maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[Security Solution][Threshold Rules] Fixes for 7.11 (#88120)

Browse source 
* Use OR for threshold timeline query (not AND)

* Speed up aggregatable fields filter with mutation
This commit is contained in:
Madison Caldwell 2021-01-13 04:44:08 -05:00 committed by GitHub
parent a98052bc72
commit af02f3d83f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
View file

@ -272,6 +272,7 @@ export const sendAlertToTimelineAction = async ({
notes: null, notes: null,
timeline: { timeline: {
...timelineDefaults, ...timelineDefaults,
kqlMode: 'search',
filters: getFiltersFromRule(ecsData.signal?.rule?.filters as string[]), filters: getFiltersFromRule(ecsData.signal?.rule?.filters as string[]),
dataProviders: [ dataProviders: [
{ {

17
x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx
View file

@ -173,15 +173,14 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
return { return {
...groupAcc, ...groupAcc,
[groupName]: { [groupName]: {
fields: Object.entries(groupValue.fields ?? {}).reduce<Partial<BrowserField>>( fields: Object.entries(groupValue.fields ?? {}).reduce<
(fieldAcc, [fieldName, fieldValue]) => { Record<string, Partial<BrowserField>>
if (fieldValue.aggregatable === true) { >((fieldAcc, [fieldName, fieldValue]) => {
return { ...fieldAcc, [fieldName]: fieldValue }; if (fieldValue.aggregatable === true) {
} fieldAcc[fieldName] = fieldValue;
return fieldAcc; }
}, return fieldAcc;
{} }, {}),
),
} as Partial<BrowserField>, } as Partial<BrowserField>,
}; };
}, },

2
x-pack/plugins/security_solution/public/timelines/store/timeline/model.ts
View file

@ -56,7 +56,7 @@ export interface TimelineModel {
deletedEventIds: string[]; deletedEventIds: string[];
/** A summary of the events and notes in this timeline */ /** A summary of the events and notes in this timeline */
description: string; description: string;
/** Typoe of event you want to see in this timeline */ /** Type of event you want to see in this timeline */
eventType?: TimelineEventsType; eventType?: TimelineEventsType;
/** A map of events in this timeline to the chronologically ordered notes (in this timeline) associated with the event */ /** A map of events in this timeline to the chronologically ordered notes (in this timeline) associated with the event */
eventIdToNoteIds: Record<string, string[]>; eventIdToNoteIds: Record<string, string[]>;