From 2e25979019c29a6f6b0739d2c9602facddc51486 Mon Sep 17 00:00:00 2001 From: Ryland Herrick Date: Thu, 16 Jul 2020 19:43:15 -0500 Subject: [PATCH] [Security Solution][Detections,Lists] Miscellaneous post-FF fixes (#71990) * Overview Alerts Histogram stacking defaults to signal.rule.name Since this is now the default for all AlertsHistograms, I've moved this default upstream into the histogram itself. * Replace magic strings with our constant ENDPOINT_LIST_ID Also replaced a few unintentional uses of this string with the non-reserved 'endpoint_list_id'. Co-authored-by: Elastic Machine --- .../schemas/response/exception_list_item_schema.mock.ts | 2 +- .../common/schemas/response/exception_list_schema.mock.ts | 6 ++++-- x-pack/plugins/lists/public/exceptions/api.test.ts | 2 +- .../detections/components/alerts_histogram_panel/index.tsx | 6 +++++- .../pages/detection_engine/rules/create/helpers.ts | 3 ++- .../detections/pages/detection_engine/rules/helpers.tsx | 3 ++- .../overview/components/signals_by_category/index.tsx | 5 ----- .../server/endpoint/lib/artifacts/lists.ts | 3 ++- .../apis/lists/create_exception_list_item.ts | 5 +++-- 9 files changed, 20 insertions(+), 15 deletions(-) diff --git a/x-pack/plugins/lists/common/schemas/response/exception_list_item_schema.mock.ts b/x-pack/plugins/lists/common/schemas/response/exception_list_item_schema.mock.ts index f7a6af98c8f0e..9e1a88ceb28bd 100644 --- a/x-pack/plugins/lists/common/schemas/response/exception_list_item_schema.mock.ts +++ b/x-pack/plugins/lists/common/schemas/response/exception_list_item_schema.mock.ts @@ -16,7 +16,7 @@ export const getExceptionListItemSchemaMock = (): ExceptionListItemSchema => ({ entries: ENTRIES, id: '1', item_id: 'endpoint_list_item', - list_id: 'endpoint_list', + list_id: 'endpoint_list_id', meta: {}, name: 'Sample Endpoint Exception List', namespace_type: 'single', diff --git a/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts b/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts index 017b959a2baf3..906dcf6560ee5 100644 --- a/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts +++ b/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts @@ -4,6 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ +import { ENDPOINT_LIST_ID } from '../..'; + import { ExceptionListSchema } from './exception_list_schema'; export const getExceptionListSchemaMock = (): ExceptionListSchema => ({ @@ -12,10 +14,10 @@ export const getExceptionListSchemaMock = (): ExceptionListSchema => ({ created_by: 'user_name', description: 'This is a sample endpoint type exception', id: '1', - list_id: 'endpoint_list', + list_id: ENDPOINT_LIST_ID, meta: {}, name: 'Sample Endpoint Exception List', - namespace_type: 'single', + namespace_type: 'agnostic', tags: ['user added string for a tag', 'malware'], tie_breaker_id: '77fd1909-6786-428a-a671-30229a719c1f', type: 'endpoint', diff --git a/x-pack/plugins/lists/public/exceptions/api.test.ts b/x-pack/plugins/lists/public/exceptions/api.test.ts index 1414d828fa6d4..455670098307f 100644 --- a/x-pack/plugins/lists/public/exceptions/api.test.ts +++ b/x-pack/plugins/lists/public/exceptions/api.test.ts @@ -508,7 +508,7 @@ describe('Exceptions Lists API', () => { test('it returns expected format when call succeeds', async () => { const exceptionResponse = await fetchExceptionListItemsByListId({ http: mockKibanaHttpService(), - listId: 'endpoint_list', + listId: 'endpoint_list_id', namespaceType: 'single', pagination: { page: 1, diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_histogram_panel/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_histogram_panel/index.tsx index 560c092d12076..3bc84bb7c32ee 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_histogram_panel/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_histogram_panel/index.tsx @@ -80,10 +80,14 @@ const getHistogramOption = (fieldName: string): MatrixHistogramOption => ({ const NO_LEGEND_DATA: LegendItem[] = []; +const DEFAULT_STACK_BY = 'signal.rule.name'; +const getDefaultStackByOption = (): AlertsHistogramOption => + alertsHistogramOptions.find(({ text }) => text === DEFAULT_STACK_BY) ?? alertsHistogramOptions[0]; + export const AlertsHistogramPanel = memo( ({ chartHeight, - defaultStackByOption = alertsHistogramOptions[8], // signal.rule.name + defaultStackByOption = getDefaultStackByOption(), deleteQuery, filters, headerChildren, diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts index 226fa5313e34f..38f7836f678f9 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts @@ -12,6 +12,7 @@ import { NOTIFICATION_THROTTLE_NO_ACTIONS } from '../../../../../../common/const import { transformAlertToRuleAction } from '../../../../../../common/detection_engine/transform_actions'; import { RuleType } from '../../../../../../common/detection_engine/types'; import { isMlRule } from '../../../../../../common/machine_learning/helpers'; +import { ENDPOINT_LIST_ID } from '../../../../../shared_imports'; import { NewRule } from '../../../../containers/detection_engine/rules'; import { @@ -167,7 +168,7 @@ export const formatAboutStepData = (aboutStepData: AboutStepRule): AboutStepRule ...(isAssociatedToEndpointList ? { exceptions_list: [ - { id: 'endpoint_list', namespace_type: 'agnostic', type: 'endpoint' }, + { id: ENDPOINT_LIST_ID, namespace_type: 'agnostic', type: 'endpoint' }, ] as AboutStepRuleJson['exceptions_list'], } : {}), diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx index 5df711ea7cd8e..35c4b8bc58e14 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx @@ -14,6 +14,7 @@ import { RuleAlertAction, RuleType } from '../../../../../common/detection_engin import { isMlRule } from '../../../../../common/machine_learning/helpers'; import { transformRuleToAlertAction } from '../../../../../common/detection_engine/transform_actions'; import { Filter } from '../../../../../../../../src/plugins/data/public'; +import { ENDPOINT_LIST_ID } from '../../../../shared_imports'; import { Rule } from '../../../containers/detection_engine/rules'; import { FormData, FormHook, FormSchema } from '../../../../shared_imports'; import { @@ -139,7 +140,7 @@ export const getAboutStepsData = (rule: Rule, detailsView: boolean): AboutStepRu return { isNew: false, author, - isAssociatedToEndpointList: exceptionsList?.some(({ id }) => id === 'endpoint_list') ?? false, + isAssociatedToEndpointList: exceptionsList?.some(({ id }) => id === ENDPOINT_LIST_ID) ?? false, isBuildingBlock: buildingBlockType !== undefined, license: license ?? '', ruleNameOverride: ruleNameOverride ?? '', diff --git a/x-pack/plugins/security_solution/public/overview/components/signals_by_category/index.tsx b/x-pack/plugins/security_solution/public/overview/components/signals_by_category/index.tsx index fbfdefa13d738..0ac136044c06d 100644 --- a/x-pack/plugins/security_solution/public/overview/components/signals_by_category/index.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/signals_by_category/index.tsx @@ -17,7 +17,6 @@ import { UpdateDateRange } from '../../../common/components/charts/common'; import { GlobalTimeArgs } from '../../../common/containers/use_global_time'; const DEFAULT_QUERY: Query = { query: '', language: 'kuery' }; -const DEFAULT_STACK_BY = 'signal.rule.threat.tactic.name'; const NO_FILTERS: Filter[] = []; interface Props extends Pick { @@ -62,13 +61,9 @@ const SignalsByCategoryComponent: React.FC = ({ [setAbsoluteRangeDatePicker] ); - const defaultStackByOption = - alertsHistogramOptions.find((o) => o.text === DEFAULT_STACK_BY) ?? alertsHistogramOptions[0]; - return (