[Endpoint] housekeeping (#64237) (#64677)

Reorganizing, renaming, and generally cleaning up common code in Endpoint. * Cleaning up `common/types` * Renaming things * Adding comments * Removing `export` when it's not needed
elastic · Apr 28, 2020 · c9b1796 · c9b1796
1 parent 6d0914c
commit c9b1796
Show file tree

Hide file tree

Showing 21 changed files with 172 additions and 129 deletions.
diff --git a/x-pack/plugins/endpoint/common/alert_constants.ts b/x-pack/plugins/endpoint/common/alert_constants.ts
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export class AlertConstants {
+  /**
+   * The prefix for all Alert APIs
+   */
+  static BASE_API_URL = '/api/endpoint';
+  /**
+   * The path for the Alert's Index Pattern API.
+   */
+  static INDEX_PATTERN_ROUTE = `${AlertConstants.BASE_API_URL}/index_pattern`;
+  /**
+   * Alert's Index pattern
+   */
+  static ALERT_INDEX_NAME = 'events-endpoint-1';
+  /**
+   * A paramter passed to Alert's Index Pattern.
+   */
+  static EVENT_DATASET = 'events';
+  /**
+   * Alert's Search API default page size
+   */
+  static DEFAULT_TOTAL_HITS = 10000;
+  /**
+   * Alerts
+   **/
+  static ALERT_LIST_DEFAULT_PAGE_SIZE = 10;
+  static ALERT_LIST_DEFAULT_SORT = '@timestamp';
+  static MAX_LONG_INT = '9223372036854775807'; // 2^63-1
+}
diff --git a/x-pack/plugins/endpoint/common/generate_data.ts b/x-pack/plugins/endpoint/common/generate_data.ts
@@ -9,9 +9,9 @@ import seedrandom from 'seedrandom';
 import {
   AlertEvent,
   EndpointEvent,
-  HostFields,
+  Host,
   HostMetadata,
-  OSFields,
+  HostOS,
   PolicyData,
   HostPolicyResponse,
   HostPolicyResponseActionStatus,
@@ -29,7 +29,7 @@ interface EventOptions {
   processName?: string;
 }
 
-const Windows: OSFields[] = [
+const Windows: HostOS[] = [
   {
     name: 'windows 10.0',
     full: 'Windows 10',
@@ -56,11 +56,11 @@ const Windows: OSFields[] = [
   },
 ];
 
-const Linux: OSFields[] = [];
+const Linux: HostOS[] = [];
 
-const Mac: OSFields[] = [];
+const Mac: HostOS[] = [];
 
-const OS: OSFields[] = [...Windows, ...Mac, ...Linux];
+const OS: HostOS[] = [...Windows, ...Mac, ...Linux];
 
 const POLICIES: Array<{ name: string; id: string }> = [
   {
@@ -102,7 +102,7 @@ interface HostInfo {
     version: string;
     id: string;
   };
-  host: HostFields;
+  host: Host;
   endpoint: {
     policy: {
       id: string;

diff --git a/x-pack/plugins/endpoint/common/schema/alert_index.ts b/x-pack/plugins/endpoint/common/schema/alert_index.ts
@@ -7,7 +7,7 @@
 import { schema, Type } from '@kbn/config-schema';
 import { i18n } from '@kbn/i18n';
 import { decode } from 'rison-node';
-import { EndpointAppConstants } from '../types';
+import { AlertConstants } from '../alert_constants';
 
 /**
  * Used to validate GET requests against the index of the alerting APIs.
@@ -18,7 +18,7 @@ export const alertingIndexGetQuerySchema = schema.object(
       schema.number({
         min: 1,
         max: 100,
-        defaultValue: EndpointAppConstants.ALERT_LIST_DEFAULT_PAGE_SIZE,
+        defaultValue: AlertConstants.ALERT_LIST_DEFAULT_PAGE_SIZE,
       })
     ),
     page_index: schema.maybe(

diff --git a/x-pack/plugins/endpoint/common/types.ts b/x-pack/plugins/endpoint/common/types.ts
@@ -25,32 +25,19 @@ export type Immutable<T> = T extends undefined | null | boolean | string | numbe
   ? ImmutableSet<M>
   : ImmutableObject<T>;
 
-export type ImmutableArray<T> = ReadonlyArray<Immutable<T>>;
-export type ImmutableMap<K, V> = ReadonlyMap<Immutable<K>, Immutable<V>>;
-export type ImmutableSet<T> = ReadonlySet<Immutable<T>>;
-export type ImmutableObject<T> = { readonly [K in keyof T]: Immutable<T[K]> };
-
-export type Direction = 'asc' | 'desc';
-
-export class EndpointAppConstants {
-  static BASE_API_URL = '/api/endpoint';
-  static INDEX_PATTERN_ROUTE = `${EndpointAppConstants.BASE_API_URL}/index_pattern`;
-  static ALERT_INDEX_NAME = 'events-endpoint-1';
-  static EVENT_DATASET = 'events';
-  static DEFAULT_TOTAL_HITS = 10000;
-  /**
-   * Legacy events are stored in indices with endgame-* prefix
-   */
-  static LEGACY_EVENT_INDEX_NAME = 'endgame-*';
+type ImmutableArray<T> = ReadonlyArray<Immutable<T>>;
+type ImmutableMap<K, V> = ReadonlyMap<Immutable<K>, Immutable<V>>;
+type ImmutableSet<T> = ReadonlySet<Immutable<T>>;
+type ImmutableObject<T> = { readonly [K in keyof T]: Immutable<T[K]> };
 
-  /**
-   * Alerts
-   **/
-  static ALERT_LIST_DEFAULT_PAGE_SIZE = 10;
-  static ALERT_LIST_DEFAULT_SORT = '@timestamp';
-  static MAX_LONG_INT = '9223372036854775807'; // 2^63-1
-}
+/**
+ * Values for the Alert APIs 'order' and 'direction' parameters.
+ */
+export type AlertAPIOrdering = 'asc' | 'desc';
 
+/**
+ * Returned by 'api/endpoint/alerts'
+ */
 export interface AlertResultList {
   /**
    * The alerts restricted by page size.
@@ -88,6 +75,9 @@ export interface AlertResultList {
   prev: string | null;
 }
 
+/**
+ * Returned by the server via /api/endpoint/metadata
+ */
 export interface HostResultList {
   /* the hosts restricted by the page size */
   hosts: HostInfo[];
@@ -99,43 +89,61 @@ export interface HostResultList {
   request_page_index: number;
 }
 
-export interface OSFields {
+/**
+ * Operating System metadata for a host.
+ */
+export interface HostOS {
   full: string;
   name: string;
   version: string;
   variant: string;
 }
-export interface HostFields {
+
+/**
+ * Host metadata. Describes an endpoint host.
+ */
+export interface Host {
   id: string;
   hostname: string;
   ip: string[];
   mac: string[];
-  os: OSFields;
+  os: HostOS;
 }
-export interface HashFields {
+
+/**
+ * A record of hashes for something. Provides hashes in multiple formats. A favorite structure of the Elastic Endpoint.
+ */
+interface Hashes {
+  /**
+   * A hash in MD5 format.
+   */
   md5: string;
+  /**
+   * A hash in SHA-1 format.
+   */
   sha1: string;
+  /**
+   * A hash in SHA-256 format.
+   */
   sha256: string;
 }
-export interface MalwareClassificationFields {
+
+interface MalwareClassification {
   identifier: string;
   score: number;
   threshold: number;
   version: string;
 }
-export interface PrivilegesFields {
-  description: string;
-  name: string;
-  enabled: boolean;
-}
-export interface ThreadFields {
+
+interface ThreadFields {
   id: number;
   service_name: string;
   start: number;
   start_address: number;
   start_address_module: string;
 }
-export interface DllFields {
+
+interface DllFields {
   pe: {
     architecture: string;
     imphash: string;
@@ -145,16 +153,15 @@ export interface DllFields {
     trusted: boolean;
   };
   compile_time: number;
-  hash: HashFields;
-  malware_classification: MalwareClassificationFields;
+  hash: Hashes;
+  malware_classification: MalwareClassification;
   mapped_address: number;
   mapped_size: number;
   path: string;
 }
 
 /**
  * Describes an Alert Event.
- * Should be in line with ECS schema.
  */
 export type AlertEvent = Immutable<{
   '@timestamp': number;
@@ -191,22 +198,26 @@ export type AlertEvent = Immutable<{
       entity_id: string;
     };
     name: string;
-    hash: HashFields;
+    hash: Hashes;
     pe?: {
       imphash: string;
     };
     executable: string;
     sid?: string;
     start: number;
-    malware_classification?: MalwareClassificationFields;
+    malware_classification?: MalwareClassification;
     token: {
       domain: string;
       type: string;
       user: string;
       sid: string;
       integrity_level: number;
       integrity_level_name: string;
-      privileges?: PrivilegesFields[];
+      privileges?: Array<{
+        description: string;
+        name: string;
+        enabled: boolean;
+      }>;
     };
     thread?: ThreadFields[];
     uptime: number;
@@ -220,18 +231,18 @@ export type AlertEvent = Immutable<{
     mtime: number;
     created: number;
     size: number;
-    hash: HashFields;
+    hash: Hashes;
     pe?: {
       imphash: string;
     };
     code_signature: {
       trusted: boolean;
       subject_name: string;
     };
-    malware_classification: MalwareClassificationFields;
+    malware_classification: MalwareClassification;
     temp_file_path: string;
   };
-  host: HostFields;
+  host: Host;
   dll?: DllFields[];
 }>;
 
@@ -249,9 +260,6 @@ interface AlertState {
   };
 }
 
-/**
- * Union of alert data and metadata.
- */
 export type AlertData = AlertEvent & AlertMetadata;
 
 export type AlertDetails = AlertData & AlertState;
@@ -301,7 +309,7 @@ export type HostMetadata = Immutable<{
     id: string;
     version: string;
   };
-  host: HostFields;
+  host: Host;
 }>;
 
 /**
@@ -365,7 +373,7 @@ export interface EndpointEvent {
     hostname: string;
     ip: string[];
     mac: string[];
-    os: OSFields;
+    os: HostOS;
   };
   process: {
     entity_id: string;
@@ -500,28 +508,22 @@ export interface PolicyConfig {
   };
 }
 
-/**
- * Windows-specific policy configuration that is supported via the UI
- */
-type WindowsPolicyConfig = Pick<PolicyConfig['windows'], 'events' | 'malware'>;
-
-/**
- * Mac-specific policy configuration that is supported via the UI
- */
-type MacPolicyConfig = Pick<PolicyConfig['mac'], 'malware' | 'events'>;
-
-/**
- * Linux-specific policy configuration that is supported via the UI
- */
-type LinuxPolicyConfig = Pick<PolicyConfig['linux'], 'events'>;
-
 /**
  * The set of Policy configuration settings that are show/edited via the UI
  */
 export interface UIPolicyConfig {
-  windows: WindowsPolicyConfig;
-  mac: MacPolicyConfig;
-  linux: LinuxPolicyConfig;
+  /**
+   * Windows-specific policy configuration that is supported via the UI
+   */
+  windows: Pick<PolicyConfig['windows'], 'events' | 'malware'>;
+  /**
+   * Mac-specific policy configuration that is supported via the UI
+   */
+  mac: Pick<PolicyConfig['mac'], 'malware' | 'events'>;
+  /**
+   * Linux-specific policy configuration that is supported via the UI
+   */
+  linux: Pick<PolicyConfig['linux'], 'events'>;
 }
 
 interface PolicyConfigAdvancedOptions {

diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/store/alerts/middleware.ts b/x-pack/plugins/endpoint/public/applications/endpoint/store/alerts/middleware.ts
@@ -9,7 +9,7 @@ import { AlertResultList, AlertDetails } from '../../../../../common/types';
 import { ImmutableMiddlewareFactory, AlertListState } from '../../types';
 import { isOnAlertPage, apiQueryParams, hasSelectedAlert, uiQueryParams } from './selectors';
 import { cloneHttpFetchQuery } from '../../../../common/clone_http_fetch_query';
-import { EndpointAppConstants } from '../../../../../common/types';
+import { AlertConstants } from '../../../../../common/alert_constants';
 
 export const alertMiddlewareFactory: ImmutableMiddlewareFactory<AlertListState> = (
   coreStart,
@@ -18,7 +18,7 @@ export const alertMiddlewareFactory: ImmutableMiddlewareFactory<AlertListState>
   async function fetchIndexPatterns(): Promise<IIndexPattern[]> {
     const { indexPatterns } = depsStart.data;
     const eventsPattern: { indexPattern: string } = await coreStart.http.get(
-      `${EndpointAppConstants.INDEX_PATTERN_ROUTE}/${EndpointAppConstants.EVENT_DATASET}`
+      `${AlertConstants.INDEX_PATTERN_ROUTE}/${AlertConstants.EVENT_DATASET}`
     );
     const fields = await indexPatterns.getFieldsForWildcard({
       pattern: eventsPattern.indexPattern,