Switches RuleDetails to query alerts by ruleId instead of SO id

elastic · Dec 1, 2021 · ca5975c · ca5975c
1 parent 3de6de9
commit ca5975c
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 13 deletions.
diff --git a/...ck/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/...ck/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
@@ -16,6 +16,7 @@ import {
   ALERT_RULE_CATEGORY,
   ALERT_RULE_SEVERITY,
   ALERT_RULE_RISK_SCORE,
+  ALERT_RULE_RULE_ID,
 } from '@kbn/rule-data-utils/technical_field_names';
 
 import type { Filter } from '@kbn/es-query';
@@ -103,14 +104,14 @@ export const buildAlertsRuleIdFilter = (ruleId: string | null): Filter[] =>
             negate: false,
             disabled: false,
             type: 'phrase',
-            key: 'kibana.alert.rule.uuid',
+            key: ALERT_RULE_RULE_ID,
             params: {
               query: ruleId,
             },
           },
           query: {
             match_phrase: {
-              'kibana.alert.rule.uuid': ruleId,
+              [ALERT_RULE_RULE_ID]: ruleId,
             },
           },
         },

diff --git a/...lugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx b/...lugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
@@ -416,7 +416,7 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
 
   const alertDefaultFilters = useMemo(
     () => [
-      ...buildAlertsRuleIdFilter(ruleId),
+      ...buildAlertsRuleIdFilter(rule?.rule_id ?? ''),
       ...(ruleRegistryEnabled
         ? [
             ...buildShowBuildingBlockFilterRuleRegistry(showBuildingBlockAlerts), // TODO: Once we are past experimental phase this code should be removed
@@ -428,18 +428,12 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
           ]),
       ...buildThreatMatchFilter(showOnlyThreatIndicatorAlerts),
     ],
-    [
-      ruleId,
-      ruleRegistryEnabled,
-      showBuildingBlockAlerts,
-      showOnlyThreatIndicatorAlerts,
-      filterGroup,
-    ]
+    [rule, ruleRegistryEnabled, showBuildingBlockAlerts, showOnlyThreatIndicatorAlerts, filterGroup]
   );
 
   const alertsTableDefaultFilters = useMemo(
     () => [
-      ...buildAlertsRuleIdFilter(ruleId),
+      ...buildAlertsRuleIdFilter(rule?.rule_id ?? ''),
       ...(ruleRegistryEnabled
         ? [
             // TODO: Once we are past experimental phase this code should be removed
@@ -448,7 +442,7 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
         : [...buildShowBuildingBlockFilter(showBuildingBlockAlerts)]),
       ...buildThreatMatchFilter(showOnlyThreatIndicatorAlerts),
     ],
-    [ruleId, ruleRegistryEnabled, showBuildingBlockAlerts, showOnlyThreatIndicatorAlerts]
+    [rule, ruleRegistryEnabled, showBuildingBlockAlerts, showOnlyThreatIndicatorAlerts]
   );
 
   const alertMergedFilters = useMemo(

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/utils.ts
@@ -238,7 +238,7 @@ export const getFailingRules = async (
   try {
     const errorRules = await Promise.all(
       ids.map(async (id) =>
-        rulesClient.get({
+        rulesClient.resolve({
           id,
         })
       )