* Move alert-specific mocks to more declarative mock file
* Add placeholder interface for ECS threat fields
* Test and implement CTI row renderer
The display details are not yet implemented, but those will be fleshed
out in the ThreatMatchRow component.
* Pass full fields data to our row renderers
This data is not used by any existing row renderers and so this commit
is mostly just plumbing that data through.
This is necessary, however, for our new threat match row renderer as it
requires nested fields, which cannot be retrieved through the mechanism
that retrieves the existing row renderer data. However, these nested
fields are available, if requested, through this other data structure,
hence this plumbing.
For now to minimize changes I'm marking this as an optional field;
however in reality a value will always be present.
* Rewrite existing row renderer in terms of flattened data
Updates logic, tests and mocks accordingly.
* Moving logic into discrete files
* helpers
* explicit fields file, which will hopefully be part of the renderer API
at some point
* parent component to split data into "rows" as defined by our renderer
* row component for stateless presentation of a single match
* Register threat match row rendere
Adds tentative copy, example row, and accompanying mock data.
* WIP: Rendering draggable fields but hit the data loss issue with nested fields being flattened
* WIP: implementing row renderer against new data format
I haven't yet deleted the old (new?) unused path yet. Cleanup to come.
* Updating based on new data
* Rewrites isInstance logic for new data as helper, hasThreatMatchValue
* Updating types and tests
* Adds to the previously empty ThreatEcs
* Revert "Pass full fields data to our row renderers"
This reverts commit 19c93ee0732166747b5472433cd5fc813638e21b.
We ended up extending the existing data (albeit from the fields
response!).
* Fix draggables
* adds contextId and eventId to pass to draggable
* We don't have a order-independent key for each individual
ThreatMatchRow, due to matched.id not being mapped/returned in the
fields response
* Fixes up a few things related to using the new data format
* Move indicator field strings to constants
* Fix example data for CTI row renderer
* Adds missing Threat ECS types
* Move CTI field constants to common folder
In order to use these in both the row renderer and the server request,
we need to move them to common/
* Remove redundant CTI fields from client request
These are currently hardcoded on the backend of the events/all query
(via TIMELINE_EVENTS_FIELDS); declaring them on both ends is arguably
confusing, and we're going with YAGNI for now.
* Add missing graphQL type
This was causing type errors as this enum exists both here and in
common/, and I had only updated one of them.
* Updates tests
One is still failing due to an outdated test subject, but I expect this
to change after an upcoming meeting so leaving it for now.
* Split ThreatMatchRow into subcomponents
One for displaying match details, and another for indicator details
The indicator details will be sparse, so there's going to be some
conditional rendering in there.
* Make CTI row renderer look nice
* Adds translations for copy
* Fixes most of our layout woes with more flexbox!
* Conditional rendering of indicator details based on data
* tests
* Make indicator reference field an external link
Leverages the existing FormattedFieldValue component, with one minor
tweak to add this field to the URL allowlist.
* Back to consistent horizontal spacing, here
The draggable badges are a little odd in that their full box isn't
indicated until hover, making the visual weight a little off.
* Add hr as a visual separator between each match "row" of the row renderer
* Fix tests broken due to addition of a new row renderer
These tests are all implicitly testing the list of row renderers.
* Full-width hr
At certain container widths, a half-width hr is not sufficient.
* More descriptive constant
Obviates the need for the accompanying comments.
* More realistic data
Also ensures less traffic to urlhaus ;)
* Remove useless comment
* Add threat_match row renderer type to GQL client
Gennin' beanz
* Ensure contextId is unique for each CTI subrow
We need to add the row index to our contextId to ensure that our
draggables work correctly for multiple rows, since each row will
necessarily have the same eventId and timelineId.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
540924b5be