[SECURITY] [Timeline] Raw events not displayed (#72387)
* fix nav with no-data * fix rules action alerts * fix raw alert event type * snapshot * can only use network-only Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Patryk Kopycinski <contact@patrykkopycinski.com>
This commit is contained in:
parent
66208fb73e
commit
a62c62e118
15 changed files with 65 additions and 67 deletions
|
@ -195,7 +195,7 @@ exports[`apmUiEnabled 1`] = `
|
|||
<span
|
||||
id="aria-describedby.addSiemButtonLabel"
|
||||
>
|
||||
Centralize security events for interactive investigation in ready-to-go visualizations.
|
||||
Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.
|
||||
</span>
|
||||
}
|
||||
footer={
|
||||
|
@ -212,7 +212,7 @@ exports[`apmUiEnabled 1`] = `
|
|||
</EuiButton>
|
||||
}
|
||||
textAlign="left"
|
||||
title="Security"
|
||||
title="SIEM + Endpoint Security"
|
||||
titleSize="xs"
|
||||
/>
|
||||
</EuiFlexItem>
|
||||
|
@ -461,7 +461,7 @@ exports[`isNewKibanaInstance 1`] = `
|
|||
<span
|
||||
id="aria-describedby.addSiemButtonLabel"
|
||||
>
|
||||
Centralize security events for interactive investigation in ready-to-go visualizations.
|
||||
Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.
|
||||
</span>
|
||||
}
|
||||
footer={
|
||||
|
@ -478,7 +478,7 @@ exports[`isNewKibanaInstance 1`] = `
|
|||
</EuiButton>
|
||||
}
|
||||
textAlign="left"
|
||||
title="Security"
|
||||
title="SIEM + Endpoint Security"
|
||||
titleSize="xs"
|
||||
/>
|
||||
</EuiFlexItem>
|
||||
|
@ -758,7 +758,7 @@ exports[`mlEnabled 1`] = `
|
|||
<span
|
||||
id="aria-describedby.addSiemButtonLabel"
|
||||
>
|
||||
Centralize security events for interactive investigation in ready-to-go visualizations.
|
||||
Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.
|
||||
</span>
|
||||
}
|
||||
footer={
|
||||
|
@ -775,7 +775,7 @@ exports[`mlEnabled 1`] = `
|
|||
</EuiButton>
|
||||
}
|
||||
textAlign="left"
|
||||
title="Security"
|
||||
title="SIEM + Endpoint Security"
|
||||
titleSize="xs"
|
||||
/>
|
||||
</EuiFlexItem>
|
||||
|
@ -1060,7 +1060,7 @@ exports[`render 1`] = `
|
|||
<span
|
||||
id="aria-describedby.addSiemButtonLabel"
|
||||
>
|
||||
Centralize security events for interactive investigation in ready-to-go visualizations.
|
||||
Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.
|
||||
</span>
|
||||
}
|
||||
footer={
|
||||
|
@ -1077,7 +1077,7 @@ exports[`render 1`] = `
|
|||
</EuiButton>
|
||||
}
|
||||
textAlign="left"
|
||||
title="Security"
|
||||
title="SIEM + Endpoint Security"
|
||||
titleSize="xs"
|
||||
/>
|
||||
</EuiFlexItem>
|
||||
|
|
|
@ -81,12 +81,12 @@ const AddDataUi = ({ apmUiEnabled, isNewKibanaInstance, intl, mlEnabled }) => {
|
|||
const siemData = {
|
||||
title: intl.formatMessage({
|
||||
id: 'home.addData.securitySolution.nameTitle',
|
||||
defaultMessage: 'Security',
|
||||
defaultMessage: 'SIEM + Endpoint Security',
|
||||
}),
|
||||
description: intl.formatMessage({
|
||||
id: 'home.addData.securitySolution.nameDescription',
|
||||
defaultMessage:
|
||||
'Centralize security events for interactive investigation in ready-to-go visualizations.',
|
||||
'Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.',
|
||||
}),
|
||||
ariaDescribedby: 'aria-describedby.addSiemButtonLabel',
|
||||
};
|
||||
|
|
|
@ -63,12 +63,11 @@ export const HeaderGlobal = React.memo<HeaderGlobalProps>(({ hideDetectionEngine
|
|||
<EuiFlexGroup alignItems="center" responsive={false}>
|
||||
<FlexItem grow={false}>
|
||||
<LinkAnchor onClick={goToOverview} href={getAppOverviewUrl(search)}>
|
||||
<EuiIcon aria-label={i18n.SIEM} type="logoSecurity" size="l" />
|
||||
<EuiIcon aria-label={i18n.SECURITY_SOLUTION} type="logoSecurity" size="l" />
|
||||
</LinkAnchor>
|
||||
</FlexItem>
|
||||
|
||||
<FlexItem component="nav">
|
||||
{indicesExist ? (
|
||||
<SiemNavigation
|
||||
display="condensed"
|
||||
navTabs={
|
||||
|
@ -77,12 +76,6 @@ export const HeaderGlobal = React.memo<HeaderGlobalProps>(({ hideDetectionEngine
|
|||
: navTabs
|
||||
}
|
||||
/>
|
||||
) : (
|
||||
<SiemNavigation
|
||||
display="condensed"
|
||||
navTabs={pickBy((_, key) => key === SecurityPageName.overview, navTabs)}
|
||||
/>
|
||||
)}
|
||||
</FlexItem>
|
||||
</EuiFlexGroup>
|
||||
</FlexItem>
|
||||
|
|
|
@ -6,9 +6,12 @@
|
|||
|
||||
import { i18n } from '@kbn/i18n';
|
||||
|
||||
export const SIEM = i18n.translate('xpack.securitySolution.headerGlobal.siem', {
|
||||
defaultMessage: 'SIEM',
|
||||
});
|
||||
export const SECURITY_SOLUTION = i18n.translate(
|
||||
'xpack.securitySolution.headerGlobal.securitySolution',
|
||||
{
|
||||
defaultMessage: 'Security solution',
|
||||
}
|
||||
);
|
||||
|
||||
export const BUTTON_ADD_DATA = i18n.translate('xpack.securitySolution.headerGlobal.buttonAddData', {
|
||||
defaultMessage: 'Add data',
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
import { act, renderHook } from '@testing-library/react-hooks';
|
||||
|
||||
import { useWithSource, indicesExistOrDataTemporarilyUnavailable } from '.';
|
||||
import { NO_ALERT_INDEX } from '../../../../common/constants';
|
||||
import { mockBrowserFields, mockIndexFields, mocksSource } from './mock';
|
||||
|
||||
jest.mock('../../lib/kibana');
|
||||
|
@ -79,6 +80,17 @@ describe('Index Fields & Browser Fields', () => {
|
|||
});
|
||||
});
|
||||
|
||||
test('Make sure we are not querying for NO_ALERT_INDEX and it is not includes in the index pattern', async () => {
|
||||
const { result, waitForNextUpdate } = renderHook(() =>
|
||||
useWithSource('default', [NO_ALERT_INDEX])
|
||||
);
|
||||
|
||||
await waitForNextUpdate();
|
||||
return expect(result.current.indexPattern.title).toEqual(
|
||||
'apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,winlogbeat-*'
|
||||
);
|
||||
});
|
||||
|
||||
describe('indicesExistOrDataTemporarilyUnavailable', () => {
|
||||
test('it returns true when undefined', () => {
|
||||
let undefVar;
|
||||
|
|
|
@ -11,7 +11,7 @@ import { useEffect, useMemo, useState } from 'react';
|
|||
import memoizeOne from 'memoize-one';
|
||||
import { IIndexPattern } from 'src/plugins/data/public';
|
||||
|
||||
import { DEFAULT_INDEX_KEY } from '../../../../common/constants';
|
||||
import { DEFAULT_INDEX_KEY, NO_ALERT_INDEX } from '../../../../common/constants';
|
||||
import { useUiSetting$ } from '../../lib/kibana';
|
||||
|
||||
import { IndexField, SourceQuery } from '../../../graphql/types';
|
||||
|
@ -126,8 +126,9 @@ export const useWithSource = (
|
|||
) => {
|
||||
const [configIndex] = useUiSetting$<string[]>(DEFAULT_INDEX_KEY);
|
||||
const defaultIndex = useMemo<string[]>(() => {
|
||||
if (indexToAdd != null && !isEmpty(indexToAdd)) {
|
||||
return onlyCheckIndexToAdd ? indexToAdd : [...configIndex, ...indexToAdd];
|
||||
const filterIndexAdd = (indexToAdd ?? []).filter((item) => item !== NO_ALERT_INDEX);
|
||||
if (!isEmpty(filterIndexAdd)) {
|
||||
return onlyCheckIndexToAdd ? filterIndexAdd : [...configIndex, ...filterIndexAdd];
|
||||
}
|
||||
return configIndex;
|
||||
}, [configIndex, indexToAdd, onlyCheckIndexToAdd]);
|
||||
|
@ -138,7 +139,7 @@ export const useWithSource = (
|
|||
errorMessage: null,
|
||||
indexPattern: getIndexFields(defaultIndex.join(), []),
|
||||
indicesExist: indicesExistOrDataTemporarilyUnavailable(undefined),
|
||||
loading: false,
|
||||
loading: true,
|
||||
});
|
||||
|
||||
const apolloClient = useApolloClient();
|
||||
|
@ -155,7 +156,7 @@ export const useWithSource = (
|
|||
try {
|
||||
const result = await apolloClient.query<SourceQuery.Query, SourceQuery.Variables>({
|
||||
query: sourceQuery,
|
||||
fetchPolicy: 'cache-first',
|
||||
fetchPolicy: 'network-only',
|
||||
variables: {
|
||||
sourceId,
|
||||
defaultIndex,
|
||||
|
|
|
@ -48,7 +48,6 @@ const PrePackagedRulesPromptComponent: React.FC<PrePackagedRulesPromptProps> = (
|
|||
|
||||
return (
|
||||
<EmptyPrompt
|
||||
iconType="securityAnalyticsApp"
|
||||
title={<h2>{i18n.PRE_BUILT_TITLE}</h2>}
|
||||
body={<p>{i18n.PRE_BUILT_MSG}</p>}
|
||||
actions={
|
||||
|
|
|
@ -33,7 +33,6 @@ import { useKibana } from '../../../../common/lib/kibana';
|
|||
import { getSchema } from './schema';
|
||||
import * as I18n from './translations';
|
||||
import { APP_ID } from '../../../../../common/constants';
|
||||
import { SecurityPageName } from '../../../../app/types';
|
||||
|
||||
interface StepRuleActionsProps extends RuleStepProps {
|
||||
defaultValues?: ActionsStepRule | null;
|
||||
|
@ -86,16 +85,13 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
|
|||
});
|
||||
const { submit } = form;
|
||||
|
||||
// TO DO need to make sure that logic is still valid
|
||||
const kibanaAbsoluteUrl = useMemo(() => {
|
||||
const url = application.getUrlForApp(`${APP_ID}:${SecurityPageName.detections}`, {
|
||||
const kibanaAbsoluteUrl = useMemo(
|
||||
() =>
|
||||
application.getUrlForApp(`${APP_ID}`, {
|
||||
absolute: true,
|
||||
});
|
||||
if (url != null && url.includes('app/security/alerts')) {
|
||||
return url.replace('app/security/alerts', 'app/security');
|
||||
}
|
||||
return url;
|
||||
}, [application]);
|
||||
}),
|
||||
[application]
|
||||
);
|
||||
|
||||
const onSubmit = useCallback(
|
||||
async (enabled: boolean) => {
|
||||
|
|
|
@ -70,7 +70,7 @@ export const useFetchIndexPatterns = (defaultIndices: string[] = []): Return =>
|
|||
apolloClient
|
||||
.query<SourceQuery.Query, SourceQuery.Variables>({
|
||||
query: sourceQuery,
|
||||
fetchPolicy: 'cache-first',
|
||||
fetchPolicy: 'network-only',
|
||||
variables: {
|
||||
sourceId: 'default',
|
||||
defaultIndex: indices,
|
||||
|
|
|
@ -138,10 +138,9 @@ export const StatefulFieldsBrowserComponent: React.FC<FieldBrowserProps> = ({
|
|||
setShow(false);
|
||||
}, []);
|
||||
// only merge in the default category if the field browser is visible
|
||||
const browserFieldsWithDefaultCategory = useMemo(
|
||||
() => (show ? mergeBrowserFieldsWithDefaultCategory(browserFields) : {}),
|
||||
[show, browserFields]
|
||||
);
|
||||
const browserFieldsWithDefaultCategory = useMemo(() => {
|
||||
return show ? mergeBrowserFieldsWithDefaultCategory(browserFields) : {};
|
||||
}, [show, browserFields]);
|
||||
|
||||
return (
|
||||
<FieldsBrowserButtonContainer data-test-subj="fields-browser-button-container">
|
||||
|
|
|
@ -78,8 +78,7 @@ const StatefulSearchOrFilterComponent = React.memo<Props>(
|
|||
serializedQuery: convertKueryToElasticSearchQuery(expression, indexPattern),
|
||||
},
|
||||
}),
|
||||
// eslint-disable-next-line react-hooks/exhaustive-deps
|
||||
[indexPattern, timelineId]
|
||||
[applyKqlFilterQuery, indexPattern, timelineId]
|
||||
);
|
||||
|
||||
const setFilterQueryDraftFromKueryExpression = useCallback(
|
||||
|
@ -91,8 +90,7 @@ const StatefulSearchOrFilterComponent = React.memo<Props>(
|
|||
expression,
|
||||
},
|
||||
}),
|
||||
// eslint-disable-next-line react-hooks/exhaustive-deps
|
||||
[timelineId]
|
||||
[timelineId, setKqlFilterQueryDraft]
|
||||
);
|
||||
|
||||
const setFiltersInTimeline = useCallback(
|
||||
|
@ -101,8 +99,7 @@ const StatefulSearchOrFilterComponent = React.memo<Props>(
|
|||
id: timelineId,
|
||||
filters: newFilters,
|
||||
}),
|
||||
// eslint-disable-next-line react-hooks/exhaustive-deps
|
||||
[timelineId]
|
||||
[timelineId, setFilters]
|
||||
);
|
||||
|
||||
const setSavedQueryInTimeline = useCallback(
|
||||
|
@ -111,8 +108,7 @@ const StatefulSearchOrFilterComponent = React.memo<Props>(
|
|||
id: timelineId,
|
||||
savedQueryId: newSavedQueryId,
|
||||
}),
|
||||
// eslint-disable-next-line react-hooks/exhaustive-deps
|
||||
[timelineId]
|
||||
[timelineId, setSavedQueryId]
|
||||
);
|
||||
|
||||
const handleUpdateEventType = useCallback(
|
||||
|
@ -121,8 +117,7 @@ const StatefulSearchOrFilterComponent = React.memo<Props>(
|
|||
id: timelineId,
|
||||
eventType: newEventType,
|
||||
}),
|
||||
// eslint-disable-next-line react-hooks/exhaustive-deps
|
||||
[timelineId]
|
||||
[timelineId, updateEventType]
|
||||
);
|
||||
|
||||
return (
|
||||
|
|
|
@ -9,13 +9,13 @@ import { getNotificationResultsLink } from './utils';
|
|||
describe('utils', () => {
|
||||
it('getNotificationResultsLink', () => {
|
||||
const resultLink = getNotificationResultsLink({
|
||||
kibanaSiemAppUrl: 'http://localhost:5601/app/siem',
|
||||
kibanaSiemAppUrl: 'http://localhost:5601/app/security',
|
||||
id: 'notification-id',
|
||||
from: '00000',
|
||||
to: '1111',
|
||||
});
|
||||
expect(resultLink).toEqual(
|
||||
`http://localhost:5601/app/siem#/detections/rules/id/notification-id?timerange=(global:(linkTo:!(timeline),timerange:(from:00000,kind:absolute,to:1111)),timeline:(linkTo:!(global),timerange:(from:00000,kind:absolute,to:1111)))`
|
||||
`http://localhost:5601/app/security/detections/rules/id/notification-id?timerange=(global:(linkTo:!(timeline),timerange:(from:00000,kind:absolute,to:1111)),timeline:(linkTo:!(global),timerange:(from:00000,kind:absolute,to:1111)))`
|
||||
);
|
||||
});
|
||||
});
|
||||
|
|
|
@ -4,8 +4,10 @@
|
|||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
|
||||
import { APP_PATH } from '../../../../common/constants';
|
||||
|
||||
export const getNotificationResultsLink = ({
|
||||
kibanaSiemAppUrl = '/app/siem',
|
||||
kibanaSiemAppUrl = APP_PATH,
|
||||
id,
|
||||
from,
|
||||
to,
|
||||
|
@ -17,5 +19,5 @@ export const getNotificationResultsLink = ({
|
|||
}) => {
|
||||
if (from == null || to == null) return '';
|
||||
|
||||
return `${kibanaSiemAppUrl}#/detections/rules/id/${id}?timerange=(global:(linkTo:!(timeline),timerange:(from:${from},kind:absolute,to:${to})),timeline:(linkTo:!(global),timerange:(from:${from},kind:absolute,to:${to})))`;
|
||||
return `${kibanaSiemAppUrl}/detections/rules/id/${id}?timerange=(global:(linkTo:!(timeline),timerange:(from:${from},kind:absolute,to:${to})),timeline:(linkTo:!(global),timerange:(from:${from},kind:absolute,to:${to})))`;
|
||||
};
|
||||
|
|
|
@ -14067,7 +14067,6 @@
|
|||
"xpack.securitySolution.header.editableTitle.editButtonAria": "クリックすると {title} を編集できます",
|
||||
"xpack.securitySolution.header.editableTitle.save": "保存",
|
||||
"xpack.securitySolution.headerGlobal.buttonAddData": "データの追加",
|
||||
"xpack.securitySolution.headerGlobal.siem": "Security",
|
||||
"xpack.securitySolution.headerPage.pageSubtitle": "前回のイベント: {beat}",
|
||||
"xpack.securitySolution.hooks.useAddToTimeline.addedFieldMessage": "{fieldOrValue}をタイムラインに追加しました",
|
||||
"xpack.securitySolution.host.details.architectureLabel": "アーキテクチャー",
|
||||
|
|
|
@ -14073,7 +14073,6 @@
|
|||
"xpack.securitySolution.header.editableTitle.editButtonAria": "通过单击,可以编辑 {title}",
|
||||
"xpack.securitySolution.header.editableTitle.save": "保存",
|
||||
"xpack.securitySolution.headerGlobal.buttonAddData": "添加数据",
|
||||
"xpack.securitySolution.headerGlobal.siem": "Security",
|
||||
"xpack.securitySolution.headerPage.pageSubtitle": "最后事件:{beat}",
|
||||
"xpack.securitySolution.hooks.useAddToTimeline.addedFieldMessage": "已将 {fieldOrValue} 添加到时间线",
|
||||
"xpack.securitySolution.host.details.architectureLabel": "架构",
|
||||
|
|
Loading…
Reference in a new issue