From 077ac2a4b15545c28c55276aebf2ddccb47f5099 Mon Sep 17 00:00:00 2001 From: Ece Ozalp Date: Thu, 1 Apr 2021 16:11:19 -0400 Subject: [PATCH 1/7] [CTI] Filters alerts table by presence of threat (elastic/security-team#907) --- .../alerts_utility_bar/index.test.tsx | 271 +++++++++++++++--- .../alerts_table/alerts_utility_bar/index.tsx | 41 ++- .../alerts_utility_bar/translations.ts | 7 + .../alerts_table/default_config.test.tsx | 29 +- .../alerts_table/default_config.tsx | 65 +++-- .../components/alerts_table/index.test.tsx | 2 + .../components/alerts_table/index.tsx | 36 ++- .../detection_engine/detection_engine.tsx | 30 +- .../detection_engine/rules/details/index.tsx | 14 +- 9 files changed, 408 insertions(+), 87 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.test.tsx index 6f83c075f0a9a..651731fbfcf1b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.test.tsx @@ -17,17 +17,19 @@ describe('AlertsUtilityBar', () => { test('renders correctly', () => { const wrapper = shallow( ); @@ -41,17 +43,19 @@ describe('AlertsUtilityBar', () => { const wrapper = mount( @@ -72,22 +76,61 @@ describe('AlertsUtilityBar', () => { ).toEqual(false); }); + test('does not show the showThreatMatchesOnly checked if the showThreatMatchOnly is false', () => { + const wrapper = mount( + + + + ); + // click the filters button to popup the checkbox to make it visible + wrapper + .find('[data-test-subj="additionalFilters"] button') + .first() + .simulate('click') + .update(); + + // The check box should be false + expect( + wrapper + .find('[data-test-subj="showThreatMatchesOnlyCheckbox"] input') + .first() + .prop('checked') + ).toEqual(false); + }); + test('does show the showBuildingBlockAlerts checked if the showBuildingBlockAlerts is true', () => { const onShowBuildingBlockAlertsChanged = jest.fn(); const wrapper = mount( @@ -108,22 +151,61 @@ describe('AlertsUtilityBar', () => { ).toEqual(true); }); + test('does show the showThreatMatchesOnly checked if the showThreatMatchesOnly is true', () => { + const wrapper = mount( + + + + ); + // click the filters button to popup the checkbox to make it visible + wrapper + .find('[data-test-subj="additionalFilters"] button') + .first() + .simulate('click') + .update(); + + // The check box should be true + expect( + wrapper + .find('[data-test-subj="showThreatMatchesOnlyCheckbox"] input') + .first() + .prop('checked') + ).toEqual(true); + }); + test('calls the onShowBuildingBlockAlertsChanged when the check box is clicked', () => { const onShowBuildingBlockAlertsChanged = jest.fn(); const wrapper = mount( @@ -145,21 +227,62 @@ describe('AlertsUtilityBar', () => { expect(onShowBuildingBlockAlertsChanged).toHaveBeenCalled(); }); + test('calls the onShowThreatMatchesOnlyChanged when the check box is clicked', () => { + const onShowThreatMatchesOnlyChanged = jest.fn(); + const wrapper = mount( + + + + ); + // click the filters button to popup the checkbox to make it visible + wrapper + .find('[data-test-subj="additionalFilters"] button') + .first() + .simulate('click') + .update(); + + // check the box + wrapper + .find('[data-test-subj="showThreatMatchesOnlyCheckbox"] input') + .first() + .simulate('change', { target: { checked: true } }); + + // Make sure our callback is called + expect(onShowThreatMatchesOnlyChanged).toHaveBeenCalled(); + }); + test('can update showBuildingBlockAlerts from false to true', () => { const Proxy = (props: AlertsUtilityBarProps) => ( @@ -167,17 +290,19 @@ describe('AlertsUtilityBar', () => { const wrapper = mount( ); @@ -214,5 +339,79 @@ describe('AlertsUtilityBar', () => { .prop('checked') ).toEqual(true); }); + + test('can update showThreatMatchesOnly from false to true', () => { + const Proxy = (props: AlertsUtilityBarProps) => ( + + + + ); + + const wrapper = mount( + + ); + // click the filters button to popup the checkbox to make it visible + wrapper + .find('[data-test-subj="additionalFilters"] button') + .first() + .simulate('click') + .update(); + + // The check box should false now since we initially set the showBuildingBlockAlerts to false + expect( + wrapper + .find('[data-test-subj="showThreatMatchesOnlyCheckbox"] input') + .first() + .prop('checked') + ).toEqual(false); + + wrapper.setProps({ showThreatMatchesOnly: true }); + wrapper.update(); + + // click the filters button to popup the checkbox to make it visible + wrapper + .find('[data-test-subj="additionalFilters"] button') + .first() + .simulate('click') + .update(); + + // The check box should be true now since we changed the showBuildingBlockAlerts from false to true + expect( + wrapper + .find('[data-test-subj="showThreatMatchesOnlyCheckbox"] input') + .first() + .prop('checked') + ).toEqual(true); + }); }); }); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx index ec2f84ba3e12d..c549e3b89efeb 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx @@ -30,16 +30,18 @@ import { UpdateAlertsStatus } from '../types'; import { FILTER_CLOSED, FILTER_IN_PROGRESS, FILTER_OPEN } from '../alerts_filter_group'; export interface AlertsUtilityBarProps { - hasIndexWrite: boolean; - hasIndexMaintenance: boolean; areEventsLoading: boolean; clearSelection: () => void; currentFilter: Status; + hasIndexMaintenance: boolean; + hasIndexWrite: boolean; + onShowBuildingBlockAlertsChanged: (showBuildingBlockAlerts: boolean) => void; + onShowThreatMatchesOnlyChanged: (showThreatMatchesOnly: boolean) => void; selectAll: () => void; selectedEventIds: Readonly>; showBuildingBlockAlerts: boolean; - onShowBuildingBlockAlertsChanged: (showBuildingBlockAlerts: boolean) => void; showClearSelection: boolean; + showThreatMatchesOnly: boolean; totalCount: number; updateAlertsStatus: UpdateAlertsStatus; } @@ -59,18 +61,24 @@ const BuildingBlockContainer = styled(EuiFlexItem)` padding: ${({ theme }) => `${theme.eui.paddingSizes.xs}`}; `; +const ThreatMatchContainer = styled(EuiFlexItem)` + padding: ${({ theme }) => `${theme.eui.paddingSizes.xs}`}; +`; + const AlertsUtilityBarComponent: React.FC = ({ - hasIndexWrite, - hasIndexMaintenance, areEventsLoading, clearSelection, - totalCount, - selectedEventIds, currentFilter, + hasIndexMaintenance, + hasIndexWrite, + onShowBuildingBlockAlertsChanged, + onShowThreatMatchesOnlyChanged, selectAll, + selectedEventIds, showBuildingBlockAlerts, - onShowBuildingBlockAlertsChanged, showClearSelection, + showThreatMatchesOnly, + totalCount, updateAlertsStatus, }) => { const [defaultNumberFormat] = useUiSetting$(DEFAULT_NUMBER_FORMAT); @@ -159,6 +167,20 @@ const AlertsUtilityBarComponent: React.FC = ({ label={i18n.ADDITIONAL_FILTERS_ACTIONS_SHOW_BUILDING_BLOCK} /> + + ) => { + closePopover(); + onShowThreatMatchesOnlyChanged(e.target.checked); + }} + checked={showThreatMatchesOnly} + color="text" + data-test-subj="showThreatMatchesOnlyCheckbox" + label={i18n.ADDITIONAL_FILTERS_ACTIONS_SHOW_THREAT_MATCHES_ONLY} + /> + ); @@ -240,5 +262,6 @@ export const AlertsUtilityBar = React.memo( prevProps.selectedEventIds === nextProps.selectedEventIds && prevProps.totalCount === nextProps.totalCount && prevProps.showClearSelection === nextProps.showClearSelection && - prevProps.showBuildingBlockAlerts === nextProps.showBuildingBlockAlerts + prevProps.showBuildingBlockAlerts === nextProps.showBuildingBlockAlerts && + prevProps.showThreatMatchesOnly === nextProps.showThreatMatchesOnly ); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts index 9307e8b1cd5f7..22af5a3a44ffd 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts @@ -42,6 +42,13 @@ export const ADDITIONAL_FILTERS_ACTIONS_SHOW_BUILDING_BLOCK = i18n.translate( } ); +export const ADDITIONAL_FILTERS_ACTIONS_SHOW_THREAT_MATCHES_ONLY = i18n.translate( + 'xpack.securitySolution.detectionEngine.alerts.utilityBar.additionalFiltersActions.showThreatMatchesOnly', + { + defaultMessage: 'Show threat indicator matches only', + } +); + export const CLEAR_SELECTION = i18n.translate( 'xpack.securitySolution.detectionEngine.alerts.utilityBar.clearSelectionTitle', { diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx index 26bc8f213ca46..ccf4b226cf919 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx @@ -12,8 +12,8 @@ jest.mock('./actions'); describe('alerts default_config', () => { describe('buildAlertsRuleIdFilter', () => { - test('given a rule id this will return an array with a single filter', () => { - const filters: Filter[] = buildAlertsRuleIdFilter('rule-id-1'); + test('given a rule id with showThreatMatchesOnly=false this will return an array with a single filter', () => { + const filters: Filter[] = buildAlertsRuleIdFilter('rule-id-1', false); const expectedFilter: Filter = { meta: { alias: null, @@ -34,6 +34,31 @@ describe('alerts default_config', () => { expect(filters).toHaveLength(1); expect(filters[0]).toEqual(expectedFilter); }); + + test('given a rule id with showThreatMatchesOnly=true this will return an array with a single filter', () => { + const filters: Filter[] = buildAlertsRuleIdFilter('rule-id-1', true); + const expectedFilter: Filter = { + meta: { + alias: null, + negate: false, + disabled: false, + }, + query: { + bool: { + must: [ + { + match_phrase: { + 'signal.rule.id': 'rule-id-1', + }, + }, + { exists: { field: 'signal.rule.threat_mapping' } }, + ], + }, + }, + }; + expect(filters).toHaveLength(1); + expect(filters[0]).toEqual(expectedFilter); + }); }); // TODO: move these tests to ../timelines/components/timeline/body/events/event_column_view.tsx // describe.skip('getAlertActions', () => { diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx index 4fae2e69ac1f6..f2267d5373eb2 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx @@ -39,25 +39,38 @@ export const buildAlertStatusFilter = (status: Status): Filter[] => [ }, ]; -export const buildAlertsRuleIdFilter = (ruleId: string): Filter[] => [ - { - meta: { - alias: null, - negate: false, - disabled: false, - type: 'phrase', - key: 'signal.rule.id', - params: { - query: ruleId, - }, - }, - query: { - match_phrase: { - 'signal.rule.id': ruleId, - }, +export const buildAlertsRuleIdFilter = ( + ruleId: string, + showThreatMatchesOnly: boolean +): Filter[] => { + const sharedMeta = { alias: null, negate: false, disabled: false }; + const matchPhraseQuery = { + match_phrase: { + 'signal.rule.id': ruleId, }, - }, -]; + }; + const filter = showThreatMatchesOnly + ? { + meta: sharedMeta, + query: { + bool: { + must: [matchPhraseQuery, { exists: { field: 'signal.rule.threat_mapping' } }], + }, + }, + } + : { + meta: { + ...sharedMeta, + type: 'phrase', + key: 'signal.rule.id', + params: { + query: ruleId, + }, + }, + query: matchPhraseQuery, + }; + return [filter]; +}; export const buildShowBuildingBlockFilter = (showBuildingBlockAlerts: boolean): Filter[] => [ ...(showBuildingBlockAlerts @@ -70,7 +83,6 @@ export const buildShowBuildingBlockFilter = (showBuildingBlockAlerts: boolean): disabled: false, type: 'exists', key: 'signal.rule.building_block_type', - value: 'exists', }, // @ts-expect-error TODO: Rework parent typings to support ExistsFilter[] exists: { field: 'signal.rule.building_block_type' }, @@ -78,6 +90,21 @@ export const buildShowBuildingBlockFilter = (showBuildingBlockAlerts: boolean): ]), ]; +export const buildThreatMatchFilter = (showThreatMatchesOnly: boolean): Filter[] => + showThreatMatchesOnly + ? [ + { + meta: { + alias: null, + negate: true, + disabled: false, + }, + // @ts-expect-error TODO: Rework parent typings to support BoolFilter[] + bool: { must_not: [{ exists: { field: 'signal.rule.threat_mapping' } }] }, + }, + ] + : []; + export const alertsHeaders: ColumnHeaderOptions[] = [ { columnHeaderType: defaultColumnHeaderType, diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.test.tsx index 5c659b7554ec2..7347c3fc92ec5 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.test.tsx @@ -40,6 +40,8 @@ describe('AlertsTableComponent', () => { clearEventsDeleted={jest.fn()} showBuildingBlockAlerts={false} onShowBuildingBlockAlertsChanged={jest.fn()} + showThreatMatchesOnly={false} + onShowThreatMatchesOnlyChanged={jest.fn()} /> ); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx index 6c88b8e29800b..290f4d0802268 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx @@ -50,22 +50,23 @@ import { useSourcererScope } from '../../../common/containers/sourcerer'; import { buildTimeRangeFilter } from './helpers'; interface OwnProps { - timelineId: TimelineIdLiteral; defaultFilters?: Filter[]; - hasIndexWrite: boolean; - hasIndexMaintenance: boolean; from: string; + hasIndexMaintenance: boolean; + hasIndexWrite: boolean; loading: boolean; onRuleChange?: () => void; - showBuildingBlockAlerts: boolean; onShowBuildingBlockAlertsChanged: (showBuildingBlockAlerts: boolean) => void; + onShowThreatMatchesOnlyChanged: (showBuildingBlockAlerts: boolean) => void; + showBuildingBlockAlerts: boolean; + showThreatMatchesOnly: boolean; + timelineId: TimelineIdLiteral; to: string; } type AlertsTableComponentProps = OwnProps & PropsFromRedux; export const AlertsTableComponent: React.FC = ({ - timelineId, clearEventsDeleted, clearEventsLoading, clearSelected, @@ -73,17 +74,20 @@ export const AlertsTableComponent: React.FC = ({ from, globalFilters, globalQuery, - hasIndexWrite, hasIndexMaintenance, + hasIndexWrite, isSelectAllChecked, loading, loadingEventIds, onRuleChange, + onShowBuildingBlockAlertsChanged, + onShowThreatMatchesOnlyChanged, selectedEventIds, setEventsDeleted, setEventsLoading, showBuildingBlockAlerts, - onShowBuildingBlockAlertsChanged, + showThreatMatchesOnly, + timelineId, to, }) => { const [showClearSelectionAction, setShowClearSelectionAction] = useState(false); @@ -262,30 +266,34 @@ export const AlertsTableComponent: React.FC = ({ 0} clearSelection={clearSelectionCallback} - hasIndexWrite={hasIndexWrite} - hasIndexMaintenance={hasIndexMaintenance} currentFilter={filterGroup} + hasIndexMaintenance={hasIndexMaintenance} + hasIndexWrite={hasIndexWrite} + onShowBuildingBlockAlertsChanged={onShowBuildingBlockAlertsChanged} + onShowThreatMatchesOnlyChanged={onShowThreatMatchesOnlyChanged} selectAll={selectAllOnAllPagesCallback} selectedEventIds={selectedEventIds} showBuildingBlockAlerts={showBuildingBlockAlerts} - onShowBuildingBlockAlertsChanged={onShowBuildingBlockAlertsChanged} showClearSelection={showClearSelectionAction} + showThreatMatchesOnly={showThreatMatchesOnly} totalCount={totalCount} updateAlertsStatus={updateAlertsStatusCallback.bind(null, refetchQuery)} /> ); }, [ - hasIndexWrite, - hasIndexMaintenance, clearSelectionCallback, filterGroup, - showBuildingBlockAlerts, - onShowBuildingBlockAlertsChanged, + hasIndexMaintenance, + hasIndexWrite, loadingEventIds.length, + onShowBuildingBlockAlertsChanged, + onShowThreatMatchesOnlyChanged, selectAllOnAllPagesCallback, selectedEventIds, + showBuildingBlockAlerts, showClearSelectionAction, + showThreatMatchesOnly, updateAlertsStatusCallback, ] ); diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx index 8d2f07e19b36a..5e7c8bd3432ba 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx @@ -50,7 +50,10 @@ import { } from '../../../timelines/components/timeline/helpers'; import { timelineSelectors } from '../../../timelines/store/timeline'; import { timelineDefaults } from '../../../timelines/store/timeline/defaults'; -import { buildShowBuildingBlockFilter } from '../../components/alerts_table/default_config'; +import { + buildShowBuildingBlockFilter, + buildThreatMatchFilter, +} from '../../components/alerts_table/default_config'; import { useSourcererScope } from '../../../common/containers/sourcerer'; import { SourcererScopeName } from '../../../common/store/sourcerer/model'; import { NeedAdminForUpdateRulesCallOut } from '../../components/callouts/need_admin_for_update_callout'; @@ -100,6 +103,7 @@ const DetectionEnginePageComponent = () => { const [lastAlerts] = useAlertInfo({}); const { formatUrl } = useFormatUrl(SecurityPageName.detections); const [showBuildingBlockAlerts, setShowBuildingBlockAlerts] = useState(false); + const [showThreatMatchesOnly, setShowThreatMatchesOnly] = useState(false); const loading = userInfoLoading || listsConfigLoading; const updateDateRangeCallback = useCallback( @@ -128,14 +132,21 @@ const DetectionEnginePageComponent = () => { ); const alertsHistogramDefaultFilters = useMemo( - () => [...filters, ...buildShowBuildingBlockFilter(showBuildingBlockAlerts)], - [filters, showBuildingBlockAlerts] + () => [ + ...filters, + ...buildShowBuildingBlockFilter(showBuildingBlockAlerts), + ...buildThreatMatchFilter(showThreatMatchesOnly), + ], + [filters, showBuildingBlockAlerts, showThreatMatchesOnly] ); // AlertsTable manages global filters itself, so not including `filters` const alertsTableDefaultFilters = useMemo( - () => buildShowBuildingBlockFilter(showBuildingBlockAlerts), - [showBuildingBlockAlerts] + () => [ + ...buildShowBuildingBlockFilter(showBuildingBlockAlerts), + ...buildThreatMatchFilter(showThreatMatchesOnly), + ], + [showBuildingBlockAlerts, showThreatMatchesOnly] ); const onShowBuildingBlockAlertsChangedCallback = useCallback( @@ -145,6 +156,13 @@ const DetectionEnginePageComponent = () => { [setShowBuildingBlockAlerts] ); + const onShowThreatMatchesOnlyChangedCallback = useCallback( + (newShowThreatMatchesOnly: boolean) => { + setShowThreatMatchesOnly(newShowThreatMatchesOnly); + }, + [setShowThreatMatchesOnly] + ); + const { indicesExist, indexPattern } = useSourcererScope(SourcererScopeName.detections); const onSkipFocusBeforeEventsTable = useCallback(() => { @@ -250,6 +268,8 @@ const DetectionEnginePageComponent = () => { defaultFilters={alertsTableDefaultFilters} showBuildingBlockAlerts={showBuildingBlockAlerts} onShowBuildingBlockAlertsChanged={onShowBuildingBlockAlertsChangedCallback} + showThreatMatchesOnly={showThreatMatchesOnly} + onShowThreatMatchesOnlyChanged={onShowThreatMatchesOnlyChangedCallback} to={to} /> diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx index dddf8ac1bb839..cee6d18f8b157 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx @@ -208,6 +208,7 @@ const RuleDetailsPageComponent = () => { }; const [lastAlerts] = useAlertInfo({ ruleId }); const [showBuildingBlockAlerts, setShowBuildingBlockAlerts] = useState(false); + const [showThreatMatchesOnly, setShowThreatMatchesOnly] = useState(false); const mlCapabilities = useMlCapabilities(); const history = useHistory(); const { formatUrl } = useFormatUrl(SecurityPageName.detections); @@ -286,10 +287,10 @@ const RuleDetailsPageComponent = () => { const alertDefaultFilters = useMemo( () => [ - ...(ruleId != null ? buildAlertsRuleIdFilter(ruleId) : []), + ...(ruleId != null ? buildAlertsRuleIdFilter(ruleId, showThreatMatchesOnly) : []), ...buildShowBuildingBlockFilter(showBuildingBlockAlerts), ], - [ruleId, showBuildingBlockAlerts] + [ruleId, showBuildingBlockAlerts, showThreatMatchesOnly] ); const alertMergedFilters = useMemo(() => [...alertDefaultFilters, ...filters], [ @@ -446,6 +447,13 @@ const RuleDetailsPageComponent = () => { [setShowBuildingBlockAlerts] ); + const onShowThreatMatchesOnlyChangedCallback = useCallback( + (newShowThreatMatchesOnly: boolean) => { + setShowThreatMatchesOnly(newShowThreatMatchesOnly); + }, + [setShowThreatMatchesOnly] + ); + const { indicesExist, indexPattern } = useSourcererScope(SourcererScopeName.detections); const exceptionLists = useMemo((): { @@ -670,7 +678,9 @@ const RuleDetailsPageComponent = () => { from={from} loading={loading} showBuildingBlockAlerts={showBuildingBlockAlerts} + showThreatMatchesOnly={showThreatMatchesOnly} onShowBuildingBlockAlertsChanged={onShowBuildingBlockAlertsChangedCallback} + onShowThreatMatchesOnlyChanged={onShowThreatMatchesOnlyChangedCallback} onRuleChange={refreshRule} to={to} /> From 66be4d29c9746576fa23d52a5ea7bb5de9a10790 Mon Sep 17 00:00:00 2001 From: Ece Ozalp Date: Mon, 5 Apr 2021 11:35:05 -0400 Subject: [PATCH 2/7] fixes type error, updates meta values of filters --- .../components/exceptions/use_add_exception.tsx | 2 +- .../components/alerts_table/default_config.test.tsx | 2 ++ .../components/alerts_table/default_config.tsx | 13 ++++++++++--- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx index 614f5301c82e2..fc16baae347c3 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx @@ -130,7 +130,7 @@ export const useAddOrUpdateException = ({ const filter = getQueryFilter( '', 'kuery', - [...buildAlertsRuleIdFilter(ruleId), ...buildAlertStatusFilter('open')], + [...buildAlertsRuleIdFilter(ruleId, false), ...buildAlertStatusFilter('open')], bulkCloseIndex, prepareExceptionItemsForBulkClose(exceptionItemsToAddOrUpdate), false diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx index ccf4b226cf919..c708ec0e17f3e 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx @@ -42,6 +42,8 @@ describe('alerts default_config', () => { alias: null, negate: false, disabled: false, + key: 'signal.rule.threat_mapping', + type: 'phrases', }, query: { bool: { diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx index f2267d5373eb2..6559c363765c8 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx @@ -51,7 +51,11 @@ export const buildAlertsRuleIdFilter = ( }; const filter = showThreatMatchesOnly ? { - meta: sharedMeta, + meta: { + ...sharedMeta, + type: 'phrases', + key: 'signal.rule.threat_mapping', + }, query: { bool: { must: [matchPhraseQuery, { exists: { field: 'signal.rule.threat_mapping' } }], @@ -83,6 +87,7 @@ export const buildShowBuildingBlockFilter = (showBuildingBlockAlerts: boolean): disabled: false, type: 'exists', key: 'signal.rule.building_block_type', + value: 'exists', }, // @ts-expect-error TODO: Rework parent typings to support ExistsFilter[] exists: { field: 'signal.rule.building_block_type' }, @@ -96,11 +101,13 @@ export const buildThreatMatchFilter = (showThreatMatchesOnly: boolean): Filter[] { meta: { alias: null, - negate: true, disabled: false, + key: 'signal.rule.threat_mapping', + type: 'exists', + value: 'exists', }, // @ts-expect-error TODO: Rework parent typings to support BoolFilter[] - bool: { must_not: [{ exists: { field: 'signal.rule.threat_mapping' } }] }, + exists: { field: 'signal.rule.threat_mapping' }, }, ] : []; From 20c3466362e6a0a57bb42b243dfe5da0b1dc4089 Mon Sep 17 00:00:00 2001 From: Ece Ozalp Date: Tue, 6 Apr 2021 11:34:50 -0400 Subject: [PATCH 3/7] =?UTF-8?q?Reverts=20change=20to=20buildAlertsRuleIdFi?= =?UTF-8?q?lter,=20and=20combines=20the=20threat=20=E2=80=A6=20filter=20in?= =?UTF-8?q?stead=20to=20achieve=20the=20same=20result.=20An=20old=20TODO?= =?UTF-8?q?=20has=20been=20addressed=20by=20adding=20an=20optional=20boole?= =?UTF-8?q?an=20exists=20to=20Filter=20type?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../exceptions/use_add_exception.tsx | 2 +- .../alerts_table/default_config.test.tsx | 53 ++++++++------- .../alerts_table/default_config.tsx | 66 ++++++++----------- .../detection_engine/rules/details/index.tsx | 4 +- 4 files changed, 56 insertions(+), 69 deletions(-) diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx index fc16baae347c3..614f5301c82e2 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx @@ -130,7 +130,7 @@ export const useAddOrUpdateException = ({ const filter = getQueryFilter( '', 'kuery', - [...buildAlertsRuleIdFilter(ruleId, false), ...buildAlertStatusFilter('open')], + [...buildAlertsRuleIdFilter(ruleId), ...buildAlertStatusFilter('open')], bulkCloseIndex, prepareExceptionItemsForBulkClose(exceptionItemsToAddOrUpdate), false diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx index c708ec0e17f3e..2cfcf49b6c781 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx @@ -6,14 +6,14 @@ */ import { Filter } from '../../../../../../../src/plugins/data/common/es_query'; -import { buildAlertsRuleIdFilter } from './default_config'; +import { buildAlertsRuleIdFilter, buildThreatMatchFilter } from './default_config'; jest.mock('./actions'); describe('alerts default_config', () => { describe('buildAlertsRuleIdFilter', () => { - test('given a rule id with showThreatMatchesOnly=false this will return an array with a single filter', () => { - const filters: Filter[] = buildAlertsRuleIdFilter('rule-id-1', false); + test('given a rule id this will return an array with a single filter', () => { + const filters: Filter[] = buildAlertsRuleIdFilter('rule-id-1'); const expectedFilter: Filter = { meta: { alias: null, @@ -35,33 +35,32 @@ describe('alerts default_config', () => { expect(filters[0]).toEqual(expectedFilter); }); - test('given a rule id with showThreatMatchesOnly=true this will return an array with a single filter', () => { - const filters: Filter[] = buildAlertsRuleIdFilter('rule-id-1', true); - const expectedFilter: Filter = { - meta: { - alias: null, - negate: false, - disabled: false, - key: 'signal.rule.threat_mapping', - type: 'phrases', - }, - query: { - bool: { - must: [ - { - match_phrase: { - 'signal.rule.id': 'rule-id-1', - }, - }, - { exists: { field: 'signal.rule.threat_mapping' } }, - ], + describe('buildThreatMatchFilter', () => { + test('given a showThreatMatchesOnly=true this will return an array with a single filter', () => { + const filters: Filter[] = buildThreatMatchFilter(true); + const expectedFilter: Filter = { + meta: { + alias: null, + disabled: false, + negate: false, + key: 'signal.rule.threat_mapping', + type: 'exists', + value: 'exists', }, - }, - }; - expect(filters).toHaveLength(1); - expect(filters[0]).toEqual(expectedFilter); + exists: { + field: 'signal.rule.threat_mapping', + }, + }; + expect(filters).toHaveLength(1); + expect(filters[0]).toEqual(expectedFilter); + }); + test('given a showThreatMatchesOnly=false this will return an empty filter', () => { + const filters: Filter[] = buildThreatMatchFilter(false); + expect(filters).toHaveLength(0); + }); }); }); + // TODO: move these tests to ../timelines/components/timeline/body/events/event_column_view.tsx // describe.skip('getAlertActions', () => { // let setEventsLoading: ({ eventIds, isLoading }: SetEventsLoadingProps) => void; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx index 6559c363765c8..dd2da84573f8b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx @@ -39,47 +39,32 @@ export const buildAlertStatusFilter = (status: Status): Filter[] => [ }, ]; -export const buildAlertsRuleIdFilter = ( - ruleId: string, - showThreatMatchesOnly: boolean -): Filter[] => { - const sharedMeta = { alias: null, negate: false, disabled: false }; - const matchPhraseQuery = { - match_phrase: { - 'signal.rule.id': ruleId, - }, - }; - const filter = showThreatMatchesOnly - ? { - meta: { - ...sharedMeta, - type: 'phrases', - key: 'signal.rule.threat_mapping', - }, - query: { - bool: { - must: [matchPhraseQuery, { exists: { field: 'signal.rule.threat_mapping' } }], +export const buildAlertsRuleIdFilter = (ruleId: string | null): Filter[] => + ruleId + ? [ + { + meta: { + alias: null, + negate: false, + disabled: false, + type: 'phrase', + key: 'signal.rule.id', + params: { + query: ruleId, + }, }, - }, - } - : { - meta: { - ...sharedMeta, - type: 'phrase', - key: 'signal.rule.id', - params: { - query: ruleId, + query: { + match_phrase: { + 'signal.rule.id': ruleId, + }, }, }, - query: matchPhraseQuery, - }; - return [filter]; -}; + ] + : []; -export const buildShowBuildingBlockFilter = (showBuildingBlockAlerts: boolean): Filter[] => [ - ...(showBuildingBlockAlerts - ? [] - : [ +export const buildShowBuildingBlockFilter = (showBuildingBlockAlerts: boolean): Filter[] => + showBuildingBlockAlerts + ? [ { meta: { alias: null, @@ -92,8 +77,8 @@ export const buildShowBuildingBlockFilter = (showBuildingBlockAlerts: boolean): // @ts-expect-error TODO: Rework parent typings to support ExistsFilter[] exists: { field: 'signal.rule.building_block_type' }, }, - ]), -]; + ] + : []; export const buildThreatMatchFilter = (showThreatMatchesOnly: boolean): Filter[] => showThreatMatchesOnly @@ -102,11 +87,12 @@ export const buildThreatMatchFilter = (showThreatMatchesOnly: boolean): Filter[] meta: { alias: null, disabled: false, + negate: false, key: 'signal.rule.threat_mapping', type: 'exists', value: 'exists', }, - // @ts-expect-error TODO: Rework parent typings to support BoolFilter[] + // @ts-expect-error TODO: Rework parent typings to support ExistsFilter[] exists: { field: 'signal.rule.threat_mapping' }, }, ] diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx index cee6d18f8b157..14580f0dfea98 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx @@ -59,6 +59,7 @@ import { StepScheduleRule } from '../../../../components/rules/step_schedule_rul import { buildAlertsRuleIdFilter, buildShowBuildingBlockFilter, + buildThreatMatchFilter, } from '../../../../components/alerts_table/default_config'; import { ReadOnlyAlertsCallOut } from '../../../../components/callouts/read_only_alerts_callout'; import { ReadOnlyRulesCallOut } from '../../../../components/callouts/read_only_rules_callout'; @@ -287,8 +288,9 @@ const RuleDetailsPageComponent = () => { const alertDefaultFilters = useMemo( () => [ - ...(ruleId != null ? buildAlertsRuleIdFilter(ruleId, showThreatMatchesOnly) : []), + ...buildAlertsRuleIdFilter(ruleId), ...buildShowBuildingBlockFilter(showBuildingBlockAlerts), + ...buildThreatMatchFilter(showThreatMatchesOnly), ], [ruleId, showBuildingBlockAlerts, showThreatMatchesOnly] ); From 0ac8f878b963776c33f8b37b09ca7a178f88d875 Mon Sep 17 00:00:00 2001 From: Ece Ozalp Date: Tue, 6 Apr 2021 12:55:22 -0400 Subject: [PATCH 4/7] Adds ts-ignore to default_config.test.ts --- .../detections/components/alerts_table/default_config.test.tsx | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx index 2cfcf49b6c781..93b5e3cfc858b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx @@ -47,6 +47,7 @@ describe('alerts default_config', () => { type: 'exists', value: 'exists', }, + // @ts-expect-error TODO: Rework parent typings to support ExistsFilter[] exists: { field: 'signal.rule.threat_mapping', }, From 6052993ccc274e53763980e83ac7bb59206ccf4d Mon Sep 17 00:00:00 2001 From: Ece Ozalp Date: Wed, 7 Apr 2021 12:37:54 -0400 Subject: [PATCH 5/7] updates AdditionalFilterContent gutter size and message --- .../alerts_table/alerts_utility_bar/index.tsx | 11 +++-------- .../alerts_table/alerts_utility_bar/translations.ts | 2 +- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx index c549e3b89efeb..e8486df6b083c 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx @@ -58,11 +58,6 @@ const BuildingBlockContainer = styled(EuiFlexItem)` rgba(245, 167, 0, 0.05) 2px, rgba(245, 167, 0, 0.05) 10px ); - padding: ${({ theme }) => `${theme.eui.paddingSizes.xs}`}; -`; - -const ThreatMatchContainer = styled(EuiFlexItem)` - padding: ${({ theme }) => `${theme.eui.paddingSizes.xs}`}; `; const AlertsUtilityBarComponent: React.FC = ({ @@ -152,7 +147,7 @@ const AlertsUtilityBarComponent: React.FC = ({ ); const UtilityBarAdditionalFiltersContent = (closePopover: () => void) => ( - + = ({ label={i18n.ADDITIONAL_FILTERS_ACTIONS_SHOW_BUILDING_BLOCK} /> - + = ({ data-test-subj="showThreatMatchesOnlyCheckbox" label={i18n.ADDITIONAL_FILTERS_ACTIONS_SHOW_THREAT_MATCHES_ONLY} /> - + ); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts index 22af5a3a44ffd..8b9d320171b3b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts @@ -45,7 +45,7 @@ export const ADDITIONAL_FILTERS_ACTIONS_SHOW_BUILDING_BLOCK = i18n.translate( export const ADDITIONAL_FILTERS_ACTIONS_SHOW_THREAT_MATCHES_ONLY = i18n.translate( 'xpack.securitySolution.detectionEngine.alerts.utilityBar.additionalFiltersActions.showThreatMatchesOnly', { - defaultMessage: 'Show threat indicator matches only', + defaultMessage: 'Show only threat indicator alerts', } ); From cce193f5a3c5cd957293e61b67a5dc77bad3a6be Mon Sep 17 00:00:00 2001 From: Ece Ozalp Date: Mon, 12 Apr 2021 14:12:30 -0400 Subject: [PATCH 6/7] fixes reverted buildShowBuildingBlockFilter logic --- .../detections/components/alerts_table/default_config.tsx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx index dd2da84573f8b..3f89bb3c4e8ca 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx @@ -64,7 +64,8 @@ export const buildAlertsRuleIdFilter = (ruleId: string | null): Filter[] => export const buildShowBuildingBlockFilter = (showBuildingBlockAlerts: boolean): Filter[] => showBuildingBlockAlerts - ? [ + ? [] + : [ { meta: { alias: null, @@ -77,8 +78,7 @@ export const buildShowBuildingBlockFilter = (showBuildingBlockAlerts: boolean): // @ts-expect-error TODO: Rework parent typings to support ExistsFilter[] exists: { field: 'signal.rule.building_block_type' }, }, - ] - : []; + ]; export const buildThreatMatchFilter = (showThreatMatchesOnly: boolean): Filter[] => showThreatMatchesOnly From 5ae850c45be4f5d9e3b4f2a3aa5286a6e06d26fe Mon Sep 17 00:00:00 2001 From: Ece Ozalp Date: Mon, 12 Apr 2021 14:39:03 -0400 Subject: [PATCH 7/7] rename commit --- .../alerts_utility_bar/index.test.tsx | 68 +++++++++---------- .../alerts_table/alerts_utility_bar/index.tsx | 23 ++++--- .../alerts_utility_bar/translations.ts | 4 +- .../alerts_table/default_config.test.tsx | 4 +- .../alerts_table/default_config.tsx | 4 +- .../components/alerts_table/index.test.tsx | 4 +- .../components/alerts_table/index.tsx | 16 ++--- .../detection_engine/detection_engine.tsx | 22 +++--- .../detection_engine/rules/details/index.tsx | 18 ++--- 9 files changed, 82 insertions(+), 81 deletions(-) diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.test.tsx index 651731fbfcf1b..4ca2980dc74e5 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.test.tsx @@ -23,12 +23,12 @@ describe('AlertsUtilityBar', () => { hasIndexMaintenance={true} hasIndexWrite={true} onShowBuildingBlockAlertsChanged={jest.fn()} - onShowThreatMatchesOnlyChanged={jest.fn()} + onShowOnlyThreatIndicatorAlertsChanged={jest.fn()} selectAll={jest.fn()} selectedEventIds={{}} showBuildingBlockAlerts={false} showClearSelection={true} - showThreatMatchesOnly={false} + showOnlyThreatIndicatorAlerts={false} totalCount={100} updateAlertsStatus={jest.fn()} /> @@ -49,12 +49,12 @@ describe('AlertsUtilityBar', () => { hasIndexMaintenance={true} hasIndexWrite={true} onShowBuildingBlockAlertsChanged={onShowBuildingBlockAlertsChanged} - onShowThreatMatchesOnlyChanged={jest.fn()} + onShowOnlyThreatIndicatorAlertsChanged={jest.fn()} selectAll={jest.fn()} selectedEventIds={{}} showBuildingBlockAlerts={false} // Does not show showBuildingBlockAlerts checked if this is false showClearSelection={true} - showThreatMatchesOnly={false} + showOnlyThreatIndicatorAlerts={false} totalCount={100} updateAlertsStatus={jest.fn()} /> @@ -76,7 +76,7 @@ describe('AlertsUtilityBar', () => { ).toEqual(false); }); - test('does not show the showThreatMatchesOnly checked if the showThreatMatchOnly is false', () => { + test('does not show the showOnlyThreatIndicatorAlerts checked if the showThreatMatchOnly is false', () => { const wrapper = mount( { hasIndexMaintenance={true} hasIndexWrite={true} onShowBuildingBlockAlertsChanged={jest.fn()} - onShowThreatMatchesOnlyChanged={jest.fn()} + onShowOnlyThreatIndicatorAlertsChanged={jest.fn()} selectAll={jest.fn()} selectedEventIds={{}} showBuildingBlockAlerts={false} // Does not show showBuildingBlockAlerts checked if this is false showClearSelection={true} - showThreatMatchesOnly={false} + showOnlyThreatIndicatorAlerts={false} totalCount={100} updateAlertsStatus={jest.fn()} /> @@ -107,7 +107,7 @@ describe('AlertsUtilityBar', () => { // The check box should be false expect( wrapper - .find('[data-test-subj="showThreatMatchesOnlyCheckbox"] input') + .find('[data-test-subj="showOnlyThreatIndicatorAlertsCheckbox"] input') .first() .prop('checked') ).toEqual(false); @@ -124,12 +124,12 @@ describe('AlertsUtilityBar', () => { hasIndexMaintenance={true} hasIndexWrite={true} onShowBuildingBlockAlertsChanged={onShowBuildingBlockAlertsChanged} - onShowThreatMatchesOnlyChanged={jest.fn()} + onShowOnlyThreatIndicatorAlertsChanged={jest.fn()} selectAll={jest.fn()} selectedEventIds={{}} showBuildingBlockAlerts={true} // Does show showBuildingBlockAlerts checked if this is true showClearSelection={true} - showThreatMatchesOnly={false} + showOnlyThreatIndicatorAlerts={false} totalCount={100} updateAlertsStatus={jest.fn()} /> @@ -151,7 +151,7 @@ describe('AlertsUtilityBar', () => { ).toEqual(true); }); - test('does show the showThreatMatchesOnly checked if the showThreatMatchesOnly is true', () => { + test('does show the showOnlyThreatIndicatorAlerts checked if the showOnlyThreatIndicatorAlerts is true', () => { const wrapper = mount( { hasIndexMaintenance={true} hasIndexWrite={true} onShowBuildingBlockAlertsChanged={jest.fn()} - onShowThreatMatchesOnlyChanged={jest.fn()} + onShowOnlyThreatIndicatorAlertsChanged={jest.fn()} selectAll={jest.fn()} selectedEventIds={{}} showBuildingBlockAlerts={true} // Does show showBuildingBlockAlerts checked if this is true showClearSelection={true} - showThreatMatchesOnly={true} + showOnlyThreatIndicatorAlerts={true} totalCount={100} updateAlertsStatus={jest.fn()} /> @@ -182,7 +182,7 @@ describe('AlertsUtilityBar', () => { // The check box should be true expect( wrapper - .find('[data-test-subj="showThreatMatchesOnlyCheckbox"] input') + .find('[data-test-subj="showOnlyThreatIndicatorAlertsCheckbox"] input') .first() .prop('checked') ).toEqual(true); @@ -199,12 +199,12 @@ describe('AlertsUtilityBar', () => { hasIndexMaintenance={true} hasIndexWrite={true} onShowBuildingBlockAlertsChanged={onShowBuildingBlockAlertsChanged} - onShowThreatMatchesOnlyChanged={jest.fn()} + onShowOnlyThreatIndicatorAlertsChanged={jest.fn()} selectAll={jest.fn()} selectedEventIds={{}} showBuildingBlockAlerts={false} showClearSelection={true} - showThreatMatchesOnly={false} + showOnlyThreatIndicatorAlerts={false} totalCount={100} updateAlertsStatus={jest.fn()} /> @@ -227,8 +227,8 @@ describe('AlertsUtilityBar', () => { expect(onShowBuildingBlockAlertsChanged).toHaveBeenCalled(); }); - test('calls the onShowThreatMatchesOnlyChanged when the check box is clicked', () => { - const onShowThreatMatchesOnlyChanged = jest.fn(); + test('calls the onShowOnlyThreatIndicatorAlertsChanged when the check box is clicked', () => { + const onShowOnlyThreatIndicatorAlertsChanged = jest.fn(); const wrapper = mount( { hasIndexMaintenance={true} hasIndexWrite={true} onShowBuildingBlockAlertsChanged={jest.fn()} - onShowThreatMatchesOnlyChanged={onShowThreatMatchesOnlyChanged} + onShowOnlyThreatIndicatorAlertsChanged={onShowOnlyThreatIndicatorAlertsChanged} selectAll={jest.fn()} selectedEventIds={{}} showBuildingBlockAlerts={false} showClearSelection={true} - showThreatMatchesOnly={false} + showOnlyThreatIndicatorAlerts={false} totalCount={100} updateAlertsStatus={jest.fn()} /> @@ -258,12 +258,12 @@ describe('AlertsUtilityBar', () => { // check the box wrapper - .find('[data-test-subj="showThreatMatchesOnlyCheckbox"] input') + .find('[data-test-subj="showOnlyThreatIndicatorAlertsCheckbox"] input') .first() .simulate('change', { target: { checked: true } }); // Make sure our callback is called - expect(onShowThreatMatchesOnlyChanged).toHaveBeenCalled(); + expect(onShowOnlyThreatIndicatorAlertsChanged).toHaveBeenCalled(); }); test('can update showBuildingBlockAlerts from false to true', () => { @@ -276,12 +276,12 @@ describe('AlertsUtilityBar', () => { hasIndexMaintenance={true} hasIndexWrite={true} onShowBuildingBlockAlertsChanged={jest.fn()} - onShowThreatMatchesOnlyChanged={jest.fn()} + onShowOnlyThreatIndicatorAlertsChanged={jest.fn()} selectAll={jest.fn()} selectedEventIds={{}} showBuildingBlockAlerts={props.showBuildingBlockAlerts} showClearSelection={true} - showThreatMatchesOnly={false} + showOnlyThreatIndicatorAlerts={false} totalCount={100} updateAlertsStatus={jest.fn()} /> @@ -296,12 +296,12 @@ describe('AlertsUtilityBar', () => { hasIndexMaintenance={true} hasIndexWrite={true} onShowBuildingBlockAlertsChanged={jest.fn()} - onShowThreatMatchesOnlyChanged={jest.fn()} + onShowOnlyThreatIndicatorAlertsChanged={jest.fn()} selectAll={jest.fn()} selectedEventIds={{}} showBuildingBlockAlerts={false} showClearSelection={true} - showThreatMatchesOnly={false} + showOnlyThreatIndicatorAlerts={false} totalCount={100} updateAlertsStatus={jest.fn()} /> @@ -340,7 +340,7 @@ describe('AlertsUtilityBar', () => { ).toEqual(true); }); - test('can update showThreatMatchesOnly from false to true', () => { + test('can update showOnlyThreatIndicatorAlerts from false to true', () => { const Proxy = (props: AlertsUtilityBarProps) => ( { hasIndexMaintenance={true} hasIndexWrite={true} onShowBuildingBlockAlertsChanged={jest.fn()} - onShowThreatMatchesOnlyChanged={jest.fn()} + onShowOnlyThreatIndicatorAlertsChanged={jest.fn()} selectAll={jest.fn()} selectedEventIds={{}} showBuildingBlockAlerts={false} showClearSelection={true} - showThreatMatchesOnly={props.showThreatMatchesOnly} + showOnlyThreatIndicatorAlerts={props.showOnlyThreatIndicatorAlerts} totalCount={100} updateAlertsStatus={jest.fn()} /> @@ -370,12 +370,12 @@ describe('AlertsUtilityBar', () => { hasIndexMaintenance={true} hasIndexWrite={true} onShowBuildingBlockAlertsChanged={jest.fn()} - onShowThreatMatchesOnlyChanged={jest.fn()} + onShowOnlyThreatIndicatorAlertsChanged={jest.fn()} selectAll={jest.fn()} selectedEventIds={{}} showBuildingBlockAlerts={false} showClearSelection={true} - showThreatMatchesOnly={false} + showOnlyThreatIndicatorAlerts={false} totalCount={100} updateAlertsStatus={jest.fn()} /> @@ -390,12 +390,12 @@ describe('AlertsUtilityBar', () => { // The check box should false now since we initially set the showBuildingBlockAlerts to false expect( wrapper - .find('[data-test-subj="showThreatMatchesOnlyCheckbox"] input') + .find('[data-test-subj="showOnlyThreatIndicatorAlertsCheckbox"] input') .first() .prop('checked') ).toEqual(false); - wrapper.setProps({ showThreatMatchesOnly: true }); + wrapper.setProps({ showOnlyThreatIndicatorAlerts: true }); wrapper.update(); // click the filters button to popup the checkbox to make it visible @@ -408,7 +408,7 @@ describe('AlertsUtilityBar', () => { // The check box should be true now since we changed the showBuildingBlockAlerts from false to true expect( wrapper - .find('[data-test-subj="showThreatMatchesOnlyCheckbox"] input') + .find('[data-test-subj="showOnlyThreatIndicatorAlertsCheckbox"] input') .first() .prop('checked') ).toEqual(true); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx index e8486df6b083c..bda8c85ddb315 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/index.tsx @@ -36,12 +36,12 @@ export interface AlertsUtilityBarProps { hasIndexMaintenance: boolean; hasIndexWrite: boolean; onShowBuildingBlockAlertsChanged: (showBuildingBlockAlerts: boolean) => void; - onShowThreatMatchesOnlyChanged: (showThreatMatchesOnly: boolean) => void; + onShowOnlyThreatIndicatorAlertsChanged: (showOnlyThreatIndicatorAlerts: boolean) => void; selectAll: () => void; selectedEventIds: Readonly>; showBuildingBlockAlerts: boolean; showClearSelection: boolean; - showThreatMatchesOnly: boolean; + showOnlyThreatIndicatorAlerts: boolean; totalCount: number; updateAlertsStatus: UpdateAlertsStatus; } @@ -67,12 +67,12 @@ const AlertsUtilityBarComponent: React.FC = ({ hasIndexMaintenance, hasIndexWrite, onShowBuildingBlockAlertsChanged, - onShowThreatMatchesOnlyChanged, + onShowOnlyThreatIndicatorAlertsChanged, selectAll, selectedEventIds, showBuildingBlockAlerts, showClearSelection, - showThreatMatchesOnly, + showOnlyThreatIndicatorAlerts, totalCount, updateAlertsStatus, }) => { @@ -164,16 +164,16 @@ const AlertsUtilityBarComponent: React.FC = ({ ) => { closePopover(); - onShowThreatMatchesOnlyChanged(e.target.checked); + onShowOnlyThreatIndicatorAlertsChanged(e.target.checked); }} - checked={showThreatMatchesOnly} + checked={showOnlyThreatIndicatorAlerts} color="text" - data-test-subj="showThreatMatchesOnlyCheckbox" - label={i18n.ADDITIONAL_FILTERS_ACTIONS_SHOW_THREAT_MATCHES_ONLY} + data-test-subj="showOnlyThreatIndicatorAlertsCheckbox" + label={i18n.ADDITIONAL_FILTERS_ACTIONS_SHOW_ONLY_THREAT_INDICATOR_ALERTS} /> @@ -258,5 +258,6 @@ export const AlertsUtilityBar = React.memo( prevProps.totalCount === nextProps.totalCount && prevProps.showClearSelection === nextProps.showClearSelection && prevProps.showBuildingBlockAlerts === nextProps.showBuildingBlockAlerts && - prevProps.showThreatMatchesOnly === nextProps.showThreatMatchesOnly + prevProps.onShowOnlyThreatIndicatorAlertsChanged === + nextProps.onShowOnlyThreatIndicatorAlertsChanged ); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts index 8b9d320171b3b..c52e443c50753 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/alerts_utility_bar/translations.ts @@ -42,8 +42,8 @@ export const ADDITIONAL_FILTERS_ACTIONS_SHOW_BUILDING_BLOCK = i18n.translate( } ); -export const ADDITIONAL_FILTERS_ACTIONS_SHOW_THREAT_MATCHES_ONLY = i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.utilityBar.additionalFiltersActions.showThreatMatchesOnly', +export const ADDITIONAL_FILTERS_ACTIONS_SHOW_ONLY_THREAT_INDICATOR_ALERTS = i18n.translate( + 'xpack.securitySolution.detectionEngine.alerts.utilityBar.additionalFiltersActions.showOnlyThreatIndicatorAlerts', { defaultMessage: 'Show only threat indicator alerts', } diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx index 93b5e3cfc858b..79c2a45273c33 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx @@ -36,7 +36,7 @@ describe('alerts default_config', () => { }); describe('buildThreatMatchFilter', () => { - test('given a showThreatMatchesOnly=true this will return an array with a single filter', () => { + test('given a showOnlyThreatIndicatorAlerts=true this will return an array with a single filter', () => { const filters: Filter[] = buildThreatMatchFilter(true); const expectedFilter: Filter = { meta: { @@ -55,7 +55,7 @@ describe('alerts default_config', () => { expect(filters).toHaveLength(1); expect(filters[0]).toEqual(expectedFilter); }); - test('given a showThreatMatchesOnly=false this will return an empty filter', () => { + test('given a showOnlyThreatIndicatorAlerts=false this will return an empty filter', () => { const filters: Filter[] = buildThreatMatchFilter(false); expect(filters).toHaveLength(0); }); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx index 3f89bb3c4e8ca..6a83039bf1ec8 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx @@ -80,8 +80,8 @@ export const buildShowBuildingBlockFilter = (showBuildingBlockAlerts: boolean): }, ]; -export const buildThreatMatchFilter = (showThreatMatchesOnly: boolean): Filter[] => - showThreatMatchesOnly +export const buildThreatMatchFilter = (showOnlyThreatIndicatorAlerts: boolean): Filter[] => + showOnlyThreatIndicatorAlerts ? [ { meta: { diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.test.tsx index 7347c3fc92ec5..be11aecfe47dd 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.test.tsx @@ -40,8 +40,8 @@ describe('AlertsTableComponent', () => { clearEventsDeleted={jest.fn()} showBuildingBlockAlerts={false} onShowBuildingBlockAlertsChanged={jest.fn()} - showThreatMatchesOnly={false} - onShowThreatMatchesOnlyChanged={jest.fn()} + showOnlyThreatIndicatorAlerts={false} + onShowOnlyThreatIndicatorAlertsChanged={jest.fn()} /> ); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx index 93bde2ab17e14..2890eb912b84c 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx @@ -59,9 +59,9 @@ interface OwnProps { loading: boolean; onRuleChange?: () => void; onShowBuildingBlockAlertsChanged: (showBuildingBlockAlerts: boolean) => void; - onShowThreatMatchesOnlyChanged: (showBuildingBlockAlerts: boolean) => void; + onShowOnlyThreatIndicatorAlertsChanged: (showOnlyThreatIndicatorAlerts: boolean) => void; showBuildingBlockAlerts: boolean; - showThreatMatchesOnly: boolean; + showOnlyThreatIndicatorAlerts: boolean; timelineId: TimelineIdLiteral; to: string; } @@ -83,12 +83,12 @@ export const AlertsTableComponent: React.FC = ({ loadingEventIds, onRuleChange, onShowBuildingBlockAlertsChanged, - onShowThreatMatchesOnlyChanged, + onShowOnlyThreatIndicatorAlertsChanged, selectedEventIds, setEventsDeleted, setEventsLoading, showBuildingBlockAlerts, - showThreatMatchesOnly, + showOnlyThreatIndicatorAlerts, timelineId, to, }) => { @@ -272,12 +272,12 @@ export const AlertsTableComponent: React.FC = ({ hasIndexMaintenance={hasIndexMaintenance} hasIndexWrite={hasIndexWrite} onShowBuildingBlockAlertsChanged={onShowBuildingBlockAlertsChanged} - onShowThreatMatchesOnlyChanged={onShowThreatMatchesOnlyChanged} + onShowOnlyThreatIndicatorAlertsChanged={onShowOnlyThreatIndicatorAlertsChanged} selectAll={selectAllOnAllPagesCallback} selectedEventIds={selectedEventIds} showBuildingBlockAlerts={showBuildingBlockAlerts} showClearSelection={showClearSelectionAction} - showThreatMatchesOnly={showThreatMatchesOnly} + showOnlyThreatIndicatorAlerts={showOnlyThreatIndicatorAlerts} totalCount={totalCount} updateAlertsStatus={updateAlertsStatusCallback.bind(null, refetchQuery)} /> @@ -290,12 +290,12 @@ export const AlertsTableComponent: React.FC = ({ hasIndexWrite, loadingEventIds.length, onShowBuildingBlockAlertsChanged, - onShowThreatMatchesOnlyChanged, + onShowOnlyThreatIndicatorAlertsChanged, selectAllOnAllPagesCallback, selectedEventIds, showBuildingBlockAlerts, showClearSelectionAction, - showThreatMatchesOnly, + showOnlyThreatIndicatorAlerts, updateAlertsStatusCallback, ] ); diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx index 5e7c8bd3432ba..02e18d09710d7 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx @@ -103,7 +103,7 @@ const DetectionEnginePageComponent = () => { const [lastAlerts] = useAlertInfo({}); const { formatUrl } = useFormatUrl(SecurityPageName.detections); const [showBuildingBlockAlerts, setShowBuildingBlockAlerts] = useState(false); - const [showThreatMatchesOnly, setShowThreatMatchesOnly] = useState(false); + const [showOnlyThreatIndicatorAlerts, setShowOnlyThreatIndicatorAlerts] = useState(false); const loading = userInfoLoading || listsConfigLoading; const updateDateRangeCallback = useCallback( @@ -135,18 +135,18 @@ const DetectionEnginePageComponent = () => { () => [ ...filters, ...buildShowBuildingBlockFilter(showBuildingBlockAlerts), - ...buildThreatMatchFilter(showThreatMatchesOnly), + ...buildThreatMatchFilter(showOnlyThreatIndicatorAlerts), ], - [filters, showBuildingBlockAlerts, showThreatMatchesOnly] + [filters, showBuildingBlockAlerts, showOnlyThreatIndicatorAlerts] ); // AlertsTable manages global filters itself, so not including `filters` const alertsTableDefaultFilters = useMemo( () => [ ...buildShowBuildingBlockFilter(showBuildingBlockAlerts), - ...buildThreatMatchFilter(showThreatMatchesOnly), + ...buildThreatMatchFilter(showOnlyThreatIndicatorAlerts), ], - [showBuildingBlockAlerts, showThreatMatchesOnly] + [showBuildingBlockAlerts, showOnlyThreatIndicatorAlerts] ); const onShowBuildingBlockAlertsChangedCallback = useCallback( @@ -156,11 +156,11 @@ const DetectionEnginePageComponent = () => { [setShowBuildingBlockAlerts] ); - const onShowThreatMatchesOnlyChangedCallback = useCallback( - (newShowThreatMatchesOnly: boolean) => { - setShowThreatMatchesOnly(newShowThreatMatchesOnly); + const onShowOnlyThreatIndicatorAlertsCallback = useCallback( + (newShowOnlyThreatIndicatorAlerts: boolean) => { + setShowOnlyThreatIndicatorAlerts(newShowOnlyThreatIndicatorAlerts); }, - [setShowThreatMatchesOnly] + [setShowOnlyThreatIndicatorAlerts] ); const { indicesExist, indexPattern } = useSourcererScope(SourcererScopeName.detections); @@ -268,8 +268,8 @@ const DetectionEnginePageComponent = () => { defaultFilters={alertsTableDefaultFilters} showBuildingBlockAlerts={showBuildingBlockAlerts} onShowBuildingBlockAlertsChanged={onShowBuildingBlockAlertsChangedCallback} - showThreatMatchesOnly={showThreatMatchesOnly} - onShowThreatMatchesOnlyChanged={onShowThreatMatchesOnlyChangedCallback} + showOnlyThreatIndicatorAlerts={showOnlyThreatIndicatorAlerts} + onShowOnlyThreatIndicatorAlertsChanged={onShowOnlyThreatIndicatorAlertsCallback} to={to} /> diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx index 14580f0dfea98..a8d3742bfd600 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx @@ -209,7 +209,7 @@ const RuleDetailsPageComponent = () => { }; const [lastAlerts] = useAlertInfo({ ruleId }); const [showBuildingBlockAlerts, setShowBuildingBlockAlerts] = useState(false); - const [showThreatMatchesOnly, setShowThreatMatchesOnly] = useState(false); + const [showOnlyThreatIndicatorAlerts, setShowOnlyThreatIndicatorAlerts] = useState(false); const mlCapabilities = useMlCapabilities(); const history = useHistory(); const { formatUrl } = useFormatUrl(SecurityPageName.detections); @@ -290,9 +290,9 @@ const RuleDetailsPageComponent = () => { () => [ ...buildAlertsRuleIdFilter(ruleId), ...buildShowBuildingBlockFilter(showBuildingBlockAlerts), - ...buildThreatMatchFilter(showThreatMatchesOnly), + ...buildThreatMatchFilter(showOnlyThreatIndicatorAlerts), ], - [ruleId, showBuildingBlockAlerts, showThreatMatchesOnly] + [ruleId, showBuildingBlockAlerts, showOnlyThreatIndicatorAlerts] ); const alertMergedFilters = useMemo(() => [...alertDefaultFilters, ...filters], [ @@ -449,11 +449,11 @@ const RuleDetailsPageComponent = () => { [setShowBuildingBlockAlerts] ); - const onShowThreatMatchesOnlyChangedCallback = useCallback( - (newShowThreatMatchesOnly: boolean) => { - setShowThreatMatchesOnly(newShowThreatMatchesOnly); + const onShowOnlyThreatIndicatorAlertsCallback = useCallback( + (newShowOnlyThreatIndicatorAlerts: boolean) => { + setShowOnlyThreatIndicatorAlerts(newShowOnlyThreatIndicatorAlerts); }, - [setShowThreatMatchesOnly] + [setShowOnlyThreatIndicatorAlerts] ); const { indicesExist, indexPattern } = useSourcererScope(SourcererScopeName.detections); @@ -680,9 +680,9 @@ const RuleDetailsPageComponent = () => { from={from} loading={loading} showBuildingBlockAlerts={showBuildingBlockAlerts} - showThreatMatchesOnly={showThreatMatchesOnly} + showOnlyThreatIndicatorAlerts={showOnlyThreatIndicatorAlerts} onShowBuildingBlockAlertsChanged={onShowBuildingBlockAlertsChangedCallback} - onShowThreatMatchesOnlyChanged={onShowThreatMatchesOnlyChangedCallback} + onShowOnlyThreatIndicatorAlertsChanged={onShowOnlyThreatIndicatorAlertsCallback} onRuleChange={refreshRule} to={to} />