' ? ( + return ruleSource === 'Standard' ? ( Duplicate ) : ( void; } -export const RulesTable: React.FC = ({ ruleItems, loading, showRuleDetails }) => { +export const RulesTable: React.FC = ({ + columnsToHide, + ruleItems, + loading, + showRuleDetails, +}) => { const [pagination, setPagination] = useState({ pageIndex: 0, pageSize: 25 }); return ( ) => diff --git a/public/pages/Rules/containers/Rules/Rules.tsx b/public/pages/Rules/containers/Rules/Rules.tsx index 60c2cb412..61425d06c 100644 --- a/public/pages/Rules/containers/Rules/Rules.tsx +++ b/public/pages/Rules/containers/Rules/Rules.tsx @@ -34,7 +34,7 @@ export const Rules: React.FC = (props) => { level: rule._source.level, category: rule._source.category, description: rule._source.description, - source: rule.prePackaged ? 'Sigma' : 'Custom', + source: rule.prePackaged ? 'Standard' : 'Custom', ruleInfo: rule, ruleId: rule._id, })); diff --git a/public/pages/Rules/utils/constants.ts b/public/pages/Rules/utils/constants.ts index a3780d277..39b1c402c 100644 --- a/public/pages/Rules/utils/constants.ts +++ b/public/pages/Rules/utils/constants.ts @@ -47,6 +47,6 @@ export const ruleSeverity: { }, ]; -export const ruleSource: string[] = ['Sigma', 'Custom']; +export const ruleSource: string[] = ['Standard', 'Custom']; export const ruleStatus: string[] = ['experimental', 'test', 'stable']; diff --git a/public/pages/Rules/utils/helpers.tsx b/public/pages/Rules/utils/helpers.tsx index 4fb8bdfa4..dee56a958 100644 --- a/public/pages/Rules/utils/helpers.tsx +++ b/public/pages/Rules/utils/helpers.tsx @@ -3,9 +3,9 @@ * SPDX-License-Identifier: Apache-2.0 */ -import { EuiBasicTableColumn, EuiBreadcrumb, EuiLink } from '@elastic/eui'; +import { EuiBasicTableColumn, EuiBreadcrumb, EuiLink, EuiBadge } from '@elastic/eui'; import React from 'react'; -import { capitalizeFirstLetter, errorNotificationToast } from '../../../utils/helpers'; +import { errorNotificationToast } from '../../../utils/helpers'; import { ruleSeverity, ruleSource, ruleTypes } from './constants'; import { Search } from '@opensearch-project/oui/src/eui_components/basic_table'; import { Rule } from '../../../../models/interfaces'; @@ -13,7 +13,8 @@ import { NotificationsStart } from 'opensearch-dashboards/public'; import { AUTHOR_REGEX, validateDescription, validateName } from '../../../utils/validation'; import { dump, load } from 'js-yaml'; import { BREADCRUMBS, DEFAULT_EMPTY_DATA } from '../../../utils/constants'; -import { RuleItemInfoBase } from '../../../../types'; +import { RuleItemInfoBase, RulesTableColumnFields } from '../../../../types'; +import { getSeverityColor, getSeverityLabel } from '../../Correlations/utils/constants'; export interface RuleTableItem { title: string; @@ -26,10 +27,12 @@ export interface RuleTableItem { } export const getRulesTableColumns = ( - showRuleDetails: (rule: RuleTableItem) => void + showRuleDetails: (rule: RuleTableItem) => void, + columnsToHide: RulesTableColumnFields[] = [] ): EuiBasicTableColumn[] => { - return [ - { + const fields: RulesTableColumnFields[] = ['title', 'level', 'category', 'source', 'description']; + const tableColumnByField: { [field: string]: EuiBasicTableColumn } = { + title: { field: 'title', name: 'Rule name', sortable: true, @@ -41,15 +44,22 @@ export const getRulesTableColumns = ( ), }, - { + level: { field: 'level', name: 'Rule Severity', sortable: true, width: '10%', truncateText: true, - render: (level: string) => capitalizeFirstLetter(level), + render: (level: string) => { + const { text, background } = getSeverityColor(level); + return ( + + {getSeverityLabel(level)} + + ); + }, }, - { + category: { field: 'category', name: 'Log type', sortable: true, @@ -59,20 +69,30 @@ export const getRulesTableColumns = ( ruleTypes.find((ruleType) => ruleType.label.toLowerCase() === category)?.label || DEFAULT_EMPTY_DATA, }, - { + source: { field: 'source', name: 'Source', sortable: true, width: '10%', truncateText: true, }, - { + description: { field: 'description', name: 'Description', sortable: false, truncateText: true, }, - ]; + }; + + const columns: EuiBasicTableColumn[] = []; + + fields.forEach((field) => { + if (!columnsToHide.includes(field)) { + columns.push(tableColumnByField[field]); + } + }); + + return columns; }; export const getRulesTableSearchConfig = (): Search => { diff --git a/public/store/LogTypeStore.ts b/public/store/LogTypeStore.ts index c9bb34ada..42be73015 100644 --- a/public/store/LogTypeStore.ts +++ b/public/store/LogTypeStore.ts @@ -45,17 +45,22 @@ export class LogTypeStore { return { id: hit._id, ...hit._source, + source: hit._source.source.toLowerCase() === 'sigma' ? 'Standard' : hit._source.source, }; }); ruleTypes.splice( 0, ruleTypes.length, - ...logTypes.map((logType) => ({ - label: logType.name, - value: logType.name, - id: logType.id, - })) + ...logTypes + .map((logType) => ({ + label: logType.name, + value: logType.name, + id: logType.id, + })) + .sort((a, b) => { + return a.label < b.label ? -1 : a.label > b.label ? 1 : 0; + }) ); return logTypes; diff --git a/public/utils/helpers.tsx b/public/utils/helpers.tsx index 4e9e11d25..db37fbe99 100644 --- a/public/utils/helpers.tsx +++ b/public/utils/helpers.tsx @@ -119,7 +119,7 @@ export function ruleItemInfosToItems( id: itemInfo._id, active: itemInfo.enabled, description: itemInfo._source.description, - library: itemInfo.prePackaged ? 'Sigma' : 'Custom', + library: itemInfo.prePackaged ? 'Standard' : 'Custom', logType: detectorType.toLowerCase(), name: itemInfo._source.title, severity: itemInfo._source.level, diff --git a/types/Rule.ts b/types/Rule.ts index 4b57f9d75..01e82ebfc 100644 --- a/types/Rule.ts +++ b/types/Rule.ts @@ -123,3 +123,5 @@ export interface IRulesStore { getCustomRules: (terms?: { [key: string]: string[] }) => Promise; } + +export type RulesTableColumnFields = 'title' | 'level' | 'category' | 'source' | 'description';