elastic · PhilippeOberti · Apr 3, 2025 · Apr 1, 2025 · Apr 1, 2025 · Apr 2, 2025
diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
@@ -41264,12 +41264,6 @@
     "xpack.securitySolution.securityIntegration.cribl.mapsTo": "MAPPE À",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutDescription": "Pour configurer cette intégration, vous devez disposer des privilèges \"manage_index_templates\" et \"manage_pipeline\" ou \"manage_ingest_pipelines\".",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutTitle": "Assurez-vous de disposer des privilèges nécessaires",
-    "xpack.securitySolution.selector.grouping.hostName.label": "Nom d'hôte",
-    "xpack.securitySolution.selector.grouping.sourceIP.label": "IP source",
-    "xpack.securitySolution.selector.grouping.userName.label": "Nom d'utilisateur",
-    "xpack.securitySolution.selector.groups.destinationAddress.label": "Adresse de destination",
-    "xpack.securitySolution.selector.groups.ruleName.label": "Nom de règle",
-    "xpack.securitySolution.selector.groups.sourceAddress.label": "Adresse de la source",
     "xpack.securitySolution.selector.summaryView.eventRendererView.label": "Vue rendue des événements",
     "xpack.securitySolution.selector.summaryView.gridView.label": "Vue Grille",
     "xpack.securitySolution.selector.summaryView.options.default.description": "Afficher sous forme de données tabulaires avec la possibilité de regrouper et de trier selon des champs spécifiques",

diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
@@ -41237,12 +41237,6 @@
     "xpack.securitySolution.securityIntegration.cribl.mapsTo": "マッピング先",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutDescription": "この統合を構成するには、manage_index_templates権限と、manage_pipelineまたはmanage_ingest_pipelines権限が必要です。",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutTitle": "必要な権限があることを確認してください",
-    "xpack.securitySolution.selector.grouping.hostName.label": "ホスト名",
-    "xpack.securitySolution.selector.grouping.sourceIP.label": "ソース IP",
-    "xpack.securitySolution.selector.grouping.userName.label": "ユーザー名",
-    "xpack.securitySolution.selector.groups.destinationAddress.label": "ターゲットアドレス",
-    "xpack.securitySolution.selector.groups.ruleName.label": "ルール名",
-    "xpack.securitySolution.selector.groups.sourceAddress.label": "ソースアドレス",
     "xpack.securitySolution.selector.summaryView.eventRendererView.label": "イベント表示ビュー",
     "xpack.securitySolution.selector.summaryView.gridView.label": "グリッドビュー",
     "xpack.securitySolution.selector.summaryView.options.default.description": "特定のフィールドでグループ化および並べ替えることができるタブ形式のデータとして表示",

diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
@@ -41302,12 +41302,6 @@
     "xpack.securitySolution.securityIntegration.cribl.mapsTo": "映射到",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutDescription": "要配置此集成，您必须具有 `manage_index_templates` 权限和 `manage_pipeline` 或 `manage_ingest_pipelines` 权限。",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutTitle": "请确保您具有必要权限",
-    "xpack.securitySolution.selector.grouping.hostName.label": "主机名",
-    "xpack.securitySolution.selector.grouping.sourceIP.label": "源 IP",
-    "xpack.securitySolution.selector.grouping.userName.label": "用户名",
-    "xpack.securitySolution.selector.groups.destinationAddress.label": "目标地址",
-    "xpack.securitySolution.selector.groups.ruleName.label": "规则名称",
-    "xpack.securitySolution.selector.groups.sourceAddress.label": "源地址",
     "xpack.securitySolution.selector.summaryView.eventRendererView.label": "事件渲染视图",
     "xpack.securitySolution.selector.summaryView.gridView.label": "网格视图",
     "xpack.securitySolution.selector.summaryView.options.default.description": "以表格数据方式查看，这样可以按特定字段分组和排序",

@@ -7,11 +7,12 @@
 
 import actionCreatorFactory from 'typescript-fsa';
 import type { TableId } from '@kbn/securitysolution-data-table';
+import type { GroupOption } from '@kbn/grouping';
 
 const actionCreator = actionCreatorFactory('x-pack/security_solution/groups');
 
 export const updateGroups = actionCreator<{
   activeGroups?: string[];
   tableId: TableId;
-  options?: Array<{ key: string; label: string }>;
+  options?: GroupOption[];
 }>('UPDATE_GROUPS');
@@ -6,19 +6,21 @@
  */
 
 import { reducerWithInitialState } from 'typescript-fsa-reducers';
-import { getDefaultGroupingOptions } from '../../utils/alerts';
+import { DEFAULT_GROUPING_OPTIONS } from '../../../detections/components/alerts_table/alerts_grouping';
 import { updateGroups } from './actions';
 import type { Groups } from './types';
 
 export const initialGroupingState: Groups = {};
 
+const EMPTY_ACTIVE_GROUP: string[] = [];
+
 export const groupsReducer = reducerWithInitialState(initialGroupingState).case(
   updateGroups,
   (state, { tableId, ...rest }) => ({
     ...state,
     [tableId]: {
-      activeGroups: [],
-      options: getDefaultGroupingOptions(tableId),
+      activeGroups: EMPTY_ACTIVE_GROUP,
+      options: DEFAULT_GROUPING_OPTIONS,
       ...(state[tableId] ? state[tableId] : {}),
       ...rest,
     },

@@ -8,9 +8,6 @@
 import { merge } from '@kbn/std';
 import { isPlainObject } from 'lodash';
 import type { Ecs } from '@kbn/cases-plugin/common';
-import { TableId } from '@kbn/securitysolution-data-table';
-import type { GroupOption } from '@kbn/grouping';
-import * as i18n from './translations';
 
 export const buildAlertsQuery = (alertIds: string[]) => {
   if (alertIds.length === 0) {
@@ -121,47 +118,3 @@ export interface Alert {
   signal: Signal;
   [key: string]: unknown;
 }
-
-// generates default grouping option for alerts table
-export const getDefaultGroupingOptions = (tableId: TableId): GroupOption[] => {
-  if (tableId === TableId.alertsOnAlertsPage || tableId === TableId.alertsRiskInputs) {
-    return [
-      {
-        label: i18n.ruleName,
-        key: 'kibana.alert.rule.name',
-      },
-      {
-        label: i18n.userName,
-        key: 'user.name',
-      },
-      {
-        label: i18n.hostName,
-        key: 'host.name',
-      },
-      {
-        label: i18n.sourceIP,
-        key: 'source.ip',
-      },
-    ];
-  } else if (tableId === TableId.alertsOnRuleDetailsPage) {
-    return [
-      {
-        label: i18n.sourceAddress,
-        key: 'source.address',
-      },
-      {
-        label: i18n.userName,
-        key: 'user.name',
-      },
-      {
-        label: i18n.hostName,
-        key: 'host.name',
-      },
-      {
-        label: i18n.destinationAddress,
-        key: 'destination.address,',
-      },
-    ];
-  }
-  return [];
-};
@@ -39,6 +39,11 @@ import {
   TableId,
 } from '@kbn/securitysolution-data-table';
 import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
+import {
+  defaultGroupStatsAggregations,
+  defaultGroupStatsRenderer,
+  defaultGroupTitleRenderers,
+} from '../../../../detections/components/alerts_table/grouping_settings';
 import { EndpointExceptionsViewer } from '../../../endpoint_exceptions/endpoint_exceptions_viewer';
 import { DetectionEngineAlertsTable } from '../../../../detections/components/alerts_table';
 import { GroupedAlertsTable } from '../../../../detections/components/alerts_table/alerts_grouping';
@@ -179,6 +184,25 @@ const RuleFieldsSectionWrapper = styled.div`
   overflow-wrap: anywhere;
 `;
 
+const defaultGroupingOptions = [
+  {
+    label: i18n.SOURCE_ADDRESS,
+    key: 'source.address',
+  },
+  {
+    label: i18n.USER_NAME,
+    key: 'user.name',
+  },
+  {
+    label: i18n.HOST_NAME,
+    key: 'host.name',
+  },
+  {
+    label: i18n.DESTINATION_ADDRESS,
+    key: 'destination.address',
+  },
+];
+
 type DetectionEngineComponentProps = PropsFromRedux;
 
 const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
@@ -535,6 +559,14 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
     confirmManualRuleRun,
   } = useManualRuleRunConfirmation();
 
+  const accordionExtraActionGroupStats = useMemo(
+    () => ({
+      aggregations: defaultGroupStatsAggregations,
+      renderer: defaultGroupStatsRenderer,
+    }),
+    []
+  );
+
   if (
     redirectToDetections(
       isSignalIndexExists,
@@ -762,8 +794,11 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
                     </Display>
                     {ruleId != null && (
                       <GroupedAlertsTable
+                        accordionButtonContent={defaultGroupTitleRenderers}
+                        accordionExtraActionGroupStats={accordionExtraActionGroupStats}
                         currentAlertStatusFilterValue={currentAlertStatusFilterValue}
                         defaultFilters={alertMergedFilters}
+                        defaultGroupingOptions={defaultGroupingOptions}
                         from={from}
                         globalFilters={filters}
                         globalQuery={query}

@@ -73,3 +73,31 @@ export const DELETE_CONFIRMATION_BODY = i18n.translate(
     defaultMessage: 'This action will delete the rule. Click "Delete" to continue.',
   }
 );
+
+export const SOURCE_ADDRESS = i18n.translate(
+  'xpack.securitySolution.detectionEngine.ruleDetails.groups.sourceAddress',
+  {
+    defaultMessage: 'Source address',
+  }
+);
+
+export const USER_NAME = i18n.translate(
+  'xpack.securitySolution.detectionEngine.ruleDetails.groups.userName',
+  {
+    defaultMessage: 'User name',
+  }
+);
+
+export const HOST_NAME = i18n.translate(
+  'xpack.securitySolution.detectionEngine.ruleDetails.groups.hostName',
+  {
+    defaultMessage: 'Host name',
+  }
+);
+
+export const DESTINATION_ADDRESS = i18n.translate(
+  'xpack.securitySolution.detectionEngine.ruleDetails.groups.destinationAddress',
+  {
+    defaultMessage: 'Destination address',
+  }
+);
@@ -21,6 +21,12 @@ import { createTelemetryServiceMock } from '../../../common/lib/telemetry/teleme
 import { useQueryAlerts } from '../../containers/detection_engine/alerts/use_query';
 import { getQuery, groupingSearchResponse } from './grouping_settings/mock';
 import { AlertsEventTypes } from '../../../common/lib/telemetry';
+import {
+  defaultGroupingOptions,
+  defaultGroupStatsAggregations,
+  defaultGroupStatsRenderer,
+  defaultGroupTitleRenderers,
+} from './grouping_settings';
 
 jest.mock('../../containers/detection_engine/alerts/use_query');
 jest.mock('../../../sourcerer/containers');
@@ -45,10 +51,10 @@ jest.mock('../../../common/containers/use_global_time', () => {
 });
 
 const mockOptions = [
-  { label: 'ruleName', key: 'kibana.alert.rule.name' },
-  { label: 'userName', key: 'user.name' },
-  { label: 'hostName', key: 'host.name' },
-  { label: 'sourceIP', key: 'source.ip' },
+  { label: 'Rule name', key: 'kibana.alert.rule.name' },
+  { label: 'User name', key: 'user.name' },
+  { label: 'Host name', key: 'host.name' },
+  { label: 'Source IP', key: 'source.ip' },
 ];
 
 jest.mock('../../../common/utils/alerts', () => {
@@ -113,7 +119,13 @@ const renderChildComponent = (groupingFilters: Filter[]) => <p data-test-subj="a
 
 const testProps: AlertsTableComponentProps = {
   ...mockDate,
+  accordionButtonContent: defaultGroupTitleRenderers,
+  accordionExtraActionGroupStats: {
+    aggregations: defaultGroupStatsAggregations,
+    renderer: defaultGroupStatsRenderer,
+  },
   defaultFilters: [],
+  defaultGroupingOptions,
   globalFilters: [],
   globalQuery: {
     query: 'query',
@@ -191,6 +203,7 @@ describe('GroupedAlertsTable', () => {
     });
     expect(mockDispatch.mock.calls[1][0].payload).toEqual({
       activeGroups: ['none'],
+      options: mockOptions,
       tableId: testProps.tableId,
     });
   });