From 68422c93d6e486e12670fd2215421be7a01fe57a Mon Sep 17 00:00:00 2001
From: Steph Milovic <stephanie.milovic@elastic.co>
Date: Mon, 25 Apr 2022 09:22:55 -0600
Subject: [PATCH 1/4] rm data view fields from sourcerer call

---
 .../server/lib/sourcerer/routes/index.ts      | 32 +++++++++++--------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.ts b/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.ts
index bf69ed03fb79a..9eb70d59ebfd1 100644
--- a/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.ts
@@ -54,16 +54,8 @@ export const createSourcererDataViewRoute = (
         );
 
         let allDataViews: DataViewListItem[] = await dataViewService.getIdsWithTitle();
-        let siemDataView = null;
-        try {
-          siemDataView = await dataViewService.get(dataViewId);
-        } catch (err) {
-          const error = transformError(err);
-          // Do nothing if statusCode === 404 because we expect that the security dataview does not exist
-          if (error.statusCode !== 404) {
-            throw err;
-          }
-        }
+        let siemDataView: DataView | DataViewListItem | null =
+          allDataViews.find((dv) => dv.id === dataViewId) ?? null;
 
         const { patternList } = request.body;
         const patternListAsTitle = patternList.sort().join();
@@ -90,6 +82,7 @@ export const createSourcererDataViewRoute = (
             }
           }
         } else if (patternListAsTitle !== siemDataViewTitle) {
+          siemDataView = await dataViewService.get(dataViewId);
           siemDataView.title = patternListAsTitle;
           await dataViewService.updateSavedObject(siemDataView);
         }
@@ -186,14 +179,27 @@ export const getSourcererDataViewRoute = (
   );
 };
 
+interface KibanaDataView {
+  /** Uniquely identifies a Kibana Data View */
+  id: string;
+  /**  list of active patterns that return data  */
+  patternList: string[];
+  /**
+   * title of Kibana Data View
+   * title also serves as "all pattern list", including inactive
+   * comma separated string
+   */
+  title: string;
+}
+
 const buildSourcererDataView = async (
-  dataView: DataView,
+  dataView: DataView | DataViewListItem,
   clientAsCurrentUser: ElasticsearchClient
-) => {
+): Promise<KibanaDataView> => {
   const patternList = dataView.title.split(',');
   const activePatternBools: boolean[] = await findExistingIndices(patternList, clientAsCurrentUser);
   const activePatternLists: string[] = patternList.filter(
     (pattern, j, self) => self.indexOf(pattern) === j && activePatternBools[j]
   );
-  return { ...dataView, patternList: activePatternLists };
+  return { id: dataView.id ?? '', title: dataView.title, patternList: activePatternLists };
 };

From f707f4ea87e63b601138546ed271d9da550239be Mon Sep 17 00:00:00 2001
From: Steph Milovic <stephanie.milovic@elastic.co>
Date: Mon, 25 Apr 2022 11:16:46 -0600
Subject: [PATCH 2/4] another opt

---
 .../security_solution/server/lib/sourcerer/routes/index.ts   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.ts b/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.ts
index 9eb70d59ebfd1..24344b41ed210 100644
--- a/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.ts
@@ -153,8 +153,9 @@ export const getSourcererDataViewRoute = (
           request,
           true
         );
-
-        const siemDataView = await dataViewService.get(dataViewId);
+        const allDataViews: DataViewListItem[] = await dataViewService.getIdsWithTitle();
+        const siemDataView: DataViewListItem | null =
+          allDataViews.find((dv) => dv.id === dataViewId) ?? null;
         const kibanaDataView = siemDataView
           ? await buildSourcererDataView(
               siemDataView,

From 59588ca79e996fae73edfcf43bc40fc760d207c8 Mon Sep 17 00:00:00 2001
From: Steph Milovic <stephanie.milovic@elastic.co>
Date: Mon, 25 Apr 2022 11:27:07 -0600
Subject: [PATCH 3/4] update tests

---
 .../server/lib/sourcerer/routes/index.test.ts            | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.test.ts b/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.test.ts
index 232aba9d1ae3a..7488522517802 100644
--- a/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.test.ts
@@ -26,6 +26,13 @@ jest.mock('./helpers', () => {
 });
 const mockPattern = {
   id: 'security-solution',
+  fields: [
+    { name: '@timestamp', searchable: true, type: 'date', aggregatable: true },
+    { name: '@version', searchable: true, type: 'string', aggregatable: true },
+    { name: 'agent.ephemeral_id', searchable: true, type: 'string', aggregatable: true },
+    { name: 'agent.hostname', searchable: true, type: 'string', aggregatable: true },
+    { name: 'agent.id', searchable: true, type: 'string', aggregatable: true },
+  ],
   title:
     'apm-*-transaction*,traces-apm*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,winlogbeat-*,ml_host_risk_score_*,.siem-signals-default',
 };
@@ -147,7 +154,7 @@ describe('sourcerer route', () => {
 
       test('returns sourcerer formatted Data Views when SIEM Data View does NOT exist but has been created in the mean time', async () => {
         const getMock = jest.fn();
-        getMock.mockResolvedValueOnce(null);
+        // getMock.mockResolvedValueOnce(null);
         getMock.mockResolvedValueOnce(mockPattern);
         const getStartServicesSpecial = jest.fn().mockResolvedValue([
           null,

From b73deffcd66bfe6f0e2b495b605d8f71895cff8d Mon Sep 17 00:00:00 2001
From: Steph Milovic <stephanie.milovic@elastic.co>
Date: Thu, 28 Apr 2022 07:47:18 -0600
Subject: [PATCH 4/4] rm commented out code

---
 .../security_solution/server/lib/sourcerer/routes/index.test.ts  | 1 -
 1 file changed, 1 deletion(-)

diff --git a/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.test.ts b/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.test.ts
index 7488522517802..bd5714d7628e2 100644
--- a/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/sourcerer/routes/index.test.ts
@@ -154,7 +154,6 @@ describe('sourcerer route', () => {
 
       test('returns sourcerer formatted Data Views when SIEM Data View does NOT exist but has been created in the mean time', async () => {
         const getMock = jest.fn();
-        // getMock.mockResolvedValueOnce(null);
         getMock.mockResolvedValueOnce(mockPattern);
         const getStartServicesSpecial = jest.fn().mockResolvedValue([
           null,