-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Task/linux events #63400
Task/linux events #63400
Changes from 2 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -119,6 +119,26 @@ export const selectedMacEvents = (state: PolicyDetailsState): number => { | |
return 0; | ||
}; | ||
|
||
/** Returns the total number of possible linux eventing configurations */ | ||
export const totalLinuxEvents = (state: PolicyDetailsState): number => { | ||
const config = policyConfig(state); | ||
if (config) { | ||
return Object.keys(config.linux.events).length; | ||
} | ||
return 0; | ||
}; | ||
|
||
/** Returns the number of selected liinux eventing configurations */ | ||
export const selectedLinuxEvents = (state: PolicyDetailsState): number => { | ||
const config = policyConfig(state); | ||
if (config) { | ||
return Object.values(config.linux.events).reduce((count, event) => { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ❔ |
||
return event === true ? count + 1 : count; | ||
}, 0); | ||
} | ||
return 0; | ||
}; | ||
|
||
/** is there an api call in flight */ | ||
export const isLoading = (state: PolicyDetailsState) => state.isLoading; | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import React, { useMemo } from 'react'; | ||
import { i18n } from '@kbn/i18n'; | ||
import { FormattedMessage } from '@kbn/i18n/react'; | ||
import { EuiTitle, EuiText, EuiSpacer } from '@elastic/eui'; | ||
import { EventsCheckbox } from './checkbox'; | ||
import { OS, UIPolicyConfig } from '../../../../types'; | ||
import { usePolicyDetailsSelector } from '../../policy_hooks'; | ||
import { selectedLinuxEvents, totalLinuxEvents } from '../../../../store/policy_details/selectors'; | ||
import { ConfigForm } from '../config_form'; | ||
import { getIn, setIn } from '../../../../models/policy_details_config'; | ||
|
||
export const LinuxEvents = React.memo(() => { | ||
const selected = usePolicyDetailsSelector(selectedLinuxEvents); | ||
const total = usePolicyDetailsSelector(totalLinuxEvents); | ||
|
||
const checkboxes: Array<{ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. recommend |
||
name: string; | ||
os: 'linux'; | ||
protectionField: keyof UIPolicyConfig['linux']['events']; | ||
}> = useMemo( | ||
() => [ | ||
{ | ||
name: i18n.translate('xpack.endpoint.policyDetailsConfig.linux.events.file', { | ||
defaultMessage: 'File', | ||
}), | ||
os: OS.linux, | ||
protectionField: 'file', | ||
}, | ||
{ | ||
name: i18n.translate('xpack.endpoint.policyDetailsConfig.linux.events.process', { | ||
defaultMessage: 'Process', | ||
}), | ||
os: OS.linux, | ||
protectionField: 'process', | ||
}, | ||
{ | ||
name: i18n.translate('xpack.endpoint.policyDetailsConfig.linux.events.network', { | ||
defaultMessage: 'Network', | ||
}), | ||
os: OS.linux, | ||
protectionField: 'network', | ||
}, | ||
], | ||
[] | ||
); | ||
|
||
const renderCheckboxes = () => { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
return ( | ||
<> | ||
<EuiTitle size="xxs"> | ||
<h5> | ||
<FormattedMessage | ||
id="xpack.endpoint.policyDetailsConfig.eventingEvents" | ||
defaultMessage="Events" | ||
/> | ||
</h5> | ||
</EuiTitle> | ||
<EuiSpacer size="s" /> | ||
{checkboxes.map((item, index) => { | ||
return ( | ||
<EventsCheckbox | ||
name={item.name} | ||
key={index} | ||
setter={(config, checked) => | ||
setIn(config)(item.os)('events')(item.protectionField)(checked) | ||
} | ||
getter={config => getIn(config)(item.os)('events')(item.protectionField)} | ||
/> | ||
); | ||
})} | ||
</> | ||
); | ||
}; | ||
|
||
const collectionsEnabled = () => { | ||
return ( | ||
<EuiText size="s" color="subdued"> | ||
<FormattedMessage | ||
id="xpack.endpoint.policy.details.eventCollectionsEnabled" | ||
defaultMessage="{selected} / {total} event collections enabled" | ||
values={{ selected, total }} | ||
/> | ||
</EuiText> | ||
); | ||
}; | ||
|
||
return ( | ||
<ConfigForm | ||
type={i18n.translate('xpack.endpoint.policy.details.eventCollection', { | ||
defaultMessage: 'Event Collection', | ||
})} | ||
supportedOss={[ | ||
i18n.translate('xpack.endpoint.policy.details.linux', { defaultMessage: 'Linux' }), | ||
]} | ||
id="linuxEventingForm" | ||
rightCorner={collectionsEnabled()} | ||
children={renderCheckboxes()} | ||
/> | ||
); | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@parkiino an updated list from @ferullo lists these as the supported Windows events on the first release
DLL/Driver Load
File
Network
Process
Registry
Security
DNS
I'll update the AC. Apologies on the extra events in there, we can delete all that aren't in the list above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gotcha i'll change it