const getHostFieldValue = (fieldName: string, bucket: HostAggEsItem): string | string[] | null => { const aggField = hostFieldsMap[fieldName] ? hostFieldsMap[fieldName].replace(/\./g, '_') : fieldName.replace(/\./g, '_'); if ( [ 'host.ip', 'host.mac', 'cloud.instance.id', 'cloud.machine.type', 'cloud.provider', 'cloud.region', ].includes(fieldName) && has(aggField, bucket) ) { const data: HostBuckets = get(aggField, bucket); return data.buckets.map(obj => obj.key); } else if (has(`${aggField}.buckets`, bucket)) { return getFirstItem(get(`${aggField}`, bucket)); } else if (has(aggField, bucket)) { const valueObj: HostValue = get(aggField, bucket); return valueObj.value_as_string; } return null; };
export const mergeFieldsWithHit = <T>( fieldName: string, flattenedFields: T, fieldMap: Readonly<Record<string, string>>, hit: { _source: {} } ) => { if (fieldMap[fieldName] != null) { const esField = fieldMap[fieldName]; if (has(esField, hit._source)) { const objectWithProperty = { node: { ...get('node', flattenedFields), ...fieldName .split('.') .reduceRight((obj, next) => ({ [next]: obj }), get(esField, hit._source)), }, }; return merge(flattenedFields, objectWithProperty); } else { return flattenedFields; } } else { return flattenedFields; } };
result => { updateLoading(false); updateFirstSeen(get('data.source.HostFirstLastSeen.firstSeen', result)); updateLastSeen(get('data.source.HostFirstLastSeen.lastSeen', result)); updateErrorMessage(null); return result; },
.case(setDuration, (state, { id, duration }) => ({ ...state, [id]: { ...get(id, state), policy: { ...get(`${id}.policy`, state), duration, }, }, }))
.case(stopAutoReload, (state, { id }) => ({ ...state, [id]: { ...get(id, state), policy: { ...get(`${id}.policy`, state), kind: 'manual', }, }, }))
.case(startAutoReload, (state, { id }) => ({ ...state, [id]: { ...get(id, state), policy: { ...get(`${id}.policy`, state), kind: 'interval', }, }, }))
export const getDocumentation = (index: string, path: string) => { if (index === 'unknown') { return ''; } const splitPath = path.split('.'); const category = splitPath.length > 0 ? splitPath[0] : null; if (category === null) { return ''; } if (splitPath.length > 1) { return get([category, 'fields', path], getIndexSchemaDoc(index)) || ''; } return get(category, getIndexSchemaDoc(index)) || ''; };
public async getHostFirstLastSeen( request: FrameworkRequest, options: HostLastFirstSeenRequestOptions ): Promise<FirstLastSeenHost> { const response = await this.framework.callWithRequest<HostAggEsData, TermAggregation>( request, 'search', buildLastFirstSeenHostQuery(options) ); const aggregations: HostAggEsItem = get('aggregations', response) || {}; return { firstSeen: get('firstSeen.value_as_string', aggregations), lastSeen: get('lastSeen.value_as_string', aggregations), }; }
filter(([checkAction, updatedTimeline]) => { if ( checkAction.type === endTimelineSaving.type && updatedTimeline[get('payload.id', checkAction)].savedObjectId != null ) { myEpicTimelineId.setTimelineId( updatedTimeline[get('payload.id', checkAction)].savedObjectId ); myEpicTimelineId.setTimelineVersion( updatedTimeline[get('payload.id', checkAction)].version ); return true; } return false; })
public async getDomainsFirstLastSeen( request: FrameworkRequest, options: DomainFirstLastSeenRequestOptions ): Promise<FirstLastSeenDomain> { const response = await this.framework.callWithRequest<SearchHit, TermAggregation>( request, 'search', buildFirstLastSeenDomainQuery(options) ); const aggregations: DomainFirstLastSeenItem = get('aggregations', response) || {}; return { firstSeen: get('firstSeen.value_as_string', aggregations), lastSeen: get('lastSeen.value_as_string', aggregations), }; }