-
Notifications
You must be signed in to change notification settings - Fork 8.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution] Detection rules bootstrap endpoint (#189518)
**Resolves: #187647 ## Summary Added a new API endpoint `POST /internal/detection_engine/prebuilt_rules/_bootstrap`. This endpoint is responsible for installing the necessary packages for prebuilt detection rules to function properly. This allows us to avoid calling Fleet directly from FE and helps encapsulate complex logic of the package version selection in a single place on the backend. Currently, it installs or upgrades (if already installed) two packages: `endpoint` and `security_detection_engine`. The response looks like this: ```json5 { packages: [ { name: 'detection_engine', version: '1.0.0', status: 'installed', }, { name: 'endpoint', version: '1.0.0', status: 'already_installed', }, ], } ``` We call this endpoint from Kibana every time a user lands on any security solution page. The endpoint checks if the required packages are missing or if a newer version is available. If so, the newer version is installed, and the package status will be `installed` in the response. If all packages are up-to-date, the package status will be `already_installed` in the response. This allows us to invalidate prebuilt rule endpoints more efficiently and avoid sending extra requests from Kibana: ```ts if ( response?.packages.find((pkg) => pkg.name === PREBUILT_RULES_PACKAGE_NAME)?.status === 'installed' ) { // Invalidate other pre-packaged rules related queries. We need to do // that only if the prebuilt rules package was installed, indicating // that there might be new rules to install. invalidatePrePackagedRulesStatus(); invalidatePrebuiltRulesInstallReview(); invalidatePrebuiltRulesUpdateReview(); } ``` The performance gain is that we do not invalidate prebuilt rules when the package is already installed. Previously: `Fetch rules initially -> Upgrade rules package -(always)-> Re-fetch rules` Now: `Fetch rules initially -> Upgrade rules package -(only if there's a new package version)-> Re-fetch rules` This will result in fewer redundant API requests from Kibana.
- Loading branch information
Showing
35 changed files
with
578 additions
and
438 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
.../detection_engine/prebuilt_rules/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.gen.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
/* | ||
* NOTICE: Do not edit this file manually. | ||
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. | ||
* | ||
* info: | ||
* title: Bootstrap Prebuilt Rules API endpoint | ||
* version: 1 | ||
*/ | ||
|
||
import { z } from 'zod'; | ||
|
||
export type PackageInstallStatus = z.infer<typeof PackageInstallStatus>; | ||
export const PackageInstallStatus = z.object({ | ||
/** | ||
* The name of the package | ||
*/ | ||
name: z.string(), | ||
/** | ||
* The version of the package | ||
*/ | ||
version: z.string(), | ||
/** | ||
* The status of the package installation | ||
*/ | ||
status: z.enum(['installed', 'already_installed']), | ||
}); | ||
|
||
export type BootstrapPrebuiltRulesResponse = z.infer<typeof BootstrapPrebuiltRulesResponse>; | ||
export const BootstrapPrebuiltRulesResponse = z.object({ | ||
/** | ||
* The list of packages that were installed or upgraded | ||
*/ | ||
packages: z.array(PackageInstallStatus), | ||
}); |
51 changes: 51 additions & 0 deletions
51
...ction_engine/prebuilt_rules/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.schema.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
openapi: 3.0.0 | ||
info: | ||
title: Bootstrap Prebuilt Rules API endpoint | ||
version: '1' | ||
paths: | ||
/internal/detection_engine/prebuilt_rules/_bootstrap: | ||
post: | ||
x-labels: [ess, serverless] | ||
x-codegen-enabled: true | ||
operationId: BootstrapPrebuiltRules | ||
summary: Bootstrap Prebuilt Rules | ||
description: Ensures that the packages needed for prebuilt detection rules to work are installed and up to date | ||
tags: | ||
- Prebuilt Rules API | ||
responses: | ||
200: | ||
description: Indicates a successful call | ||
content: | ||
application/json: | ||
schema: | ||
type: object | ||
properties: | ||
packages: | ||
type: array | ||
description: The list of packages that were installed or upgraded | ||
items: | ||
$ref: '#/components/schemas/PackageInstallStatus' | ||
required: | ||
- packages | ||
|
||
components: | ||
schemas: | ||
PackageInstallStatus: | ||
type: object | ||
properties: | ||
name: | ||
type: string | ||
description: The name of the package | ||
version: | ||
type: string | ||
description: The version of the package | ||
status: | ||
type: string | ||
description: The status of the package installation | ||
enum: | ||
- installed | ||
- already_installed | ||
required: | ||
- name | ||
- version | ||
- status |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.