pr feedback

x-pack/plugins/security_solution/common/ecs/kibana/index.ts

@@ -9,6 +9,8 @@ import { RuleEcs } from '../rule';
 
 export interface KibanaEcs {
   alert?: {
+    risk_score?: string[];
+    severity?: string[];
     rule?: RuleEcs;
     original_time?: string[];
     status?: string[];

x-pack/plugins/security_solution/common/ecs/rule/index.ts

@@ -6,7 +6,6 @@
  */
 
 export interface RuleEcs {
-  id?: string[];
   rule_id?: string[];
   uuid?: string[];
   name?: string[];

x-pack/plugins/security_solution/cypress/screens/alerts.ts

@@ -19,7 +19,7 @@ export const ALERT_GRID_CELL = '[data-test-subj="dataGridRowCell"]';
 export const ALERT_ID = '[data-test-subj="draggable-content-_id"]';
 
 export const ALERT_RISK_SCORE_HEADER =
-  '[data-test-subj="dataGridHeaderCell-kibana.alert.rule.risk_score"]';
+  '[data-test-subj="dataGridHeaderCell-kibana.alert.risk_score"]';
 
 export const ALERT_RULE_NAME = '[data-test-subj="formatted-field-kibana.alert.rule.name"]';
 

x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx

@@ -1264,7 +1264,7 @@ describe('Exception helpers', () => {
       const defaultItems = defaultEndpointExceptionItems('list_id', 'my_rule', {
         _id: '123',
         rule: {
-          id: '123',
+          uuid: '123',
         },
         process: {
           command_line: 'command_line',
@@ -1451,7 +1451,7 @@ describe('Exception helpers', () => {
       const defaultItems = defaultEndpointExceptionItems('list_id', 'my_rule', {
         _id: '123',
         rule: {
-          id: '123',
+          uuid: '123',
         },
         process: {
           // command_line: 'command_line', intentionally left commented

x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx

@@ -675,7 +675,7 @@ export const getPrepopulatedBehaviorException = ({
       field: 'rule.id',
       operator: 'included' as const,
       type: 'match' as const,
-      value: alertEcsData.rule?.id ?? '',
+      value: alertEcsData.rule?.uuid ?? '',
     },
     {
       field: 'process.executable.caseless',

x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts.ts

@@ -41,6 +41,8 @@ export const mockEcsDataWithAlert: Ecs = {
   },
   kibana: {
     alert: {
+      risk_score: ['21'],
+      severity: ['low'],
       rule: {
         created_at: ['2020-01-10T21:11:45.839Z'],
         updated_at: ['2020-01-10T21:11:45.839Z'],
@@ -50,7 +52,6 @@ export const mockEcsDataWithAlert: Ecs = {
         false_positives: ['test-1'],
         filters: [],
         from: ['now-300s'],
-        id: ['b5ba41ab-aaf3-4f43-971b-bdf9434ce0ea'],
         immutable: [false],
         index: ['auditbeat-*'],
         interval: ['5m'],

x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx

@@ -240,7 +240,7 @@ export const requiredFieldMappingsForActionsRuleRegistry = {
   'alert.start': ALERT_START,
   'alert.uuid': ALERT_UUID,
   'event.action': 'event.action',
-  'alert.status': ALERT_WORKFLOW_STATUS,
+  'alert.workflow_status': ALERT_WORKFLOW_STATUS,
   'alert.duration.us': ALERT_DURATION,
   'rule.uuid': ALERT_RULE_UUID,
   'rule.name': ALERT_RULE_NAME,

x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx

@@ -12,6 +12,7 @@ import { indexOf } from 'lodash';
 
 import { ExceptionListType } from '@kbn/securitysolution-io-ts-list-types';
 import { get, getOr } from 'lodash/fp';
+import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils';
 import { buildGetAlertByIdQuery } from '../../../../common/components/exceptions/helpers';
 import { EventsTdContent } from '../../../../timelines/components/timeline/styles';
 import { DEFAULT_ICON_BUTTON_WIDTH } from '../../../../timelines/components/timeline/helpers';
@@ -67,8 +68,8 @@ const AlertContextMenuComponent: React.FC<AlertContextMenuProps> = ({
   const afterItemSelection = useCallback(() => {
     setPopover(false);
   }, []);
-  const ruleId = get(0, ecsRowData?.kibana?.alert?.rule?.uuid);
-  const ruleName = get(0, ecsRowData?.kibana?.alert?.rule?.name);
+  const ruleId = getOr([], ALERT_RULE_UUID, ecsRowData);
+  const ruleName = getOr([], ALERT_RULE_NAME, ecsRowData);
   const { timelines: timelinesUi } = useKibana().services;
 
   const { addToCaseActionProps, addToCaseActionItems } = useAddToCaseActions({

x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/use_rule_with_fallback.tsx

@@ -29,10 +29,10 @@ interface AlertHit {
   _index: string;
   _source: {
     '@timestamp': string;
-    signal: {
+    signal?: {
       rule: Rule;
     };
-    kibana: {
+    kibana?: {
       alert: {
         rule: Rule;
       };
@@ -86,7 +86,7 @@ export const useRuleWithFallback = (ruleId: string): UseRuleWithFallback => {
     if (result === null) {
       result = alertsData?.hits.hits[0]?._source.signal
         ? alertsData?.hits.hits[0]?._source.signal.rule
-        : alertsData?.hits.hits[0]?._source.kibana.alert.rule;
+        : alertsData?.hits.hits[0]?._source.kibana?.alert.rule;
     }
     if (result) {
       return transformInput(result);