-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' of github.com:elastic/kibana into feat/144439-add…
…-context-alertdetailsurl-to-apm-latency-threshold-rule
- Loading branch information
Showing
49 changed files
with
3,737 additions
and
67 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,105 @@ | ||
| [role="xpack"] | ||
| [[tines-action-type]] | ||
| == Tines connector | ||
| ++++ | ||
| <titleabbrev>Tines</titleabbrev> | ||
| ++++ | ||
|
|
||
| The Tines connector uses Tines's https://www.tines.com/docs/actions/types/webhook[Webhook actions] to send events via POST request. | ||
|
|
||
| [float] | ||
| [[tines-connector-configuration]] | ||
| === Connector configuration | ||
|
|
||
| Tines connectors have the following configuration properties. | ||
|
|
||
| URL:: The Tines tenant URL. If you are using the <<action-settings, `xpack.actions.allowedHosts`>> setting, make sure the hostname is added to the allowed hosts. | ||
| Email:: The email used to sign in to Tines. | ||
| API Token:: A Tines API token created by the user. https://www.tines.com/api/authentication#generate-api-token[Docs] | ||
|
|
||
| [role="screenshot"] | ||
| image::../images/tines-connector.png[Tines connector] | ||
|
|
||
| [float] | ||
| [[Preconfigured-tines-configuration]] | ||
| ==== Preconfigured connector type | ||
|
|
||
| [source,text] | ||
| -- | ||
| my-tines: | ||
| name: preconfigured-tines-connector-type | ||
| actionTypeId: .tines | ||
| config: | ||
| url: https://some-tenant-2345.tines.com | ||
| secrets: | ||
| email: [email protected] | ||
| token: ausergeneratedapitoken | ||
| -- | ||
|
|
||
| Config defines information for the connector type. | ||
|
|
||
| `url`:: A Tines tenant URL string that corresponds to *URL*. | ||
|
|
||
| Secrets defines sensitive information for the connector type. | ||
|
|
||
| `email`:: A string that corresponds to *Email*. | ||
| `token`:: A string that corresponds to *API Token*. | ||
|
|
||
| [float] | ||
| [[tines-action-parameters]] | ||
| === Action parameters | ||
|
|
||
| Tines action have the following parameters. | ||
|
|
||
| Story:: The Story to send the events to. | ||
| Webhook:: The Webhook action from the previous story that will receive the events, it is the data entry point. | ||
|
|
||
| Test Tines action parameters. | ||
|
|
||
| [role="screenshot"] | ||
| image::../images/tines-params-test.png[Tines params test] | ||
|
|
||
| [float] | ||
| [[tines-action-format]] | ||
| === Actions | ||
|
|
||
| Once the Tines connector has been configured in an Alerting Rule. | ||
|
|
||
| [role="screenshot"] | ||
| image::../images/tines-alerting.png[Tines rule alert] | ||
|
|
||
| It will send a POST request to the Tines webhook action on every action execution with at least one result. | ||
|
|
||
| [float] | ||
| [[webhookUrlFallback-tines-configuration]] | ||
| ==== Webhook URL fallback | ||
|
|
||
| It is possible for the requests to the Tines API, to get the stories and webhooks for the selectors, to hit the 500 results limit; in this scenario, the webhook URL fallback text field will be displayed. | ||
| Users can still use the selectors if the story or webhook exists in the 500 options loaded. Otherwise, users can paste the webhook URL in the test input field, it can be copied from the Tines webhook configuration. | ||
|
|
||
| When the webhook URL is defined, the connector will use it directly in the execution stage, and the story and webhook selectors will be disabled and ignored. To re-enable the story and webhook selectors, remove the webhook URL value. | ||
|
|
||
| [role="screenshot"] | ||
| image::../images/tines-webhook-url-fallback.png[Tines Webhook URL fallback] | ||
|
|
||
| [float] | ||
| [[tines-story-library]] | ||
| === Tines Story Libary | ||
|
|
||
| In order to simplify the integration with Elastic, Tines offers a set of pre-defined Elastic stories in the Story library. | ||
| They can be found by searching for "Elastic" in the Tines Story library: | ||
|
|
||
| [role="screenshot"] | ||
| image::../images/tines_elastic_stories.png[Tines Elastic stories] | ||
|
|
||
| They can be imported directly into your Tines tenant. | ||
|
|
||
| === Format | ||
|
|
||
| Tines connector will send the data in JSON format. | ||
|
|
||
| The message contains execution specific fields, such as `alertId`, `date`, `_index`, `kibanaBaseUrl`, along with the `rule` and `params` objects. | ||
|
|
||
| The number of alerts (signals) can be found at `state.signals_count`. | ||
|
|
||
| The alerts (signals) data is stored in the `context.alerts` array, following the https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html[ECS] format. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
16 changes: 16 additions & 0 deletions
16
x-pack/plugins/stack_connectors/common/connector_types/security/tines/constants.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| export const TINES_TITLE = 'Tines'; | ||
| export const TINES_CONNECTOR_ID = '.tines'; | ||
| export const API_MAX_RESULTS = 500; | ||
| export const enum SUB_ACTION { | ||
| STORIES = 'stories', | ||
| WEBHOOKS = 'webhooks', | ||
| RUN = 'run', | ||
| TEST = 'test', | ||
| } |
46 changes: 46 additions & 0 deletions
46
x-pack/plugins/stack_connectors/common/connector_types/security/tines/schema.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { schema } from '@kbn/config-schema'; | ||
|
|
||
| // Connector schema | ||
| export const TinesConfigSchema = schema.object({ url: schema.string() }); | ||
| export const TinesSecretsSchema = schema.object({ email: schema.string(), token: schema.string() }); | ||
|
|
||
| // Stories action schema | ||
| export const TinesStoriesActionParamsSchema = null; | ||
| export const TinesStoryObjectSchema = schema.object({ | ||
| id: schema.number(), | ||
| name: schema.string(), | ||
| published: schema.boolean(), | ||
| }); | ||
| export const TinesStoriesActionResponseSchema = schema.object({ | ||
| stories: schema.arrayOf(TinesStoryObjectSchema), | ||
| incompleteResponse: schema.boolean(), | ||
| }); | ||
|
|
||
| // Webhooks action schema | ||
| export const TinesWebhooksActionParamsSchema = schema.object({ storyId: schema.number() }); | ||
| export const TinesWebhookObjectSchema = schema.object({ | ||
| id: schema.number(), | ||
| name: schema.string(), | ||
| storyId: schema.number(), | ||
| path: schema.string(), | ||
| secret: schema.string(), | ||
| }); | ||
| export const TinesWebhooksActionResponseSchema = schema.object({ | ||
| webhooks: schema.arrayOf(TinesWebhookObjectSchema), | ||
| incompleteResponse: schema.boolean(), | ||
| }); | ||
|
|
||
| // Run action schema | ||
| export const TinesRunActionParamsSchema = schema.object({ | ||
| webhook: schema.maybe(TinesWebhookObjectSchema), | ||
| webhookUrl: schema.maybe(schema.string()), | ||
| body: schema.string(), | ||
| }); | ||
| export const TinesRunActionResponseSchema = schema.object({}, { unknowns: 'ignore' }); |
30 changes: 30 additions & 0 deletions
30
x-pack/plugins/stack_connectors/common/connector_types/security/tines/types.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { TypeOf } from '@kbn/config-schema'; | ||
| import { | ||
| TinesConfigSchema, | ||
| TinesSecretsSchema, | ||
| TinesRunActionParamsSchema, | ||
| TinesRunActionResponseSchema, | ||
| TinesStoriesActionResponseSchema, | ||
| TinesWebhooksActionResponseSchema, | ||
| TinesWebhooksActionParamsSchema, | ||
| TinesWebhookObjectSchema, | ||
| TinesStoryObjectSchema, | ||
| } from './schema'; | ||
|
|
||
| export type TinesConfig = TypeOf<typeof TinesConfigSchema>; | ||
| export type TinesSecrets = TypeOf<typeof TinesSecretsSchema>; | ||
| export type TinesRunActionParams = TypeOf<typeof TinesRunActionParamsSchema>; | ||
| export type TinesRunActionResponse = TypeOf<typeof TinesRunActionResponseSchema>; | ||
| export type TinesStoriesActionParams = void; | ||
| export type TinesStoryObject = TypeOf<typeof TinesStoryObjectSchema>; | ||
| export type TinesStoriesActionResponse = TypeOf<typeof TinesStoriesActionResponseSchema>; | ||
| export type TinesWebhooksActionParams = TypeOf<typeof TinesWebhooksActionParamsSchema>; | ||
| export type TinesWebhooksActionResponse = TypeOf<typeof TinesWebhooksActionResponseSchema>; | ||
| export type TinesWebhookObject = TypeOf<typeof TinesWebhookObjectSchema>; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
8 changes: 8 additions & 0 deletions
8
x-pack/plugins/stack_connectors/public/connector_types/security/tines/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| export { getConnectorType as getTinesConnectorType } from './tines'; |
40 changes: 40 additions & 0 deletions
40
x-pack/plugins/stack_connectors/public/connector_types/security/tines/logo.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import React from 'react'; | ||
| import { LogoProps } from '../types'; | ||
|
|
||
| const Logo = (props: LogoProps) => ( | ||
| <svg | ||
| version="1.1" | ||
| id="Layer_1" | ||
| xmlns="http://www.w3.org/2000/svg" | ||
| xmlnsXlink="http://www.w3.org/1999/xlink" | ||
| x="0" | ||
| y="0" | ||
| width="32px" | ||
| height="32px" | ||
| viewBox="0 0 32 32" | ||
| enableBackground="new 0 0 32 32" | ||
| xmlSpace="preserve" | ||
| {...props} | ||
| > | ||
| <g> | ||
| <rect y="128.4" className="st0" width="25.7" height="46.6" style={{ fill: '#06AC38' }} /> | ||
| <path | ||
| className="st0" | ||
| style={{ fill: '#8578E6' }} | ||
| fillRule="evenodd" | ||
| clipRule="evenodd" | ||
| d="M11.8018 0C8.01458 0 4.66599 2.45749 3.53258 6.06868L0.415527 16L3.53258 25.9313C4.66599 29.5425 8.01458 32 11.8018 32H20.1981C23.9853 32 27.3339 29.5425 28.4673 25.9313L31.5844 16L28.4673 6.06868C27.3339 2.45749 23.9853 0 20.1981 0H11.8018ZM20.1982 2.49634C22.8938 2.49634 25.2772 4.24548 26.0839 6.81577L26.8481 9.25062C25.3107 7.98154 23.3639 7.26723 21.3292 7.26707L10.648 7.26679C8.62691 7.26694 6.69264 7.97168 5.16015 9.22481L5.91625 6.81577C6.72297 4.24548 9.10635 2.49634 11.8019 2.49634H20.1982ZM5.73674 12.1986L3.79587 14.7519L28.1811 14.7519L26.2404 12.1989C25.0741 10.6646 23.2571 9.76356 21.329 9.76341H10.5898C8.68349 9.78153 6.89125 10.6798 5.73674 12.1986ZM28.1771 17.2482L26.2403 19.7989C25.0739 21.3349 23.2555 22.237 21.326 22.2368L10.6509 22.2366C8.72137 22.2367 6.90298 21.3346 5.73661 19.7986L3.79996 17.2482L28.1771 17.2482ZM5.9161 25.1842C6.72282 27.7545 9.1062 29.5037 11.8018 29.5037H20.1981C22.8936 29.5037 25.277 27.7545 26.0837 25.1842L26.8485 22.7476C25.3104 24.0182 23.3622 24.7333 21.3258 24.7332L10.651 24.7329C8.6283 24.7331 6.69244 24.0274 5.15921 22.7727L5.9161 25.1842Z" | ||
| /> | ||
| </g> | ||
| </svg> | ||
| ); | ||
|
|
||
| // eslint-disable-next-line import/no-default-export | ||
| export { Logo as default }; |
Oops, something went wrong.