From 45ad233c818dfe2a8c4b63a01e8933131cafe249 Mon Sep 17 00:00:00 2001 From: christineweng <18648970+christineweng@users.noreply.github.com> Date: Tue, 4 Oct 2022 17:01:43 -0500 Subject: [PATCH 1/2] Added margin at the bottom to fully show event description list (#142529) --- .../public/timelines/components/graph_overlay/index.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.tsx index 833320b78a5fc..d12bd77bcb21c 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/graph_overlay/index.tsx @@ -46,7 +46,7 @@ const OverlayContainer = styled.div` const FullScreenOverlayStyles = css` position: fixed; top: 0; - bottom: 0; + bottom: 2em; left: 0; right: 0; z-index: ${euiThemeVars.euiZLevel3}; From 7a6ff848ab03797979b381d2be19a79b630fc626 Mon Sep 17 00:00:00 2001 From: Kevin Qualters <56408403+kqualters-elastic@users.noreply.github.com> Date: Tue, 4 Oct 2022 18:01:52 -0400 Subject: [PATCH 2/2] [Security Solution] Ignore timerange in session view, to mirror session view component (#141137) * Ignore timerange in session view, to mirror session view component * Remove timerange from process ancestry insight --- .../insights/related_alerts_by_session.tsx | 1 + .../containers/alerts/use_alert_prevalence.ts | 58 +++++++++++++------ .../use_alert_prevalence_from_process_tree.ts | 3 +- 3 files changed, 42 insertions(+), 20 deletions(-) diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/insights/related_alerts_by_session.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/insights/related_alerts_by_session.tsx index 8b0b308829c3d..bf1d182997f0b 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/insights/related_alerts_by_session.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/insights/related_alerts_by_session.tsx @@ -43,6 +43,7 @@ export const RelatedAlertsBySession = React.memo( timelineId: timelineId ?? '', signalIndexName: null, includeAlertIds: true, + ignoreTimerange: true, }); const { fieldFromBrowserField } = getEnrichedFieldInfo({ diff --git a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence.ts b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence.ts index 1f16a59c0f815..473d2bdc84f10 100644 --- a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence.ts +++ b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence.ts @@ -24,6 +24,7 @@ interface UseAlertPrevalenceOptions { timelineId: string; signalIndexName: string | null; includeAlertIds?: boolean; + ignoreTimerange?: boolean; } interface UserAlertPrevalenceResult { @@ -39,13 +40,17 @@ export const useAlertPrevalence = ({ timelineId, signalIndexName, includeAlertIds = false, + ignoreTimerange = false, }: UseAlertPrevalenceOptions): UserAlertPrevalenceResult => { const timelineTime = useDeepEqualSelector((state) => inputsSelectors.timelineTimeRangeSelector(state) ); const globalTime = useGlobalTime(false); - - const { to, from } = timelineId === TimelineId.active ? timelineTime : globalTime; + let to: string | undefined; + let from: string | undefined; + if (ignoreTimerange === false) { + ({ to, from } = timelineId === TimelineId.active ? timelineTime : globalTime); + } const [initialQuery] = useState(() => generateAlertPrevalenceQuery(field, value, from, to, includeAlertIds) ); @@ -88,8 +93,8 @@ export const useAlertPrevalence = ({ const generateAlertPrevalenceQuery = ( field: string, value: string | string[] | undefined | null, - from: string, - to: string, + from: string | undefined, + to: string | undefined, includeAlertIds: boolean ) => { // if we don't want the alert ids included, we set size to 0 to reduce the response payload @@ -106,25 +111,15 @@ const generateAlertPrevalenceQuery = ( [field]: actualValue, }, }, - filter: [ - { - range: { - '@timestamp': { - gte: from, - lte: to, - }, - }, - }, - ], }, }; - if (Array.isArray(value) && value.length > 1) { - const shouldValues = value.map((val) => ({ match: { [field]: val } })); + if (from !== undefined && to !== undefined) { query = { + ...query, bool: { - minimum_should_match: 1, - must: [ + ...query.bool, + filter: [ { range: { '@timestamp': { @@ -134,9 +129,36 @@ const generateAlertPrevalenceQuery = ( }, }, ], + }, + }; + } + + if (Array.isArray(value) && value.length > 1) { + const shouldValues = value.map((val) => ({ match: { [field]: val } })); + query = { + bool: { + minimum_should_match: 1, should: shouldValues, }, }; + if (from !== undefined && to !== undefined) { + query = { + ...query, + bool: { + ...query.bool, + must: [ + { + range: { + '@timestamp': { + gte: from, + lte: to, + }, + }, + }, + ], + }, + }; + } } return { diff --git a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence_from_process_tree.ts b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence_from_process_tree.ts index e3bc22ec2decb..9c179bd61e61d 100644 --- a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence_from_process_tree.ts +++ b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alert_prevalence_from_process_tree.ts @@ -99,7 +99,7 @@ export function useAlertPrevalenceFromProcessTree({ }: UseAlertPrevalenceFromProcessTree): UserAlertPrevalenceFromProcessTreeResult { const http = useHttp(); - const { selectedPatterns, to, from } = useTimelineDataFilters(timelineId); + const { selectedPatterns } = useTimelineDataFilters(timelineId); const alertAndOriginalIndices = [...new Set(selectedPatterns.concat(indices))]; const { loading, id, schema } = useAlertDocumentAnalyzerSchema({ documentId, @@ -115,7 +115,6 @@ export function useAlertPrevalenceFromProcessTree({ descendants: 500, indexPatterns: alertAndOriginalIndices, nodes: [id], - timeRange: { from, to }, includeHits: true, }), });