Fixes to alerts table and timeline functionality

elastic · Oct 25, 2021 · ba67a5f · ba67a5f
1 parent d4bc86c
commit ba67a5f
Show file tree

Hide file tree

Showing 16 changed files with 329 additions and 317 deletions.
diff --git a/.../security_solution/public/common/components/hover_actions/use_hover_action_items.test.tsx b/.../security_solution/public/common/components/hover_actions/use_hover_action_items.test.tsx
@@ -20,7 +20,7 @@ describe('useHoverActionItems', () => {
   const defaultProps: UseHoverActionItemsProps = {
     dataProvider: [{} as DataProvider],
     defaultFocusedButtonRef: null,
-    field: 'signal.rule.name',
+    field: 'kibana.alert.rule.name',
     handleHoverActionClicked: jest.fn(),
     hideTopN: false,
     isCaseView: false,
@@ -97,7 +97,7 @@ describe('useHoverActionItems', () => {
         'hover-actions-filter-out'
       );
       expect(result.current.overflowActionItems[2].props['data-test-subj']).toEqual(
-        'more-actions-signal.rule.name'
+        'more-actions-kibana.alert.rule.name'
       );
       expect(result.current.overflowActionItems[2].props.items[0].props['data-test-subj']).toEqual(
         'hover-actions-toggle-column'

diff --git a/x-pack/plugins/security_solution/public/common/utils/endpoint_alert_check.ts b/x-pack/plugins/security_solution/public/common/utils/endpoint_alert_check.ts
@@ -19,7 +19,7 @@ export const isAlertFromEndpointEvent = ({
 }: {
   data: TimelineEventsDetailsItem[];
 }): boolean => {
-  const isAlert = some({ category: 'signal', field: 'signal.rule.id' }, data);
+  const isAlert = some({ category: 'kibana', field: 'kibana.alert.rule.uuid' }, data);
 
   if (!isAlert) {
     return false;

diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/config.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/config.ts
@@ -8,23 +8,23 @@
 import type { AlertsStackByOption } from './types';
 
 export const alertsStackByOptions: AlertsStackByOption[] = [
-  { text: 'signal.rule.risk_score', value: 'signal.rule.risk_score' },
-  { text: 'signal.rule.severity', value: 'signal.rule.severity' },
-  { text: 'signal.rule.threat.tactic.name', value: 'signal.rule.threat.tactic.name' },
+  { text: 'kibana.alert.rule.risk_score', value: 'kibana.alert.rule.risk_score' },
+  { text: 'kibana.alert.rule.severity', value: 'kibana.alert.rule.severity' },
+  { text: 'kibana.alert.rule.threat.tactic.name', value: 'kibana.alert.rule.threat.tactic.name' },
   { text: 'destination.ip', value: 'destination.ip' },
   { text: 'event.action', value: 'event.action' },
   { text: 'event.category', value: 'event.category' },
   { text: 'host.name', value: 'host.name' },
-  { text: 'signal.rule.type', value: 'signal.rule.type' },
-  { text: 'signal.rule.name', value: 'signal.rule.name' },
+  { text: 'kibana.alert.rule.type', value: 'kibana.alert.rule.type' },
+  { text: 'kibana.alert.rule.name', value: 'kibana.alert.rule.name' },
   { text: 'source.ip', value: 'source.ip' },
   { text: 'user.name', value: 'user.name' },
   { text: 'process.name', value: 'process.name' },
   { text: 'file.name', value: 'file.name' },
   { text: 'hash.sha256', value: 'hash.sha256' },
 ];
 
-export const DEFAULT_STACK_BY_FIELD = 'signal.rule.name';
+export const DEFAULT_STACK_BY_FIELD = 'kibana.alert.rule.name';
 
 export const PANEL_HEIGHT = 300;
 export const MOBILE_PANEL_HEIGHT = 500;

diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/types.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_kpis/common/types.ts
@@ -11,15 +11,15 @@ export interface AlertsStackByOption {
 }
 
 export type AlertsStackByField =
-  | 'signal.rule.risk_score'
-  | 'signal.rule.severity'
-  | 'signal.rule.threat.tactic.name'
+  | 'kibana.alert.rule.risk_score'
+  | 'kibana.alert.rule.severity'
+  | 'kibana.alert.rule.threat.tactic.name'
   | 'destination.ip'
   | 'event.action'
   | 'event.category'
   | 'host.name'
-  | 'signal.rule.type'
-  | 'signal.rule.name'
+  | 'kibana.alert.rule.type'
+  | 'kibana.alert.rule.name'
   | 'source.ip'
   | 'user.name'
   | 'process.name'

diff --git a/...ck/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/...ck/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
@@ -263,10 +263,10 @@ export const buildShowBuildingBlockFilterRuleRegistry = (
             negate: true,
             disabled: false,
             type: 'exists',
-            key: 'kibana.rule.building_block_type',
+            key: 'kibana.alert.rule.building_block_type',
             value: 'exists',
           },
-          query: { exists: { field: 'kibana.rule.building_block_type' } },
+          query: { exists: { field: 'kibana.alert.rule.building_block_type' } },
         },
       ];
 

diff --git a/...urity_solution/public/detections/configurations/examples/security_solution_rac/columns.ts b/...urity_solution/public/detections/configurations/examples/security_solution_rac/columns.ts
@@ -26,20 +26,20 @@ export const columns: Array<
   },
   {
     columnHeaderType: defaultColumnHeaderType,
-    id: 'signal.rule.name',
+    id: 'kibana.alert.rule.name',
     displayAsText: i18n.ALERTS_HEADERS_RULE_NAME,
-    linkField: 'signal.rule.id',
+    linkField: 'kibana.alert.rule.uuid',
     initialWidth: 212,
   },
   {
     columnHeaderType: defaultColumnHeaderType,
-    id: 'signal.rule.severity',
+    id: 'kibana.alert.rule.severity',
     displayAsText: i18n.ALERTS_HEADERS_SEVERITY,
     initialWidth: 104,
   },
   {
     columnHeaderType: defaultColumnHeaderType,
-    id: 'signal.reason',
+    id: 'kibana.alert.reason',
     displayAsText: i18n.ALERTS_HEADERS_REASON,
   },
 ];
diff --git a/.../plugins/security_solution/public/timelines/components/side_panel/event_details/index.tsx b/.../plugins/security_solution/public/timelines/components/side_panel/event_details/index.tsx
@@ -108,10 +108,10 @@ const EventDetailsPanelComponent: React.FC<EventDetailsPanelProps> = ({
     }
   }, []);
 
-  const isAlert = some({ category: 'signal', field: 'signal.rule.id' }, detailsData);
+  const isAlert = some({ category: 'kibana', field: 'kibana.alert.rule.uuid' }, detailsData);
 
   const ruleName = useMemo(
-    () => getFieldValue({ category: 'signal', field: 'signal.rule.name' }, detailsData),
+    () => getFieldValue({ category: 'kibana', field: 'kibana.alert.rule.name' }, detailsData),
     [detailsData]
   );
 

diff --git a/x-pack/plugins/security_solution/public/ueba/components/host_rules_table/columns.tsx b/x-pack/plugins/security_solution/public/ueba/components/host_rules_table/columns.tsx
@@ -38,7 +38,11 @@ export const getHostRulesColumns = (): HostRulesColumns => [
               id,
               name: ruleName,
               kqlQuery: '',
-              queryMatch: { field: 'signal.rule.name', value: ruleName, operator: IS_OPERATOR },
+              queryMatch: {
+                field: 'kibana.alert.rule.name',
+                value: ruleName,
+                operator: IS_OPERATOR,
+              },
             }}
             render={(dataProvider, _, snapshot) =>
               snapshot.isDragging ? (
@@ -73,7 +77,11 @@ export const getHostRulesColumns = (): HostRulesColumns => [
               id,
               name: ruleType,
               kqlQuery: '',
-              queryMatch: { field: 'signal.rule.type', value: ruleType, operator: IS_OPERATOR },
+              queryMatch: {
+                field: 'kibana.alert.rule.type',
+                value: ruleType,
+                operator: IS_OPERATOR,
+              },
             }}
             render={(dataProvider, _, snapshot) =>
               snapshot.isDragging ? (
@@ -109,7 +117,7 @@ export const getHostRulesColumns = (): HostRulesColumns => [
               name: `${riskScore}`,
               kqlQuery: '',
               queryMatch: {
-                field: 'signal.rule.risk_score',
+                field: 'kibana.alert.rule.risk_score',
                 value: riskScore,
                 operator: IS_OPERATOR,
               },

diff --git a/.../security_solution/server/lib/detection_engine/routes/signals/open_close_signals_route.ts b/.../security_solution/server/lib/detection_engine/routes/signals/open_close_signals_route.ts
@@ -40,7 +40,7 @@ export const setSignalsStatusRoute = (router: SecuritySolutionPluginRouter) => {
       const siemClient = context.securitySolution?.getAppClient();
       const siemResponse = buildSiemResponse(response);
       const validationErrors = setSignalStatusValidateTypeDependents(request.body);
-      const spaceId = context.securitySolution.getSpaceId();
+      const spaceId = context.securitySolution?.getSpaceId() ?? 'default';
 
       if (validationErrors.length) {
         return siemResponse.error({ statusCode: 400, body: validationErrors });

diff --git a/.../server/search_strategy/security_solution/factory/ueba/host_rules/query.host_rules.dsl.ts b/.../server/search_strategy/security_solution/factory/ueba/host_rules/query.host_rules.dsl.ts
@@ -39,32 +39,32 @@ export const buildHostRulesQuery = ({
       aggs: {
         risk_score: {
           sum: {
-            field: 'signal.rule.risk_score',
+            field: 'kibana.alert.rule.risk_score',
           },
         },
         rule_name: {
           terms: {
-            field: 'signal.rule.name',
+            field: 'kibana.alert.rule.name',
             order: {
               risk_score: Direction.desc,
             },
           },
           aggs: {
             risk_score: {
               sum: {
-                field: 'signal.rule.risk_score',
+                field: 'kibana.alert.rule.risk_score',
               },
             },
             rule_type: {
               terms: {
-                field: 'signal.rule.type',
+                field: 'kibana.alert.rule.type',
               },
             },
           },
         },
         rule_count: {
           cardinality: {
-            field: 'signal.rule.name',
+            field: 'kibana.alert.rule.name',
           },
         },
       },

diff --git a/.../server/search_strategy/security_solution/factory/ueba/user_rules/query.user_rules.dsl.ts b/.../server/search_strategy/security_solution/factory/ueba/user_rules/query.user_rules.dsl.ts
@@ -48,32 +48,32 @@ export const buildUserRulesQuery = ({
           aggs: {
             risk_score: {
               sum: {
-                field: 'signal.rule.risk_score',
+                field: 'kibana.alert.rule.risk_score',
               },
             },
             rule_name: {
               terms: {
-                field: 'signal.rule.name',
+                field: 'kibana.alert.rule.name',
                 order: {
                   risk_score: Direction.desc,
                 },
               },
               aggs: {
                 risk_score: {
                   sum: {
-                    field: 'signal.rule.risk_score',
+                    field: 'kibana.alert.rule.risk_score',
                   },
                 },
                 rule_type: {
                   terms: {
-                    field: 'signal.rule.type',
+                    field: 'kibana.alert.rule.type',
                   },
                 },
               },
             },
             rule_count: {
               cardinality: {
-                field: 'signal.rule.name',
+                field: 'kibana.alert.rule.name',
               },
             },
           },

diff --git a/x-pack/plugins/timelines/public/components/drag_and_drop/helpers.ts b/x-pack/plugins/timelines/public/components/drag_and_drop/helpers.ts
@@ -144,7 +144,7 @@ const getAllFieldsByName = (
   keyBy('name', getAllBrowserFields(browserFields));
 
 const linkFields: Record<string, string> = {
-  'signal.rule.name': 'signal.rule.id',
+  'kibana.alert.rule.name': 'kibana.alert.rule.uuid',
   'event.module': 'rule.reference',
 };