Skip to content

Commit

Permalink
- pr feedback https://github.com/elastic/kibana/pull/121562\#discussi…
Browse files Browse the repository at this point in the history 
…on_r771687606
  • Loading branch information
@andrew-goldstein
andrew-goldstein committed Dec 17, 2021
1 parent dd5ff0c commit eea414d
Showing 1 changed file with 98 additions and 4 deletions.
102 changes: 98 additions & 4 deletions x-pack/plugins/security_solution/public/common/components/top_n/helpers.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,56 @@
*/

import type { Filter } from '@kbn/es-query';
import {
ALERT_ACTION_GROUP,
ALERT_BUILDING_BLOCK_TYPE,
ALERT_DURATION,
ALERT_END,
ALERT_EVALUATION_THRESHOLD,
ALERT_EVALUATION_VALUE,
ALERT_INSTANCE_ID,
ALERT_NAMESPACE,
ALERT_REASON,
ALERT_RISK_SCORE,
ALERT_RULE_AUTHOR,
ALERT_RULE_CATEGORY,
ALERT_RULE_CONSUMER,
ALERT_RULE_CREATED_AT,
ALERT_RULE_CREATED_BY,
ALERT_RULE_DESCRIPTION,
ALERT_RULE_ENABLED,
ALERT_RULE_FROM,
ALERT_RULE_INTERVAL,
ALERT_RULE_LICENSE,
ALERT_RULE_NAME,
ALERT_RULE_NAMESPACE,
ALERT_RULE_NOTE,
ALERT_RULE_PARAMETERS,
ALERT_RULE_PRODUCER,
ALERT_RULE_REFERENCES,
ALERT_RULE_RISK_SCORE,
ALERT_RULE_RISK_SCORE_MAPPING,
ALERT_RULE_RULE_ID,
ALERT_RULE_RULE_NAME_OVERRIDE,
ALERT_RULE_SEVERITY,
ALERT_RULE_SEVERITY_MAPPING,
ALERT_RULE_TAGS,
ALERT_RULE_TO,
ALERT_RULE_TYPE,
ALERT_RULE_TYPE_ID,
ALERT_RULE_UPDATED_AT,
ALERT_RULE_UPDATED_BY,
ALERT_RULE_UUID,
ALERT_RULE_VERSION,
ALERT_SEVERITY,
ALERT_START,
ALERT_STATUS,
ALERT_SYSTEM_STATUS,
ALERT_UUID,
ALERT_WORKFLOW_REASON,
ALERT_WORKFLOW_STATUS,
ALERT_WORKFLOW_USER,
} from '@kbn/rule-data-utils';

import { TimelineEventsType, TimelineId } from '../../../../common/types/timeline';
import { SourcererScopeName } from '../../store/sourcerer/model';
Expand Down Expand Up @@ -80,11 +130,55 @@ export const isDetectionsAlertsTable = (timelineId: string | undefined): boolean
* the raw documents don't include them.
*/
export const IGNORED_ALERT_FILTERS = [
'kibana.alert.building_block_type', // an "Additional filters" option on the alerts table
'kibana.alert.rule.rule_id', // filters alerts to a single rule on the Security > Rules > details pages
'kibana.alert.rule.name', // not a built-in view filter, but frequently applied via the `Filter In` and `Filter Out` actions
ALERT_ACTION_GROUP,
ALERT_BUILDING_BLOCK_TYPE, // an "Additional filters" option on the alerts table
ALERT_DURATION,
ALERT_END,
ALERT_EVALUATION_THRESHOLD,
ALERT_EVALUATION_VALUE,
ALERT_INSTANCE_ID,
ALERT_NAMESPACE,
ALERT_RULE_NAMESPACE,
ALERT_RULE_CONSUMER,
ALERT_RULE_PRODUCER,
ALERT_REASON,
ALERT_RISK_SCORE,
ALERT_STATUS,
ALERT_WORKFLOW_REASON,
ALERT_WORKFLOW_STATUS, // open | acknowledged | closed filter
ALERT_WORKFLOW_USER,
ALERT_RULE_AUTHOR,
ALERT_RULE_CREATED_AT,
ALERT_RULE_CREATED_BY,
ALERT_RULE_DESCRIPTION,
ALERT_RULE_ENABLED,
ALERT_RULE_FROM,
ALERT_RULE_INTERVAL,
ALERT_RULE_LICENSE,
ALERT_RULE_NAME, // not a built-in view filter, but frequently applied via the `Filter In` and `Filter Out` actions
ALERT_RULE_NOTE,
ALERT_RULE_PARAMETERS,
ALERT_RULE_REFERENCES,
ALERT_RULE_RISK_SCORE,
ALERT_RULE_RISK_SCORE_MAPPING,
ALERT_RULE_RULE_ID, // filters alerts to a single rule on the Security > Rules > details pages
ALERT_RULE_RULE_NAME_OVERRIDE,
ALERT_RULE_SEVERITY_MAPPING,
ALERT_RULE_TAGS,
'kibana.alert.rule.threat_mapping', // an "Additional filters" option on the alerts table
'kibana.alert.workflow_status', // open | acknowledged | closed filter
ALERT_RULE_TO,
ALERT_RULE_TYPE,
ALERT_RULE_TYPE_ID,
ALERT_RULE_UPDATED_AT,
ALERT_RULE_UPDATED_BY,
ALERT_RULE_UUID,
ALERT_RULE_CATEGORY,
ALERT_RULE_VERSION,
ALERT_RULE_SEVERITY,
ALERT_SEVERITY,
ALERT_START,
ALERT_SYSTEM_STATUS,
ALERT_UUID,
];

/**
Expand Down

0 comments on commit eea414d

Please sign in to comment.