[SIEM] [Cases] External service selection per case

x-pack/plugins/case/common/api/cases/case.ts

@@ -16,6 +16,7 @@ export { ActionTypeExecutorResult } from '../../../../actions/server/types';
 const StatusRt = rt.union([rt.literal('open'), rt.literal('closed')]);
 
 const CaseBasicRt = rt.type({
+  connector_id: rt.string,
   description: rt.string,
   status: StatusRt,
   tags: rt.array(rt.string),

x-pack/plugins/case/common/api/cases/user_actions.ts

@@ -14,6 +14,7 @@ import { UserRT } from '../user';
 const UserActionFieldRt = rt.array(
   rt.union([
     rt.literal('comment'),
+    rt.literal('connector_id'),
     rt.literal('description'),
     rt.literal('pushed'),
     rt.literal('tags'),

x-pack/plugins/case/server/routes/api/__fixtures__/mock_saved_objects.ts

@@ -18,6 +18,7 @@ export const mockCases: Array<SavedObject<CaseAttributes>> = [
     attributes: {
       closed_at: null,
       closed_by: null,
+      connector_id: 'none',
       created_at: '2019-11-25T21:54:48.952Z',
       created_by: {
         full_name: 'elastic',
@@ -46,6 +47,7 @@ export const mockCases: Array<SavedObject<CaseAttributes>> = [
     attributes: {
       closed_at: null,
       closed_by: null,
+      connector_id: 'none',
       created_at: '2019-11-25T22:32:00.900Z',
       created_by: {
         full_name: 'elastic',
@@ -74,6 +76,7 @@ export const mockCases: Array<SavedObject<CaseAttributes>> = [
     attributes: {
       closed_at: null,
       closed_by: null,
+      connector_id: '123',
       created_at: '2019-11-25T22:32:17.947Z',
       created_by: {
         full_name: 'elastic',
@@ -106,6 +109,7 @@ export const mockCases: Array<SavedObject<CaseAttributes>> = [
         email: '[email protected]',
         username: 'elastic',
       },
+      connector_id: '123',
       created_at: '2019-11-25T22:32:17.947Z',
       created_by: {
         full_name: 'elastic',
@@ -130,6 +134,35 @@ export const mockCases: Array<SavedObject<CaseAttributes>> = [
   },
 ];
 
+export const mockCaseNoConnectorId: SavedObject<Partial<CaseAttributes>> = {
+  type: 'cases',
+  id: 'mock-no-connector_id',
+  attributes: {
+    closed_at: null,
+    closed_by: null,
+    created_at: '2019-11-25T21:54:48.952Z',
+    created_by: {
+      full_name: 'elastic',
+      email: '[email protected]',
+      username: 'elastic',
+    },
+    description: 'This is a brand new case of a bad meanie defacing data',
+    external_service: null,
+    title: 'Super Bad Security Issue',
+    status: 'open',
+    tags: ['defacement'],
+    updated_at: '2019-11-25T21:54:48.952Z',
+    updated_by: {
+      full_name: 'elastic',
+      email: '[email protected]',
+      username: 'elastic',
+    },
+  },
+  references: [],
+  updated_at: '2019-11-25T21:54:48.952Z',
+  version: 'WzAsMV0=',
+};
+
 export const mockCasesErrorTriggerData = [
   {
     id: 'valid-id',

x-pack/plugins/case/server/routes/api/cases/comments/patch_comment.ts

@@ -17,7 +17,12 @@ import { RouteDeps } from '../../types';
 import { escapeHatch, wrapError, flattenCaseSavedObject } from '../../utils';
 import { CASE_COMMENTS_URL } from '../../../../../common/constants';
 
-export function initPatchCommentApi({ caseService, router, userActionService }: RouteDeps) {
+export function initPatchCommentApi({
+  caseConfigureService,
+  caseService,
+  router,
+  userActionService,
+}: RouteDeps) {
   router.patch(
     {
       path: CASE_COMMENTS_URL,
@@ -64,7 +69,7 @@ export function initPatchCommentApi({ caseService, router, userActionService }:
 
         const { username, full_name, email } = await caseService.getUser({ request, response });
         const updatedDate = new Date().toISOString();
-        const [updatedComment, updatedCase] = await Promise.all([
+        const [updatedComment, updatedCase, myCaseConfigure] = await Promise.all([
           caseService.patchComment({
             client,
             commentId: query.id,
@@ -84,6 +89,7 @@ export function initPatchCommentApi({ caseService, router, userActionService }:
             },
             version: myCase.version,
           }),
+          caseConfigureService.find({ client }),
         ]);
 
         const totalCommentsFindByCases = await caseService.getAllCaseComments({
@@ -95,6 +101,10 @@ export function initPatchCommentApi({ caseService, router, userActionService }:
             perPage: 1,
           },
         });
+        const caseConfigureConnectorId =
+          myCaseConfigure.saved_objects.length > 0
+            ? myCaseConfigure.saved_objects[0].attributes.connector_id
+            : 'none';
 
         const [comments] = await Promise.all([
           caseService.getAllCaseComments({
@@ -125,16 +135,17 @@ export function initPatchCommentApi({ caseService, router, userActionService }:
 
         return response.ok({
           body: CaseResponseRt.encode(
-            flattenCaseSavedObject(
-              {
+            flattenCaseSavedObject({
+              savedObject: {
                 ...myCase,
                 ...updatedCase,
                 attributes: { ...myCase.attributes, ...updatedCase.attributes },
                 version: updatedCase.version ?? myCase.version,
                 references: myCase.references,
               },
-              comments.saved_objects
-            )
+              comments: comments.saved_objects,
+              caseConfigureConnectorId,
+            })
           ),
         });
       } catch (error) {

x-pack/plugins/case/server/routes/api/cases/comments/post_comment.ts

@@ -17,7 +17,12 @@ import { escapeHatch, transformNewComment, wrapError, flattenCaseSavedObject } f
 import { RouteDeps } from '../../types';
 import { CASE_COMMENTS_URL } from '../../../../../common/constants';
 
-export function initPostCommentApi({ caseService, router, userActionService }: RouteDeps) {
+export function initPostCommentApi({
+  caseConfigureService,
+  caseService,
+  router,
+  userActionService,
+}: RouteDeps) {
   router.post(
     {
       path: CASE_COMMENTS_URL,
@@ -45,7 +50,7 @@ export function initPostCommentApi({ caseService, router, userActionService }: R
         const { username, full_name, email } = await caseService.getUser({ request, response });
         const createdDate = new Date().toISOString();
 
-        const [newComment, updatedCase] = await Promise.all([
+        const [newComment, updatedCase, myCaseConfigure] = await Promise.all([
           caseService.postNewComment({
             client,
             attributes: transformNewComment({
@@ -72,8 +77,13 @@ export function initPostCommentApi({ caseService, router, userActionService }: R
             },
             version: myCase.version,
           }),
+          caseConfigureService.find({ client }),
         ]);
 
+        const caseConfigureConnectorId =
+          myCaseConfigure.saved_objects.length > 0
+            ? myCaseConfigure.saved_objects[0].attributes.connector_id
+            : 'none';
         const totalCommentsFindByCases = await caseService.getAllCaseComments({
           client,
           caseId,
@@ -112,16 +122,17 @@ export function initPostCommentApi({ caseService, router, userActionService }: R
 
         return response.ok({
           body: CaseResponseRt.encode(
-            flattenCaseSavedObject(
-              {
+            flattenCaseSavedObject({
+              savedObject: {
                 ...myCase,
                 ...updatedCase,
                 attributes: { ...myCase.attributes, ...updatedCase.attributes },
                 version: updatedCase.version ?? myCase.version,
                 references: myCase.references,
               },
-              comments.saved_objects
-            )
+              comments: comments.saved_objects,
+              caseConfigureConnectorId,
+            })
           ),
         });
       } catch (error) {

x-pack/plugins/case/server/routes/api/cases/configure/get_configure.ts

@@ -9,7 +9,7 @@ import { RouteDeps } from '../../types';
 import { wrapError } from '../../utils';
 import { CASE_CONFIGURE_URL } from '../../../../../common/constants';
 
-export function initGetCaseConfigure({ caseConfigureService, caseService, router }: RouteDeps) {
+export function initGetCaseConfigure({ caseConfigureService, router }: RouteDeps) {
   router.get(
     {
       path: CASE_CONFIGURE_URL,

x-pack/plugins/case/server/routes/api/cases/find_cases.test.ts

@@ -15,8 +15,9 @@ import {
 } from '../__fixtures__';
 import { initFindCasesApi } from './find_cases';
 import { CASES_URL } from '../../../../common/constants';
+import { mockCaseConfigure, mockCaseNoConnectorId } from '../__fixtures__/mock_saved_objects';
 
-describe('GET all cases', () => {
+describe('FIND all cases', () => {
   let routeHandler: RequestHandler<any, any, any>;
   beforeAll(async () => {
     routeHandler = await createRoute(initFindCasesApi, 'get');
@@ -37,4 +38,37 @@ describe('GET all cases', () => {
     expect(response.status).toEqual(200);
     expect(response.payload.cases).toHaveLength(4);
   });
+  it(`adds 'none' connector id to cases without when 3rd party unconfigured`, async () => {
+    const request = httpServerMock.createKibanaRequest({
+      path: `${CASES_URL}/_find`,
+      method: 'get',
+    });
+
+    const theContext = createRouteContext(
+      createMockSavedObjectsRepository({
+        caseSavedObject: [mockCaseNoConnectorId],
+      })
+    );
+
+    const response = await routeHandler(theContext, request, kibanaResponseFactory);
+    expect(response.status).toEqual(200);
+    expect(response.payload.cases[0].connector_id).toEqual('none');
+  });
+  it(`adds default connector id to cases without when 3rd party configured`, async () => {
+    const request = httpServerMock.createKibanaRequest({
+      path: `${CASES_URL}/_find`,
+      method: 'get',
+    });
+
+    const theContext = createRouteContext(
+      createMockSavedObjectsRepository({
+        caseSavedObject: [mockCaseNoConnectorId],
+        caseConfigureSavedObject: mockCaseConfigure,
+      })
+    );
+
+    const response = await routeHandler(theContext, request, kibanaResponseFactory);
+    expect(response.status).toEqual(200);
+    expect(response.payload.cases[0].connector_id).toEqual('123');
+  });
 });

x-pack/plugins/case/server/routes/api/cases/find_cases.ts

@@ -39,7 +39,7 @@ const buildFilter = (
       : `${CASE_SAVED_OBJECT}.attributes.${field}: ${filters}`
     : '';
 
-export function initFindCasesApi({ caseService, router }: RouteDeps) {
+export function initFindCasesApi({ caseService, caseConfigureService, router }: RouteDeps) {
   router.get(
     {
       path: `${CASES_URL}/_find`,
@@ -94,12 +94,12 @@ export function initFindCasesApi({ caseService, router }: RouteDeps) {
             filter: getStatusFilter('closed', myFilters),
           },
         };
-        const [cases, openCases, closesCases] = await Promise.all([
+        const [cases, openCases, closesCases, myCaseConfigure] = await Promise.all([
           caseService.findCases(args),
           caseService.findCases(argsOpenCases),
           caseService.findCases(argsClosedCases),
+          caseConfigureService.find({ client }),
         ]);
-
         const totalCommentsFindByCases = await Promise.all(
           cases.saved_objects.map(c =>
             caseService.getAllCaseComments({
@@ -135,7 +135,10 @@ export function initFindCasesApi({ caseService, router }: RouteDeps) {
               cases,
               openCases.total ?? 0,
               closesCases.total ?? 0,
-              totalCommentsByCases
+              totalCommentsByCases,
+              myCaseConfigure.saved_objects.length > 0
+                ? myCaseConfigure.saved_objects[0].attributes.connector_id
+                : 'none'
             )
           ),
         });

x-pack/plugins/case/server/routes/api/cases/get_case.test.ts

@@ -19,6 +19,7 @@ import {
 import { flattenCaseSavedObject } from '../utils';
 import { initGetCaseApi } from './get_case';
 import { CASE_DETAILS_URL } from '../../../../common/constants';
+import { mockCaseConfigure, mockCaseNoConnectorId } from '../__fixtures__/mock_saved_objects';
 
 describe('GET case', () => {
   let routeHandler: RequestHandler<any, any, any>;
@@ -44,14 +45,11 @@ describe('GET case', () => {
     );
 
     const response = await routeHandler(theContext, request, kibanaResponseFactory);
-
+    const savedObject = (mockCases.find(s => s.id === 'mock-id-1') as unknown) as SavedObject<
+      CaseAttributes
+    >;
     expect(response.status).toEqual(200);
-    expect(response.payload).toEqual(
-      flattenCaseSavedObject(
-        (mockCases.find(s => s.id === 'mock-id-1') as unknown) as SavedObject<CaseAttributes>,
-        []
-      )
-    );
+    expect(response.payload).toEqual(flattenCaseSavedObject({ savedObject }));
     expect(response.payload.comments).toEqual([]);
   });
   it(`returns an error when thrown from getCase`, async () => {
@@ -123,4 +121,51 @@ describe('GET case', () => {
 
     expect(response.status).toEqual(400);
   });
+  it(`case w/o connector_id - returns the case with connector id when 3rd party unconfigured`, async () => {
+    const request = httpServerMock.createKibanaRequest({
+      path: CASE_DETAILS_URL,
+      method: 'get',
+      params: {
+        case_id: 'mock-no-connector_id',
+      },
+      query: {
+        includeComments: false,
+      },
+    });
+
+    const theContext = createRouteContext(
+      createMockSavedObjectsRepository({
+        caseSavedObject: [mockCaseNoConnectorId],
+      })
+    );
+
+    const response = await routeHandler(theContext, request, kibanaResponseFactory);
+
+    expect(response.status).toEqual(200);
+    expect(response.payload.connector_id).toEqual('none');
+  });
+  it(`case w/o connector_id - returns the case with connector id when 3rd party configured`, async () => {
+    const request = httpServerMock.createKibanaRequest({
+      path: CASE_DETAILS_URL,
+      method: 'get',
+      params: {
+        case_id: 'mock-no-connector_id',
+      },
+      query: {
+        includeComments: false,
+      },
+    });
+
+    const theContext = createRouteContext(
+      createMockSavedObjectsRepository({
+        caseSavedObject: [mockCaseNoConnectorId],
+        caseConfigureSavedObject: mockCaseConfigure,
+      })
+    );
+
+    const response = await routeHandler(theContext, request, kibanaResponseFactory);
+
+    expect(response.status).toEqual(200);
+    expect(response.payload.connector_id).toEqual('123');
+  });
 });