Skip to content

Privmon Sync Test Data Scenario #338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
CAWilson94 wants to merge 5 commits into
base: main
Choose a base branch
from
+74 −49
Open

Privmon Sync Test Data Scenario #338

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
fab00c4
Enhance entity store and org data commands with new options for quick…
CAWilson94 Mar 26, 2026
41b4d79
Apply suggestion from @Copilot
CAWilson94 Mar 26, 2026
298d57c
remove comment
CAWilson94 Mar 26, 2026
3ed6efd
centralize maintainers config
CAWilson94 Mar 26, 2026
c908e3c
Merge branch 'main' into privmon-sync-test
CAWilson94 Mar 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 19 additions & 47 deletions src/commands/entity_store/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,11 @@
import { type Command } from 'commander';
import { type CommandModule } from '../types.ts';
import { wrapAction } from '../utils/cli_utils.ts';
import { log } from '../../utils/logger.ts';
import {
ENTITY_STORE_OPTIONS,
ENTITY_MAINTAINERS_OPTIONS,
generateNewSeed,
} from '../../constants.ts';
import type { EntityMaintainerOption } from '../../constants.ts';
import { cleanEntityStore, generateEntityStore } from './entity_store.ts';
import { setupEntityResolutionDemo } from './entity_resolution.ts';
import { generateEntityMaintainersData } from './entity_maintainers.ts';
import { Command } from 'commander';
import { CommandModule } from '../types';

Check failure on line 2 in src/commands/entity_store/index.ts

View workflow job for this annotation

GitHub Actions / Lint and Type Check 

Relative import paths need explicit file extensions in ECMAScript imports when '--moduleResolution' is 'node16' or 'nodenext'. Did you mean '../types.js'?
import { wrapAction } from '../utils/cli_utils';

Check failure on line 3 in src/commands/entity_store/index.ts

View workflow job for this annotation

GitHub Actions / Lint and Type Check 

Relative import paths need explicit file extensions in ECMAScript imports when '--moduleResolution' is 'node16' or 'nodenext'. Did you mean '../utils/cli_utils.js'?
import { ENTITY_STORE_OPTIONS, ENTITY_MAINTAINERS_CONFIG, generateNewSeed } from '../../constants';

Check failure on line 4 in src/commands/entity_store/index.ts

View workflow job for this annotation

GitHub Actions / Lint and Type Check 

Relative import paths need explicit file extensions in ECMAScript imports when '--moduleResolution' is 'node16' or 'nodenext'. Did you mean '../../constants.js'?
import type { EntityMaintainerOption } from '../../constants';

Check failure on line 5 in src/commands/entity_store/index.ts

View workflow job for this annotation

GitHub Actions / Lint and Type Check 

Relative import paths need explicit file extensions in ECMAScript imports when '--moduleResolution' is 'node16' or 'nodenext'. Did you mean '../../constants.js'?
import { cleanEntityStore, generateEntityStore } from './entity_store';

Check failure on line 6 in src/commands/entity_store/index.ts

View workflow job for this annotation

GitHub Actions / Lint and Type Check 

Relative import paths need explicit file extensions in ECMAScript imports when '--moduleResolution' is 'node16' or 'nodenext'. Did you mean './entity_store.js'?
import { setupEntityResolutionDemo } from './entity_resolution';

Check failure on line 7 in src/commands/entity_store/index.ts

View workflow job for this annotation

GitHub Actions / Lint and Type Check 

Relative import paths need explicit file extensions in ECMAScript imports when '--moduleResolution' is 'node16' or 'nodenext'. Did you mean './entity_resolution.js'?
import { generateEntityMaintainersData } from './entity_maintainers';

Check failure on line 8 in src/commands/entity_store/index.ts

View workflow job for this annotation

GitHub Actions / Lint and Type Check 

Relative import paths need explicit file extensions in ECMAScript imports when '--moduleResolution' is 'node16' or 'nodenext'. Did you mean './entity_maintainers.js'?
import {
promptForNumericInputs,
promptForSelection,
Expand All @@ -28,7 +23,7 @@
.option('--space', 'space to use', 'default')
.description('Load entity resolution demo data')
.action(
wrapAction(async ({ mini, deleteData, keepEmails, space }) => {

Check failure on line 26 in src/commands/entity_store/index.ts

View workflow job for this annotation

GitHub Actions / Lint and Type Check 

Binding element 'keepEmails' implicitly has an 'any' type.

Check failure on line 26 in src/commands/entity_store/index.ts

View workflow job for this annotation

GitHub Actions / Lint and Type Check 

Binding element 'deleteData' implicitly has an 'any' type.

Check failure on line 26 in src/commands/entity_store/index.ts

View workflow job for this annotation

GitHub Actions / Lint and Type Check 

Binding element 'mini' implicitly has an 'any' type.
setupEntityResolutionDemo({ mini, deleteData, keepEmails, space });
}),
);
Expand Down Expand Up @@ -140,50 +135,27 @@
)
.option('--space <space>', 'Kibana space ID', 'default')
.option('--quick', 'Run all maintainers for 10000 entities without prompts')
Copy link

Copilot AI Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The --quick help text says it will "Run all maintainers" but the behavior can now exclude watchlists via --exclude-wl, and (via config) could diverge further from "all" in the future. Consider updating the --quick description to reflect that it runs the configured quick-default maintainers (with optional exclusions) to avoid misleading CLI help.

Suggested change
.option('--quick', 'Run all maintainers for 10000 entities without prompts')
.option(
'--quick',
'Run quick-default maintainers for 10000 entities without prompts (respects --exclude-wl and maintainer config)',
)

Copilot uses AI. Check for mistakes.
.option('--exclude-wl', 'Exclude watchlists when running with --quick', false)
.action(
wrapAction(async ({ space, quick }: { space: string; quick?: boolean }) => {
wrapAction(async ({ space, quick, excludeWl }: { space: string; quick?: boolean; excludeWl?: boolean }) => {
if (quick) {
const maintainers = ENTITY_MAINTAINERS_CONFIG.filter(
(maintainer) => maintainer.quickDefault && (!excludeWl || !maintainer.excludeOnQuick),
).map((maintainer) => maintainer.key);
await generateEntityMaintainersData({
count: 10000,
maintainers: Object.values(ENTITY_MAINTAINERS_OPTIONS) as EntityMaintainerOption[],
maintainers,
space,
});
return;
}
const selectedMaintainers = await promptForSelection<EntityMaintainerOption>({
message: 'Select maintainers to generate data for',
choices: [
{
name: 'Risk Score',
value: ENTITY_MAINTAINERS_OPTIONS.riskScore,
checked: true,
},
{
name: 'Asset Criticality',
value: ENTITY_MAINTAINERS_OPTIONS.assetCriticality,
checked: true,
},
{
name: 'Anomaly Behaviors',
value: ENTITY_MAINTAINERS_OPTIONS.anomalyBehaviors,
checked: true,
},
{
name: 'Relationships',
value: ENTITY_MAINTAINERS_OPTIONS.relationships,
checked: true,
},
{
name: 'Watchlist',
value: ENTITY_MAINTAINERS_OPTIONS.watchlist,
checked: true,
},
{
name: 'Snapshot (30-day history)',
value: ENTITY_MAINTAINERS_OPTIONS.snapshot,
checked: true,
},
],
choices: ENTITY_MAINTAINERS_CONFIG.map((maintainer) => ({
name: maintainer.label,
value: maintainer.key,
checked: maintainer.defaultChecked,
})),
});

if (selectedMaintainers.length === 0) {
Expand Down
9 changes: 7 additions & 2 deletions src/commands/org_data/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,17 @@ export const orgDataCommands: CommandModule = {
.alias('org-data-quick')
.alias('organization-quick')
.description(
'Quick correlated organization data generation with defaults (medium size, all integrations)',
'Quick correlated organization data generation with defaults (medium size)',
)
.option('--space <space>', 'Kibana space', 'default')
.option(
'--privmon-wl',
'Use Privileged User Monitoring watchlist integrations (active_directory, okta, okta_system)',
false,
)
.action(
wrapAction(async (options) => {
await runOrgDataQuick(options.space);
await runOrgDataQuick(options.space, { privmonWatchlist: options.privmonWl });
}),
);
},
Expand Down
48 changes: 48 additions & 0 deletions src/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,54 @@ export const ENTITY_MAINTAINERS_OPTIONS = {
export type EntityMaintainerOption =
(typeof ENTITY_MAINTAINERS_OPTIONS)[keyof typeof ENTITY_MAINTAINERS_OPTIONS];

export type EntityMaintainerConfig = {
key: EntityMaintainerOption;
label: string;
defaultChecked: boolean;
quickDefault: boolean;
excludeOnQuick?: boolean;
};

export const ENTITY_MAINTAINERS_CONFIG: EntityMaintainerConfig[] = [
{
key: ENTITY_MAINTAINERS_OPTIONS.riskScore,
label: 'Risk Score',
defaultChecked: true,
quickDefault: true,
},
{
key: ENTITY_MAINTAINERS_OPTIONS.assetCriticality,
label: 'Asset Criticality',
defaultChecked: true,
quickDefault: true,
},
{
key: ENTITY_MAINTAINERS_OPTIONS.anomalyBehaviors,
label: 'Anomaly Behaviors',
defaultChecked: true,
quickDefault: true,
},
{
key: ENTITY_MAINTAINERS_OPTIONS.relationships,
label: 'Relationships',
defaultChecked: true,
quickDefault: true,
},
{
key: ENTITY_MAINTAINERS_OPTIONS.watchlist,
label: 'Watchlist',
defaultChecked: true,
quickDefault: true,
excludeOnQuick: true,
},
{
key: ENTITY_MAINTAINERS_OPTIONS.snapshot,
label: 'Snapshot (30-day history)',
defaultChecked: true,
quickDefault: true,
},
];

export const PRIVILEGED_USER_MONITORING_OPTIONS = {
anomalyData: 'anomalyData',
sourceEventData: 'sourceEventData',
Expand Down