Merge remote-tracking branch 'upstream/main' into update-autotune-text

elastic · Oct 4, 2022 · be1ebf0 · be1ebf0
2 parents 7db027f + 7a6ff84
commit be1ebf0
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 21 deletions.
diff --git a/...ty_solution/public/common/components/event_details/insights/related_alerts_by_session.tsx b/...ty_solution/public/common/components/event_details/insights/related_alerts_by_session.tsx
@@ -43,6 +43,7 @@ export const RelatedAlertsBySession = React.memo<Props>(
       timelineId: timelineId ?? '',
       signalIndexName: null,
       includeAlertIds: true,
+      ignoreTimerange: true,
     });
 
     const { fieldFromBrowserField } = getEnrichedFieldInfo({

diff --git a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence.ts b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence.ts
@@ -24,6 +24,7 @@ interface UseAlertPrevalenceOptions {
   timelineId: string;
   signalIndexName: string | null;
   includeAlertIds?: boolean;
+  ignoreTimerange?: boolean;
 }
 
 interface UserAlertPrevalenceResult {
@@ -39,13 +40,17 @@ export const useAlertPrevalence = ({
   timelineId,
   signalIndexName,
   includeAlertIds = false,
+  ignoreTimerange = false,
 }: UseAlertPrevalenceOptions): UserAlertPrevalenceResult => {
   const timelineTime = useDeepEqualSelector((state) =>
     inputsSelectors.timelineTimeRangeSelector(state)
   );
   const globalTime = useGlobalTime(false);
-
-  const { to, from } = timelineId === TimelineId.active ? timelineTime : globalTime;
+  let to: string | undefined;
+  let from: string | undefined;
+  if (ignoreTimerange === false) {
+    ({ to, from } = timelineId === TimelineId.active ? timelineTime : globalTime);
+  }
   const [initialQuery] = useState(() =>
     generateAlertPrevalenceQuery(field, value, from, to, includeAlertIds)
   );
@@ -88,8 +93,8 @@ export const useAlertPrevalence = ({
 const generateAlertPrevalenceQuery = (
   field: string,
   value: string | string[] | undefined | null,
-  from: string,
-  to: string,
+  from: string | undefined,
+  to: string | undefined,
   includeAlertIds: boolean
 ) => {
   // if we don't want the alert ids included, we set size to 0 to reduce the response payload
@@ -106,25 +111,15 @@ const generateAlertPrevalenceQuery = (
           [field]: actualValue,
         },
       },
-      filter: [
-        {
-          range: {
-            '@timestamp': {
-              gte: from,
-              lte: to,
-            },
-          },
-        },
-      ],
     },
   };
 
-  if (Array.isArray(value) && value.length > 1) {
-    const shouldValues = value.map((val) => ({ match: { [field]: val } }));
+  if (from !== undefined && to !== undefined) {
     query = {
+      ...query,
       bool: {
-        minimum_should_match: 1,
-        must: [
+        ...query.bool,
+        filter: [
           {
             range: {
               '@timestamp': {
@@ -134,9 +129,36 @@ const generateAlertPrevalenceQuery = (
             },
           },
         ],
+      },
+    };
+  }
+
+  if (Array.isArray(value) && value.length > 1) {
+    const shouldValues = value.map((val) => ({ match: { [field]: val } }));
+    query = {
+      bool: {
+        minimum_should_match: 1,
         should: shouldValues,
       },
     };
+    if (from !== undefined && to !== undefined) {
+      query = {
+        ...query,
+        bool: {
+          ...query.bool,
+          must: [
+            {
+              range: {
+                '@timestamp': {
+                  gte: from,
+                  lte: to,
+                },
+              },
+            },
+          ],
+        },
+      };
+    }
   }
 
   return {

diff --git a/...curity_solution/public/common/containers/alerts/use_alert_prevalence_from_process_tree.ts b/...curity_solution/public/common/containers/alerts/use_alert_prevalence_from_process_tree.ts
@@ -99,7 +99,7 @@ export function useAlertPrevalenceFromProcessTree({
 }: UseAlertPrevalenceFromProcessTree): UserAlertPrevalenceFromProcessTreeResult {
   const http = useHttp();
 
-  const { selectedPatterns, to, from } = useTimelineDataFilters(timelineId);
+  const { selectedPatterns } = useTimelineDataFilters(timelineId);
   const alertAndOriginalIndices = [...new Set(selectedPatterns.concat(indices))];
   const { loading, id, schema } = useAlertDocumentAnalyzerSchema({
     documentId,
@@ -115,7 +115,6 @@ export function useAlertPrevalenceFromProcessTree({
           descendants: 500,
           indexPatterns: alertAndOriginalIndices,
           nodes: [id],
-          timeRange: { from, to },
           includeHits: true,
         }),
       });

diff --git a/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.tsx
@@ -46,7 +46,7 @@ const OverlayContainer = styled.div`
 const FullScreenOverlayStyles = css`
   position: fixed;
   top: 0;
-  bottom: 0;
+  bottom: 2em;
   left: 0;
   right: 0;
   z-index: ${euiThemeVars.euiZLevel3};