From af02f3d83f1b39b75adbda5c1ebf5f1397cdacaf Mon Sep 17 00:00:00 2001 From: Madison Caldwell Date: Wed, 13 Jan 2021 04:44:08 -0500 Subject: [PATCH] [Security Solution][Threshold Rules] Fixes for 7.11 (#88120) * Use OR for threshold timeline query (not AND) * Speed up aggregatable fields filter with mutation --- .../components/alerts_table/actions.tsx | 1 + .../components/rules/step_define_rule/index.tsx | 17 ++++++++--------- .../public/timelines/store/timeline/model.ts | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx index 8723f55d7ad4..bd9e9f28034c 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx @@ -272,6 +272,7 @@ export const sendAlertToTimelineAction = async ({ notes: null, timeline: { ...timelineDefaults, + kqlMode: 'search', filters: getFiltersFromRule(ecsData.signal?.rule?.filters as string[]), dataProviders: [ { diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx index 1fe1b809d4f3..099145d4d929 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx @@ -173,15 +173,14 @@ const StepDefineRuleComponent: FC = ({ return { ...groupAcc, [groupName]: { - fields: Object.entries(groupValue.fields ?? {}).reduce>( - (fieldAcc, [fieldName, fieldValue]) => { - if (fieldValue.aggregatable === true) { - return { ...fieldAcc, [fieldName]: fieldValue }; - } - return fieldAcc; - }, - {} - ), + fields: Object.entries(groupValue.fields ?? {}).reduce< + Record> + >((fieldAcc, [fieldName, fieldValue]) => { + if (fieldValue.aggregatable === true) { + fieldAcc[fieldName] = fieldValue; + } + return fieldAcc; + }, {}), } as Partial, }; }, diff --git a/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts b/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts index c385f2115378..fffe3cf8c291 100644 --- a/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts +++ b/x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts @@ -56,7 +56,7 @@ export interface TimelineModel { deletedEventIds: string[]; /** A summary of the events and notes in this timeline */ description: string; - /** Typoe of event you want to see in this timeline */ + /** Type of event you want to see in this timeline */ eventType?: TimelineEventsType; /** A map of events in this timeline to the chronologically ordered notes (in this timeline) associated with the event */ eventIdToNoteIds: Record;