resources missing route

x-pack/plugins/security_solution/common/siem_migrations/constants.ts

@@ -25,6 +25,8 @@ export const SIEM_RULE_MIGRATION_INSTALL_TRANSLATED_PATH =
   `${SIEM_RULE_MIGRATION_PATH}/install_translated` as const;
 
 export const SIEM_RULE_MIGRATION_RESOURCES_PATH = `${SIEM_RULE_MIGRATION_PATH}/resources` as const;
+export const SIEM_RULE_MIGRATION_RESOURCES_MISSING_PATH =
+  `${SIEM_RULE_MIGRATION_RESOURCES_PATH}/missing` as const;
 
 export enum SiemMigrationTaskStatus {
   READY = 'ready',

x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rule_migration.gen.ts

@@ -99,6 +99,30 @@ export type GetRuleMigrationResourcesRequestParamsInput = z.input<
 export type GetRuleMigrationResourcesResponse = z.infer<typeof GetRuleMigrationResourcesResponse>;
 export const GetRuleMigrationResourcesResponse = z.array(RuleMigrationResource);
 
+export type GetRuleMigrationResourcesMissingRequestParams = z.infer<
+  typeof GetRuleMigrationResourcesMissingRequestParams
+>;
+export const GetRuleMigrationResourcesMissingRequestParams = z.object({
+  migration_id: NonEmptyString,
+});
+export type GetRuleMigrationResourcesMissingRequestParamsInput = z.input<
+  typeof GetRuleMigrationResourcesMissingRequestParams
+>;
+
+export type GetRuleMigrationResourcesMissingResponse = z.infer<
+  typeof GetRuleMigrationResourcesMissingResponse
+>;
+export const GetRuleMigrationResourcesMissingResponse = z.object({
+  /**
+   * The macro resources missing
+   */
+  macro: z.array(z.string()).optional(),
+  /**
+   * The list resources missing
+   */
+  list: z.array(z.string()).optional(),
+});
+
 export type GetRuleMigrationStatsRequestParams = z.infer<typeof GetRuleMigrationStatsRequestParams>;
 export const GetRuleMigrationStatsRequestParams = z.object({
   migration_id: NonEmptyString,

x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rule_migration.schema.yaml

@@ -434,3 +434,39 @@ paths:
                 type: array
                 items:
                   $ref: '../../rule_migration.schema.yaml#/components/schemas/RuleMigrationResource'
+
+  /internal/siem_migrations/rules/{migration_id}/resources/missing:
+    get:
+      summary: Gets missing rule migration resources for a migration
+      operationId: GetRuleMigrationResourcesMissing
+      x-codegen-enabled: true
+      x-internal: true
+      description: Identifies missing resources from all the rules of an existing SIEM rules migration
+      tags:
+        - SIEM Rule Migrations
+        - Resources
+      parameters:
+        - name: migration_id
+          in: path
+          required: true
+          schema:
+            description: The migration id to attach the resources
+            $ref: '../../common.schema.yaml#/components/schemas/NonEmptyString'
+      responses:
+        200:
+          description: Indicates missing migration resources have been identified correctly
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  macro:
+                    type: array
+                    description: The macro resources missing
+                    items:
+                      type: string
+                  list:
+                    type: array
+                    description: The list resources missing
+                    items:
+                      type: string

x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/index.ts

@@ -20,6 +20,7 @@ import { registerSiemRuleMigrationsResourceGetRoute } from './resources/get';
 import { registerSiemRuleMigrationsRetryRoute } from './retry';
 import { registerSiemRuleMigrationsInstallRoute } from './install';
 import { registerSiemRuleMigrationsInstallTranslatedRoute } from './install_translated';
+import { registerSiemRuleMigrationsResourceGetMissingRoute } from './resources/missing';
 
 export const registerSiemRuleMigrationsRoutes = (
   router: SecuritySolutionPluginRouter,
@@ -39,4 +40,5 @@ export const registerSiemRuleMigrationsRoutes = (
 
   registerSiemRuleMigrationsResourceUpsertRoute(router, logger);
   registerSiemRuleMigrationsResourceGetRoute(router, logger);
+  registerSiemRuleMigrationsResourceGetMissingRoute(router, logger);
 };

x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/missing.ts

@@ -0,0 +1,58 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { IKibanaResponse, Logger } from '@kbn/core/server';
+import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
+import {
+  GetRuleMigrationResourcesMissingRequestParams,
+  type GetRuleMigrationResourcesMissingResponse,
+} from '../../../../../../common/siem_migrations/model/api/rules/rule_migration.gen';
+import { SIEM_RULE_MIGRATION_RESOURCES_MISSING_PATH } from '../../../../../../common/siem_migrations/constants';
+import type { SecuritySolutionPluginRouter } from '../../../../../types';
+import { withLicense } from '../util/with_license';
+
+export const registerSiemRuleMigrationsResourceGetMissingRoute = (
+  router: SecuritySolutionPluginRouter,
+  logger: Logger
+) => {
+  router.versioned
+    .get({
+      path: SIEM_RULE_MIGRATION_RESOURCES_MISSING_PATH,
+      access: 'internal',
+      security: { authz: { requiredPrivileges: ['securitySolution'] } },
+    })
+    .addVersion(
+      {
+        version: '1',
+        validate: {
+          request: {
+            params: buildRouteValidationWithZod(GetRuleMigrationResourcesMissingRequestParams),
+          },
+        },
+      },
+      withLicense(
+        async (
+          context,
+          req,
+          res
+        ): Promise<IKibanaResponse<GetRuleMigrationResourcesMissingResponse>> => {
+          const migrationId = req.params.migration_id;
+          try {
+            const ctx = await context.resolve(['securitySolution']);
+            const ruleMigrationsClient = ctx.securitySolution.getSiemRuleMigrationsClient();
+
+            const resources = await ruleMigrationsClient.data.getMissingResources(migrationId);
+
+            return res.ok({ body: resources });
+          } catch (err) {
+            logger.error(err);
+            return res.badRequest({ body: err.message });
+          }
+        }
+      )
+    );
+};

x-pack/plugins/security_solution/server/lib/siem_migrations/rules/data/rule_migrations_data_client.ts

@@ -6,6 +6,8 @@
  */
 
 import type { ElasticsearchClient, Logger } from '@kbn/core/server';
+import type { RuleMigrationResourceType } from '../../../../../common/siem_migrations/model/rule_migration.gen';
+import { getRuleResourceIdentifier } from '../../../../../common/siem_migrations/rules/resources';
 import { RuleMigrationsDataIntegrationsClient } from './rule_migrations_data_integrations_client';
 import { RuleMigrationsDataResourcesClient } from './rule_migrations_data_resources_client';
 import { RuleMigrationsDataRulesClient } from './rule_migrations_data_rules_client';
@@ -44,4 +46,54 @@ export class RuleMigrationsDataClient {
       logger
     );
   }
+
+  public async getMissingResources(
+    migrationId: string
+  ): Promise<Record<RuleMigrationResourceType, string[]>> {
+    const missing: Record<RuleMigrationResourceType, Set<string>> = {
+      macro: new Set<string>(),
+      list: new Set<string>(),
+    };
+
+    const { data } = await this.rules.get(migrationId);
+    // This assumes all rules in the migration have the same vendor
+    const identifyRuleResources = getRuleResourceIdentifier(data[0].original_rule);
+
+    // Identify all resources in the rules
+    for (const rule of data) {
+      const identifiedResources = identifyRuleResources(rule.original_rule.query);
+      for (const type of ['macro', 'list'] as const) {
+        for (const resource of identifiedResources[type]) {
+          missing[type].add(resource);
+        }
+      }
+    }
+
+    // Identify all resources in the existing macros
+    const existingMacroResources = await this.resources.get(migrationId, 'macro');
+    for (const macro of existingMacroResources) {
+      const nestedResourcesIdentified = identifyRuleResources(macro.content);
+      for (const type of ['macro', 'list'] as const) {
+        for (const resource of nestedResourcesIdentified[type]) {
+          missing[type].add(resource);
+        }
+      }
+    }
+
+    // Exclude existing macros
+    for (const resource of existingMacroResources) {
+      missing.macro.delete(resource.name);
+    }
+
+    // Exclude existing lists
+    const existingListResources = await this.resources.get(migrationId, 'list');
+    for (const list of existingListResources) {
+      missing.list.delete(list.name);
+    }
+
+    return {
+      macro: Array.from(missing.macro),
+      list: Array.from(missing.list),
+    };
+  }
 }