mirror of
https://github.com/n8n-io/n8n.git
synced 2025-01-19 16:42:35 -08:00
ca9a155c69
* ✨ Create Elastic Security node * 🔨 Place Elastic nodes in Elastic dir * ⚡ Improvements * 🔨 Split credentials * 🎨 Fix formatting * ⚡ Tolerate trailing slash * 👕 Fix lint * 👕 Fix lint * 🐛 Fix tags filter in case:getAll * 🔨 Refactor sort options in case:getAll * ✏️ Reword param descriptions * 🔥 Remove descriptions per feedback * 🐛 Fix case:getStatus operation * ✏️ Reword param and error message * ✏️ Reword param descriptions * 🔨 Account for empty string in owner * ✏️ Reword param description * ✏️ Add more tooltip descriptions * ⚡ Add cred test * ✏️ Add param description * ✏️ Add comment dividers * ⚡ Improve UX for third-party service params * 🔨 Minor tweaks per feedback * 🔨 Make getStatus naming consistent * ⚡ Fix operation Co-authored-by: ricardo <ricardoespinoza105@gmail.com> Co-authored-by: Mutasem <mutdmour@gmail.com> Co-authored-by: Jan Oberhauser <jan.oberhauser@gmail.com>
626 lines
18 KiB
TypeScript
626 lines
18 KiB
TypeScript
import {
|
|
IExecuteFunctions,
|
|
} from 'n8n-core';
|
|
|
|
import {
|
|
ICredentialsDecrypted,
|
|
ICredentialTestFunctions,
|
|
IDataObject,
|
|
ILoadOptionsFunctions,
|
|
INodeExecutionData,
|
|
INodePropertyOptions,
|
|
INodeType,
|
|
INodeTypeDescription,
|
|
NodeCredentialTestResult,
|
|
NodeOperationError,
|
|
} from 'n8n-workflow';
|
|
|
|
import {
|
|
elasticSecurityApiRequest,
|
|
getConnector,
|
|
getVersion,
|
|
handleListing,
|
|
throwOnEmptyUpdate,
|
|
tolerateTrailingSlash,
|
|
} from './GenericFunctions';
|
|
|
|
import {
|
|
caseCommentFields,
|
|
caseCommentOperations,
|
|
caseFields,
|
|
caseOperations,
|
|
caseTagFields,
|
|
caseTagOperations,
|
|
connectorFields,
|
|
connectorOperations,
|
|
} from './descriptions';
|
|
|
|
import {
|
|
Connector,
|
|
ConnectorCreatePayload,
|
|
ConnectorType,
|
|
ElasticSecurityApiCredentials,
|
|
} from './types';
|
|
|
|
import {
|
|
OptionsWithUri,
|
|
} from 'request';
|
|
|
|
export class ElasticSecurity implements INodeType {
|
|
description: INodeTypeDescription = {
|
|
displayName: 'Elastic Security',
|
|
name: 'elasticSecurity',
|
|
icon: 'file:elasticSecurity.svg',
|
|
group: ['transform'],
|
|
version: 1,
|
|
subtitle: '={{$parameter["operation"] + ": " + $parameter["resource"]}}',
|
|
description: 'Consume the Elastic Security API',
|
|
defaults: {
|
|
name: 'Elastic Security',
|
|
color: '#f3d337',
|
|
},
|
|
inputs: ['main'],
|
|
outputs: ['main'],
|
|
credentials: [
|
|
{
|
|
name: 'elasticSecurityApi',
|
|
required: true,
|
|
testedBy: 'elasticSecurityApiTest',
|
|
},
|
|
],
|
|
properties: [
|
|
{
|
|
displayName: 'Resource',
|
|
name: 'resource',
|
|
noDataExpression: true,
|
|
type: 'options',
|
|
options: [
|
|
{
|
|
name: 'Case',
|
|
value: 'case',
|
|
},
|
|
{
|
|
name: 'Case Comment',
|
|
value: 'caseComment',
|
|
},
|
|
{
|
|
name: 'Case Tag',
|
|
value: 'caseTag',
|
|
},
|
|
{
|
|
name: 'Connector',
|
|
value: 'connector',
|
|
},
|
|
],
|
|
default: 'case',
|
|
},
|
|
...caseOperations,
|
|
...caseFields,
|
|
...caseCommentOperations,
|
|
...caseCommentFields,
|
|
...caseTagOperations,
|
|
...caseTagFields,
|
|
...connectorOperations,
|
|
...connectorFields,
|
|
],
|
|
};
|
|
|
|
methods = {
|
|
loadOptions: {
|
|
async getTags(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
|
|
const tags = await elasticSecurityApiRequest.call(this, 'GET', '/cases/tags') as string[];
|
|
return tags.map(tag => ({ name: tag, value: tag }));
|
|
},
|
|
|
|
async getConnectors(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
|
|
const endpoint = '/cases/configure/connectors/_find';
|
|
const connectors = await elasticSecurityApiRequest.call(this, 'GET', endpoint) as Connector[];
|
|
return connectors.map(({ name, id }) => ({ name, value: id }));
|
|
},
|
|
},
|
|
credentialTest: {
|
|
async elasticSecurityApiTest(
|
|
this: ICredentialTestFunctions,
|
|
credential: ICredentialsDecrypted,
|
|
): Promise<NodeCredentialTestResult> {
|
|
const {
|
|
username,
|
|
password,
|
|
baseUrl: rawBaseUrl,
|
|
} = credential.data as ElasticSecurityApiCredentials;
|
|
|
|
const baseUrl = tolerateTrailingSlash(rawBaseUrl);
|
|
|
|
const token = Buffer.from(`${username}:${password}`).toString('base64');
|
|
|
|
const endpoint = '/cases/status';
|
|
|
|
const options: OptionsWithUri = {
|
|
headers: {
|
|
Authorization: `Basic ${token}`,
|
|
'kbn-xsrf': true,
|
|
},
|
|
method: 'GET',
|
|
body: {},
|
|
qs: {},
|
|
uri: `${baseUrl}/api${endpoint}`,
|
|
json: true,
|
|
};
|
|
|
|
try {
|
|
await this.helpers.request(options);
|
|
return {
|
|
status: 'OK',
|
|
message: 'Authentication successful',
|
|
};
|
|
} catch (error) {
|
|
return {
|
|
status: 'Error',
|
|
message: error.message,
|
|
};
|
|
}
|
|
},
|
|
},
|
|
};
|
|
|
|
async execute(this: IExecuteFunctions): Promise<INodeExecutionData[][]> {
|
|
const items = this.getInputData();
|
|
const returnData: IDataObject[] = [];
|
|
|
|
const resource = this.getNodeParameter('resource', 0) as string;
|
|
const operation = this.getNodeParameter('operation', 0) as string;
|
|
|
|
let responseData;
|
|
|
|
for (let i = 0; i < items.length; i++) {
|
|
|
|
try {
|
|
|
|
if (resource === 'case') {
|
|
|
|
// **********************************************************************
|
|
// case
|
|
// **********************************************************************
|
|
|
|
if (operation === 'create') {
|
|
|
|
// ----------------------------------------
|
|
// case: create
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-create.html
|
|
|
|
const body = {
|
|
title: this.getNodeParameter('title', i),
|
|
connector: {},
|
|
owner: 'securitySolution',
|
|
description: '',
|
|
tags: [], // set via `caseTag: add` but must be present
|
|
settings: {
|
|
syncAlerts: this.getNodeParameter('additionalFields.syncAlerts', i, false),
|
|
},
|
|
} as IDataObject;
|
|
|
|
const connectorId = this.getNodeParameter('connectorId', i) as ConnectorType;
|
|
|
|
const {
|
|
id: fetchedId,
|
|
name: fetchedName,
|
|
type: fetchedType,
|
|
} = await getConnector.call(this, connectorId);
|
|
|
|
const selectedConnectorType = this.getNodeParameter('connectorType', i) as ConnectorType;
|
|
|
|
if (fetchedType !== selectedConnectorType) {
|
|
throw new NodeOperationError(
|
|
this.getNode(),
|
|
'Connector Type does not match the type of the connector in Connector Name',
|
|
);
|
|
}
|
|
|
|
const connector = {
|
|
id: fetchedId,
|
|
name: fetchedName,
|
|
type: fetchedType,
|
|
fields: {},
|
|
};
|
|
|
|
if (selectedConnectorType === '.jira') {
|
|
connector.fields = {
|
|
issueType: this.getNodeParameter('issueType', i),
|
|
priority: this.getNodeParameter('priority', i),
|
|
parent: null, // required but unimplemented
|
|
};
|
|
} else if (selectedConnectorType === '.servicenow') {
|
|
connector.fields = {
|
|
urgency: this.getNodeParameter('urgency', i),
|
|
severity: this.getNodeParameter('severity', i),
|
|
impact: this.getNodeParameter('impact', i),
|
|
category: this.getNodeParameter('category', i),
|
|
subcategory: null, // required but unimplemented
|
|
};
|
|
} else if (selectedConnectorType === '.resilient') {
|
|
const rawIssueTypes = this.getNodeParameter('issueTypes', i) as string;
|
|
connector.fields = {
|
|
issueTypes: rawIssueTypes.split(',').map(Number),
|
|
severityCode: this.getNodeParameter('severityCode', i) as number,
|
|
incidentTypes: null, // required but undocumented
|
|
};
|
|
}
|
|
|
|
body.connector = connector;
|
|
|
|
const {
|
|
syncAlerts, // ignored because already set
|
|
...rest
|
|
} = this.getNodeParameter('additionalFields', i) as IDataObject;
|
|
|
|
if (Object.keys(rest).length) {
|
|
Object.assign(body, rest);
|
|
}
|
|
|
|
responseData = await elasticSecurityApiRequest.call(this, 'POST', '/cases', body);
|
|
|
|
} else if (operation === 'delete') {
|
|
|
|
// ----------------------------------------
|
|
// case: delete
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-delete-case.html
|
|
|
|
const caseId = this.getNodeParameter('caseId', i);
|
|
await elasticSecurityApiRequest.call(this, 'DELETE', `/cases?ids=["${caseId}"]`);
|
|
responseData = { success: true };
|
|
|
|
} else if (operation === 'get') {
|
|
|
|
// ----------------------------------------
|
|
// case: get
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-get-case.html
|
|
|
|
const caseId = this.getNodeParameter('caseId', i);
|
|
responseData = await elasticSecurityApiRequest.call(this, 'GET', `/cases/${caseId}`);
|
|
|
|
} else if (operation === 'getAll') {
|
|
|
|
// ----------------------------------------
|
|
// case: getAll
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-find-cases.html
|
|
|
|
const qs = {} as IDataObject;
|
|
const {
|
|
tags,
|
|
status,
|
|
} = this.getNodeParameter('filters', i) as IDataObject & { tags: string[], status: string };
|
|
const sortOptions = this.getNodeParameter('sortOptions', i) as IDataObject;
|
|
|
|
qs.sortField = sortOptions.sortField ?? 'createdAt';
|
|
qs.sortOrder = sortOptions.sortOrder ?? 'asc';
|
|
|
|
if (status) {
|
|
qs.status = status;
|
|
}
|
|
|
|
if (tags?.length) {
|
|
qs.tags = tags.join(',');
|
|
}
|
|
|
|
responseData = await handleListing.call(this, 'GET', '/cases/_find', {}, qs);
|
|
|
|
} else if (operation === 'getStatus') {
|
|
|
|
// ----------------------------------------
|
|
// case: getStatus
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-get-status.html
|
|
|
|
responseData = await elasticSecurityApiRequest.call(this, 'GET', '/cases/status');
|
|
|
|
} else if (operation === 'update') {
|
|
|
|
// ----------------------------------------
|
|
// case: update
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-update.html
|
|
|
|
const caseId = this.getNodeParameter('caseId', i);
|
|
|
|
const body = {} as IDataObject;
|
|
const updateFields = this.getNodeParameter('updateFields', i) as IDataObject;
|
|
|
|
if (!Object.keys(updateFields).length) {
|
|
throwOnEmptyUpdate.call(this, resource);
|
|
}
|
|
|
|
const { syncAlerts, ...rest } = updateFields;
|
|
|
|
Object.assign(body, {
|
|
cases: [
|
|
{
|
|
id: caseId,
|
|
version: await getVersion.call(this, `/cases/${caseId}`),
|
|
...(syncAlerts && { settings: { syncAlerts } }),
|
|
...rest,
|
|
},
|
|
],
|
|
});
|
|
|
|
responseData = await elasticSecurityApiRequest.call(this, 'PATCH', '/cases', body);
|
|
|
|
}
|
|
|
|
} else if (resource === 'caseTag') {
|
|
|
|
// **********************************************************************
|
|
// caseTag
|
|
// **********************************************************************
|
|
|
|
if (operation === 'add') {
|
|
|
|
// ----------------------------------------
|
|
// caseTag: add
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-create.html
|
|
|
|
const caseId = this.getNodeParameter('caseId', i);
|
|
|
|
const {
|
|
title,
|
|
connector,
|
|
owner,
|
|
description,
|
|
settings,
|
|
tags,
|
|
} = await elasticSecurityApiRequest.call(this, 'GET', `/cases/${caseId}`);
|
|
|
|
const tagToAdd = this.getNodeParameter('tag', i);
|
|
|
|
if (tags.includes(tagToAdd)) {
|
|
throw new NodeOperationError(
|
|
this.getNode(),
|
|
`Cannot add tag "${tagToAdd}" to case ID ${caseId} because this case already has this tag.`,
|
|
);
|
|
}
|
|
|
|
const body = {};
|
|
|
|
Object.assign(body, {
|
|
cases: [
|
|
{
|
|
id: caseId,
|
|
title,
|
|
connector,
|
|
owner,
|
|
description,
|
|
settings,
|
|
version: await getVersion.call(this, `/cases/${caseId}`),
|
|
tags: [...tags, tagToAdd],
|
|
},
|
|
],
|
|
});
|
|
|
|
responseData = await elasticSecurityApiRequest.call(this, 'PATCH', '/cases', body);
|
|
|
|
} else if (operation === 'remove') {
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-update.html
|
|
|
|
const caseId = this.getNodeParameter('caseId', i);
|
|
const tagToRemove = this.getNodeParameter('tag', i) as string;
|
|
|
|
const {
|
|
title,
|
|
connector,
|
|
owner,
|
|
description,
|
|
settings,
|
|
tags,
|
|
} = await elasticSecurityApiRequest.call(this, 'GET', `/cases/${caseId}`) as IDataObject & { tags: string[] };
|
|
|
|
if (!tags.includes(tagToRemove)) {
|
|
throw new NodeOperationError(this.getNode(), `Cannot remove tag "${tagToRemove}" from case ID ${caseId} because this case does not have this tag.`);
|
|
}
|
|
|
|
const body = {};
|
|
|
|
Object.assign(body, {
|
|
cases: [
|
|
{
|
|
id: caseId,
|
|
title,
|
|
connector,
|
|
owner,
|
|
description,
|
|
settings,
|
|
version: await getVersion.call(this, `/cases/${caseId}`),
|
|
tags: tags.filter((tag) => tag !== tagToRemove),
|
|
},
|
|
],
|
|
});
|
|
|
|
responseData = await elasticSecurityApiRequest.call(this, 'PATCH', '/cases', body);
|
|
|
|
}
|
|
|
|
} else if (resource === 'caseComment') {
|
|
|
|
// **********************************************************************
|
|
// caseComment
|
|
// **********************************************************************
|
|
|
|
if (operation === 'add') {
|
|
|
|
// ----------------------------------------
|
|
// caseComment: add
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-add-comment.html
|
|
|
|
const simple = this.getNodeParameter('simple', i) as boolean;
|
|
|
|
const additionalFields = this.getNodeParameter('additionalFields', i) as IDataObject;
|
|
|
|
const body = {
|
|
comment: this.getNodeParameter('comment', i),
|
|
type: 'user',
|
|
owner: additionalFields.owner || 'securitySolution',
|
|
} as IDataObject;
|
|
|
|
const caseId = this.getNodeParameter('caseId', i);
|
|
const endpoint = `/cases/${caseId}/comments`;
|
|
responseData = await elasticSecurityApiRequest.call(this, 'POST', endpoint, body);
|
|
|
|
if (simple === true) {
|
|
const { comments } = responseData;
|
|
responseData = comments[comments.length - 1];
|
|
}
|
|
|
|
} else if (operation === 'get') {
|
|
|
|
// ----------------------------------------
|
|
// caseComment: get
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-get-comment.html
|
|
|
|
const caseId = this.getNodeParameter('caseId', i);
|
|
const commentId = this.getNodeParameter('commentId', i);
|
|
|
|
const endpoint = `/cases/${caseId}/comments/${commentId}`;
|
|
responseData = await elasticSecurityApiRequest.call(this, 'GET', endpoint);
|
|
|
|
} else if (operation === 'getAll') {
|
|
|
|
// ----------------------------------------
|
|
// caseComment: getAll
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-get-all-case-comments.html
|
|
|
|
const caseId = this.getNodeParameter('caseId', i);
|
|
|
|
const endpoint = `/cases/${caseId}/comments`;
|
|
responseData = await handleListing.call(this, 'GET', endpoint);
|
|
|
|
} else if (operation === 'remove') {
|
|
|
|
// ----------------------------------------
|
|
// caseComment: remove
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-delete-comment.html
|
|
|
|
const caseId = this.getNodeParameter('caseId', i);
|
|
const commentId = this.getNodeParameter('commentId', i);
|
|
|
|
const endpoint = `/cases/${caseId}/comments/${commentId}`;
|
|
await elasticSecurityApiRequest.call(this, 'DELETE', endpoint);
|
|
responseData = { success: true };
|
|
|
|
} else if (operation === 'update') {
|
|
|
|
// ----------------------------------------
|
|
// caseComment: update
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/cases-api-update-comment.html
|
|
|
|
const simple = this.getNodeParameter('simple', i) as boolean;
|
|
const caseId = this.getNodeParameter('caseId', i);
|
|
const commentId = this.getNodeParameter('commentId', i);
|
|
|
|
const body = {
|
|
comment: this.getNodeParameter('comment', i),
|
|
id: commentId,
|
|
type: 'user',
|
|
owner: 'securitySolution',
|
|
version: await getVersion.call(this, `/cases/${caseId}/comments/${commentId}`),
|
|
} as IDataObject;
|
|
|
|
const patchEndpoint = `/cases/${caseId}/comments`;
|
|
responseData = await elasticSecurityApiRequest.call(this, 'PATCH', patchEndpoint, body);
|
|
|
|
if (simple === true) {
|
|
const { comments } = responseData;
|
|
responseData = comments[comments.length - 1];
|
|
}
|
|
|
|
}
|
|
|
|
} else if (resource === 'connector') {
|
|
|
|
if (operation === 'create') {
|
|
|
|
// ----------------------------------------
|
|
// connector: create
|
|
// ----------------------------------------
|
|
|
|
// https://www.elastic.co/guide/en/security/current/register-connector.html
|
|
|
|
const connectorType = this.getNodeParameter('connectorType', i) as ConnectorType;
|
|
|
|
const body: ConnectorCreatePayload = {
|
|
connector_type_id: connectorType,
|
|
name: this.getNodeParameter('name', i) as string,
|
|
};
|
|
|
|
if (connectorType === '.jira') {
|
|
body.config = {
|
|
apiUrl: this.getNodeParameter('apiUrl', i) as string,
|
|
projectKey: this.getNodeParameter('projectKey', i) as string,
|
|
};
|
|
body.secrets = {
|
|
email: this.getNodeParameter('email', i) as string,
|
|
apiToken: this.getNodeParameter('apiToken', i) as string,
|
|
};
|
|
} else if (connectorType === '.resilient') {
|
|
body.config = {
|
|
apiUrl: this.getNodeParameter('apiUrl', i) as string,
|
|
orgId: this.getNodeParameter('orgId', i) as string,
|
|
};
|
|
body.secrets = {
|
|
apiKeyId: this.getNodeParameter('apiKeyId', i) as string,
|
|
apiKeySecret: this.getNodeParameter('apiKeySecret', i) as string,
|
|
};
|
|
} else if (connectorType === '.servicenow') {
|
|
body.config = {
|
|
apiUrl: this.getNodeParameter('apiUrl', i) as string,
|
|
};
|
|
body.secrets = {
|
|
username: this.getNodeParameter('username', i) as string,
|
|
password: this.getNodeParameter('password', i) as string,
|
|
};
|
|
}
|
|
|
|
responseData = await elasticSecurityApiRequest.call(this, 'POST', '/actions/connector', body);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Array.isArray(responseData)
|
|
? returnData.push(...responseData)
|
|
: returnData.push(responseData);
|
|
|
|
} catch (error) {
|
|
if (this.continueOnFail()) {
|
|
returnData.push({ error: error.message });
|
|
continue;
|
|
}
|
|
throw error;
|
|
}
|
|
|
|
}
|
|
|
|
return [this.helpers.returnJsonArray(returnData)];
|
|
}
|
|
}
|