[SIEM] [TIMELINE] Only add endpoint logo when on event.module === endgame (#56263) (#56269)

* only add endpoint logo when on event.module === endgame

* fix filter for value

Author: XavierM

x-pack/legacy/plugins/siem/public/components/page/add_filter_to_global_search_bar/helpers.ts

@@ -4,30 +4,36 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export const createFilter = (key: string, value: string | null | undefined) =>
-  value != null
+import { esFilters } from '../../../../../../../../src/plugins/data/public';
+
+export const createFilter = (
+  key: string,
+  value: string[] | string | null | undefined
+): esFilters.Filter => {
+  const queryValue = value != null ? (Array.isArray(value) ? value[0] : value) : null;
+  return queryValue != null
     ? {
         meta: {
           alias: null,
           negate: false,
           disabled: false,
           type: 'phrase',
           key,
-          value,
+          value: queryValue,
           params: {
-            query: value,
+            query: queryValue,
           },
         },
         query: {
           match: {
             [key]: {
-              query: value,
+              query: queryValue,
               type: 'phrase',
             },
           },
         },
       }
-    : {
+    : ({
         exists: {
           field: key,
         },
@@ -39,4 +45,5 @@ export const createFilter = (key: string, value: string | null | undefined) =>
           type: 'exists',
           value: 'exists',
         },
-      };
+      } as esFilters.Filter);
+};

x-pack/legacy/plugins/siem/public/components/timeline/body/renderers/formatted_field_helpers.tsx

@@ -52,6 +52,13 @@ export const renderRuleName = ({
   );
 };
 
+const canYouAddEndpointLogo = (moduleName: string, endpointUrl: string | null | undefined) =>
+  moduleName.trim().toLocaleLowerCase() === 'endgame' &&
+  endpointUrl != null &&
+  !isEmpty(endpointUrl) &&
+  !isUrlInvalid(endpointUrl) &&
+  endpointUrl.includes('/alerts/');
+
 export const renderEventModule = ({
   contextId,
   eventId,
@@ -90,26 +97,23 @@ export const renderEventModule = ({
           {content}
         </DefaultDraggable>
       </EuiFlexItem>
-      {endpointRefUrl != null &&
-        !isEmpty(endpointRefUrl) &&
-        !isUrlInvalid(endpointRefUrl) &&
-        endpointRefUrl.includes('/alerts/') && (
-          <EuiFlexItem grow={false}>
-            <EuiToolTip
-              data-test-subj="event-module-link-to-elastic-endpoint-security"
-              content={
-                <>
-                  <p>{i18n.LINK_ELASTIC_ENDPOINT_SECURITY}</p>
-                  <p>{endpointRefUrl}</p>
-                </>
-              }
-            >
-              <EuiLink href={endpointRefUrl} target="_blank">
-                <EuiIcon type={endPointSvg} size="m" />
-              </EuiLink>
-            </EuiToolTip>
-          </EuiFlexItem>
-        )}
+      {endpointRefUrl != null && canYouAddEndpointLogo(moduleName, endpointRefUrl) && (
+        <EuiFlexItem grow={false}>
+          <EuiToolTip
+            data-test-subj="event-module-link-to-elastic-endpoint-security"
+            content={
+              <>
+                <p>{i18n.LINK_ELASTIC_ENDPOINT_SECURITY}</p>
+                <p>{endpointRefUrl}</p>
+              </>
+            }
+          >
+            <EuiLink href={endpointRefUrl} target="_blank">
+              <EuiIcon type={endPointSvg} size="m" />
+            </EuiLink>
+          </EuiToolTip>
+        </EuiFlexItem>
+      )}
     </EuiFlexGroup>
   ) : (
     getEmptyTagValue()