"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.createConfig = exports.configSchema = void 0; var _configSchema = require("@kbn/config-schema"); var _constants = require("../common/constants"); var _experimental_features = require("../common/experimental_features"); /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ const configSchema = _configSchema.schema.object({ maxRuleImportExportSize: _configSchema.schema.number({ defaultValue: 10000 }), maxRuleImportPayloadBytes: _configSchema.schema.number({ defaultValue: 10485760 }), maxTimelineImportExportSize: _configSchema.schema.number({ defaultValue: 10000 }), maxTimelineImportPayloadBytes: _configSchema.schema.number({ defaultValue: 10485760 }), /** * This is used within the merge strategies: * server/lib/detection_engine/rule_types/utils/source_fields_merging * * For determining which strategy for merging "fields" and "_source" together to get * runtime fields, constant keywords, etc... * * "missingFields" (default) This will only merge fields that are missing from the _source and exist in the fields. * "noFields" This will turn off all merging of runtime fields, constant keywords from fields. * "allFields" This will merge and overwrite anything found within "fields" into "_source" before indexing the data. */ alertMergeStrategy: _configSchema.schema.oneOf([_configSchema.schema.literal('allFields'), _configSchema.schema.literal('missingFields'), _configSchema.schema.literal('noFields')], { defaultValue: 'missingFields' }), /** * This is used within the merge strategies: * server/lib/detection_engine/rule_types/utils/source_fields_merging * * For determining if we need to ignore particular "fields" and not merge them with "_source" such as * runtime fields, constant keywords, etc... * * This feature and functionality is mostly as "safety feature" meaning that we have had bugs in the past * where something down the stack unexpectedly ends up in the fields API which causes documents to not * be indexable. Rather than changing alertMergeStrategy to be "noFields", you can use this array to add * any problematic values. * * You can use plain dotted notation strings such as "host.name" or a regular expression such as "/host\..+/" */ alertIgnoreFields: _configSchema.schema.arrayOf(_configSchema.schema.string(), { defaultValue: [], validate(ignoreFields) { const errors = ignoreFields.flatMap((ignoreField, index) => { if (ignoreField.startsWith('/') && ignoreField.endsWith('/')) { try { new RegExp(ignoreField.slice(1, -1)); return []; } catch (error) { return [`"${error.message}" at array position ${index}`]; } } else { return []; } }); if (errors.length !== 0) { return errors.join('. '); } else { return undefined; } } }), [_constants.SIGNALS_INDEX_KEY]: _configSchema.schema.string({ defaultValue: _constants.DEFAULT_SIGNALS_INDEX }), /** * For internal use. A list of string values (comma delimited) that will enable experimental * type of functionality that is not yet released. Valid values for this settings need to * be defined in: * `x-pack/plugins/security_solution/common/experimental_features.ts` * under the `allowedExperimentalValues` object * * @example * xpack.securitySolution.enableExperimental: * - someCrazyFeature * - someEvenCrazierFeature */ enableExperimental: _configSchema.schema.arrayOf(_configSchema.schema.string(), { defaultValue: () => [] }), /** * Artifacts Configuration */ packagerTaskInterval: _configSchema.schema.string({ defaultValue: '60s' }), /** * Artifacts Configuration for package policy update concurrency */ packagerTaskPackagePolicyUpdateBatchSize: _configSchema.schema.number({ defaultValue: 10, max: 50, min: 1 }), /** * For internal use. Specify which version of the Detection Rules fleet package to install * when upgrading rules. If not provided, the latest compatible package will be installed, * or if running from a dev environment or -SNAPSHOT build, the latest pre-release package * will be used (if fleet is available or not within an airgapped environment). * * Note: This is for `upgrade only`, which occurs by means of the `useUpgradeSecurityPackages` * hook when navigating to a Security Solution page. The package version specified in * `fleet_packages.json` in project root will always be installed first on Kibana start if * the package is not already installed. */ prebuiltRulesPackageVersion: _configSchema.schema.maybe(_configSchema.schema.string()), enabled: _configSchema.schema.boolean({ defaultValue: true }), /** * The Max number of Bytes allowed for the `upload` endpoint response action */ maxUploadResponseActionFileBytes: _configSchema.schema.number({ defaultValue: 26214400, // 25MB, max: 104857600 // 100MB, }) }); exports.configSchema = configSchema; const createConfig = context => { const pluginConfig = context.config.get(); const logger = context.logger.get('config'); const { invalid, features: experimentalFeatures } = (0, _experimental_features.parseExperimentalConfigValue)(pluginConfig.enableExperimental); if (invalid.length) { logger.warn(`Unsupported "xpack.securitySolution.enableExperimental" values detected. The following configuration values are no longer supported and should be removed from the kibana configuration file: xpack.securitySolution.enableExperimental: ${invalid.map(key => ` - ${key}`).join('\n')} `); } return { ...pluginConfig, experimentalFeatures }; }; exports.createConfig = createConfig;