add zod + schema

Author: agusruidiazgd

x-pack/solutions/security/packages/test-api-clients/supertest/detections.gen.ts

@@ -54,6 +54,7 @@ import type {
   RulePreviewRequestBodyInput,
 } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen';
 import type { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/query_signals/query_signals_route.gen';
+import type { SearchAttacksRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/attacks/search/search_route.gen';
 import type { SearchRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/search_rules/search_rules_route.gen';
 import type { SearchUnifiedAlertsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/unified_alerts/search/search_route.gen';
 import type { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen';
@@ -499,6 +500,17 @@ matching documents, and inspect execution logs. Pair `invocationCount` and `time
       .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
       .send(props.body as object);
   },
+  /**
+   * Find and/or aggregate attack discovery alerts that match the given query. Searches scheduled and ad hoc attack discovery alert indices for the active space only.
+   */
+  searchAttacks(props: SearchAttacksProps, kibanaSpace: string = 'default') {
+    return supertest
+      .post(getRouteUrlForSpace('/api/detection_engine/attacks/_search', kibanaSpace))
+      .set('kbn-xsrf', 'true')
+      .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+      .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
+      .send(props.body as object);
+  },
   /**
    * Retrieve a paginated list of detection rules with KQL filter, facet counts, and search_after pagination.
    */
@@ -710,6 +722,9 @@ export interface RulePreviewProps {
 export interface SearchAlertsProps {
   body: SearchAlertsRequestBodyInput;
 }
+export interface SearchAttacksProps {
+  body: SearchAttacksRequestBodyInput;
+}
 export interface SearchRulesProps {
   body: SearchRulesRequestBodyInput;
 }

x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/attacks/index.ts

@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './search/search_route.gen';

x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/attacks/search/search_route.gen.ts

@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Attack discovery alerts search API endpoint
+ *   version: 2023-10-31
+ */
+
+import { z, lazySchema } from '@kbn/zod/v4';
+
+import { QueryAlertsBodyParams } from '../../signals/query_signals/query_signals_route.gen';
+
+/**
+ * Elasticsearch query and aggregation request
+ */
+export const SearchAttacksRequestBody = lazySchema(() => QueryAlertsBodyParams);
+export type SearchAttacksRequestBody = z.infer<typeof SearchAttacksRequestBody>;
+export type SearchAttacksRequestBodyInput = z.input<typeof SearchAttacksRequestBody>;
+
+/**
+ * Elasticsearch search response
+ */
+export const SearchAttacksResponse = lazySchema(() => z.object({}).catchall(z.unknown()));
+export type SearchAttacksResponse = z.infer<typeof SearchAttacksResponse>;

x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/attacks/search/search_route.schema.yaml

@@ -0,0 +1,52 @@
+openapi: 3.0.0
+info:
+  title: Attack discovery alerts search API endpoint
+  version: '2023-10-31'
+paths:
+  /api/detection_engine/attacks/_search:
+    post:
+      x-labels: [serverless, ess]
+      x-internal: true
+      operationId: SearchAttacks
+      x-codegen-enabled: true
+      summary: Find and/or aggregate attack discovery alerts
+      description: Find and/or aggregate attack discovery alerts that match the given query. Searches scheduled and ad hoc attack discovery alert indices for the active space only.
+      tags:
+        - Attacks API
+      requestBody:
+        description: Search and/or aggregation query
+        required: true
+        content:
+          application/json:
+            schema:
+              description: Elasticsearch query and aggregation request
+              $ref: '../../signals/query_signals/query_signals_route.schema.yaml#/components/schemas/QueryAlertsBodyParams'
+      responses:
+        200:
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: object
+                additionalProperties: true
+                description: Elasticsearch search response
+        400:
+          description: Invalid input data response
+          content:
+            application/json:
+              schema:
+                oneOf:
+                  - $ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
+                  - $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'
+        401:
+          description: Unsuccessful authentication response
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/PlatformErrorResponse'
+        500:
+          description: Internal server error response
+          content:
+            application/json:
+              schema:
+                $ref: '../../../model/error_responses.schema.yaml#/components/schemas/SiemErrorResponse'

x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index.ts

@@ -7,6 +7,7 @@
 
 export * from './alert_assignees';
 export * from './alert_tags';
+export * from './attacks';
 export * from './fleet_integrations';
 export * from './index_management';
 export * from './model';

x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts

@@ -28,6 +28,10 @@ import type {
   SetAlertTagsRequestBodyInput,
   SetAlertTagsResponse,
 } from './detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen';
+import type {
+  SearchAttacksRequestBodyInput,
+  SearchAttacksResponse,
+} from './detection_engine/attacks/search/search_route.gen';
 import type { CreateAlertsIndexResponse } from './detection_engine/index_management/create_index/create_index.gen';
 import type { DeleteAlertsIndexResponse } from './detection_engine/index_management/delete_index/delete_index.gen';
 import type { ReadAlertsIndexResponse } from './detection_engine/index_management/read_index/read_index.gen';
@@ -3191,6 +3195,22 @@ matching documents, and inspect execution logs. Pair `invocationCount` and `time
       })
       .catch(catchAxiosErrorFormatAndThrow);
   }
+  /**
+   * Find and/or aggregate attack discovery alerts that match the given query. Searches scheduled and ad hoc attack discovery alert indices for the active space only.
+   */
+  async searchAttacks(props: SearchAttacksProps) {
+    this.log.info(`${new Date().toISOString()} Calling API SearchAttacks`);
+    return this.kbnClient
+      .request<SearchAttacksResponse>({
+        path: '/api/detection_engine/attacks/_search',
+        headers: {
+          [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
+        },
+        method: 'POST',
+        body: props.body,
+      })
+      .catch(catchAxiosErrorFormatAndThrow);
+  }
   async searchPrivilegesIndices(props: SearchPrivilegesIndicesProps) {
     this.log.info(`${new Date().toISOString()} Calling API SearchPrivilegesIndices`);
     return this.kbnClient
@@ -4151,6 +4171,9 @@ export interface ScheduleRiskEngineNowProps {
 export interface SearchAlertsProps {
   body: SearchAlertsRequestBodyInput;
 }
+export interface SearchAttacksProps {
+  body: SearchAttacksRequestBodyInput;
+}
 export interface SearchPrivilegesIndicesProps {
   query: SearchPrivilegesIndicesRequestQueryInput;
 }

x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/attacks/search_attacks_route.ts

@@ -9,7 +9,7 @@ import { ATTACK_DISCOVERY_ALERTS_COMMON_INDEX_PREFIX } from '@kbn/elastic-assist
 import { buildRouteValidationWithZod } from '@kbn/zod-helpers/v4';
 import { ALERTS_API_READ } from '@kbn/security-solution-features/constants';
 
-import { SearchAlertsRequestBody } from '../../../../../common/api/detection_engine/signals';
+import { SearchAttacksRequestBody } from '../../../../../common/api/detection_engine/attacks';
 import { DETECTION_ENGINE_ATTACKS_SEARCH_URL } from '../../../../../common/constants';
 import type { SecuritySolutionPluginRouter } from '../../../../types';
 import { searchAlertsHandler } from '../common/search_alerts_handler';
@@ -33,7 +33,7 @@ export const searchAttacksRoute = (router: SecuritySolutionPluginRouter) => {
         version: '2023-10-31',
         validate: {
           request: {
-            body: buildRouteValidationWithZod(SearchAlertsRequestBody),
+            body: buildRouteValidationWithZod(SearchAttacksRequestBody),
           },
         },
       },