From eea414d8382fe31dd64c1f4b8aaa77a52aec04cf Mon Sep 17 00:00:00 2001 From: Andrew Goldstein Date: Fri, 17 Dec 2021 14:22:31 -0700 Subject: [PATCH] - pr feedback https://github.com/elastic/kibana/pull/121562\#discussion_r771687606 --- .../public/common/components/top_n/helpers.ts | 102 +++++++++++++++++- 1 file changed, 98 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/security_solution/public/common/components/top_n/helpers.ts b/x-pack/plugins/security_solution/public/common/components/top_n/helpers.ts index 0fd09082c70ed..37eeac326afd4 100644 --- a/x-pack/plugins/security_solution/public/common/components/top_n/helpers.ts +++ b/x-pack/plugins/security_solution/public/common/components/top_n/helpers.ts @@ -6,6 +6,56 @@ */ import type { Filter } from '@kbn/es-query'; +import { + ALERT_ACTION_GROUP, + ALERT_BUILDING_BLOCK_TYPE, + ALERT_DURATION, + ALERT_END, + ALERT_EVALUATION_THRESHOLD, + ALERT_EVALUATION_VALUE, + ALERT_INSTANCE_ID, + ALERT_NAMESPACE, + ALERT_REASON, + ALERT_RISK_SCORE, + ALERT_RULE_AUTHOR, + ALERT_RULE_CATEGORY, + ALERT_RULE_CONSUMER, + ALERT_RULE_CREATED_AT, + ALERT_RULE_CREATED_BY, + ALERT_RULE_DESCRIPTION, + ALERT_RULE_ENABLED, + ALERT_RULE_FROM, + ALERT_RULE_INTERVAL, + ALERT_RULE_LICENSE, + ALERT_RULE_NAME, + ALERT_RULE_NAMESPACE, + ALERT_RULE_NOTE, + ALERT_RULE_PARAMETERS, + ALERT_RULE_PRODUCER, + ALERT_RULE_REFERENCES, + ALERT_RULE_RISK_SCORE, + ALERT_RULE_RISK_SCORE_MAPPING, + ALERT_RULE_RULE_ID, + ALERT_RULE_RULE_NAME_OVERRIDE, + ALERT_RULE_SEVERITY, + ALERT_RULE_SEVERITY_MAPPING, + ALERT_RULE_TAGS, + ALERT_RULE_TO, + ALERT_RULE_TYPE, + ALERT_RULE_TYPE_ID, + ALERT_RULE_UPDATED_AT, + ALERT_RULE_UPDATED_BY, + ALERT_RULE_UUID, + ALERT_RULE_VERSION, + ALERT_SEVERITY, + ALERT_START, + ALERT_STATUS, + ALERT_SYSTEM_STATUS, + ALERT_UUID, + ALERT_WORKFLOW_REASON, + ALERT_WORKFLOW_STATUS, + ALERT_WORKFLOW_USER, +} from '@kbn/rule-data-utils'; import { TimelineEventsType, TimelineId } from '../../../../common/types/timeline'; import { SourcererScopeName } from '../../store/sourcerer/model'; @@ -80,11 +130,55 @@ export const isDetectionsAlertsTable = (timelineId: string | undefined): boolean * the raw documents don't include them. */ export const IGNORED_ALERT_FILTERS = [ - 'kibana.alert.building_block_type', // an "Additional filters" option on the alerts table - 'kibana.alert.rule.rule_id', // filters alerts to a single rule on the Security > Rules > details pages - 'kibana.alert.rule.name', // not a built-in view filter, but frequently applied via the `Filter In` and `Filter Out` actions + ALERT_ACTION_GROUP, + ALERT_BUILDING_BLOCK_TYPE, // an "Additional filters" option on the alerts table + ALERT_DURATION, + ALERT_END, + ALERT_EVALUATION_THRESHOLD, + ALERT_EVALUATION_VALUE, + ALERT_INSTANCE_ID, + ALERT_NAMESPACE, + ALERT_RULE_NAMESPACE, + ALERT_RULE_CONSUMER, + ALERT_RULE_PRODUCER, + ALERT_REASON, + ALERT_RISK_SCORE, + ALERT_STATUS, + ALERT_WORKFLOW_REASON, + ALERT_WORKFLOW_STATUS, // open | acknowledged | closed filter + ALERT_WORKFLOW_USER, + ALERT_RULE_AUTHOR, + ALERT_RULE_CREATED_AT, + ALERT_RULE_CREATED_BY, + ALERT_RULE_DESCRIPTION, + ALERT_RULE_ENABLED, + ALERT_RULE_FROM, + ALERT_RULE_INTERVAL, + ALERT_RULE_LICENSE, + ALERT_RULE_NAME, // not a built-in view filter, but frequently applied via the `Filter In` and `Filter Out` actions + ALERT_RULE_NOTE, + ALERT_RULE_PARAMETERS, + ALERT_RULE_REFERENCES, + ALERT_RULE_RISK_SCORE, + ALERT_RULE_RISK_SCORE_MAPPING, + ALERT_RULE_RULE_ID, // filters alerts to a single rule on the Security > Rules > details pages + ALERT_RULE_RULE_NAME_OVERRIDE, + ALERT_RULE_SEVERITY_MAPPING, + ALERT_RULE_TAGS, 'kibana.alert.rule.threat_mapping', // an "Additional filters" option on the alerts table - 'kibana.alert.workflow_status', // open | acknowledged | closed filter + ALERT_RULE_TO, + ALERT_RULE_TYPE, + ALERT_RULE_TYPE_ID, + ALERT_RULE_UPDATED_AT, + ALERT_RULE_UPDATED_BY, + ALERT_RULE_UUID, + ALERT_RULE_CATEGORY, + ALERT_RULE_VERSION, + ALERT_RULE_SEVERITY, + ALERT_SEVERITY, + ALERT_START, + ALERT_SYSTEM_STATUS, + ALERT_UUID, ]; /**