From 416a0a5314735ad4bc4eb6e5cdef4e567ed32944 Mon Sep 17 00:00:00 2001 From: Ash <1849116+ashokaditya@users.noreply.github.com> Date: Tue, 19 Mar 2024 11:38:52 +0100 Subject: [PATCH] [Security Solution][Endpoint] Restrict `action_status` API request for `endpoint` agent (#178881) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary On alerts page, alert details flyouts, metadata and action status APIs are being called for sentinel one alerts that should not be triggered for anything other than endpoints and endpoint response actions. This commit fixes that and restricts those API calls to endpoint agents/actions **Before:** ![Screenshot 2024-03-18 at 5 42 45 PM](https://github.com/elastic/kibana/assets/1849116/7f01675e-9add-4ddb-bb04-b803223fcd4e) ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --- .../host_isolation/use_host_isolation_action.tsx | 5 +++-- .../components/take_action_dropdown/index.test.tsx | 2 +- .../alerts/use_host_isolation_status.tsx | 13 ++++++++++--- .../side_panel/event_details/flyout/footer.test.tsx | 2 +- .../side_panel/event_details/index.test.tsx | 2 +- 5 files changed, 16 insertions(+), 8 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/host_isolation/use_host_isolation_action.tsx b/x-pack/plugins/security_solution/public/detections/components/host_isolation/use_host_isolation_action.tsx index bf96225f5ca9d..ceed0612565ab 100644 --- a/x-pack/plugins/security_solution/public/detections/components/host_isolation/use_host_isolation_action.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/host_isolation/use_host_isolation_action.tsx @@ -15,7 +15,7 @@ import type { TimelineEventsDetailsItem } from '../../../../common/search_strate import { isIsolationSupported } from '../../../../common/endpoint/service/host_isolation/utils'; import { HostStatus } from '../../../../common/endpoint/types'; import { isAlertFromEndpointEvent } from '../../../common/utils/endpoint_alert_check'; -import { useHostIsolationStatus } from '../../containers/detection_engine/alerts/use_host_isolation_status'; +import { useEndpointHostIsolationStatus } from '../../containers/detection_engine/alerts/use_host_isolation_status'; import { ISOLATE_HOST, UNISOLATE_HOST } from './translations'; import { getFieldValue } from './helpers'; import { useUserPrivileges } from '../../../common/components/user_privileges'; @@ -74,8 +74,9 @@ export const useHostIsolationAction = ({ isIsolated, agentStatus, capabilities, - } = useHostIsolationStatus({ + } = useEndpointHostIsolationStatus({ agentId, + agentType: sentinelOneAgentId ? 'sentinel_one' : 'endpoint', }); const { data: sentinelOneAgentData } = useGetSentinelOneAgentStatus([sentinelOneAgentId || '']); diff --git a/x-pack/plugins/security_solution/public/detections/components/take_action_dropdown/index.test.tsx b/x-pack/plugins/security_solution/public/detections/components/take_action_dropdown/index.test.tsx index b5cd65abb28a2..ff1ef27195e69 100644 --- a/x-pack/plugins/security_solution/public/detections/components/take_action_dropdown/index.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/take_action_dropdown/index.test.tsx @@ -88,7 +88,7 @@ jest.mock('../../../../common/endpoint/service/host_isolation/utils', () => { jest.mock('../../containers/detection_engine/alerts/use_host_isolation_status', () => { return { - useHostIsolationStatus: jest.fn().mockReturnValue({ + useEndpointHostIsolationStatus: jest.fn().mockReturnValue({ loading: false, isIsolated: false, agentStatus: 'healthy', diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_host_isolation_status.tsx b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_host_isolation_status.tsx index e10bc1d666945..0646a9904e939 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_host_isolation_status.tsx +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_host_isolation_status.tsx @@ -7,6 +7,7 @@ import { isEmpty } from 'lodash'; import { useEffect, useState } from 'react'; +import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants'; import { getHostMetadata } from './api'; import { fetchPendingActionsByAgentId } from '../../../../common/lib/endpoint_pending_actions'; import { isEndpointHostIsolated } from '../../../../common/utils/validators'; @@ -23,10 +24,12 @@ interface HostIsolationStatusResponse { /* * Retrieves the current isolation status of a host and the agent/host status */ -export const useHostIsolationStatus = ({ +export const useEndpointHostIsolationStatus = ({ agentId, + agentType, }: { agentId: string; + agentType: ResponseActionAgentType; }): HostIsolationStatusResponse => { const [isIsolated, setIsIsolated] = useState(false); const [capabilities, setCapabilities] = useState([]); @@ -64,6 +67,10 @@ export const useHostIsolationStatus = ({ } } + if (!(fleetAgentId && fleetAgentId.length)) { + return; + } + try { const { data } = await fetchPendingActionsByAgentId(fleetAgentId); if (isMounted) { @@ -80,7 +87,7 @@ export const useHostIsolationStatus = ({ } }; - if (!isEmpty(agentId)) { + if (!isEmpty(agentId) && agentType === 'endpoint') { fetchData(); } return () => { @@ -88,6 +95,6 @@ export const useHostIsolationStatus = ({ isMounted = false; abortCtrl.abort(); }; - }, [agentId]); + }, [agentId, agentType]); return { loading, capabilities, isIsolated, agentStatus, pendingIsolation, pendingUnisolation }; }; diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/flyout/footer.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/flyout/footer.test.tsx index 5362af38c2413..2286a9af31e09 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/flyout/footer.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/flyout/footer.test.tsx @@ -48,7 +48,7 @@ jest.mock( '../../../../../detections/containers/detection_engine/alerts/use_host_isolation_status', () => { return { - useHostIsolationStatus: jest.fn().mockReturnValue({ + useEndpointHostIsolationStatus: jest.fn().mockReturnValue({ loading: false, isIsolated: false, agentStatus: 'healthy', diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/index.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/index.test.tsx index f50142177ba8b..96b4b45f9bd16 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/index.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/index.test.tsx @@ -61,7 +61,7 @@ jest.mock( '../../../../detections/containers/detection_engine/alerts/use_host_isolation_status', () => { return { - useHostIsolationStatus: jest.fn().mockReturnValue({ + useEndpointHostIsolationStatus: jest.fn().mockReturnValue({ loading: false, isIsolated: false, agentStatus: 'healthy',