[Attack Discovery][Scheduling] Attack Discovery scheduling rule management (#12003)

src/platform/packages/shared/kbn-alerts-as-data-utils/src/schemas/generated/security_attack_discovery_schema.ts

@@ -0,0 +1,145 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+// ---------------------------------- WARNING ----------------------------------
+// this file was generated, and should not be edited by hand
+// ---------------------------------- WARNING ----------------------------------
+import * as rt from 'io-ts';
+import type { Either } from 'fp-ts/lib/Either';
+import { AlertSchema } from './alert_schema';
+import { EcsSchema } from './ecs_schema';
+const ISO_DATE_PATTERN = /^d{4}-d{2}-d{2}Td{2}:d{2}:d{2}.d{3}Z$/;
+export const IsoDateString = new rt.Type<string, string, unknown>(
+  'IsoDateString',
+  rt.string.is,
+  (input, context): Either<rt.Errors, string> => {
+    if (typeof input === 'string' && ISO_DATE_PATTERN.test(input)) {
+      return rt.success(input);
+    } else {
+      return rt.failure(input, context);
+    }
+  },
+  rt.identity
+);
+export type IsoDateStringC = typeof IsoDateString;
+export const schemaUnknown = rt.unknown;
+export const schemaUnknownArray = rt.array(rt.unknown);
+export const schemaString = rt.string;
+export const schemaStringArray = rt.array(schemaString);
+export const schemaNumber = rt.number;
+export const schemaNumberArray = rt.array(schemaNumber);
+export const schemaDate = rt.union([IsoDateString, schemaNumber]);
+export const schemaDateArray = rt.array(schemaDate);
+export const schemaDateRange = rt.partial({
+  gte: schemaDate,
+  lte: schemaDate,
+});
+export const schemaDateRangeArray = rt.array(schemaDateRange);
+export const schemaStringOrNumber = rt.union([schemaString, schemaNumber]);
+export const schemaStringOrNumberArray = rt.array(schemaStringOrNumber);
+export const schemaBoolean = rt.boolean;
+export const schemaBooleanArray = rt.array(schemaBoolean);
+const schemaGeoPointCoords = rt.type({
+  type: schemaString,
+  coordinates: schemaNumberArray,
+});
+const schemaGeoPointString = schemaString;
+const schemaGeoPointLatLon = rt.type({
+  lat: schemaNumber,
+  lon: schemaNumber,
+});
+const schemaGeoPointLocation = rt.type({
+  location: schemaNumberArray,
+});
+const schemaGeoPointLocationString = rt.type({
+  location: schemaString,
+});
+export const schemaGeoPoint = rt.union([
+  schemaGeoPointCoords,
+  schemaGeoPointString,
+  schemaGeoPointLatLon,
+  schemaGeoPointLocation,
+  schemaGeoPointLocationString,
+]);
+export const schemaGeoPointArray = rt.array(schemaGeoPoint);
+// prettier-ignore
+const SecurityAttackDiscoveryAlertRequired = rt.type({
+  '@timestamp': schemaDate,
+  'kibana.alert.attack_discovery.alert_ids': schemaStringArray,
+  'kibana.alert.attack_discovery.alerts_context_count': schemaNumber,
+  'kibana.alert.attack_discovery.api_config': schemaUnknown,
+  'kibana.alert.attack_discovery.details_markdown': schemaString,
+  'kibana.alert.attack_discovery.details_markdown_with_replacements': schemaString,
+  'kibana.alert.attack_discovery.summary_markdown': schemaString,
+  'kibana.alert.attack_discovery.summary_markdown_with_replacements': schemaString,
+  'kibana.alert.attack_discovery.title': schemaString,
+  'kibana.alert.attack_discovery.title_with_replacements': schemaString,
+  'kibana.alert.attack_discovery.users.id': schemaString,
+  'kibana.alert.instance.id': schemaString,
+  'kibana.alert.rule.category': schemaString,
+  'kibana.alert.rule.consumer': schemaString,
+  'kibana.alert.rule.name': schemaString,
+  'kibana.alert.rule.producer': schemaString,
+  'kibana.alert.rule.revision': schemaStringOrNumber,
+  'kibana.alert.rule.rule_type_id': schemaString,
+  'kibana.alert.rule.uuid': schemaString,
+  'kibana.alert.status': schemaString,
+  'kibana.alert.uuid': schemaString,
+  'kibana.space_ids': schemaStringArray,
+});
+// prettier-ignore
+const SecurityAttackDiscoveryAlertOptional = rt.partial({
+  'event.action': schemaString,
+  'event.kind': schemaString,
+  'event.original': schemaString,
+  'kibana.alert.action_group': schemaString,
+  'kibana.alert.attack_discovery.api_config.model': schemaString,
+  'kibana.alert.attack_discovery.api_config.provider': schemaString,
+  'kibana.alert.attack_discovery.entity_summary_markdown': schemaString,
+  'kibana.alert.attack_discovery.entity_summary_markdown_with_replacements': schemaString,
+  'kibana.alert.attack_discovery.mitre_attack_tactics': schemaStringArray,
+  'kibana.alert.attack_discovery.replacements': schemaUnknown,
+  'kibana.alert.attack_discovery.user.id': schemaString,
+  'kibana.alert.attack_discovery.users': rt.array(
+    rt.partial({
+      name: schemaString,
+    })
+  ),
+  'kibana.alert.case_ids': schemaStringArray,
+  'kibana.alert.consecutive_matches': schemaStringOrNumber,
+  'kibana.alert.duration.us': schemaStringOrNumber,
+  'kibana.alert.end': schemaDate,
+  'kibana.alert.flapping': schemaBoolean,
+  'kibana.alert.flapping_history': schemaBooleanArray,
+  'kibana.alert.intended_timestamp': schemaDate,
+  'kibana.alert.last_detected': schemaDate,
+  'kibana.alert.maintenance_window_ids': schemaStringArray,
+  'kibana.alert.pending_recovered_count': schemaStringOrNumber,
+  'kibana.alert.previous_action_group': schemaString,
+  'kibana.alert.reason': schemaString,
+  'kibana.alert.risk_score': schemaNumber,
+  'kibana.alert.rule.execution.timestamp': schemaDate,
+  'kibana.alert.rule.execution.type': schemaString,
+  'kibana.alert.rule.execution.uuid': schemaString,
+  'kibana.alert.rule.parameters': schemaUnknown,
+  'kibana.alert.rule.tags': schemaStringArray,
+  'kibana.alert.severity_improving': schemaBoolean,
+  'kibana.alert.start': schemaDate,
+  'kibana.alert.time_range': schemaDateRange,
+  'kibana.alert.url': schemaString,
+  'kibana.alert.workflow_assignee_ids': schemaStringArray,
+  'kibana.alert.workflow_status': schemaString,
+  'kibana.alert.workflow_tags': schemaStringArray,
+  'kibana.version': schemaString,
+  tags: schemaStringArray,
+});
+
+// prettier-ignore
+export const SecurityAttackDiscoveryAlertSchema = rt.intersection([SecurityAttackDiscoveryAlertRequired, SecurityAttackDiscoveryAlertOptional, AlertSchema, EcsSchema]);
+// prettier-ignore
+export type SecurityAttackDiscoveryAlert = rt.TypeOf<typeof SecurityAttackDiscoveryAlertSchema>;

src/platform/packages/shared/kbn-alerts-as-data-utils/src/schemas/index.ts

@@ -14,6 +14,7 @@ import type { ObservabilityMetricsAlert } from './generated/observability_metric
 import type { ObservabilitySloAlert } from './generated/observability_slo_schema';
 import type { ObservabilityUptimeAlert } from './generated/observability_uptime_schema';
 import type { SecurityAlert } from './generated/security_schema';
+import type { SecurityAttackDiscoveryAlert } from './generated/security_attack_discovery_schema';
 import type { MlAnomalyDetectionAlert } from './generated/ml_anomaly_detection_schema';
 import type { DefaultAlert } from './generated/default_schema';
 import type { MlAnomalyDetectionHealthAlert } from './generated/ml_anomaly_detection_health_schema';
@@ -28,6 +29,7 @@ export type { ObservabilityMetricsAlert } from './generated/observability_metric
 export type { ObservabilitySloAlert } from './generated/observability_slo_schema';
 export type { ObservabilityUptimeAlert } from './generated/observability_uptime_schema';
 export type { SecurityAlert } from './generated/security_schema';
+export type { SecurityAttackDiscoveryAlert } from './generated/security_attack_discovery_schema';
 export type { StackAlert } from './generated/stack_schema';
 export type { MlAnomalyDetectionAlert } from './generated/ml_anomaly_detection_schema';
 export type { MlAnomalyDetectionHealthAlert } from './generated/ml_anomaly_detection_health_schema';
@@ -42,6 +44,7 @@ export type AADAlert =
   | ObservabilitySloAlert
   | ObservabilityUptimeAlert
   | SecurityAlert
+  | SecurityAttackDiscoveryAlert
   | MlAnomalyDetectionAlert
   | MlAnomalyDetectionHealthAlert
   | TransformHealthAlert

x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/attack_discovery/crud_attack_discovery_schedules_route.gen.ts

@@ -0,0 +1,157 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Attack discovery scheduling API endpoint
+ *   version: 1
+ */
+
+import { z } from '@kbn/zod';
+
+import {
+  AttackDiscoveryScheduleCreateProps,
+  AttackDiscoverySchedule,
+  AttackDiscoveryScheduleUpdateProps,
+} from './schedules.gen';
+import { NonEmptyString } from '../common_attributes.gen';
+
+/**
+ * Object containing Attack Discovery schedule.
+ */
+export type AttackDiscoveryGenericResponse = z.infer<typeof AttackDiscoveryGenericResponse>;
+export const AttackDiscoveryGenericResponse = z.object({}).catchall(z.unknown());
+
+/**
+ * An attack discovery generic error
+ */
+export type AttackDiscoveryGenericError = z.infer<typeof AttackDiscoveryGenericError>;
+export const AttackDiscoveryGenericError = z.object({
+  statusCode: z.number().optional(),
+  error: z.string().optional(),
+  message: z.string().optional(),
+});
+
+export type CreateAttackDiscoverySchedulesRequestBody = z.infer<
+  typeof CreateAttackDiscoverySchedulesRequestBody
+>;
+export const CreateAttackDiscoverySchedulesRequestBody = AttackDiscoveryScheduleCreateProps;
+export type CreateAttackDiscoverySchedulesRequestBodyInput = z.input<
+  typeof CreateAttackDiscoverySchedulesRequestBody
+>;
+
+export type CreateAttackDiscoverySchedulesResponse = z.infer<
+  typeof CreateAttackDiscoverySchedulesResponse
+>;
+export const CreateAttackDiscoverySchedulesResponse = AttackDiscoverySchedule;
+
+export type DeleteAttackDiscoverySchedulesRequestParams = z.infer<
+  typeof DeleteAttackDiscoverySchedulesRequestParams
+>;
+export const DeleteAttackDiscoverySchedulesRequestParams = z.object({
+  /**
+   * The Attack Discovery schedule's `id` value.
+   */
+  id: NonEmptyString,
+});
+export type DeleteAttackDiscoverySchedulesRequestParamsInput = z.input<
+  typeof DeleteAttackDiscoverySchedulesRequestParams
+>;
+
+export type DeleteAttackDiscoverySchedulesResponse = z.infer<
+  typeof DeleteAttackDiscoverySchedulesResponse
+>;
+export const DeleteAttackDiscoverySchedulesResponse = z.object({
+  id: NonEmptyString,
+});
+
+export type DisableAttackDiscoverySchedulesRequestParams = z.infer<
+  typeof DisableAttackDiscoverySchedulesRequestParams
+>;
+export const DisableAttackDiscoverySchedulesRequestParams = z.object({
+  /**
+   * The Attack Discovery schedule's `id` value.
+   */
+  id: NonEmptyString,
+});
+export type DisableAttackDiscoverySchedulesRequestParamsInput = z.input<
+  typeof DisableAttackDiscoverySchedulesRequestParams
+>;
+
+export type DisableAttackDiscoverySchedulesResponse = z.infer<
+  typeof DisableAttackDiscoverySchedulesResponse
+>;
+export const DisableAttackDiscoverySchedulesResponse = z.object({
+  id: NonEmptyString,
+});
+
+export type EnableAttackDiscoverySchedulesRequestParams = z.infer<
+  typeof EnableAttackDiscoverySchedulesRequestParams
+>;
+export const EnableAttackDiscoverySchedulesRequestParams = z.object({
+  /**
+   * The Attack Discovery schedule's `id` value.
+   */
+  id: NonEmptyString,
+});
+export type EnableAttackDiscoverySchedulesRequestParamsInput = z.input<
+  typeof EnableAttackDiscoverySchedulesRequestParams
+>;
+
+export type EnableAttackDiscoverySchedulesResponse = z.infer<
+  typeof EnableAttackDiscoverySchedulesResponse
+>;
+export const EnableAttackDiscoverySchedulesResponse = z.object({
+  id: NonEmptyString,
+});
+
+export type GetAttackDiscoverySchedulesRequestParams = z.infer<
+  typeof GetAttackDiscoverySchedulesRequestParams
+>;
+export const GetAttackDiscoverySchedulesRequestParams = z.object({
+  /**
+   * The Attack Discovery schedule's `id` value.
+   */
+  id: NonEmptyString,
+});
+export type GetAttackDiscoverySchedulesRequestParamsInput = z.input<
+  typeof GetAttackDiscoverySchedulesRequestParams
+>;
+
+export type GetAttackDiscoverySchedulesResponse = z.infer<
+  typeof GetAttackDiscoverySchedulesResponse
+>;
+export const GetAttackDiscoverySchedulesResponse = AttackDiscoverySchedule;
+
+export type UpdateAttackDiscoverySchedulesRequestParams = z.infer<
+  typeof UpdateAttackDiscoverySchedulesRequestParams
+>;
+export const UpdateAttackDiscoverySchedulesRequestParams = z.object({
+  /**
+   * The Attack Discovery schedule's `id` value.
+   */
+  id: NonEmptyString,
+});
+export type UpdateAttackDiscoverySchedulesRequestParamsInput = z.input<
+  typeof UpdateAttackDiscoverySchedulesRequestParams
+>;
+
+export type UpdateAttackDiscoverySchedulesRequestBody = z.infer<
+  typeof UpdateAttackDiscoverySchedulesRequestBody
+>;
+export const UpdateAttackDiscoverySchedulesRequestBody = AttackDiscoveryScheduleUpdateProps;
+export type UpdateAttackDiscoverySchedulesRequestBodyInput = z.input<
+  typeof UpdateAttackDiscoverySchedulesRequestBody
+>;
+
+export type UpdateAttackDiscoverySchedulesResponse = z.infer<
+  typeof UpdateAttackDiscoverySchedulesResponse
+>;
+export const UpdateAttackDiscoverySchedulesResponse = AttackDiscoverySchedule;