From c7febd7c73588538921f48e37ca4fb1069368ca1 Mon Sep 17 00:00:00 2001 From: Andrew Goldstein Date: Mon, 2 Mar 2020 09:36:14 -0700 Subject: [PATCH 1/2] [SIEM] Default the Timeline events filter to show All events (#58953) ## [SIEM] Default the Timeline events filter to show All events The Timeline events filter introduced in `7.6` to support the [detection engine](https://www.elastic.co/guide/en/siem/guide/current/detection-engine-overview.html) defaulted to filtering by `Raw events`, and thus required manually selecting `All events` or `Signal events` from the dropdown to view signals. The new default is `All events`, per the screenshots below: ### Before ![event-filter-before](https://user-images.githubusercontent.com/4459398/75593223-ecc61500-5a41-11ea-8d7d-8db5eccb1eb4.png) ### After ![event-filter-after](https://user-images.githubusercontent.com/4459398/75593238-f5b6e680-5a41-11ea-9e12-2fc1232f58d1.png) --- .../components/open_timeline/helpers.test.ts | 8 ++-- .../timeline/search_or_filter/pick_events.tsx | 1 + .../components/timeline/timeline.test.tsx | 43 +++++++++++++++++++ .../siem/public/store/timeline/defaults.ts | 2 +- 4 files changed, 49 insertions(+), 5 deletions(-) diff --git a/x-pack/legacy/plugins/siem/public/components/open_timeline/helpers.test.ts b/x-pack/legacy/plugins/siem/public/components/open_timeline/helpers.test.ts index 120d644b3b33..60ebd2578b7c 100644 --- a/x-pack/legacy/plugins/siem/public/components/open_timeline/helpers.test.ts +++ b/x-pack/legacy/plugins/siem/public/components/open_timeline/helpers.test.ts @@ -236,7 +236,7 @@ describe('helpers', () => { description: '', deletedEventIds: [], eventIdToNoteIds: {}, - eventType: 'raw', + eventType: 'all', filters: [], highlightedDropAndProviderId: '', historyIds: [], @@ -330,7 +330,7 @@ describe('helpers', () => { description: '', deletedEventIds: [], eventIdToNoteIds: {}, - eventType: 'raw', + eventType: 'all', filters: [], highlightedDropAndProviderId: '', historyIds: [], @@ -417,7 +417,7 @@ describe('helpers', () => { description: '', deletedEventIds: [], eventIdToNoteIds: {}, - eventType: 'raw', + eventType: 'all', filters: [], highlightedDropAndProviderId: '', historyIds: [], @@ -539,7 +539,7 @@ describe('helpers', () => { description: '', deletedEventIds: [], eventIdToNoteIds: {}, - eventType: 'raw', + eventType: 'all', filters: [ { $state: { diff --git a/x-pack/legacy/plugins/siem/public/components/timeline/search_or_filter/pick_events.tsx b/x-pack/legacy/plugins/siem/public/components/timeline/search_or_filter/pick_events.tsx index 76f9e6fe3673..3117bae74528 100644 --- a/x-pack/legacy/plugins/siem/public/components/timeline/search_or_filter/pick_events.tsx +++ b/x-pack/legacy/plugins/siem/public/components/timeline/search_or_filter/pick_events.tsx @@ -77,6 +77,7 @@ const PickEventTypeComponents: React.FC = ({ return ( { expect(wrapper.find('[data-test-subj="table-pagination"]').exists()).toEqual(false); }); + + test('it defaults to showing `All events`', () => { + const wrapper = mount( + + + + + + ); + + expect(wrapper.find('[data-test-subj="pick-event-type"] button').text()).toEqual( + 'All events' + ); + }); }); describe('event wire up', () => { diff --git a/x-pack/legacy/plugins/siem/public/store/timeline/defaults.ts b/x-pack/legacy/plugins/siem/public/store/timeline/defaults.ts index bbaf2a3fb6e3..7f04bb4c4dad 100644 --- a/x-pack/legacy/plugins/siem/public/store/timeline/defaults.ts +++ b/x-pack/legacy/plugins/siem/public/store/timeline/defaults.ts @@ -14,7 +14,7 @@ export const timelineDefaults: SubsetTimelineModel & Pick Date: Tue, 3 Mar 2020 10:35:40 -0700 Subject: [PATCH 2/2] * Added `eventType`, which is a required prop in `7.6.x` to pass the type check, along with this note: ``` CAUTION: `eventType` is an optional prop in post-`7.6.x` branches. In later branches, `eventType` is omitted from this test, to truly verify the new default from redux. In this branch, we must specify `eventType` to pass the type check, but this is not the true intent of this test. ``` --- .../plugins/siem/public/components/timeline/timeline.test.tsx | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/legacy/plugins/siem/public/components/timeline/timeline.test.tsx b/x-pack/legacy/plugins/siem/public/components/timeline/timeline.test.tsx index cc344f70f0d4..f89779802e14 100644 --- a/x-pack/legacy/plugins/siem/public/components/timeline/timeline.test.tsx +++ b/x-pack/legacy/plugins/siem/public/components/timeline/timeline.test.tsx @@ -219,6 +219,7 @@ describe('Timeline', () => { id="foo" dataProviders={mockDataProviders} end={endDate} + eventType="all" // CAUTION: `eventType` is an optional prop in post-`7.6.x` branches. In later branches, `eventType` is omitted from this test, to truly verify the new default from redux. In this branch, we must specify `eventType` to pass the type check, but this is not the true intent of this test. filters={[]} flyoutHeight={testFlyoutHeight} flyoutHeaderHeight={flyoutHeaderHeight}