[SECURITY] [Timeline] Raw events not displayed (#72387)

* fix nav with no-data * fix rules action alerts * fix raw alert event type * snapshot * can only use network-only Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Patryk Kopycinski <contact@patrykkopycinski.com>
2020-07-20 11:14:50 -04:00 · 2020-07-20 11:14:50 -04:00 · a62c62e118
parent 66208fb73e
commit a62c62e118
15 changed files with 65 additions and 67 deletions
--- a/src/plugins/home/public/application/components/snapshots/add_data.test.js.snap
+++ b/src/plugins/home/public/application/components/snapshots/add_data.test.js.snap
@ -195,7 +195,7 @@ exports[`apmUiEnabled 1`] = `
          <span
            id="aria-describedby.addSiemButtonLabel"
          >
-            Centralize security events for interactive investigation in ready-to-go visualizations.
+            Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.
          </span>
        }
        footer={
@ -212,7 +212,7 @@ exports[`apmUiEnabled 1`] = `
          </EuiButton>
        }
        textAlign="left"
-        title="Security"
+        title="SIEM + Endpoint Security"
        titleSize="xs"
      />
    </EuiFlexItem>
@ -461,7 +461,7 @@ exports[`isNewKibanaInstance 1`] = `
          <span
            id="aria-describedby.addSiemButtonLabel"
          >
-            Centralize security events for interactive investigation in ready-to-go visualizations.
+            Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.
          </span>
        }
        footer={
@ -478,7 +478,7 @@ exports[`isNewKibanaInstance 1`] = `
          </EuiButton>
        }
        textAlign="left"
-        title="Security"
+        title="SIEM + Endpoint Security"
        titleSize="xs"
      />
    </EuiFlexItem>
@ -758,7 +758,7 @@ exports[`mlEnabled 1`] = `
          <span
            id="aria-describedby.addSiemButtonLabel"
          >
-            Centralize security events for interactive investigation in ready-to-go visualizations.
+            Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.
          </span>
        }
        footer={
@ -775,7 +775,7 @@ exports[`mlEnabled 1`] = `
          </EuiButton>
        }
        textAlign="left"
-        title="Security"
+        title="SIEM + Endpoint Security"
        titleSize="xs"
      />
    </EuiFlexItem>
@ -1060,7 +1060,7 @@ exports[`render 1`] = `
          <span
            id="aria-describedby.addSiemButtonLabel"
          >
-            Centralize security events for interactive investigation in ready-to-go visualizations.
+            Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.
          </span>
        }
        footer={
@ -1077,7 +1077,7 @@ exports[`render 1`] = `
          </EuiButton>
        }
        textAlign="left"
-        title="Security"
+        title="SIEM + Endpoint Security"
        titleSize="xs"
      />
    </EuiFlexItem>
--- a/src/plugins/home/public/application/components/add_data.js
+++ b/src/plugins/home/public/application/components/add_data.js
@ -81,12 +81,12 @@ const AddDataUi = ({ apmUiEnabled, isNewKibanaInstance, intl, mlEnabled }) => {
    const siemData = {
      title: intl.formatMessage({
        id: 'home.addData.securitySolution.nameTitle',
-        defaultMessage: 'Security',
+        defaultMessage: 'SIEM + Endpoint Security',
      }),
      description: intl.formatMessage({
        id: 'home.addData.securitySolution.nameDescription',
        defaultMessage:
-          'Centralize security events for interactive investigation in ready-to-go visualizations.',
+          'Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.',
      }),
      ariaDescribedby: 'aria-describedby.addSiemButtonLabel',
    };
--- a/x-pack/plugins/security_solution/public/common/components/header_global/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/header_global/index.tsx
@ -63,26 +63,19 @@ export const HeaderGlobal = React.memo<HeaderGlobalProps>(({ hideDetectionEngine
            <EuiFlexGroup alignItems="center" responsive={false}>
              <FlexItem grow={false}>
                <LinkAnchor onClick={goToOverview} href={getAppOverviewUrl(search)}>
-                  <EuiIcon aria-label={i18n.SIEM} type="logoSecurity" size="l" />
+                  <EuiIcon aria-label={i18n.SECURITY_SOLUTION} type="logoSecurity" size="l" />
                </LinkAnchor>
              </FlexItem>

              <FlexItem component="nav">
-                {indicesExist ? (
-                  <SiemNavigation
-                    display="condensed"
-                    navTabs={
-                      hideDetectionEngine
-                        ? pickBy((_, key) => key !== SecurityPageName.detections, navTabs)
-                        : navTabs
-                    }
-                  />
-                ) : (
-                  <SiemNavigation
-                    display="condensed"
-                    navTabs={pickBy((_, key) => key === SecurityPageName.overview, navTabs)}
-                  />
-                )}
+                <SiemNavigation
+                  display="condensed"
+                  navTabs={
+                    hideDetectionEngine
+                      ? pickBy((_, key) => key !== SecurityPageName.detections, navTabs)
+                      : navTabs
+                  }
+                />
              </FlexItem>
            </EuiFlexGroup>
          </FlexItem>
--- a/x-pack/plugins/security_solution/public/common/components/header_global/translations.ts
+++ b/x-pack/plugins/security_solution/public/common/components/header_global/translations.ts
@ -6,9 +6,12 @@

 import { i18n } from '@kbn/i18n';

-export const SIEM = i18n.translate('xpack.securitySolution.headerGlobal.siem', {
-  defaultMessage: 'SIEM',
-});
+export const SECURITY_SOLUTION = i18n.translate(
+  'xpack.securitySolution.headerGlobal.securitySolution',
+  {
+    defaultMessage: 'Security solution',
+  }
+);

 export const BUTTON_ADD_DATA = i18n.translate('xpack.securitySolution.headerGlobal.buttonAddData', {
  defaultMessage: 'Add data',
--- a/x-pack/plugins/security_solution/public/common/containers/source/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/containers/source/index.test.tsx
@ -7,6 +7,7 @@
 import { act, renderHook } from '@testing-library/react-hooks';

 import { useWithSource, indicesExistOrDataTemporarilyUnavailable } from '.';
+import { NO_ALERT_INDEX } from '../../../../common/constants';
 import { mockBrowserFields, mockIndexFields, mocksSource } from './mock';

 jest.mock('../../lib/kibana');
@ -79,6 +80,17 @@ describe('Index Fields & Browser Fields', () => {
    });
  });

+  test('Make sure we are not querying for NO_ALERT_INDEX and it is not includes in the index pattern', async () => {
+    const { result, waitForNextUpdate } = renderHook(() =>
+      useWithSource('default', [NO_ALERT_INDEX])
+    );
+
+    await waitForNextUpdate();
+    return expect(result.current.indexPattern.title).toEqual(
+      'apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,winlogbeat-*'
+    );
+  });
+
  describe('indicesExistOrDataTemporarilyUnavailable', () => {
    test('it returns true when undefined', () => {
      let undefVar;
--- a/x-pack/plugins/security_solution/public/common/containers/source/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/containers/source/index.tsx
@ -11,7 +11,7 @@ import { useEffect, useMemo, useState } from 'react';
 import memoizeOne from 'memoize-one';
 import { IIndexPattern } from 'src/plugins/data/public';

-import { DEFAULT_INDEX_KEY } from '../../../../common/constants';
+import { DEFAULT_INDEX_KEY, NO_ALERT_INDEX } from '../../../../common/constants';
 import { useUiSetting$ } from '../../lib/kibana';

 import { IndexField, SourceQuery } from '../../../graphql/types';
@ -126,8 +126,9 @@ export const useWithSource = (
 ) => {
  const [configIndex] = useUiSetting$<string[]>(DEFAULT_INDEX_KEY);
  const defaultIndex = useMemo<string[]>(() => {
-    if (indexToAdd != null && !isEmpty(indexToAdd)) {
-      return onlyCheckIndexToAdd ? indexToAdd : [...configIndex, ...indexToAdd];
+    const filterIndexAdd = (indexToAdd ?? []).filter((item) => item !== NO_ALERT_INDEX);
+    if (!isEmpty(filterIndexAdd)) {
+      return onlyCheckIndexToAdd ? filterIndexAdd : [...configIndex, ...filterIndexAdd];
    }
    return configIndex;
  }, [configIndex, indexToAdd, onlyCheckIndexToAdd]);
@ -138,7 +139,7 @@ export const useWithSource = (
    errorMessage: null,
    indexPattern: getIndexFields(defaultIndex.join(), []),
    indicesExist: indicesExistOrDataTemporarilyUnavailable(undefined),
-    loading: false,
+    loading: true,
  });

  const apolloClient = useApolloClient();
@ -155,7 +156,7 @@ export const useWithSource = (
      try {
        const result = await apolloClient.query<SourceQuery.Query, SourceQuery.Variables>({
          query: sourceQuery,
-          fetchPolicy: 'cache-first',
+          fetchPolicy: 'network-only',
          variables: {
            sourceId,
            defaultIndex,
--- a/x-pack/plugins/security_solution/public/detections/components/rules/pre_packaged_rules/load_empty_prompt.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/pre_packaged_rules/load_empty_prompt.tsx
@ -48,7 +48,6 @@ const PrePackagedRulesPromptComponent: React.FC<PrePackagedRulesPromptProps> = (

  return (
    <EmptyPrompt
-      iconType="securityAnalyticsApp"
      title={<h2>{i18n.PRE_BUILT_TITLE}</h2>}
      body={<p>{i18n.PRE_BUILT_MSG}</p>}
      actions={
--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/index.tsx
@ -33,7 +33,6 @@ import { useKibana } from '../../../../common/lib/kibana';
 import { getSchema } from './schema';
 import * as I18n from './translations';
 import { APP_ID } from '../../../../../common/constants';
-import { SecurityPageName } from '../../../../app/types';

 interface StepRuleActionsProps extends RuleStepProps {
  defaultValues?: ActionsStepRule | null;
@ -86,16 +85,13 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
  });
  const { submit } = form;

-  // TO DO need to make sure that logic is still valid
-  const kibanaAbsoluteUrl = useMemo(() => {
-    const url = application.getUrlForApp(`${APP_ID}:${SecurityPageName.detections}`, {
-      absolute: true,
-    });
-    if (url != null && url.includes('app/security/alerts')) {
-      return url.replace('app/security/alerts', 'app/security');
-    }
-    return url;
-  }, [application]);
+  const kibanaAbsoluteUrl = useMemo(
+    () =>
+      application.getUrlForApp(`${APP_ID}`, {
+        absolute: true,
+      }),
+    [application]
+  );

  const onSubmit = useCallback(
    async (enabled: boolean) => {
--- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/fetch_index_patterns.tsx
+++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/fetch_index_patterns.tsx
@ -70,7 +70,7 @@ export const useFetchIndexPatterns = (defaultIndices: string[] = []): Return =>
        apolloClient
          .query<SourceQuery.Query, SourceQuery.Variables>({
            query: sourceQuery,
-            fetchPolicy: 'cache-first',
+            fetchPolicy: 'network-only',
            variables: {
              sourceId: 'default',
              defaultIndex: indices,
--- a/x-pack/plugins/security_solution/public/timelines/components/fields_browser/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/fields_browser/index.tsx
@ -138,10 +138,9 @@ export const StatefulFieldsBrowserComponent: React.FC<FieldBrowserProps> = ({
    setShow(false);
  }, []);
  // only merge in the default category if the field browser is visible
-  const browserFieldsWithDefaultCategory = useMemo(
-    () => (show ? mergeBrowserFieldsWithDefaultCategory(browserFields) : {}),
-    [show, browserFields]
-  );
+  const browserFieldsWithDefaultCategory = useMemo(() => {
+    return show ? mergeBrowserFieldsWithDefaultCategory(browserFields) : {};
+  }, [show, browserFields]);

  return (
    <FieldsBrowserButtonContainer data-test-subj="fields-browser-button-container">
--- a/x-pack/plugins/security_solution/public/timelines/components/timeline/search_or_filter/index.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/search_or_filter/index.tsx
@ -78,8 +78,7 @@ const StatefulSearchOrFilterComponent = React.memo<Props>(
            serializedQuery: convertKueryToElasticSearchQuery(expression, indexPattern),
          },
        }),
-      // eslint-disable-next-line react-hooks/exhaustive-deps
-      [indexPattern, timelineId]
+      [applyKqlFilterQuery, indexPattern, timelineId]
    );

    const setFilterQueryDraftFromKueryExpression = useCallback(
@ -91,8 +90,7 @@ const StatefulSearchOrFilterComponent = React.memo<Props>(
            expression,
          },
        }),
-      // eslint-disable-next-line react-hooks/exhaustive-deps
-      [timelineId]
+      [timelineId, setKqlFilterQueryDraft]
    );

    const setFiltersInTimeline = useCallback(
@ -101,8 +99,7 @@ const StatefulSearchOrFilterComponent = React.memo<Props>(
          id: timelineId,
          filters: newFilters,
        }),
-      // eslint-disable-next-line react-hooks/exhaustive-deps
-      [timelineId]
+      [timelineId, setFilters]
    );

    const setSavedQueryInTimeline = useCallback(
@ -111,8 +108,7 @@ const StatefulSearchOrFilterComponent = React.memo<Props>(
          id: timelineId,
          savedQueryId: newSavedQueryId,
        }),
-      // eslint-disable-next-line react-hooks/exhaustive-deps
-      [timelineId]
+      [timelineId, setSavedQueryId]
    );

    const handleUpdateEventType = useCallback(
@ -121,8 +117,7 @@ const StatefulSearchOrFilterComponent = React.memo<Props>(
          id: timelineId,
          eventType: newEventType,
        }),
-      // eslint-disable-next-line react-hooks/exhaustive-deps
-      [timelineId]
+      [timelineId, updateEventType]
    );

    return (
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/utils.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/utils.test.ts
@ -9,13 +9,13 @@ import { getNotificationResultsLink } from './utils';
 describe('utils', () => {
  it('getNotificationResultsLink', () => {
    const resultLink = getNotificationResultsLink({
-      kibanaSiemAppUrl: 'http://localhost:5601/app/siem',
+      kibanaSiemAppUrl: 'http://localhost:5601/app/security',
      id: 'notification-id',
      from: '00000',
      to: '1111',
    });
    expect(resultLink).toEqual(
-      `http://localhost:5601/app/siem#/detections/rules/id/notification-id?timerange=(global:(linkTo:!(timeline),timerange:(from:00000,kind:absolute,to:1111)),timeline:(linkTo:!(global),timerange:(from:00000,kind:absolute,to:1111)))`
+      `http://localhost:5601/app/security/detections/rules/id/notification-id?timerange=(global:(linkTo:!(timeline),timerange:(from:00000,kind:absolute,to:1111)),timeline:(linkTo:!(global),timerange:(from:00000,kind:absolute,to:1111)))`
    );
  });
 });
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/utils.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/utils.ts
@ -4,8 +4,10 @@
 * you may not use this file except in compliance with the Elastic License.
 */

+import { APP_PATH } from '../../../../common/constants';
+
 export const getNotificationResultsLink = ({
-  kibanaSiemAppUrl = '/app/siem',
+  kibanaSiemAppUrl = APP_PATH,
  id,
  from,
  to,
@ -17,5 +19,5 @@ export const getNotificationResultsLink = ({
 }) => {
  if (from == null || to == null) return '';

-  return `${kibanaSiemAppUrl}#/detections/rules/id/${id}?timerange=(global:(linkTo:!(timeline),timerange:(from:${from},kind:absolute,to:${to})),timeline:(linkTo:!(global),timerange:(from:${from},kind:absolute,to:${to})))`;
+  return `${kibanaSiemAppUrl}/detections/rules/id/${id}?timerange=(global:(linkTo:!(timeline),timerange:(from:${from},kind:absolute,to:${to})),timeline:(linkTo:!(global),timerange:(from:${from},kind:absolute,to:${to})))`;
 };
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@ -14067,7 +14067,6 @@
    "xpack.securitySolution.header.editableTitle.editButtonAria": "クリックすると {title} を編集できます",
    "xpack.securitySolution.header.editableTitle.save": "保存",
    "xpack.securitySolution.headerGlobal.buttonAddData": "データの追加",
-    "xpack.securitySolution.headerGlobal.siem": "Security",
    "xpack.securitySolution.headerPage.pageSubtitle": "前回のイベント: {beat}",
    "xpack.securitySolution.hooks.useAddToTimeline.addedFieldMessage": "{fieldOrValue}をタイムラインに追加しました",
    "xpack.securitySolution.host.details.architectureLabel": "アーキテクチャー",
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@ -14073,7 +14073,6 @@
    "xpack.securitySolution.header.editableTitle.editButtonAria": "通过单击，可以编辑 {title}",
    "xpack.securitySolution.header.editableTitle.save": "保存",
    "xpack.securitySolution.headerGlobal.buttonAddData": "添加数据",
-    "xpack.securitySolution.headerGlobal.siem": "Security",
    "xpack.securitySolution.headerPage.pageSubtitle": "最后事件：{beat}",
    "xpack.securitySolution.hooks.useAddToTimeline.addedFieldMessage": "已将 {fieldOrValue} 添加到时间线",
    "xpack.securitySolution.host.details.architectureLabel": "架构",