[8.10] [Security Solution] Expandable flyout - Update index field in …

…analyzer preview (#165398) (#165508)

# Backport

This will backport the following commits from `main` to `8.10`:
- [[Security Solution] Expandable flyout - Update index field in
analyzer preview
(#165398)](#165398)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"christineweng","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-09-01T17:45:26Z","message":"[Security
Solution] Expandable flyout - Update index field in analyzer preview
(#165398)\n\n## Summary\r\n\r\nThis PR addresses a bug that when a rule
is created using data view,\r\nanalyzer preview is blank. This is due to
a check on if index exists\r\nbefore rendering the analyzer preview.
This PR updated the index field\r\nfrom
`kibana.alert.rule.parameter.index` to
'kibana.alert.rule.indices`,\r\nthe later is introduced in
https://github.com/elastic/kibana/pull/130929\r\nand is available when a
rule is created using either index patterns or\r\ndata
view.\r\n\r\n**How to reproduce the bug**\r\n- Refer to bug report
https://github.com/elastic/kibana/issues/164829\r\n\r\n**How to
test**\r\n- Create a rule using data view\r\n- Generate some alerts\r\n-
Go to alerts page, expand a row in alerts table\r\n- Go to Visualization
-> Analyzer preview, the analyzer preview tree\r\nshould be
present\r\n\r\n\r\n![image](https://github.com/elastic/kibana/assets/18648970/cbe0668e-335d-436a-992c-8970e75a3635)\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"88c04e5c94f81c0c7b7ba4b965725a8878480bd9","branchLabelMapping":{"^v8.11.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Threat
Hunting:Investigations","v8.10.0","v8.11.0"],"number":165398,"url":"https://github.com/elastic/kibana/pull/165398","mergeCommit":{"message":"[Security
Solution] Expandable flyout - Update index field in analyzer preview
(#165398)\n\n## Summary\r\n\r\nThis PR addresses a bug that when a rule
is created using data view,\r\nanalyzer preview is blank. This is due to
a check on if index exists\r\nbefore rendering the analyzer preview.
This PR updated the index field\r\nfrom
`kibana.alert.rule.parameter.index` to
'kibana.alert.rule.indices`,\r\nthe later is introduced in
https://github.com/elastic/kibana/pull/130929\r\nand is available when a
rule is created using either index patterns or\r\ndata
view.\r\n\r\n**How to reproduce the bug**\r\n- Refer to bug report
https://github.com/elastic/kibana/issues/164829\r\n\r\n**How to
test**\r\n- Create a rule using data view\r\n- Generate some alerts\r\n-
Go to alerts page, expand a row in alerts table\r\n- Go to Visualization
-> Analyzer preview, the analyzer preview tree\r\nshould be
present\r\n\r\n\r\n![image](https://github.com/elastic/kibana/assets/18648970/cbe0668e-335d-436a-992c-8970e75a3635)\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"88c04e5c94f81c0c7b7ba4b965725a8878480bd9"}},"sourceBranch":"main","suggestedTargetBranches":["8.10"],"targetPullRequestStates":[{"branch":"8.10","label":"v8.10.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.11.0","labelRegex":"^v8.11.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/165398","number":165398,"mergeCommit":{"message":"[Security
Solution] Expandable flyout - Update index field in analyzer preview
(#165398)\n\n## Summary\r\n\r\nThis PR addresses a bug that when a rule
is created using data view,\r\nanalyzer preview is blank. This is due to
a check on if index exists\r\nbefore rendering the analyzer preview.
This PR updated the index field\r\nfrom
`kibana.alert.rule.parameter.index` to
'kibana.alert.rule.indices`,\r\nthe later is introduced in
https://github.com/elastic/kibana/pull/130929\r\nand is available when a
rule is created using either index patterns or\r\ndata
view.\r\n\r\n**How to reproduce the bug**\r\n- Refer to bug report
https://github.com/elastic/kibana/issues/164829\r\n\r\n**How to
test**\r\n- Create a rule using data view\r\n- Generate some alerts\r\n-
Go to alerts page, expand a row in alerts table\r\n- Go to Visualization
-> Analyzer preview, the analyzer preview tree\r\nshould be
present\r\n\r\n\r\n![image](https://github.com/elastic/kibana/assets/18648970/cbe0668e-335d-436a-992c-8970e75a3635)\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"88c04e5c94f81c0c7b7ba4b965725a8878480bd9"}}]}]
BACKPORT-->

Co-authored-by: christineweng <[email protected]>

x-pack/plugins/security_solution/public/flyout/right/components/analyzer_preview.test.tsx

@@ -10,7 +10,7 @@ import React from 'react';
 import { TestProviders } from '../../../common/mock';
 import { useAlertPrevalenceFromProcessTree } from '../../../common/containers/alerts/use_alert_prevalence_from_process_tree';
 import { mockContextValue } from '../mocks/mock_right_panel_context';
-import { mockDataFormattedForFieldBrowser } from '../mocks/mock_context';
+import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_context';
 import { RightPanelContext } from '../context';
 import { AnalyzerPreview } from './analyzer_preview';
 import { ANALYZER_PREVIEW_TEST_ID } from './test_ids';
@@ -62,7 +62,7 @@ describe('<AnalyzerPreview />', () => {
     expect(mockUseAlertPrevalenceFromProcessTree).toHaveBeenCalledWith({
       isActiveTimeline: false,
       documentId: 'ancestors-id',
-      indices: ['rule-parameters-index'],
+      indices: ['rule-indices'],
     });
     expect(wrapper.getByTestId(ANALYZER_PREVIEW_TEST_ID)).toBeInTheDocument();
   });

x-pack/plugins/security_solution/public/flyout/right/components/analyzer_preview.tsx

@@ -10,7 +10,7 @@ import { EuiTreeView } from '@elastic/eui';
 import { ANALYZER_PREVIEW_TEST_ID } from './test_ids';
 import { getTreeNodes } from '../utils/analyzer_helpers';
 import { ANALYZER_PREVIEW_TITLE } from './translations';
-import { ANCESTOR_ID, RULE_PARAMETERS_INDEX } from '../../shared/constants/field_names';
+import { ANCESTOR_ID, RULE_INDICES } from '../../shared/constants/field_names';
 import { useRightPanelContext } from '../context';
 import { useAlertPrevalenceFromProcessTree } from '../../../common/containers/alerts/use_alert_prevalence_from_process_tree';
 import type { StatsNode } from '../../../common/containers/alerts/use_alert_prevalence_from_process_tree';
@@ -38,7 +38,7 @@ export const AnalyzerPreview: React.FC = () => {
   const processDocumentId =
     documentId && Array.isArray(documentId.values) ? documentId.values[0] : '';
 
-  const index = find({ category: 'kibana', field: RULE_PARAMETERS_INDEX }, data);
+  const index = find({ category: 'kibana', field: RULE_INDICES }, data);
   const indices = index?.values ?? [];
 
   const { statsNodes } = useAlertPrevalenceFromProcessTree({

x-pack/plugins/security_solution/public/flyout/shared/constants/field_names.ts

@@ -7,6 +7,7 @@
 
 export const ANCESTOR_ID = 'kibana.alert.ancestors.id';
 export const RULE_PARAMETERS_INDEX = 'kibana.alert.rule.parameters.index';
+export const RULE_INDICES = 'kibana.alert.rule.indices';
 export const ORIGINAL_EVENT_ID = 'kibana.alert.original_event.id';
 export const ENTRY_LEADER_ENTITY_ID = 'process.entry_leader.entity_id';
 export const ENTRY_LEADER_START = 'process.entry_leader.start';

x-pack/plugins/security_solution/public/flyout/shared/mocks/mock_context.ts

@@ -81,6 +81,13 @@ export const mockDataFormattedForFieldBrowser = [
     originalValue: ['rule-parameters-index'],
     isObjectArray: false,
   },
+  {
+    category: 'kibana',
+    field: 'kibana.alert.rule.indices',
+    values: ['rule-indices'],
+    originalValue: ['rule-indices'],
+    isObjectArray: false,
+  },
   {
     category: 'process',
     field: 'process.entity_id',