From fab00c4962912a13774d6e4d4daf40410ff579f5 Mon Sep 17 00:00:00 2001 From: CAWilson94 Date: Thu, 26 Mar 2026 12:52:12 +0000 Subject: [PATCH 1/4] Enhance entity store and org data commands with new options for quick execution. Added '--exclude-wl' to entity store to filter out watchlists and '--privmon-wl' to org data for privileged user monitoring watchlist synctesting scenario --- src/commands/entity_store/index.ts | 17 +++++++++++++---- src/commands/org_data/index.ts | 9 +++++++-- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/commands/entity_store/index.ts b/src/commands/entity_store/index.ts index 9e14287c..e6eaeaa5 100644 --- a/src/commands/entity_store/index.ts +++ b/src/commands/entity_store/index.ts @@ -135,12 +135,21 @@ export const entityStoreCommands: CommandModule = { ) .option('--space ', 'Kibana space ID', 'default') .option('--quick', 'Run all maintainers for 10000 entities without prompts') + .option('--exclude-wl', 'Exclude watchlists when running with --quick', false) .action( - wrapAction(async ({ space, quick }: { space: string; quick?: boolean }) => { + wrapAction(async ({ space, quick, excludeWl }: { space: string; quick?: boolean; excludeWl?: boolean }) => { if (quick) { + const allMaintainers = Object.values( + ENTITY_MAINTAINERS_OPTIONS, + ) as EntityMaintainerOption[]; + const maintainers = excludeWl + ? allMaintainers.filter( + (maintainer) => maintainer !== ('watchlist' as EntityMaintainerOption), + ) + : allMaintainers; await generateEntityMaintainersData({ count: 10000, - maintainers: Object.values(ENTITY_MAINTAINERS_OPTIONS) as EntityMaintainerOption[], + maintainers, space, }); return; @@ -168,11 +177,11 @@ export const entityStoreCommands: CommandModule = { value: ENTITY_MAINTAINERS_OPTIONS.relationships, checked: true, }, - { + /*{ name: 'Watchlist', value: ENTITY_MAINTAINERS_OPTIONS.watchlist, checked: true, - }, + },*/ { name: 'Snapshot (30-day history)', value: ENTITY_MAINTAINERS_OPTIONS.snapshot, diff --git a/src/commands/org_data/index.ts b/src/commands/org_data/index.ts index fd6a4a78..aef02068 100644 --- a/src/commands/org_data/index.ts +++ b/src/commands/org_data/index.ts @@ -40,12 +40,17 @@ export const orgDataCommands: CommandModule = { .alias('org-data-quick') .alias('organization-quick') .description( - 'Quick correlated organization data generation with defaults (medium size, all integrations)', + 'Quick correlated organization data generation with defaults (medium size)', ) .option('--space ', 'Kibana space', 'default') + .option( + '--privmon-wl', + 'Use Privileged User Monitoring watchlist integrations (active_directory, okta, okta_system)', + false, + ) .action( wrapAction(async (options) => { - await runOrgDataQuick(options.space); + await runOrgDataQuick(options.space, { privmonWatchlist: options.privmonWl }); }), ); }, From 41b4d795715d68bdd724139328981ac5e2439c87 Mon Sep 17 00:00:00 2001 From: Charlotte Alexandra Wilson Date: Thu, 26 Mar 2026 12:59:02 +0000 Subject: [PATCH 2/4] Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- src/commands/entity_store/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/commands/entity_store/index.ts b/src/commands/entity_store/index.ts index e6eaeaa5..b42522c4 100644 --- a/src/commands/entity_store/index.ts +++ b/src/commands/entity_store/index.ts @@ -144,7 +144,7 @@ export const entityStoreCommands: CommandModule = { ) as EntityMaintainerOption[]; const maintainers = excludeWl ? allMaintainers.filter( - (maintainer) => maintainer !== ('watchlist' as EntityMaintainerOption), + (maintainer) => maintainer !== ENTITY_MAINTAINERS_OPTIONS.watchlist, ) : allMaintainers; await generateEntityMaintainersData({ From 298d57cd9fe19e662bcfc59046a4d0c90c9c3f94 Mon Sep 17 00:00:00 2001 From: Charlotte Alexandra Wilson Date: Thu, 26 Mar 2026 12:59:35 +0000 Subject: [PATCH 3/4] remove comment --- src/commands/entity_store/index.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/commands/entity_store/index.ts b/src/commands/entity_store/index.ts index b42522c4..94b24ba8 100644 --- a/src/commands/entity_store/index.ts +++ b/src/commands/entity_store/index.ts @@ -177,11 +177,11 @@ export const entityStoreCommands: CommandModule = { value: ENTITY_MAINTAINERS_OPTIONS.relationships, checked: true, }, - /*{ + { name: 'Watchlist', value: ENTITY_MAINTAINERS_OPTIONS.watchlist, checked: true, - },*/ + }, { name: 'Snapshot (30-day history)', value: ENTITY_MAINTAINERS_OPTIONS.snapshot, From 3ed6efdbea12e011be1be7de5b94ea83c9bc8b7d Mon Sep 17 00:00:00 2001 From: CAWilson94 Date: Thu, 26 Mar 2026 13:18:01 +0000 Subject: [PATCH 4/4] centralize maintainers config --- src/commands/entity_store/index.ts | 50 ++++++------------------------ src/constants.ts | 48 ++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 41 deletions(-) diff --git a/src/commands/entity_store/index.ts b/src/commands/entity_store/index.ts index 94b24ba8..db108ed2 100644 --- a/src/commands/entity_store/index.ts +++ b/src/commands/entity_store/index.ts @@ -1,7 +1,7 @@ import { Command } from 'commander'; import { CommandModule } from '../types'; import { wrapAction } from '../utils/cli_utils'; -import { ENTITY_STORE_OPTIONS, ENTITY_MAINTAINERS_OPTIONS, generateNewSeed } from '../../constants'; +import { ENTITY_STORE_OPTIONS, ENTITY_MAINTAINERS_CONFIG, generateNewSeed } from '../../constants'; import type { EntityMaintainerOption } from '../../constants'; import { cleanEntityStore, generateEntityStore } from './entity_store'; import { setupEntityResolutionDemo } from './entity_resolution'; @@ -139,14 +139,9 @@ export const entityStoreCommands: CommandModule = { .action( wrapAction(async ({ space, quick, excludeWl }: { space: string; quick?: boolean; excludeWl?: boolean }) => { if (quick) { - const allMaintainers = Object.values( - ENTITY_MAINTAINERS_OPTIONS, - ) as EntityMaintainerOption[]; - const maintainers = excludeWl - ? allMaintainers.filter( - (maintainer) => maintainer !== ENTITY_MAINTAINERS_OPTIONS.watchlist, - ) - : allMaintainers; + const maintainers = ENTITY_MAINTAINERS_CONFIG.filter( + (maintainer) => maintainer.quickDefault && (!excludeWl || !maintainer.excludeOnQuick), + ).map((maintainer) => maintainer.key); await generateEntityMaintainersData({ count: 10000, maintainers, @@ -156,38 +151,11 @@ export const entityStoreCommands: CommandModule = { } const selectedMaintainers = await promptForSelection({ message: 'Select maintainers to generate data for', - choices: [ - { - name: 'Risk Score', - value: ENTITY_MAINTAINERS_OPTIONS.riskScore, - checked: true, - }, - { - name: 'Asset Criticality', - value: ENTITY_MAINTAINERS_OPTIONS.assetCriticality, - checked: true, - }, - { - name: 'Anomaly Behaviors', - value: ENTITY_MAINTAINERS_OPTIONS.anomalyBehaviors, - checked: true, - }, - { - name: 'Relationships', - value: ENTITY_MAINTAINERS_OPTIONS.relationships, - checked: true, - }, - { - name: 'Watchlist', - value: ENTITY_MAINTAINERS_OPTIONS.watchlist, - checked: true, - }, - { - name: 'Snapshot (30-day history)', - value: ENTITY_MAINTAINERS_OPTIONS.snapshot, - checked: true, - }, - ], + choices: ENTITY_MAINTAINERS_CONFIG.map((maintainer) => ({ + name: maintainer.label, + value: maintainer.key, + checked: maintainer.defaultChecked, + })), }); if (selectedMaintainers.length === 0) { diff --git a/src/constants.ts b/src/constants.ts index c0205abf..3a8c111d 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -32,6 +32,54 @@ export const ENTITY_MAINTAINERS_OPTIONS = { export type EntityMaintainerOption = (typeof ENTITY_MAINTAINERS_OPTIONS)[keyof typeof ENTITY_MAINTAINERS_OPTIONS]; +export type EntityMaintainerConfig = { + key: EntityMaintainerOption; + label: string; + defaultChecked: boolean; + quickDefault: boolean; + excludeOnQuick?: boolean; +}; + +export const ENTITY_MAINTAINERS_CONFIG: EntityMaintainerConfig[] = [ + { + key: ENTITY_MAINTAINERS_OPTIONS.riskScore, + label: 'Risk Score', + defaultChecked: true, + quickDefault: true, + }, + { + key: ENTITY_MAINTAINERS_OPTIONS.assetCriticality, + label: 'Asset Criticality', + defaultChecked: true, + quickDefault: true, + }, + { + key: ENTITY_MAINTAINERS_OPTIONS.anomalyBehaviors, + label: 'Anomaly Behaviors', + defaultChecked: true, + quickDefault: true, + }, + { + key: ENTITY_MAINTAINERS_OPTIONS.relationships, + label: 'Relationships', + defaultChecked: true, + quickDefault: true, + }, + { + key: ENTITY_MAINTAINERS_OPTIONS.watchlist, + label: 'Watchlist', + defaultChecked: true, + quickDefault: true, + excludeOnQuick: true, + }, + { + key: ENTITY_MAINTAINERS_OPTIONS.snapshot, + label: 'Snapshot (30-day history)', + defaultChecked: true, + quickDefault: true, + }, +]; + export const PRIVILEGED_USER_MONITORING_OPTIONS = { anomalyData: 'anomalyData', sourceEventData: 'sourceEventData',