[SIEM] Update readme for timeline apis (#67038)

angorayc · elasticmachine · angorayc · commit d63d2afd677b · 2020-06-26T17:41:07.000+01:00
* update doc

* update unit test

* remove redundant params

* fix types

* update readme

* update readme

Co-authored-by: Elastic Machine &lt;elasticmachine@users.noreply.github.com&gt;
diff --git a/x-pack/plugins/security_solution/public/timelines/containers/api.ts b/x-pack/plugins/security_solution/public/timelines/containers/api.ts
@@ -103,40 +103,32 @@ export const persistTimeline = async ({
 
 export const importTimelines = async ({
   fileToImport,
-  overwrite = false,
-  signal,
 }: ImportDataProps): Promise<ImportDataResponse> => {
   const formData = new FormData();
   formData.append('file', fileToImport);
 
   return KibanaServices.get().http.fetch<ImportDataResponse>(`${TIMELINE_IMPORT_URL}`, {
     method: 'POST',
     headers: { 'Content-Type': undefined },
-    query: { overwrite },
     body: formData,
-    signal,
   });
 };
 
 export const exportSelectedTimeline: ExportSelectedData = async ({
-  excludeExportDetails = false,
   filename = `timelines_export.ndjson`,
   ids = [],
   signal,
 }): Promise<Blob> => {
   const body = ids.length > 0 ? JSON.stringify({ ids }) : undefined;
-  const response = await KibanaServices.get().http.fetch<Blob>(`${TIMELINE_EXPORT_URL}`, {
+  const response = await KibanaServices.get().http.fetch<{ body: Blob }>(`${TIMELINE_EXPORT_URL}`, {
     method: 'POST',
     body,
     query: {
-      exclude_export_details: excludeExportDetails,
       file_name: filename,
     },
-    signal,
-    asResponse: true,
   });
 
-  return response.body!;
+  return response.body;
 };
 
 export const getDraftTimeline = async ({
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/README.md b/x-pack/plugins/security_solution/server/lib/timeline/routes/README.md
@@ -323,4 +323,301 @@ kbn-version: 8.0.0
      "timelineId":"f5a4bd10-83cd-11ea-bf78-0547a65f1281", // This is a must as well
      "version":"Wzg2LDFd" // Please provide the existing timeline version
 }
-```
+```
+
+## Export timeline api
+
+#### POST /api/timeline/_export
+
+##### Authorization
+
+Type: Basic Auth
+
+username: Your Kibana username
+
+password: Your Kibana password
+
+
+
+
+##### Request header
+
+```
+
+Content-Type: application/json
+
+kbn-version: 8.0.0
+
+```
+
+##### Request param
+
+```
+file_name:	${filename}.ndjson
+```
+
+##### Request body
+```json
+{
+	ids: [
+		${timelineId}
+	]
+}
+```
+
+## Import timeline api
+
+#### POST /api/timeline/_import
+
+##### Authorization
+
+Type: Basic Auth
+
+username: Your Kibana username
+
+password: Your Kibana password
+
+
+
+
+##### Request header
+
+```
+
+Content-Type: application/json
+
+kbn-version: 8.0.0
+
+```
+
+##### Request body
+
+```
+{
+  file: sample.ndjson
+}
+```
+
+
+(each json in the file should match this format)
+example:
+```
+{"savedObjectId":"a3002fd0-781b-11ea-85e4-df9002f1452c","version":"WzIzLDFd","columns":[{"columnHeaderType":"not-filtered","id":"@timestamp"},{"columnHeaderType":"not-filtered","id":"message"},{"columnHeaderType":"not-filtered","id":"event.category"},{"columnHeaderType":"not-filtered","id":"event.action"},{"columnHeaderType":"not-filtered","id":"host.name"},{"columnHeaderType":"not-filtered","id":"source.ip"},{"columnHeaderType":"not-filtered","id":"destination.ip"},{"columnHeaderType":"not-filtered","id":"user.name"}],"dataProviders":[],"description":"tes description","eventType":"all","filters":[{"meta":{"field":null,"negate":false,"alias":null,"disabled":false,"params":"{\"query\":\"MacBook-Pro-de-Gloria.local\"}","type":"phrase","key":"host.name"},"query":"{\"match_phrase\":{\"host.name\":\"MacBook-Pro-de-Gloria.local\"}}","missing":null,"exists":null,"match_all":null,"range":null,"script":null}],"kqlMode":"filter","kqlQuery":{"filterQuery":{"serializedQuery":"{\"bool\":{\"should\":[{\"exists\":{\"field\":\"host.name\"}}],\"minimum_should_match\":1}}","kuery":{"expression":"host.name: *","kind":"kuery"}}},"title":"Test","dateRange":{"start":1585227005527,"end":1585313405527},"savedQueryId":null,"sort":{"columnId":"@timestamp","sortDirection":"desc"},"created":1586187068132,"createdBy":"angela","updated":1586187068132,"updatedBy":"angela","eventNotes":[],"globalNotes":[{"noteId":"a3b4d9d0-781b-11ea-85e4-df9002f1452c","version":"WzI1LDFd","note":"this is a note","timelineId":"a3002fd0-781b-11ea-85e4-df9002f1452c","created":1586187069313,"createdBy":"angela","updated":1586187069313,"updatedBy":"angela"}],"pinnedEventIds":[]}
+```
+
+##### Response
+```
+{"success":true,"success_count":1,"errors":[]}
+```
+
+## Get draft timeline api
+
+#### GET /api/timeline/_draft
+
+##### Authorization
+
+Type: Basic Auth
+
+username: Your Kibana username
+
+password: Your Kibana password
+
+
+##### Request header
+
+```
+
+Content-Type: application/json
+
+kbn-version: 8.0.0
+
+```
+
+##### Request param
+```
+timelineType: `default` or `template`
+```
+
+##### Response
+```json
+{
+    "data": {
+        "persistTimeline": {
+            "timeline": {
+                "savedObjectId": "ababbd90-99de-11ea-8446-1d7fd9f03ebf",
+                "version": "WzM2MiwzXQ==",
+                "columns": [
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "@timestamp"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "message"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "event.category"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "event.action"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "host.name"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "source.ip"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "destination.ip"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "user.name"
+                    }
+                ],
+                "dataProviders": [],
+                "description": "",
+                "eventType": "all",
+                "filters": [],
+                "kqlMode": "filter",
+                "timelineType": "default",
+                "kqlQuery": {
+                    "filterQuery": null
+                },
+                "title": "",
+                "sort": {
+                    "columnId": "@timestamp",
+                    "sortDirection": "desc"
+                },
+                "status": "draft",
+                "created": 1589899222908,
+                "createdBy": "casetester",
+                "updated": 1589899222908,
+                "updatedBy": "casetester",
+                "templateTimelineId": null,
+                "templateTimelineVersion": null,
+                "favorite": [],
+                "eventIdToNoteIds": [],
+                "noteIds": [],
+                "notes": [],
+                "pinnedEventIds": [],
+                "pinnedEventsSaveObject": []
+            }
+        }
+    }
+}
+```
+
+## Create draft timeline api
+
+#### POST /api/timeline/_draft
+
+##### Authorization
+
+Type: Basic Auth
+
+username: Your Kibana username
+
+password: Your Kibana password
+
+
+##### Request header
+
+```
+
+Content-Type: application/json
+
+kbn-version: 8.0.0
+
+```
+
+##### Request body
+
+```json
+{
+	"timelineType": "default" or "template"
+}
+```
+
+##### Response
+```json
+{
+    "data": {
+        "persistTimeline": {
+            "timeline": {
+                "savedObjectId": "ababbd90-99de-11ea-8446-1d7fd9f03ebf",
+                "version": "WzQyMywzXQ==",
+                "columns": [
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "@timestamp"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "message"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "event.category"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "event.action"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "host.name"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "source.ip"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "destination.ip"
+                    },
+                    {
+                        "columnHeaderType": "not-filtered",
+                        "id": "user.name"
+                    }
+                ],
+                "dataProviders": [],
+                "description": "",
+                "eventType": "all",
+                "filters": [],
+                "kqlMode": "filter",
+                "timelineType": "default",
+                "kqlQuery": {
+                    "filterQuery": null
+                },
+                "title": "",
+                "sort": {
+                    "columnId": "@timestamp",
+                    "sortDirection": "desc"
+                },
+                "status": "draft",
+                "created": 1589903306582,
+                "createdBy": "casetester",
+                "updated": 1589903306582,
+                "updatedBy": "casetester",
+                "templateTimelineId": null,
+                "templateTimelineVersion": null,
+                "favorite": [],
+                "eventIdToNoteIds": [],
+                "noteIds": [],
+                "notes": [],
+                "pinnedEventIds": [],
+                "pinnedEventsSaveObject": []
+            }
+        }
+    }
+}
+```
+
+
+
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/__mocks__/request_responses.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/__mocks__/request_responses.ts
@@ -23,7 +23,6 @@ export const getExportTimelinesRequest = () =>
     path: TIMELINE_EXPORT_URL,
     query: {
       file_name: 'mock_export_timeline.ndjson',
-      exclude_export_details: 'false',
     },
     body: {
       ids: ['f0e58720-57b6-11ea-b88d-3f1a31716be8', '890b8ae0-57df-11ea-a7c9-3976b7f1cb37'],
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.test.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/export_timelines_route.test.ts
@@ -98,7 +98,7 @@ describe('export timelines', () => {
       const result = server.validate(request);
 
       expect(result.badRequest.mock.calls[1][0]).toEqual(
-        'Invalid value "undefined" supplied to "file_name",Invalid value "undefined" supplied to "exclude_export_details",Invalid value "undefined" supplied to "exclude_export_details"'
+        'Invalid value "undefined" supplied to "file_name"'
       );
     });
   });
diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/export_timelines_schema.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/schemas/export_timelines_schema.ts
@@ -8,7 +8,6 @@ import * as rt from 'io-ts';
 
 export const exportTimelinesQuerySchema = rt.type({
   file_name: rt.string,
-  exclude_export_details: rt.union([rt.literal('true'), rt.literal('false')]),
 });
 
 export const exportTimelinesRequestBodySchema = rt.type({
