[Security Solution] Refactor NetworkDns to use Search Strategy

elastic · Aug 30, 2020 · 18c0a2e · 18c0a2e
1 parent de38d64
commit 18c0a2e
Show file tree

Hide file tree

Showing 12 changed files with 770 additions and 225 deletions.
diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts
@@ -15,6 +15,8 @@ import {
 } from './hosts';
 import {
  NetworkQueries,
+ NetworkDnsStrategyResponse,
+ NetworkDnsRequestOptions,
  NetworkTlsStrategyResponse,
  NetworkTlsRequestOptions,
  NetworkHttpStrategyResponse,
@@ -113,6 +115,8 @@ export type StrategyResponseType<T extends FactoryQueryTypes> = T extends HostsQ
  ? HostsStrategyResponse
  : T extends HostsQueries.hostOverview
  ? HostOverviewStrategyResponse
+ : T extends NetworkQueries.dns
+ ? NetworkDnsStrategyResponse
  : T extends NetworkQueries.tls
  ? NetworkTlsStrategyResponse
  : T extends NetworkQueries.http
@@ -127,6 +131,8 @@ export type StrategyRequestType<T extends FactoryQueryTypes> = T extends HostsQu
  ? HostsRequestOptions
  : T extends HostsQueries.hostOverview
  ? HostOverviewRequestOptions
+ : T extends NetworkQueries.dns
+ ? NetworkDnsRequestOptions
  : T extends NetworkQueries.tls
  ? NetworkTlsRequestOptions
  : T extends NetworkQueries.http

diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/dns.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/dns.ts
@@ -0,0 +1,71 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { IEsSearchResponse } from '../../../../../../../src/plugins/data/common';
+import { Direction } from './common';
+import { CursorType, Inspect, Maybe, PageInfoPaginated, RequestOptionsPaginated } from '..';
+
+export interface NetworkDnsSortField {
+ field: NetworkDnsFields;
+
+ direction: Direction;
+}
+
+export enum NetworkDnsFields {
+ dnsName = 'dnsName',
+ queryCount = 'queryCount',
+ uniqueDomains = 'uniqueDomains',
+ dnsBytesIn = 'dnsBytesIn',
+ dnsBytesOut = 'dnsBytesOut',
+}
+
+export interface NetworkDnsRequestOptions extends RequestOptionsPaginated {
+ isPtrIncluded: boolean;
+ networkDnsSortField: NetworkDnsSortField;
+ stackByField?: Maybe<string>;
+}
+
+export interface NetworkDnsStrategyResponse extends IEsSearchResponse {
+ edges: NetworkDnsEdges[];
+ totalCount: number;
+ pageInfo: PageInfoPaginated;
+ inspect?: Maybe<Inspect>;
+ histogram?: Maybe<MatrixOverOrdinalHistogramData[]>;
+}
+
+export interface NetworkDnsEdges {
+ node: NetworkDnsItem;
+ cursor: CursorType;
+}
+
+export interface NetworkDnsItem {
+ _id?: Maybe<string>;
+ dnsBytesIn?: Maybe<number>;
+ dnsBytesOut?: Maybe<number>;
+ dnsName?: Maybe<string>;
+ queryCount?: Maybe<number>;
+ uniqueDomains?: Maybe<number>;
+}
+
+export interface MatrixOverOrdinalHistogramData {
+ x: string;
+ y: number;
+ g: string;
+}
+
+export interface NetworkDnsBuckets {
+ key: string;
+ doc_count: number;
+ unique_domains: {
+ value: number;
+ };
+ dns_bytes_in: {
+ value: number;
+ };
+ dns_bytes_out: {
+ value: number;
+ };
+}
diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/network/index.ts
@@ -9,25 +9,19 @@ import { IEsSearchResponse } from '../../../../../../../src/plugins/data/common'
 import { CursorType, Inspect, Maybe, PageInfoPaginated, RequestOptionsPaginated } from '..';
 
 export * from './common';
+export * from './dns';
 export * from './http';
 export * from './top_countries';
 export * from './top_n_flow';
 
 export enum NetworkQueries {
+ dns = 'dns',
  http = 'http',
  tls = 'tls',
  topCountries = 'topCountries',
  topNFlow = 'topNFlow',
 }
 
-export enum NetworkDnsFields {
- dnsName = 'dnsName',
- queryCount = 'queryCount',
- uniqueDomains = 'uniqueDomains',
- dnsBytesIn = 'dnsBytesIn',
- dnsBytesOut = 'dnsBytesOut',
-}
-
 export interface TlsBuckets {
  key: string;
  timestamp?: {

diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/_index.tsx b/x-pack/plugins/security_solution/public/network/containers/network_dns/_index.tsx
@@ -0,0 +1,168 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { getOr } from 'lodash/fp';
+import React from 'react';
+import { Query } from 'react-apollo';
+import { connect } from 'react-redux';
+import { compose } from 'redux';
+
+import { DEFAULT_INDEX_KEY } from '../../../../common/constants';
+import {
+ GetNetworkDnsQuery,
+ NetworkDnsEdges,
+ NetworkDnsSortField,
+ PageInfoPaginated,
+ MatrixOverOrdinalHistogramData,
+} from '../../../graphql/types';
+import { inputsModel, State, inputsSelectors } from '../../../common/store';
+import { withKibana, WithKibanaProps } from '../../../common/lib/kibana';
+import { generateTablePaginationOptions } from '../../../common/components/paginated_table/helpers';
+import { createFilter, getDefaultFetchPolicy } from '../../../common/containers/helpers';
+import {
+ QueryTemplatePaginated,
+ QueryTemplatePaginatedProps,
+} from '../../../common/containers/query_template_paginated';
+import { networkDnsQuery } from './index.gql_query';
+
+import { networkModel, networkSelectors } from '../../store';
+
+const ID = 'networkDnsQuery';
+export const HISTOGRAM_ID = 'networkDnsHistogramQuery';
+export interface NetworkDnsArgs {
+ id: string;
+ inspect: inputsModel.InspectQuery;
+ isInspected: boolean;
+ loading: boolean;
+ loadPage: (newActivePage: number) => void;
+ networkDns: NetworkDnsEdges[];
+ pageInfo: PageInfoPaginated;
+ refetch: inputsModel.Refetch;
+ stackByField?: string;
+ totalCount: number;
+ histogram: MatrixOverOrdinalHistogramData[];
+}
+
+export interface OwnProps extends QueryTemplatePaginatedProps {
+ children: (args: NetworkDnsArgs) => React.ReactNode;
+ type: networkModel.NetworkType;
+}
+
+export interface NetworkDnsComponentReduxProps {
+ activePage: number;
+ sort: NetworkDnsSortField;
+ isInspected: boolean;
+ isPtrIncluded: boolean;
+ limit: number;
+}
+
+type NetworkDnsProps = OwnProps & NetworkDnsComponentReduxProps & WithKibanaProps;
+
+export class NetworkDnsComponentQuery extends QueryTemplatePaginated<
+ NetworkDnsProps,
+ GetNetworkDnsQuery.Query,
+ GetNetworkDnsQuery.Variables
+> {
+ public render() {
+ const {
+ activePage,
+ children,
+ sort,
+ endDate,
+ filterQuery,
+ id = ID,
+ isInspected,
+ isPtrIncluded,
+ kibana,
+ limit,
+ skip,
+ sourceId,
+ startDate,
+ } = this.props;
+ const variables: GetNetworkDnsQuery.Variables = {
+ defaultIndex: kibana.services.uiSettings.get<string[]>(DEFAULT_INDEX_KEY),
+ filterQuery: createFilter(filterQuery),
+ inspect: isInspected,
+ isPtrIncluded,
+ pagination: generateTablePaginationOptions(activePage, limit),
+ sort,
+ sourceId,
+ timerange: {
+ interval: '12h',
+ from: startDate!,
+ to: endDate!,
+ },
+ };
+
+ return (
+ <Query<GetNetworkDnsQuery.Query, GetNetworkDnsQuery.Variables>
+ fetchPolicy={getDefaultFetchPolicy()}
+ notifyOnNetworkStatusChange
+ query={networkDnsQuery}
+ skip={skip}
+ variables={variables}
+ >
+ {({ data, loading, fetchMore, networkStatus, refetch }) => {
+ const networkDns = getOr([], `source.NetworkDns.edges`, data);
+ this.setFetchMore(fetchMore);
+ this.setFetchMoreOptions((newActivePage: number) => ({
+ variables: {
+ pagination: generateTablePaginationOptions(newActivePage, limit),
+ },
+ updateQuery: (prev, { fetchMoreResult }) => {
+ if (!fetchMoreResult) {
+ return prev;
+ }
+ return {
+ ...fetchMoreResult,
+ source: {
+ ...fetchMoreResult.source,
+ NetworkDns: {
+ ...fetchMoreResult.source.NetworkDns,
+ edges: [...fetchMoreResult.source.NetworkDns.edges],
+ },
+ },
+ };
+ },
+ }));
+ const isLoading = this.isItAValidLoading(loading, variables, networkStatus);
+ return children({
+ id,
+ inspect: getOr(null, 'source.NetworkDns.inspect', data),
+ isInspected,
+ loading: isLoading,
+ loadPage: this.wrappedLoadMore,
+ networkDns,
+ pageInfo: getOr({}, 'source.NetworkDns.pageInfo', data),
+ refetch: this.memoizedRefetchQuery(variables, limit, refetch),
+ totalCount: getOr(-1, 'source.NetworkDns.totalCount', data),
+ histogram: getOr(null, 'source.NetworkDns.histogram', data),
+ });
+ }}
+ </Query>
+ );
+ }
+}
+
+const makeMapStateToProps = () => {
+ const getNetworkDnsSelector = networkSelectors.dnsSelector();
+ const getQuery = inputsSelectors.globalQueryByIdSelector();
+ const mapStateToProps = (state: State, { id = ID }: OwnProps) => {
+ const { isInspected } = getQuery(state, id);
+ return {
+ ...getNetworkDnsSelector(state),
+ isInspected,
+ id,
+ };
+ };
+
+ return mapStateToProps;
+};
+
+export const NetworkDnsQuery = compose<React.ComponentClass<OwnProps>>(
+ connect(makeMapStateToProps),
+ withKibana
+)(NetworkDnsComponentQuery);
diff --git a/x-pack/plugins/security_solution/public/network/containers/network_dns/histogram.ts b/x-pack/plugins/security_solution/public/network/containers/network_dns/histogram.ts
@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import React from 'react';
+import { connect } from 'react-redux';
+import { compose } from 'redux';
+import { DocumentNode } from 'graphql';
+import { ScaleType } from '@elastic/charts';
+
+import { MatrixHistogram } from '../../../common/components/matrix_histogram';
+import {
+ MatrixHistogramOption,
+ GetSubTitle,
+} from '../../../common/components/matrix_histogram/types';
+import { UpdateDateRange } from '../../../common/components/charts/common';
+import { GlobalTimeArgs } from '../../../common/containers/use_global_time';
+import { withKibana } from '../../../common/lib/kibana';
+import { QueryTemplatePaginatedProps } from '../../../common/containers/query_template_paginated';
+import { DEFAULT_TABLE_ACTIVE_PAGE, DEFAULT_TABLE_LIMIT } from '../../../common/store/constants';
+import { networkModel, networkSelectors } from '../../store';
+import { State, inputsSelectors } from '../../../common/store';
+
+export const HISTOGRAM_ID = 'networkDnsHistogramQuery';
+
+interface DnsHistogramOwnProps extends QueryTemplatePaginatedProps {
+ dataKey: string | string[];
+ defaultStackByOption: MatrixHistogramOption;
+ errorMessage: string;
+ isDnsHistogram?: boolean;
+ query: DocumentNode;
+ scaleType: ScaleType;
+ setQuery: GlobalTimeArgs['setQuery'];
+ showLegend?: boolean;
+ stackByOptions: MatrixHistogramOption[];
+ subtitle?: string | GetSubTitle;
+ title: string;
+ type: networkModel.NetworkType;
+ updateDateRange: UpdateDateRange;
+ yTickFormatter?: (value: number) => string;
+}
+
+const makeMapHistogramStateToProps = () => {
+ const getNetworkDnsSelector = networkSelectors.dnsSelector();
+ const getQuery = inputsSelectors.globalQueryByIdSelector();
+ const mapStateToProps = (state: State, { id = HISTOGRAM_ID }: DnsHistogramOwnProps) => {
+ const { isInspected } = getQuery(state, id);
+ return {
+ ...getNetworkDnsSelector(state),
+ activePage: DEFAULT_TABLE_ACTIVE_PAGE,
+ limit: DEFAULT_TABLE_LIMIT,
+ isInspected,
+ id,
+ };
+ };
+
+ return mapStateToProps;
+};
+
+export const NetworkDnsHistogramQuery = compose<React.ComponentClass<DnsHistogramOwnProps>>(
+ connect(makeMapHistogramStateToProps),
+ withKibana
+)(MatrixHistogram);