Skip to content

Commit

Permalink
[Security Solution] Incorrect alerts count is displaying under previe…
Browse files Browse the repository at this point in the history 
…w results for data view (elastic#138131)

* [Security Solution] Incorrect alerts count is displaying under preview results for data view (elastic#137657)

* Fix CI

Co-authored-by: Kibana Machine <[email protected]>
  • Loading branch information
@e40pud @kibanamachine
e40pud and kibanamachine authored Aug 10, 2022
1 parent f107c27 commit 0a22f96
Show file tree
Hide file tree
Showing 10 changed files with 80 additions and 18 deletions.
11 changes: 11 additions & 0 deletions ...plugins/security_solution/public/detections/components/rules/rule_preview/helpers.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
* 2.0.
*/

import { DataSourceType } from '../../../pages/detection_engine/rules/types';
import {
isNoisy,
getTimeframeOptions,
Expand Down Expand Up @@ -71,6 +72,7 @@ describe('query_preview/helpers', () => {
isThreatQueryBarValid: true,
index: [],
dataViewId: undefined,
dataSourceType: DataSourceType.IndexPatterns,
threatIndex: ['threat-*'],
threatMapping: [
{ entries: [{ field: 'test-field', value: 'test-value', type: 'mapping' }] },
Expand All @@ -89,6 +91,7 @@ describe('query_preview/helpers', () => {
isThreatQueryBarValid: true,
index: ['test-*'],
dataViewId: undefined,
dataSourceType: DataSourceType.IndexPatterns,
threatIndex: ['threat-*'],
threatMapping: [
{ entries: [{ field: 'test-field', value: 'test-value', type: 'mapping' }] },
Expand All @@ -107,6 +110,7 @@ describe('query_preview/helpers', () => {
isThreatQueryBarValid: false,
index: ['test-*'],
dataViewId: undefined,
dataSourceType: DataSourceType.IndexPatterns,
threatIndex: ['threat-*'],
threatMapping: [
{ entries: [{ field: 'test-field', value: 'test-value', type: 'mapping' }] },
Expand All @@ -125,6 +129,7 @@ describe('query_preview/helpers', () => {
isThreatQueryBarValid: true,
index: ['test-*'],
dataViewId: undefined,
dataSourceType: DataSourceType.IndexPatterns,
threatIndex: [],
threatMapping: [
{ entries: [{ field: 'test-field', value: 'test-value', type: 'mapping' }] },
Expand All @@ -143,6 +148,7 @@ describe('query_preview/helpers', () => {
isThreatQueryBarValid: true,
index: ['test-*'],
dataViewId: undefined,
dataSourceType: DataSourceType.IndexPatterns,
threatIndex: ['threat-*'],
threatMapping: [],
machineLearningJobId: ['test-ml-job-id'],
Expand All @@ -159,6 +165,7 @@ describe('query_preview/helpers', () => {
isThreatQueryBarValid: true,
index: ['test-*'],
dataViewId: undefined,
dataSourceType: DataSourceType.IndexPatterns,
threatIndex: ['threat-*'],
threatMapping: [],
machineLearningJobId: [],
Expand All @@ -175,6 +182,7 @@ describe('query_preview/helpers', () => {
isThreatQueryBarValid: true,
index: ['test-*'],
dataViewId: undefined,
dataSourceType: DataSourceType.IndexPatterns,
threatIndex: ['threat-*'],
threatMapping: [],
machineLearningJobId: [],
Expand All @@ -191,6 +199,7 @@ describe('query_preview/helpers', () => {
isThreatQueryBarValid: true,
index: ['test-*'],
dataViewId: undefined,
dataSourceType: DataSourceType.IndexPatterns,
threatIndex: [],
threatMapping: [],
machineLearningJobId: [],
Expand All @@ -207,6 +216,7 @@ describe('query_preview/helpers', () => {
isThreatQueryBarValid: true,
index: ['test-*'],
dataViewId: undefined,
dataSourceType: DataSourceType.IndexPatterns,
threatIndex: ['threat-*'],
threatMapping: [
{ entries: [{ field: 'test-field', value: 'test-value', type: 'mapping' }] },
Expand All @@ -225,6 +235,7 @@ describe('query_preview/helpers', () => {
isThreatQueryBarValid: true,
index: ['test-*'],
dataViewId: undefined,
dataSourceType: DataSourceType.IndexPatterns,
threatIndex: ['threat-*'],
threatMapping: [],
machineLearningJobId: [],
Expand Down
11 changes: 10 additions & 1 deletion x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/helpers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ import type { ChartSeriesConfigs } from '../../../../common/components/charts/co
import { getQueryFilter } from '../../../../../common/detection_engine/get_query_filter';
import type { FieldValueQueryBar } from '../query_bar';
import type { ESQuery } from '../../../../../common/typed_json';
import { DataSourceType } from '../../../pages/detection_engine/rules/types';

/**
* Determines whether or not to display noise warning.
* Is considered noisy if alerts/hour rate > 1
Expand Down Expand Up @@ -165,6 +167,7 @@ export const getIsRulePreviewDisabled = ({
isThreatQueryBarValid,
index,
dataViewId,
dataSourceType,
threatIndex,
threatMapping,
machineLearningJobId,
Expand All @@ -176,14 +179,20 @@ export const getIsRulePreviewDisabled = ({
isThreatQueryBarValid: boolean;
index: string[];
dataViewId: string | undefined;
dataSourceType: DataSourceType;
threatIndex: string[];
threatMapping: ThreatMapping;
machineLearningJobId: string[];
queryBar: FieldValueQueryBar;
newTermsFields: string[];
}) => {
if (!isQueryBarValid || ((index == null || index.length === 0) && dataViewId == null))
if (
!isQueryBarValid ||
(dataSourceType === DataSourceType.DataView && !dataViewId) ||
(dataSourceType === DataSourceType.IndexPatterns && index.length === 0)
) {
return true;
}
if (ruleType === 'threat_match') {
if (!isThreatQueryBarValid || !threatIndex.length || !threatMapping) return true;
if (
Expand Down
12 changes: 12 additions & 0 deletions .../plugins/security_solution/public/detections/components/rules/rule_preview/index.test.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,15 @@ import React from 'react';
import { render } from '@testing-library/react';
import userEvent from '@testing-library/user-event';

import type { DataViewBase } from '@kbn/es-query';
import { fields } from '@kbn/data-plugin/common/mocks';

import { TestProviders } from '../../../../common/mock';
import type { RulePreviewProps } from '.';
import { RulePreview } from '.';
import { usePreviewRoute } from './use_preview_route';
import { usePreviewHistogram } from './use_preview_histogram';
import { DataSourceType } from '../../../pages/detection_engine/rules/types';

jest.mock('../../../../common/lib/kibana');
jest.mock('./use_preview_route');
Expand All @@ -27,9 +31,17 @@ jest.mock('../../../../common/containers/use_global_time', () => ({
}),
}));

const getMockIndexPattern = (): DataViewBase => ({
fields,
id: '1234',
title: 'logstash-*',
});

const defaultProps: RulePreviewProps = {
ruleType: 'threat_match',
index: ['test-*'],
indexPattern: getMockIndexPattern(),
dataSourceType: DataSourceType.IndexPatterns,
threatIndex: ['threat-*'],
threatMapping: [
{
Expand Down
13 changes: 11 additions & 2 deletions x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/index.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import dateMath from '@kbn/datemath';
import type { Unit } from '@kbn/datemath';
import type { ThreatMapping, Type } from '@kbn/securitysolution-io-ts-alerting-types';
import styled from 'styled-components';
import type { DataViewBase } from '@kbn/es-query';
import type { EuiButtonGroupOptionProps, OnTimeChangeProps } from '@elastic/eui';
import {
EuiButtonGroup,
Expand Down Expand Up @@ -39,7 +40,10 @@ import { useStartTransaction } from '../../../../common/lib/apm/use_start_transa
import { SINGLE_RULE_ACTIONS } from '../../../../common/lib/apm/user_actions';
import { Form, UseField, useForm, useFormData } from '../../../../shared_imports';
import { ScheduleItem } from '../schedule_item_form';
import type { AdvancedPreviewForm } from '../../../pages/detection_engine/rules/types';
import type {
AdvancedPreviewForm,
DataSourceType,
} from '../../../pages/detection_engine/rules/types';
import { schema } from './schema';

const HelpTextComponent = (
Expand Down Expand Up @@ -70,9 +74,11 @@ const advancedOptionsDefaultValue = {

export interface RulePreviewProps {
index: string[];
indexPattern: DataViewBase;
isDisabled: boolean;
query: FieldValueQueryBar;
dataViewId?: string;
dataSourceType: DataSourceType;
ruleType: Type;
threatIndex: string[];
threatMapping: ThreatMapping;
Expand All @@ -97,7 +103,9 @@ const defaultTimeRange: Unit = 'h';

const RulePreviewComponent: React.FC<RulePreviewProps> = ({
index,
indexPattern,
dataViewId,
dataSourceType,
isDisabled,
query,
ruleType,
Expand Down Expand Up @@ -197,6 +205,7 @@ const RulePreviewComponent: React.FC<RulePreviewProps> = ({
index,
isDisabled,
dataViewId,
dataSourceType,
query,
threatIndex,
threatQuery,
Expand Down Expand Up @@ -334,7 +343,7 @@ const RulePreviewComponent: React.FC<RulePreviewProps> = ({
previewId={previewId}
addNoiseWarning={addNoiseWarning}
spaceId={spaceId}
index={index}
indexPattern={indexPattern}
advancedOptions={advancedOptions}
/>
)}
Expand Down
15 changes: 12 additions & 3 deletions ...urity_solution/public/detections/components/rules/rule_preview/preview_histogram.test.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ import React from 'react';
import { render } from '@testing-library/react';
import moment from 'moment';

import type { DataViewBase } from '@kbn/es-query';
import { fields } from '@kbn/data-plugin/common/mocks';

import { useGlobalTime } from '../../../../common/containers/use_global_time';
import { TestProviders } from '../../../../common/mock';
import { usePreviewHistogram } from './use_preview_histogram';
Expand All @@ -21,6 +24,12 @@ jest.mock('../../../../common/containers/use_global_time');
jest.mock('./use_preview_histogram');
jest.mock('../../../../common/utils/normalize_time_range');

const getMockIndexPattern = (): DataViewBase => ({
fields,
id: '1234',
title: 'logstash-*',
});

describe('PreviewHistogram', () => {
const mockSetQuery = jest.fn();

Expand Down Expand Up @@ -58,7 +67,7 @@ describe('PreviewHistogram', () => {
previewId={'test-preview-id'}
spaceId={'default'}
ruleType={'query'}
index={['']}
indexPattern={getMockIndexPattern()}
/>
</TestProviders>
);
Expand Down Expand Up @@ -89,7 +98,7 @@ describe('PreviewHistogram', () => {
previewId={'test-preview-id'}
spaceId={'default'}
ruleType={'query'}
index={['']}
indexPattern={getMockIndexPattern()}
/>
</TestProviders>
);
Expand Down Expand Up @@ -141,7 +150,7 @@ describe('PreviewHistogram', () => {
previewId={'test-preview-id'}
spaceId={'default'}
ruleType={'query'}
index={['']}
indexPattern={getMockIndexPattern()}
advancedOptions={{
timeframeStart: moment(start, format),
timeframeEnd: moment(end, format),
Expand Down
11 changes: 6 additions & 5 deletions ...s/security_solution/public/detections/components/rules/rule_preview/preview_histogram.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import { EuiFlexGroup, EuiFlexItem, EuiText, EuiSpacer, EuiLoadingChart } from '
import styled from 'styled-components';
import type { Type } from '@kbn/securitysolution-io-ts-alerting-types';
import { useDispatch, useSelector } from 'react-redux';
import type { DataViewBase } from '@kbn/es-query';
import { eventsViewerSelector } from '../../../../common/components/events_viewer/selectors';
import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
import { useKibana } from '../../../../common/lib/kibana';
Expand Down Expand Up @@ -63,7 +64,7 @@ interface PreviewHistogramProps {
addNoiseWarning: () => void;
spaceId: string;
ruleType: Type;
index: string[];
indexPattern: DataViewBase;
advancedOptions?: AdvancedPreviewOptions;
}

Expand All @@ -75,7 +76,7 @@ export const PreviewHistogram = ({
addNoiseWarning,
spaceId,
ruleType,
index,
indexPattern,
advancedOptions,
}: PreviewHistogramProps) => {
const dispatch = useDispatch();
Expand All @@ -99,7 +100,7 @@ export const PreviewHistogram = ({
startDate,
endDate,
spaceId,
index,
indexPattern,
ruleType,
});

Expand All @@ -118,7 +119,7 @@ export const PreviewHistogram = ({

const {
browserFields,
indexPattern,
indexPattern: selectedIndexPattern,
runtimeMappings,
dataViewId: selectedDataViewId,
loading: isLoadingIndexPattern,
Expand Down Expand Up @@ -225,7 +226,7 @@ export const PreviewHistogram = ({
hasAlertsCrud: false,
id: TimelineId.rulePreview,
indexNames: [`${DEFAULT_PREVIEW_INDEX}-${spaceId}`],
indexPattern,
indexPattern: selectedIndexPattern,
isLive: false,
isLoadingIndexPattern,
itemsPerPage,
Expand Down
10 changes: 4 additions & 6 deletions ...curity_solution/public/detections/components/rules/rule_preview/use_preview_histogram.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
import { useMemo } from 'react';
import type { Type } from '@kbn/securitysolution-io-ts-alerting-types';
import { getEsQueryConfig } from '@kbn/data-plugin/common';
import type { DataViewBase } from '@kbn/es-query';
import { useMatrixHistogramCombined } from '../../../../common/containers/matrix_histogram';
import { MatrixHistogramType } from '../../../../../common/search_strategy';
import { convertToBuildEsQuery } from '../../../../common/lib/keury';
Expand All @@ -19,26 +20,23 @@ interface PreviewHistogramParams {
endDate: string;
startDate: string;
spaceId: string;
index: string[];
ruleType: Type;
indexPattern: DataViewBase;
}

export const usePreviewHistogram = ({
previewId,
startDate,
endDate,
spaceId,
index,
ruleType,
indexPattern,
}: PreviewHistogramParams) => {
const { uiSettings } = useKibana().services;

const [filterQuery, error] = convertToBuildEsQuery({
config: getEsQueryConfig(uiSettings),
indexPattern: {
fields: [],
title: index == null ? '' : index.join(),
},
indexPattern,
queries: [{ query: `kibana.alert.rule.uuid:${previewId}`, language: 'kuery' }],
filters: [],
});
Expand Down
Loading

0 comments on commit 0a22f96

Please sign in to comment.