Skip to content

Commit

Permalink
[SIEM] Update readme for timeline apis (#67038)
Browse files Browse the repository at this point in the history 
* update doc

* update unit test

* remove redundant params

* fix types

* update readme

* update readme

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
  • Loading branch information
@angorayc @elasticmachine
angorayc and elasticmachine committed Jun 26, 2020
1 parent 4845bef commit 100a5fd
Show file tree
Hide file tree
Showing 5 changed files with 301 additions and 14 deletions.
12 changes: 2 additions & 10 deletions x-pack/plugins/security_solution/public/timelines/containers/api.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,40 +103,32 @@ export const persistTimeline = async ({

export const importTimelines = async ({
fileToImport,
overwrite = false,
signal,
}: ImportDataProps): Promise<ImportDataResponse> => {
const formData = new FormData();
formData.append('file', fileToImport);

return KibanaServices.get().http.fetch<ImportDataResponse>(`${TIMELINE_IMPORT_URL}`, {
method: 'POST',
headers: { 'Content-Type': undefined },
query: { overwrite },
body: formData,
signal,
});
};

export const exportSelectedTimeline: ExportSelectedData = async ({
excludeExportDetails = false,
filename = `timelines_export.ndjson`,
ids = [],
signal,
}): Promise<Blob> => {
const body = ids.length > 0 ? JSON.stringify({ ids }) : undefined;
const response = await KibanaServices.get().http.fetch<Blob>(`${TIMELINE_EXPORT_URL}`, {
const response = await KibanaServices.get().http.fetch<{ body: Blob }>(`${TIMELINE_EXPORT_URL}`, {
method: 'POST',
body,
query: {
exclude_export_details: excludeExportDetails,
file_name: filename,
},
signal,
asResponse: true,
});

return response.body!;
return response.body;
};

export const getDraftTimeline = async ({
Expand Down
299 changes: 298 additions & 1 deletion x-pack/plugins/security_solution/server/lib/timeline/routes/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -323,4 +323,301 @@ kbn-version: 8.0.0
"timelineId":"f5a4bd10-83cd-11ea-bf78-0547a65f1281", // This is a must as well
"version":"Wzg2LDFd" // Please provide the existing timeline version
}
```
```

## Export timeline api

#### POST /api/timeline/_export

##### Authorization

Type: Basic Auth

username: Your Kibana username

password: Your Kibana password




##### Request header

```
Content-Type: application/json
kbn-version: 8.0.0
```

##### Request param

```
file_name: ${filename}.ndjson
```

##### Request body
```json
{
ids: [
${timelineId}
]
}
```

## Import timeline api

#### POST /api/timeline/_import

##### Authorization

Type: Basic Auth

username: Your Kibana username

password: Your Kibana password




##### Request header

```
Content-Type: application/json
kbn-version: 8.0.0
```

##### Request body

```
{
file: sample.ndjson
}
```


(each json in the file should match this format)
example:
```
{"savedObjectId":"a3002fd0-781b-11ea-85e4-df9002f1452c","version":"WzIzLDFd","columns":[{"columnHeaderType":"not-filtered","id":"@timestamp"},{"columnHeaderType":"not-filtered","id":"message"},{"columnHeaderType":"not-filtered","id":"event.category"},{"columnHeaderType":"not-filtered","id":"event.action"},{"columnHeaderType":"not-filtered","id":"host.name"},{"columnHeaderType":"not-filtered","id":"source.ip"},{"columnHeaderType":"not-filtered","id":"destination.ip"},{"columnHeaderType":"not-filtered","id":"user.name"}],"dataProviders":[],"description":"tes description","eventType":"all","filters":[{"meta":{"field":null,"negate":false,"alias":null,"disabled":false,"params":"{\"query\":\"MacBook-Pro-de-Gloria.local\"}","type":"phrase","key":"host.name"},"query":"{\"match_phrase\":{\"host.name\":\"MacBook-Pro-de-Gloria.local\"}}","missing":null,"exists":null,"match_all":null,"range":null,"script":null}],"kqlMode":"filter","kqlQuery":{"filterQuery":{"serializedQuery":"{\"bool\":{\"should\":[{\"exists\":{\"field\":\"host.name\"}}],\"minimum_should_match\":1}}","kuery":{"expression":"host.name: *","kind":"kuery"}}},"title":"Test","dateRange":{"start":1585227005527,"end":1585313405527},"savedQueryId":null,"sort":{"columnId":"@timestamp","sortDirection":"desc"},"created":1586187068132,"createdBy":"angela","updated":1586187068132,"updatedBy":"angela","eventNotes":[],"globalNotes":[{"noteId":"a3b4d9d0-781b-11ea-85e4-df9002f1452c","version":"WzI1LDFd","note":"this is a note","timelineId":"a3002fd0-781b-11ea-85e4-df9002f1452c","created":1586187069313,"createdBy":"angela","updated":1586187069313,"updatedBy":"angela"}],"pinnedEventIds":[]}
```

##### Response
```
{"success":true,"success_count":1,"errors":[]}
```

## Get draft timeline api

#### GET /api/timeline/_draft

##### Authorization

Type: Basic Auth

username: Your Kibana username

password: Your Kibana password


##### Request header

```
Content-Type: application/json
kbn-version: 8.0.0
```

##### Request param
```
timelineType: `default` or `template`
```

##### Response
```json
{
"data": {
"persistTimeline": {
"timeline": {
"savedObjectId": "ababbd90-99de-11ea-8446-1d7fd9f03ebf",
"version": "WzM2MiwzXQ==",
"columns": [
{
"columnHeaderType": "not-filtered",
"id": "@timestamp"
},
{
"columnHeaderType": "not-filtered",
"id": "message"
},
{
"columnHeaderType": "not-filtered",
"id": "event.category"
},
{
"columnHeaderType": "not-filtered",
"id": "event.action"
},
{
"columnHeaderType": "not-filtered",
"id": "host.name"
},
{
"columnHeaderType": "not-filtered",
"id": "source.ip"
},
{
"columnHeaderType": "not-filtered",
"id": "destination.ip"
},
{
"columnHeaderType": "not-filtered",
"id": "user.name"
}
],
"dataProviders": [],
"description": "",
"eventType": "all",
"filters": [],
"kqlMode": "filter",
"timelineType": "default",
"kqlQuery": {
"filterQuery": null
},
"title": "",
"sort": {
"columnId": "@timestamp",
"sortDirection": "desc"
},
"status": "draft",
"created": 1589899222908,
"createdBy": "casetester",
"updated": 1589899222908,
"updatedBy": "casetester",
"templateTimelineId": null,
"templateTimelineVersion": null,
"favorite": [],
"eventIdToNoteIds": [],
"noteIds": [],
"notes": [],
"pinnedEventIds": [],
"pinnedEventsSaveObject": []
}
}
}
}
```

## Create draft timeline api

#### POST /api/timeline/_draft

##### Authorization

Type: Basic Auth

username: Your Kibana username

password: Your Kibana password


##### Request header

```
Content-Type: application/json
kbn-version: 8.0.0
```

##### Request body

```json
{
"timelineType": "default" or "template"
}
```

##### Response
```json
{
"data": {
"persistTimeline": {
"timeline": {
"savedObjectId": "ababbd90-99de-11ea-8446-1d7fd9f03ebf",
"version": "WzQyMywzXQ==",
"columns": [
{
"columnHeaderType": "not-filtered",
"id": "@timestamp"
},
{
"columnHeaderType": "not-filtered",
"id": "message"
},
{
"columnHeaderType": "not-filtered",
"id": "event.category"
},
{
"columnHeaderType": "not-filtered",
"id": "event.action"
},
{
"columnHeaderType": "not-filtered",
"id": "host.name"
},
{
"columnHeaderType": "not-filtered",
"id": "source.ip"
},
{
"columnHeaderType": "not-filtered",
"id": "destination.ip"
},
{
"columnHeaderType": "not-filtered",
"id": "user.name"
}
],
"dataProviders": [],
"description": "",
"eventType": "all",
"filters": [],
"kqlMode": "filter",
"timelineType": "default",
"kqlQuery": {
"filterQuery": null
},
"title": "",
"sort": {
"columnId": "@timestamp",
"sortDirection": "desc"
},
"status": "draft",
"created": 1589903306582,
"createdBy": "casetester",
"updated": 1589903306582,
"updatedBy": "casetester",
"templateTimelineId": null,
"templateTimelineVersion": null,
"favorite": [],
"eventIdToNoteIds": [],
"noteIds": [],
"notes": [],
"pinnedEventIds": [],
"pinnedEventsSaveObject": []
}
}
}
}
```



1 change: 0 additions & 1 deletion x-pack/plugins/security_solution/server/lib/timeline/routes/__mocks__/request_responses.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ export const getExportTimelinesRequest = () =>
path: TIMELINE_EXPORT_URL,
query: {
file_name: 'mock_export_timeline.ndjson',
exclude_export_details: 'false',
},
body: {
ids: ['f0e58720-57b6-11ea-b88d-3f1a31716be8', '890b8ae0-57df-11ea-a7c9-3976b7f1cb37'],
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ describe('export timelines', () => {
const result = server.validate(request);

expect(result.badRequest.mock.calls[1][0]).toEqual(
'Invalid value "undefined" supplied to "file_name",Invalid value "undefined" supplied to "exclude_export_details",Invalid value "undefined" supplied to "exclude_export_details"'
'Invalid value "undefined" supplied to "file_name"'
);
});
});
Expand Down
1 change: 0 additions & 1 deletion ...k/plugins/security_solution/server/lib/timeline/routes/schemas/export_timelines_schema.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import * as rt from 'io-ts';

export const exportTimelinesQuerySchema = rt.type({
file_name: rt.string,
exclude_export_details: rt.union([rt.literal('true'), rt.literal('false')]),
});

export const exportTimelinesRequestBodySchema = rt.type({
Expand Down

0 comments on commit 100a5fd

Please sign in to comment.