Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution] Fixes issues with the Raw events Top N view (#121562
) ## [Security Solution] Fixes issues with the Raw events Top N view This PR fixes the following issues with the Raw events Top N view: - Fixes an issue <#121168> where the Sourcerer context included detection alerts in the Raw events view, per the before screenshot below: ### Before ![image](https://user-images.githubusercontent.com/61860752/145980440-0945a01c-d257-434e-8d94-4231feadff5b.png) _Above: Before - the Raw events view includes detection alerts_ ### After ![after_no_detection_alerts_in_raw_events](https://user-images.githubusercontent.com/4459398/146592973-36e51997-86a4-4982-a8c3-fa0c4ee3e99f.png) _Above: After - The Raw events view does NOT include detection alerts_ - Fixes an issue <#121381> where when inspecting Raw events, `Sorry about that, something went wrong` is displayed when the Sourcerer context does not match the current selection: ### Before ![image](https://user-images.githubusercontent.com/59917825/146342313-7b0afcd5-31c9-4139-9011-cb85af303deb.png) _Above: Before - When users `Inspect` the Raw events view, `Sorry about that, something went wrong` is displayed_ ### After ![after_inspect_raw_events](https://user-images.githubusercontent.com/4459398/146595397-89aa65d0-9055-4511-81bd-670b20449610.png) _Above: After - When users `Inspect` the raw events view, the expected Index pattern reflects the current Sourcerer selection_ - Fixes an issue where the following filters in the `Security > Alerts` and `Security > Rule > Details` views: - `kibana.alert.building_block_type`: an "Additional filters" option on the alerts table - `kibana.alert.rule.rule_id`: filters alerts to a single rule on the `Security > Rules > Details` views - `kibana.alert.rule.name`: not a built-in view filter, but frequently applied via the `Filter In` and `Filter Out` actions - `kibana.alert.rule.threat_mapping`: an "Additional filters" option on the alerts table - `kibana.alert.workflow_status`: The `open | acknowledged | closed` status filter were incorrectly applied to the Raw events view, per the screenshots below: ### Before Inspecting the Raw events query reveals the alert filters are applied as filter criteria, per the screenshot below: ![before_alert_filters_applied_to_raw_events_query](https://user-images.githubusercontent.com/4459398/146596292-eb2f52a2-adf4-47a3-bb96-3f39019df725.png) _Above: Before - The alert filters are applied to the Raw events view_ ### After After the fix, the alert filters are NOT applied to the raw events view, per the screenshot below: ![after_alert_filters_NOT_applied_to_raw_events_query](https://user-images.githubusercontent.com/4459398/146596252-d5ec1512-5514-48f5-aff3-e18a69572e6f.png) _Above: After - The alert filters are NOT applied to the Raw events view_
- Loading branch information