diff --git a/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view_spec.ts b/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view_spec.ts index ae246352d96ce..a89524559c25d 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view_spec.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_data_view_spec.ts @@ -6,15 +6,27 @@ */ import { useMemo } from 'react'; +import type { DataViewSpec, SharedDataViewSelectionState } from '../redux/types'; import { DataViewManagerScopeName } from '../constants'; import { useDataView } from './use_data_view'; +export interface UseDataViewSpecResult { + /** + * DataViewSpec object for the current dataView + */ + dataViewSpec: DataViewSpec; + /** + * Status of the dataView (can be the following values: 'pristine' | 'loading' | 'error' | 'ready') + */ + status: SharedDataViewSelectionState['status']; +} + /** - * Returns data view selection for given scopeName + * Returns an object with the dataViewSpec and status values for the given scopeName. */ export const useDataViewSpec = ( scopeName: DataViewManagerScopeName = DataViewManagerScopeName.default -) => { +): UseDataViewSpecResult => { const { dataView, status } = useDataView(scopeName); return useMemo(() => { @@ -30,6 +42,6 @@ export const useDataViewSpec = ( }; } - return { status, dataViewSpec: dataView?.toSpec?.() }; + return { dataViewSpec: dataView?.toSpec?.(), status }; }, [dataView, status]); }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx index b4c436c172e34..87247afe2ae2a 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx @@ -38,7 +38,7 @@ import { tableDefaults, TableId, } from '@kbn/securitysolution-data-table'; -import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy'; +import type { DataViewSpec } from '@kbn/data-views-plugin/common'; import { useGroupTakeActionsItems } from '../../../../detections/hooks/alerts_table/use_group_take_action_items'; import { useDataViewSpec } from '../../../../data_view_manager/hooks/use_data_view_spec'; import { @@ -262,14 +262,15 @@ const RuleDetailsPageComponent: React.FC = ({ const { loading: listsConfigLoading, needsConfiguration: needsListsConfiguration } = useListsConfig(); - const { sourcererDataView: oldSourcererDataView, loading: oldIsLoadingIndexPattern } = + const { sourcererDataView: oldSourcererDataViewSpec, loading: oldIsLoadingIndexPattern } = useSourcererDataView(SourcererScopeName.detections); - const newDataViewPickerEnabled = useIsExperimentalFeatureEnabled('newDataViewPickerEnabled'); - - const { dataViewSpec, status } = useDataViewSpec(SourcererScopeName.detections); - - const sourcererDataView = newDataViewPickerEnabled ? dataViewSpec : oldSourcererDataView; + const { dataViewSpec: experimentalDataViewSpec, status } = useDataViewSpec( + SourcererScopeName.detections + ); + const sourcererDataViewSpec: DataViewSpec = newDataViewPickerEnabled + ? experimentalDataViewSpec + : oldSourcererDataViewSpec; const isLoadingIndexPattern = newDataViewPickerEnabled ? status !== 'ready' : oldIsLoadingIndexPattern; @@ -640,7 +641,7 @@ const RuleDetailsPageComponent: React.FC = ({ @@ -810,6 +811,7 @@ const RuleDetailsPageComponent: React.FC = ({ = ({ groupTakeActionItems={groupTakeActionItems} loading={loading} renderChildComponent={renderGroupedAlertTable} - runtimeMappings={sourcererDataView.runtimeFieldMap as RunTimeMappings} - signalIndexName={signalIndexName} tableId={TableId.alertsOnRuleDetailsPage} to={to} /> diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alert_summary/table/table_section.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alert_summary/table/table_section.test.tsx index f625a155ae793..dca36daed9132 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alert_summary/table/table_section.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alert_summary/table/table_section.test.tsx @@ -7,14 +7,15 @@ import React from 'react'; import { render } from '@testing-library/react'; -import type { DataView } from '@kbn/data-views-plugin/common'; +import type { DataView, DataViewSpec } from '@kbn/data-views-plugin/common'; import { createStubDataView } from '@kbn/data-views-plugin/common/data_views/data_view.stub'; import { TestProviders } from '../../../../common/mock'; import { GROUPED_TABLE_TEST_ID, TableSection } from './table_section'; import type { PackageListItem } from '@kbn/fleet-plugin/common'; import { installationStatuses } from '@kbn/fleet-plugin/common/constants'; -const dataView: DataView = createStubDataView({ spec: {} }); +const dataViewSpec: DataViewSpec = { title: '.alerts-security.alerts-default' }; +const dataView: DataView = createStubDataView({ spec: dataViewSpec }); const packages: PackageListItem[] = [ { id: 'splunk', diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alert_summary/table/table_section.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alert_summary/table/table_section.tsx index d28306239c2c7..da99131576e78 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alert_summary/table/table_section.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alert_summary/table/table_section.tsx @@ -14,7 +14,6 @@ import { TableSectionContextProvider } from './table_section_context'; import { groupStatsRenderer } from './group_stats_renderers'; import { groupingOptions } from './grouping_options'; import { groupTitleRenderers } from './group_title_renderers'; -import type { RunTimeMappings } from '../../../../sourcerer/store/model'; import { useGlobalTime } from '../../../../common/containers/use_global_time'; import { Table } from './table'; import { inputsSelectors } from '../../../../common/store'; @@ -25,8 +24,6 @@ import type { RuleResponse } from '../../../../../common/api/detection_engine'; export const GROUPED_TABLE_TEST_ID = 'alert-summary-grouped-table'; -const runtimeMappings: RunTimeMappings = {}; - export interface TableSectionProps { /** * DataView created for the alert summary page @@ -56,7 +53,7 @@ export interface TableSectionProps { * This component leverages the GroupedAlertsTable and the ResponseOps AlertsTable also used in the alerts page. */ export const TableSection = memo(({ dataView, packages, ruleResponse }: TableSectionProps) => { - const indexNames = useMemo(() => dataView.getIndexPattern(), [dataView]); + const dataViewSpec = useMemo(() => dataView.toSpec(), [dataView]); const { to, from } = useGlobalTime(); const getGlobalQuerySelector = useMemo(() => inputsSelectors.globalQuerySelector(), []); @@ -91,14 +88,13 @@ export const TableSection = memo(({ dataView, packages, ruleResponse }: TableSec diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx index 12f49d7da8811..5fdcab41988ee 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx @@ -27,6 +27,8 @@ import { defaultGroupStatsRenderer, defaultGroupTitleRenderers, } from './grouping_settings'; +import type { DataView, DataViewSpec } from '@kbn/data-views-plugin/common'; +import { createStubDataView } from '@kbn/data-views-plugin/common/data_views/data_view.stub'; jest.mock('../../containers/detection_engine/alerts/use_query'); jest.mock('../../../sourcerer/containers'); @@ -117,6 +119,9 @@ const sourcererDataView = { }; const renderChildComponent = (groupingFilters: Filter[]) =>

; +const dataViewSpec: DataViewSpec = { title: 'test' }; +const dataView: DataView = createStubDataView({ spec: dataViewSpec }); + const testProps: AlertsTableComponentProps = { ...mockDate, accordionButtonContent: defaultGroupTitleRenderers, @@ -124,6 +129,7 @@ const testProps: AlertsTableComponentProps = { aggregations: defaultGroupStatsAggregations, renderer: defaultGroupStatsRenderer, }, + dataViewSpec: dataView.toSpec(), defaultFilters: [], defaultGroupingOptions, globalFilters: [], @@ -133,8 +139,6 @@ const testProps: AlertsTableComponentProps = { }, loading: false, renderChildComponent, - runtimeMappings: {}, - signalIndexName: 'test', tableId: TableId.test, }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.tsx index 261e6f71df620..527c0e7de2a09 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.tsx @@ -8,6 +8,7 @@ import React, { useCallback, useEffect, useMemo, useRef, useState } from 'react'; import { useDispatch } from 'react-redux'; import type { Filter, Query } from '@kbn/es-query'; +import type { DataViewSpec } from '@kbn/data-views-plugin/common'; import { type GroupOption, type GroupStatsItem, @@ -22,20 +23,15 @@ import type { TableIdLiteral } from '@kbn/securitysolution-data-table'; import type { GetGroupStats, GroupingArgs, GroupPanelRenderer } from '@kbn/grouping/src'; import type { GroupTakeActionItems } from './types'; import type { AlertsGroupingAggregation } from './grouping_settings/types'; -import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features'; import { groupIdSelector } from '../../../common/store/grouping/selectors'; import { useDeepEqualSelector } from '../../../common/hooks/use_selector'; import { updateGroups } from '../../../common/store/grouping/actions'; import { defaultUnit } from '../../../common/components/toolbar/unit'; -import { useSourcererDataView } from '../../../sourcerer/containers'; import type { RunTimeMappings } from '../../../sourcerer/store/model'; -import { SourcererScopeName } from '../../../sourcerer/store/model'; import { useKibana } from '../../../common/lib/kibana'; import { GroupedSubLevel } from './alerts_sub_grouping'; import { AlertsEventTypes, track } from '../../../common/lib/telemetry'; import * as i18n from './translations'; -import { useDataViewSpec } from '../../../data_view_manager/hooks/use_data_view_spec'; -import { useSelectedPatterns } from '../../../data_view_manager/hooks/use_selected_patterns'; export interface AlertsTableComponentProps { /** @@ -59,6 +55,10 @@ export interface AlertsTableComponentProps { */ renderer: GetGroupStats; }; + /** + * DataViewSpec object to use internally to fetch the data + */ + dataViewSpec: DataViewSpec; defaultFilters?: Filter[]; /** * Default values to display in the group selection dropdown. @@ -75,8 +75,6 @@ export interface AlertsTableComponentProps { groupTakeActionItems?: GroupTakeActionItems; loading: boolean; renderChildComponent: (groupingFilters: Filter[]) => React.ReactElement; - runtimeMappings: RunTimeMappings; - signalIndexName: string | null; tableId: TableIdLiteral; to: string; } @@ -138,20 +136,6 @@ const useStorage = (storage: Storage, tableId: string) => const GroupedAlertsTableComponent: React.FC = (props) => { const dispatch = useDispatch(); - const { sourcererDataView: oldSourcererDataView, selectedPatterns: oldSelectedPatterns } = - useSourcererDataView(SourcererScopeName.detections); - - const newDataViewPickerEnabled = useIsExperimentalFeatureEnabled('newDataViewPickerEnabled'); - const { dataViewSpec: experimentalDataViewSpec } = useDataViewSpec(SourcererScopeName.detections); - const experimentalSelectedPatterns = useSelectedPatterns(SourcererScopeName.detections); - - const sourcererDataView = newDataViewPickerEnabled - ? experimentalDataViewSpec - : oldSourcererDataView; - const selectedPatterns = newDataViewPickerEnabled - ? experimentalSelectedPatterns - : oldSelectedPatterns; - const { services: { storage, telemetry }, } = useKibana(); @@ -189,7 +173,10 @@ const GroupedAlertsTableComponent: React.FC = (props) [dispatch, props.tableId] ); - const fields = useMemo(() => Object.values(sourcererDataView.fields || {}), [sourcererDataView]); + const fields = useMemo( + () => Object.values(props.dataViewSpec.fields || {}), + [props.dataViewSpec] + ); const groupingOptions = useMemo( () => props.defaultGroupingOptions || DEFAULT_GROUPING_OPTIONS, @@ -349,16 +336,18 @@ const GroupedAlertsTableComponent: React.FC = (props) pageSize={pageSize[level] ?? DEFAULT_PAGE_SIZE} parentGroupingFilter={parentGroupingFilter} renderChildComponent={rcc} + runtimeMappings={props.dataViewSpec.runtimeFieldMap as RunTimeMappings} selectedGroup={selectedGroup} setPageIndex={(newIndex: number) => setPageVar(newIndex, level, 'index')} setPageSize={(newSize: number) => setPageVar(newSize, level, 'size')} + signalIndexName={props.dataViewSpec.title} /> ); }, [getGrouping, groupStatusAggregations, pageIndex, pageSize, props, selectedGroups, setPageVar] ); - if (isEmpty(selectedPatterns)) { + if (isEmpty(props.dataViewSpec.title)) { return null; } diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx index 0fa234c03c771..92b813621acbf 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx @@ -68,7 +68,7 @@ interface OwnProps { selectedGroup: string; setPageIndex: (newIndex: number) => void; setPageSize: (newSize: number) => void; - signalIndexName: string | null; + signalIndexName: string | undefined; tableId: TableIdLiteral; to: string; } diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/detection_engine.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/detection_engine.tsx index d4edf3c05b14e..19431d2fc66b5 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/detection_engine.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/detection_engine.tsx @@ -34,6 +34,7 @@ import { import { isEqual } from 'lodash'; import type { FilterGroupHandler } from '@kbn/alerts-ui-shared'; import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy'; +import type { DataViewSpec } from '@kbn/data-views-plugin/common'; import { useGroupTakeActionsItems } from '../../hooks/alerts_table/use_group_take_action_items'; import { defaultGroupingOptions, @@ -159,17 +160,15 @@ const DetectionEnginePageComponent: React.FC = () FilterGroupHandler | undefined >(); - const { sourcererDataView: oldSourcererDataView, loading: oldIsLoadingIndexPattern } = + const { sourcererDataView: oldSourcererDataViewSpec, loading: oldIsLoadingIndexPattern } = useSourcererDataView(SourcererScopeName.detections); - const newDataViewPickerEnabled = useIsExperimentalFeatureEnabled('newDataViewPickerEnabled'); const { dataViewSpec: experimentalDataViewSpec, status: dataViewSpecStatus } = useDataViewSpec( SourcererScopeName.detections ); - - const sourcererDataView = newDataViewPickerEnabled + const sourcererDataViewSpec: DataViewSpec = newDataViewPickerEnabled ? experimentalDataViewSpec - : oldSourcererDataView; + : oldSourcererDataViewSpec; const isLoadingIndexPattern = newDataViewPickerEnabled ? dataViewSpecStatus !== 'ready' : oldIsLoadingIndexPattern; @@ -402,7 +401,7 @@ const DetectionEnginePageComponent: React.FC = () = () query={query} timeRange={pageFiltersTimerange} onInit={setDetectionPageFilterHandler} - dataViewSpec={sourcererDataView} + dataViewSpec={sourcererDataViewSpec} /> = () alertsDefaultFilters={alertsDefaultFilters} isLoadingIndexPattern={isChartPanelLoading} query={query} - runtimeMappings={sourcererDataView.runtimeFieldMap as RunTimeMappings} + runtimeMappings={sourcererDataViewSpec.runtimeFieldMap as RunTimeMappings} signalIndexName={signalIndexName} updateDateRangeCallback={updateDateRangeCallback} /> @@ -455,6 +454,7 @@ const DetectionEnginePageComponent: React.FC = () = () groupTakeActionItems={groupTakeActionItems} loading={isAlertTableLoading} renderChildComponent={renderAlertTable} - runtimeMappings={sourcererDataView.runtimeFieldMap as RunTimeMappings} - signalIndexName={signalIndexName} tableId={TableId.alertsOnAlertsPage} to={to} /> diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx index da3f777914977..c267c140a503c 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx @@ -9,7 +9,7 @@ import React, { useCallback, useMemo } from 'react'; import { TableId } from '@kbn/securitysolution-data-table'; import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui'; import type { Filter } from '@kbn/es-query'; -import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy'; +import type { DataViewSpec } from '@kbn/data-views-plugin/common'; import { useGroupTakeActionsItems } from '../../../detections/hooks/alerts_table/use_group_take_action_items'; import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features'; import { @@ -54,16 +54,16 @@ export const TopRiskScoreContributorsAlerts = ({ loading, }: TopRiskScoreContributorsAlertsProps) => { const { to, from } = useGlobalTime(); - const [{ loading: userInfoLoading, signalIndexName, hasIndexWrite, hasIndexMaintenance }] = - useUserData(); - const { sourcererDataView: oldSourcererDataView } = useSourcererDataView( + const [{ loading: userInfoLoading, hasIndexWrite, hasIndexMaintenance }] = useUserData(); + + const { sourcererDataView: oldSourcererDataViewSpec } = useSourcererDataView( SourcererScopeName.detections ); - const newDataViewPickerEnabled = useIsExperimentalFeatureEnabled('newDataViewPickerEnabled'); - const { dataViewSpec } = useDataViewSpec(SourcererScopeName.detections); - - const sourcererDataView = newDataViewPickerEnabled ? dataViewSpec : oldSourcererDataView; + const { dataViewSpec: experimentalDataViewSpec } = useDataViewSpec(SourcererScopeName.detections); + const sourcererDataViewSpec: DataViewSpec = newDataViewPickerEnabled + ? experimentalDataViewSpec + : oldSourcererDataViewSpec; const getGlobalFiltersQuerySelector = useMemo( () => inputsSelectors.globalFiltersQuerySelector(), @@ -148,6 +148,7 @@ export const TopRiskScoreContributorsAlerts = ({ ({ groupTakeActionItems={groupTakeActionItems} loading={userInfoLoading || loading} renderChildComponent={renderGroupedAlertTable} - runtimeMappings={sourcererDataView.runtimeFieldMap as RunTimeMappings} - signalIndexName={signalIndexName} tableId={TableId.alertsRiskInputs} to={to} />