* bump @elastic/elasticsearch to canary.7
* address errors in core
* address errors in data plugin
* address errors in Alerting team plugins
* remove outdated messages in Lens
* remove unnecessary comments in ML
* address errors in Observability plugin
* address errors in reporting plugin
* address errors in Rule registry plugin
* fix errors in Security plugins
* fix errors in ES-UI plugin
* remove unnecessary union.
* update core tests
* fix kbn-es-archiver
* update to canary 8
* bump to v9
* use new typings
* fix new errors in core
* fix errors in core typeings
* fix type errors in data plugin
* fix type errors in telemetray plugin
* fix data plugin tests
* fix search examples type error
* fix errors in discover plugin
* fix errors in index_pattern_management
* fix type errors in vis_type_*
* fix errors in typings/elasticsearch
* fix type errors in actions plugin
* fix type errors in alerting and apm plugins
* fix type errors in canvas and cases
* fix errors in event_log
* fix type errors in ILM and ingest_pipelines
* fix errors in lens plugin
* fix errors in lists plugin
* fix errors in logstash
* fix errors in metrics_entities
* fix errors in o11y
* fix errors in watcher
* fix errors in uptime
* fix errors in upgrade_assistant
* fix errors in task_manager
* fix errors in stack_alerts
* fix errors in security_solution
* fix errors in rule_registry
* fix errors in snapshot_restore
* fix remaining errors
* fix search intergration tests
* adjust assetion
* bump version to canary.10
* adapt code to new naming schema
* use mapping types provided by the client library
* Revert "adjust assetion"
This reverts commit 19b8fe0464.
* fix so intergration tests
* fix http integration tests
* bump version to canary 11
* fix login test
* fix http integration test
* fix apm test
* update docs
* fixing some ml types
* fix new errors in data plugin
* fix new errors in alerting plugin
* fix new errors in lists plugin
* fix new errors in reporting
* fix or mute errors in rule_registry plugin
* more ML type fixes
* bump to canary 12
* fix errors after merge conflict
* additional ML fixes
* bump to canary 13
* fix errors in apm plugin
* fix errors in fleet plugin
* fix errors in infra plugin
* fix errors in monitoring plugin
* fix errors in osquery plugin
* fix errors in security solution plugins
* fix errors in transform plugin
* Update type imports for ES
* fix errors in x-pack plugins
* fix errors in tests
* update docs
* fix errors in x-pack/test
* update error description
* fix errors after master merge
* update comment in infra plugin
* fix new errors on xpack tests/
Co-authored-by: James Gowdy <jgowdy@elastic.co>
Co-authored-by: Dario Gieselaar <dario.gieselaar@elastic.co>
* Add un-isolate form to the endpoint flyout
* Add Endpoint details flyout footer and action button
* Refactor hooks into a directory
* Refactor endpoint list actions into reusable list + add it to Take action on details
* Refactor Endpoint list row actions to use new common hook for items
* generate different values for isolation in endpoint generator
* move `isEndpointHostIsolated()` utility to a common folder
* refactor detections to also use common `isEndpointHostIsolated()`
* httpHandlerMockFactory can now handle API paths with params (`{id}`)
* Initial set of re-usable http mocks for endpoint hosts set of pages
* fix bug in `composeHttpHandlerMocks()`
* small improvements to test utilities
* Show API errors for isolate in Form standard place
* WIP
add tabs for endpoint details
* fetch activity log for endpoint
this is work in progress with dummy data
* refactor to hold host details and activity log within endpointDetails
* api for fetching actions log
* add a selector for getting selected agent id
* use the new api to show actions log
* review changes
* move util function to common/utils
in order to use it in endpoint_hosts as well as in trusted _apps
review suggestion
* use util function to get API path
review suggestion
* sync url params with details active tab
review suggestion
* fix types due to merge commit
refs 3722552f73
* use AsyncResourseState type
review suggestions
* sort entries chronologically with recent at the top
* adjust icon sizes within entries to match mocks
* remove endpoint list paging stuff (not for now)
* fix import after sync with master
* make the search bar work (sort of)
this needs to be fleshed out in a later PR
* add tests to middleware for now
* use snake case for naming routes
review changes
* rename and use own relative time function
review change
* use euiTheme tokens
review change
* add a comment
review changes
* log errors to kibana log and unwind stack
review changes
* use FleetActionGenerator for mocking data
review changes
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR starts the migration of the Security Solution rules to use the rule-registry introduced in https://github.com/elastic/kibana/pull/95903. This is a pathfinding effort in porting over the existing Security Solution rules, and may include some temporary reference rules for testing out different paradigms as we move the rules over. See https://github.com/elastic/kibana/issues/95735 for details
Enable via the following feature flags in your `kibana.dev.yml`:
```
# Security Solution Rules on Rule Registry
xpack.ruleRegistry.index: '.kibana-[USERNAME]-alerts' # Only necessary to scope from other devs testing, if not specified defaults to `.alerts-security-solution`
xpack.securitySolution.enableExperimental: ['ruleRegistryEnabled']
```
> Note: if setting a custom `xpack.ruleRegistry.index`, for the time being you must also update the [DEFAULT_ALERTS_INDEX](9e213fb7a5/x-pack/plugins/security_solution/common/constants.ts (L28)) in order for the UI to display alerts within the alerts table.
---
Three reference rule types have been added (`query`, `eql`, `threshold`), along with scripts for creating them located in:
```
x-pack/plugins/security_solution/server/lib/detection_engine/reference_rules/scripts/
```
Main Detection page TGrid queries have been short-circuited to query `.alerts-security-solution*` for displaying alerts from the new alerts as data indices.
To test, checkout, enable the above feature flag(s), and run one of the scripts from the above directory, e.g. `./create_reference_rule_query.sh` (ensure your ENV vars as set! :)
Alerts as data within the main Detection Page 🎉
<p align="center">
<img width="500" src="https://user-images.githubusercontent.com/2946766/119911768-39cfba00-bf17-11eb-8996-63c0b813fdcc.png" />
</p>
cc @madirey @dgieselaar @pmuellr @yctercero @dhurley14 @marshallmain
* Shows event filters card on fleet page
* Uses aggs instead of while loop to retrieve summary data
* Add request and response types in the lists package
* Fixes old import
* Removes old i18n keys
* Removes more old i18n keys
* Use consts for exception lists url and endpoint event filter list id
* Uses event filters service to retrieve summary data
* Fixes addressed pr comments such as changing the route without underscore, adding aggs type, validating response, and more
* Uses useMemo instead of useState to memoize object
* Add new e2e test for summart endpoint
* Handle api errors on event filters and trusted apps summary api calls
* Add api error message to the toast
* Fix wrong i18n key
* Change span tag by react fragment
* Uses styled components instead of modify compontent style directly and small improvements on test -> ts
* Adds curls script for summary route
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Re-introduces the changes from #100727 which was backed out due to a bug. Changes included:
* Generate random isolation values for endpoint metadata
* Generator for Fleet Actions
* Added creation of actions to the index test data loader
Plus:
* Fix generator `randomBoolean()` to ensure it works with seeded random numbers
* Update resolver snapshots due to additional call to randomizer
* Manual cherry pick of work to support integration tiles and package-level vars
* Fix types
* Remove registry input group typings
* Show integration-specific readme, title, and icon in package details page
* Revert unnecessary changes
* Add package-level `vars` field to package policy SO mappings
* Fix types
* Fix test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Removes event filters feature flag and expose this feature by default
* Fixes manifest unit test
* Fixes functional test adding event filter list case
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Utilizes constants package and deletes duplicate code
* Renames the `securitysolution-constants` to be `securitysolution-list-constants` to be specific
* Deletes duplicated code found during cleanup
* Moves more tests into the packages found along the way with the duplicated code
* Moves `parseScheduleDates` from `@kbn/securitysolution-io-ts-types` to `@kbn/securitysolution-io-ts-utils`
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* Refactor TableRowAction into separate component and enable menu close on item click
* add `show=isolate` to valid url param string for details panel
* Reusable BackToEndpointDetailsFlyoutSubHeader component
* new FlyoutBodyNoTopPadding compoent + refactor Policy response to use it
* Endpoint Isolate flyout panel
* New Service for doing isolate/unisolate of hosts
* Refactor detection isolate API call to use common method from new service
## Summary
* Adds package `kbn-securitysolution-list-api`
* Adds package `kbn-securitysolution-list-hooks`
* Moves files into the packages
* Moves a few additional types into the other packages such as the `kbn-securitysolution-io-ts-types` package to remove more things from the shard_export/shared_import between lists and security solution
* Removes more duplicated code
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
* Creates a `securitysolution-list-utils` packaged and moves the first set of utilities into there
* Fixes a slight bug with `kbn-securitysolution-io-ts-list-types` where the wrong name was used
* Moves _all_ of the lists schemas and types into the package `kbn-securitysolution-io-ts-list-types`
* Removes copied code found in a few places
## Tech debt
* Some spots I have to use an `any` in the package as Kibana kbn packages don't have the types I need
* Some spots I copy constants until we can straighten out those pieces.
* I keep copied mock files until we figure out how to share mocks from these packages without adding weight or we create dedicated mock packages for all of this.
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* make sure stackByField exists
* fix types
* fix unit test
* skip extra request for non-ip queries
* elasticserach query changes to prevent corrupted data response bug
* client changes to split ip stacked histogram queries in two, inspect modal shows all requests and responses
* lint fixes
* test for useMatrixHistogramCombined added
* comment added on new multiple prop
* changed query to always contain value_type:ip for ip queries
Co-authored-by: Angela Chuang <yi-chun.chuang@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Adds deprecation to all the io-ts types and copies of them found in the code base.
Phase 1 (Completed): Copy all the utilities to the `packages/kbn-securitysolution-io-ts-utils`
Phase 2: Add all the deprecation messages about them to the code base
Phase 3+: Teams and others will eventually remove/replace them with the utils from `kbn-securitysolution-io-ts-utils`
## Summary
Phase 1 of a multi-phase cautious approach for adding an experimental application cache for Kibana solutions called `metric_entities` and integrates it within Security Solutions.
Phase 1 is putting experimental support into the application without breaking existing features. Lots of TODO's, conversations and a possible RFC from phase 1 to phase 2 approach. Some features are missing, but for phase 1 the general idea and code is all there.
To enable this first phase after checking out the branch add this to your `kibana.dev.yml`
```yml
xpack.metricsEntities.enabled: true
xpack.securitySolution.enableExperimental: ['metricsEntitiesEnabled']
```
Then go into Stack Management -> Advanced Settings (Under Security Solutions) and set the enabled to true like so:
<img width="1229" alt="Screen Shot 2021-04-08 at 2 21 02 PM" src="https://user-images.githubusercontent.com/1151048/114091276-b3cbb700-9875-11eb-9083-5c1d91dd20ed.png">
Next go to the security_solutions page and you will see it being activated and you will have these transforms running if you look under stack management:
<img width="1710" alt="Screen Shot 2021-04-29 at 2 00 27 PM" src="https://user-images.githubusercontent.com/1151048/116611174-4a2e4e00-a8f3-11eb-9e15-55cb504dfb2a.png">
On the hosts page, network, page, etc... You can see them being activated when you have no query/filter and you click on request:
<img width="1405" alt="Screen Shot 2021-04-29 at 2 01 28 PM" src="https://user-images.githubusercontent.com/1151048/116611274-6a5e0d00-a8f3-11eb-9998-9f5b3d1c5c63.png">
You will see in the request the index patterns all starting with `estc_xyz*`
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)
We have lots of TODO's but no concrete docs with this just yet.
- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
Behind a feature flag and this isn't there yet.
- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* show operator dropdown for path field
refs elastic/security-team/issues/543
* update translation to use consistent values
refs elastic/security-team/issues/543
* update schema to validate path values
refs elastic/security-team/issues/543
* add tests for field and operator values
refs elastic/security-team/issues/543
* review changes
refs elastic/security-team/issues/543
* update schema to enforce dropdown validation for PATH field
refs elastic/security-team/issues/543
* add tests for schema updates
refs 1deab39453
refs elastic/security-team/issues/543
* optimise dropdown list for re-renders
refs elastic/security-team/issues/543
* align input fields and keep alignments when resized
refs elastic/security-team/issues/543
* correctly enter operator data on trusted app CRUD
refs elastic/security-team/issues/543
* update tests
refs 2ac56ee839
refs elastic/security-team/issues/543
* remove redundant code
review changes
* better type assertion
review changes
* move operator options out of component
- these do not depend on component props and thus no need to have it within a useMemo callback.
- review changes
* derive keys from operator entry field
review changes
* update type
* use custom styles for aligning input fields
review changes
* add a custom type for trusted_apps operator
undo changes from list plugin and server/lib/detection_engine
refs 2ac56ee839
refs elastic/security-team/issues/543
* add wildcard entry type
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* use the new entry type
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* update tests
refs elastic/security-team/issues/543
refs https://github.com/elastic/kibana/pull/97623#pullrequestreview-642618462
* update name for wildcard type so that it can be used also for cased inputs
refs elastic/security-team/issues/543
refs f9cb7eddda
* update artifacts to support wildcard entries
refs elastic/security-team/issues/543
* add tests for list schemas
refs f9cb7eddda
refs elastic/security-team/issues/543
* add placeholders for path values
review changes
elastic/kibana/pull/97623#discussion_r620617999
* ignore type check for now
* add type assertion
refs 284352ec9a
* remove unnecessary test
refs 2ac56ee839
* fix types
refs f9cb7eddda
refs b3f5dc4553
* add a note to entries
review changes
refs dbd3532149
* remove redundant type assertions
review changes
refs bcf615ac98
refs b3f5dc4553
* move placeholder text logic to utils
review changes elastic/kibana/pull/97623#discussion_r621673881
refs 6f2d0d7810
* pass the style as prop
review changes
* update api doc
CI check suggestion
* make placeholderText a function expression
review suggestion
elastic/kibana/pull/97623/commits/2dc4fd390cf5ea0e4fa67b3f5fc2561cbb29555e
* use semantic names for functions
refs 330731ebfc
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Initial version of event filtering form/dialog. Pending to add all redux services
* Uses redux store instead of props to get the form values
* Manage errors on redux
* Creates even filter list on service constructor
* Add os type selector depending on form parent by props. Also added create action
* Allows add exception to an event. This commit has to be reviewed and maybe it will change depending on next changes
* Fix imports because changes on ExceptionBuilder component and add needed type export
* Adds constants. Rename eventFilters to eventFilter. Add http wrapper as a hook to check if the list has been created or not
* Adds missing files on last commit.
* Relocate async resource state to be shared between different pages
* Use async resource state to manage async operations on components. Relocate initial entry status to an utils module instead of hook.
* Adds comments into redux store from component
* Fixes typechecks and wrong imports
* Fixes translations and adds subheader and description modal
* Relocates form description
* Removes unused import
* Sanitize entries before submit to remove entry.id
* Missed file on last commit
* Use specific fields for endpoint_event type builder
* Split error field for each kind of errors to prevent unexpected renders. Adds unit test for event filter form component
* Set event.kind == event by default
* Changes folder names. Add notifications when success. Remove default event.king
* Adds notifications when api error and fixed multiple notifications showed for same error
* Adds new test for event filter modal and changes component name to be consistent
* Adds unit tests for event filter notification
* Adds middleware unit tests. Also isolate common event for all tests
* Adds unit tests for event filter reducer
* Adds unit tests for event filter selector
* Fixes same key on different multilanguages. Fixes naming incoherence
* Adds feature flag for event filtering
* Fixes unit tests and weird behavior when changing items after name or comments on event filter form
* Removes unused import
* Fixes unit tests. Add imports from lists plugin. Add expects on tests. Change some names
* Renames everything from eventFilter to eventFilters (plural)
* Rename state variable
* Create hook for notifications instead of a component. Removes className from modal body.
* Updates available fields for enpoint events builder
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Remove the defaultStrategy override
Move async search strategy to data
Move EQL search strategy to data
Move rest of common/search/session data (Moving whole search/session is blocked by security and taskManager)
* Add API integration tests for threshold rules and more tests for EQL rules
* Add API more tests for exceptions and value list exceptions
* Fix unit test and add EQL api test checking multiple signal generation
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Adds helper to normalize legacy ML rule field to an array
This will be used on read of rules, to normalize legacy rules while
avoiding an explicit migration.
* Fix our detection-specific ML search function
Luckily this was just a translation layer to our anomaly call, and the
underlying functions already accepted an array of strings.
* WIP: Run rules against multiple ML Job IDs
We don't yet support creation of rules with multiple job ids, either on
the API or the UI, but when we do they will work.
Note: the logic was previously to generate an error if the underlying
job was not running, but to still query and generate alerts. Extending
that logic to multiple jobs: if any are not running, we generate an
error but continue querying and generating alerts.
* WIP: updating ml rule schemas to support multiple job IDs
* Simplify normalization method
We don't care about null or empty string values here; those were
holdovers from copying the logic of normalizeThreshold and don't apply
to this situation.
* Move normalized types to separate file to fix circular dependency
Our use of NonEmptyArray within common/schemas seemed to be causing the
above; this fixes it for now.
* Normalize ML job_ids param at the API layer
Previous changes to the base types already covered the majority of
routes; this updates the miscellaneous helpers that don't leverage those
shared utilities.
At the DB level, the forthcoming migration will ensure that we always
have "normalized" job IDs as an array.
* Count stopped ML Jobs as partial failure during ML Rule execution
Since we continue to query anomalies and potentially generate alerts, a
"failure" status is no longer the most accurate for this situation.
* Update 7.13 alerts migration to allow multi-job ML Rules
This ensures that we can assume string[] for this field during rule
execution.
* Display N job statuses on rule details
* WIP: converts MLJobSelect to a multiselect
Unfortunately, the SuperSelect does not allow multiselect so we need to
convert this to a combobox. Luckily we can reuse most of the code here
and remain relatively clean.
Since all combobox options must be the same (fixed) height, we're
somewhat more limited than before for displaying the rows. The
truncation appears fine, but I need to figure out a way to display the
full description as well.
* Update client-side logic to handle an array of ML job_ids
* Marginally more legible error message
* Conditionally call our normalize helper only if we have a value
This fixes a type error where TS could not infer that the return value
would not be undefined despite knowing that the argument was never
undefined. I tried some fancy conditional generic types, but that didn't
work.
This is more analogous to normalizeThresholdObject now, anyway.
* Fix remaining type error
* Clean up our ML executor tests with existing contract mocks
* Update ML Executor tests with new logic
We now record a partial failure instead of an error.
* Add and update tests for new ML normalization logic
* Add and update integration tests for ML Rules
Ensures that dealing with legacy job formats continues to work in the
API.
* Fix a type error
These params can no longer be strings.
* Update ML cypress test to create a rule with 2 ML jobs
If we can create a rule with 2 jobs, we should also be able to create a
rule with 1 job.
* Remove unused constant
* Persist a partial failure message written by a rule executor
We added the result.warning field as a way to indicate that a partial
failure was written to the rule, but neglected to account for that in the
main rule execution code, which caused a success status to immediately
overwrite the partial failure if the rule execution did not otherwise
fail/short-circuit.
* Move alert-specific mocks to more declarative mock file
* Add placeholder interface for ECS threat fields
* Test and implement CTI row renderer
The display details are not yet implemented, but those will be fleshed
out in the ThreatMatchRow component.
* Pass full fields data to our row renderers
This data is not used by any existing row renderers and so this commit
is mostly just plumbing that data through.
This is necessary, however, for our new threat match row renderer as it
requires nested fields, which cannot be retrieved through the mechanism
that retrieves the existing row renderer data. However, these nested
fields are available, if requested, through this other data structure,
hence this plumbing.
For now to minimize changes I'm marking this as an optional field;
however in reality a value will always be present.
* Rewrite existing row renderer in terms of flattened data
Updates logic, tests and mocks accordingly.
* Moving logic into discrete files
* helpers
* explicit fields file, which will hopefully be part of the renderer API
at some point
* parent component to split data into "rows" as defined by our renderer
* row component for stateless presentation of a single match
* Register threat match row rendere
Adds tentative copy, example row, and accompanying mock data.
* WIP: Rendering draggable fields but hit the data loss issue with nested fields being flattened
* WIP: implementing row renderer against new data format
I haven't yet deleted the old (new?) unused path yet. Cleanup to come.
* Updating based on new data
* Rewrites isInstance logic for new data as helper, hasThreatMatchValue
* Updating types and tests
* Adds to the previously empty ThreatEcs
* Revert "Pass full fields data to our row renderers"
This reverts commit 19c93ee0732166747b5472433cd5fc813638e21b.
We ended up extending the existing data (albeit from the fields
response!).
* Fix draggables
* adds contextId and eventId to pass to draggable
* We don't have a order-independent key for each individual
ThreatMatchRow, due to matched.id not being mapped/returned in the
fields response
* Fixes up a few things related to using the new data format
* Move indicator field strings to constants
* Fix example data for CTI row renderer
* Adds missing Threat ECS types
* Move CTI field constants to common folder
In order to use these in both the row renderer and the server request,
we need to move them to common/
* Remove redundant CTI fields from client request
These are currently hardcoded on the backend of the events/all query
(via TIMELINE_EVENTS_FIELDS); declaring them on both ends is arguably
confusing, and we're going with YAGNI for now.
* Add missing graphQL type
This was causing type errors as this enum exists both here and in
common/, and I had only updated one of them.
* Updates tests
One is still failing due to an outdated test subject, but I expect this
to change after an upcoming meeting so leaving it for now.
* Split ThreatMatchRow into subcomponents
One for displaying match details, and another for indicator details
The indicator details will be sparse, so there's going to be some
conditional rendering in there.
* Make CTI row renderer look nice
* Adds translations for copy
* Fixes most of our layout woes with more flexbox!
* Conditional rendering of indicator details based on data
* tests
* Make indicator reference field an external link
Leverages the existing FormattedFieldValue component, with one minor
tweak to add this field to the URL allowlist.
* Back to consistent horizontal spacing, here
The draggable badges are a little odd in that their full box isn't
indicated until hover, making the visual weight a little off.
* Add hr as a visual separator between each match "row" of the row renderer
* Fix tests broken due to addition of a new row renderer
These tests are all implicitly testing the list of row renderers.
* Full-width hr
At certain container widths, a half-width hr is not sufficient.
* More descriptive constant
Obviates the need for the accompanying comments.
* More realistic data
Also ensures less traffic to urlhaus ;)
* Remove useless comment
* Add threat_match row renderer type to GQL client
Gennin' beanz
* Ensure contextId is unique for each CTI subrow
We need to add the row index to our contextId to ensure that our
draggables work correctly for multiple rows, since each row will
necessarily have the same eventId and timelineId.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Replace validation function in signal executor
* Remove more RuleTypeParams usage
* Add security solution rules migration to alerting plugin
* Handle and test null value in threshold.field
* Remove runtime normalization of threshold field
* Remove signalParamsSchema
Co-authored-by: Davis Plumlee <davis.plumlee@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* First pass at rebuilding nested object structure from fields response
* Always requests TIMELINE_CTI_FIELDS as part of request
This only works for one level of nesting; will be extending tests to
allow for multiple levels momentarily.
* Build objects from arbitrary levels of nesting
This is a recursive implementation, but recursion depth is limited to
the number of levels of nesting, with arguments reducing in size as we
go (i.e. logarithmic)
* Simplify parsing logic, perf improvements
* Order short-circuiting conditions by cost, ascending
* Simplify object building for non-nested objects from fields
* The non-nested case is the same as the base recursive case, so
always call our recursive function if building from .fields
* Simplify getNestedParentPath
* We can do a few simple string comparison rather than building up
multiple strings/arrays
* Don't call getNestedParentPath unnecessarily, only if we have a field
* Simplify if branching
By definition, nestedParentFieldName can never be equal to fieldName, which means
there are only two branches here.
* Declare/export a more accurate fields type
Each top-level field value can be either an array of leaf values
(unknown[]), or an array of nested fields.
* Remove unnecessary condition
If fieldName is null or undefined, there is no reason to search for it
in dataFields. Looking through the git history this looks to be dead
code as a result of refactoring, as opposed to a legitimate bugfix, so
I'm removing it.
* Fix failing tests
* one was a test failure due to my modifying mock data
* one may have been a legitimate bug where we don't handle a hit without
a fields response; I need to follow up with Xavier to verify.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
