diff --git a/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_security_default_patterns.test.ts b/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_security_default_patterns.test.ts
new file mode 100644
index 0000000000000..61261757994ff
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_security_default_patterns.test.ts
@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { renderHook } from '@testing-library/react';
+import { useSelector } from 'react-redux';
+import { DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID } from '../constants';
+import { useSecurityDefaultPatterns } from './use_security_default_patterns';
+
+jest.mock('react-redux', () => ({
+ useSelector: jest.fn(),
+}));
+
+describe('useSecurityDefaultPatterns', () => {
+ beforeEach(() => {
+ jest.clearAllMocks();
+ });
+
+ it('should return the default data view', () => {
+ const mockDataViews = [
+ {
+ id: DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID,
+ title: 'logs-*,metrics-*',
+ name: 'default_view',
+ },
+ {
+ id: 'custom-view-1',
+ title: 'Custom View 1',
+ name: 'custom_view_1',
+ },
+ ];
+
+ (useSelector as jest.Mock).mockReturnValue({
+ dataViews: mockDataViews,
+ defaultDataViewId: DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID,
+ });
+
+ const { result } = renderHook(() => useSecurityDefaultPatterns());
+ expect(result.current).toEqual({
+ id: DEFAULT_SECURITY_SOLUTION_DATA_VIEW_ID,
+ indexPatterns: ['logs-*', 'metrics-*'],
+ });
+ });
+
+ it('should return empty id and index patterns if no default data view is found', () => {
+ (useSelector as jest.Mock).mockReturnValue({
+ dataViews: [],
+ defaultDataViewId: null,
+ });
+ const { result } = renderHook(() => useSecurityDefaultPatterns());
+ expect(result.current).toEqual({ id: '', indexPatterns: [] });
+ });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_security_default_patterns.ts b/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_security_default_patterns.ts
new file mode 100644
index 0000000000000..7a22a1e863ab0
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/data_view_manager/hooks/use_security_default_patterns.ts
@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useMemo } from 'react';
+import { useSelector } from 'react-redux';
+import { sharedStateSelector } from '../redux/selectors';
+
+interface UseSecurityDefaultPatternsResult {
+ /**
+ * The default data view id.
+ */
+ id: string;
+ /**
+ * The index patterns of the default data view.
+ */
+ indexPatterns: string[];
+}
+
+/**
+ * Returns the default data view id and index patterns.
+ */
+export const useSecurityDefaultPatterns = (): UseSecurityDefaultPatternsResult => {
+ const { dataViews: dataViewSpecs, defaultDataViewId } = useSelector(sharedStateSelector);
+
+ const defaultDataViewSpec = useMemo(
+ () => dataViewSpecs.find((dv) => dv.id === defaultDataViewId),
+ [dataViewSpecs, defaultDataViewId]
+ );
+
+ return useMemo(
+ () => ({
+ id: defaultDataViewSpec?.id ?? '',
+ indexPatterns: defaultDataViewSpec?.title?.split(',') ?? [],
+ }),
+ [defaultDataViewSpec]
+ );
+};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx
index 58b96f19d919f..699dd4151ab18 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx
@@ -18,6 +18,8 @@ import { useWhichFlyout } from '../../shared/hooks/use_which_flyout';
import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context';
import { DocumentDetailsAnalyzerPanelKey } from '../../shared/constants/panel_keys';
import { useIsInvestigateInResolverActionEnabled } from '../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
+import { useSelectedPatterns } from '../../../../data_view_manager/hooks/use_selected_patterns';
jest.mock('react-router-dom', () => {
const actual = jest.requireActual('react-router-dom');
@@ -29,6 +31,8 @@ jest.mock('../../shared/hooks/use_which_flyout');
jest.mock(
'../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver'
);
+jest.mock('../../../../common/hooks/use_experimental_features');
+jest.mock('../../../../data_view_manager/hooks/use_selected_patterns');
const mockUseWhichFlyout = useWhichFlyout as jest.Mock;
const FLYOUT_KEY = 'securitySolution';
@@ -50,6 +54,10 @@ describe('', () => {
beforeEach(() => {
mockUseWhichFlyout.mockReturnValue(FLYOUT_KEY);
jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi);
+ (useEnableExperimental as jest.Mock).mockReturnValue({
+ newDataViewPickerEnabled: true,
+ });
+ (useSelectedPatterns as jest.Mock).mockReturnValue(['index']);
});
it('renders analyzer graph correctly', () => {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx
index 91ef5636b257c..ef99352e1f5af 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx
@@ -10,6 +10,7 @@ import React, { useMemo, useCallback } from 'react';
import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
import { i18n } from '@kbn/i18n';
import { EuiPanel } from '@elastic/eui';
+import { SourcererScopeName } from '../../../../sourcerer/store/model';
import { useWhichFlyout } from '../../shared/hooks/use_which_flyout';
import { useDocumentDetailsContext } from '../../shared/context';
import { ANALYZER_GRAPH_TEST_ID } from './test_ids';
@@ -19,6 +20,9 @@ import { isActiveTimeline } from '../../../../helpers';
import { DocumentDetailsAnalyzerPanelKey } from '../../shared/constants/panel_keys';
import { useIsInvestigateInResolverActionEnabled } from '../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver';
import { AnalyzerPreviewNoDataMessage } from '../../right/components/analyzer_preview_container';
+import { useSelectedPatterns } from '../../../../data_view_manager/hooks/use_selected_patterns';
+import { useSourcererDataView } from '../../../../sourcerer/containers';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
export const ANALYZE_GRAPH_ID = 'analyze_graph';
@@ -41,10 +45,18 @@ export const AnalyzeGraph: FC = () => {
const isEnabled = useIsInvestigateInResolverActionEnabled(dataAsNestedObject);
const key = useWhichFlyout() ?? 'memory';
- const { from, to, shouldUpdate, selectedPatterns } = useTimelineDataFilters(
- isActiveTimeline(scopeId)
- );
+ const { from, to, shouldUpdate } = useTimelineDataFilters(isActiveTimeline(scopeId));
const filters = useMemo(() => ({ from, to }), [from, to]);
+
+ const { newDataViewPickerEnabled } = useEnableExperimental();
+ const { selectedPatterns: oldAnalyzerPatterns } = useSourcererDataView(
+ SourcererScopeName.analyzer
+ );
+ const experimentalAnalyzerPatterns = useSelectedPatterns(SourcererScopeName.analyzer);
+ const selectedPatterns = newDataViewPickerEnabled
+ ? experimentalAnalyzerPatterns
+ : oldAnalyzerPatterns;
+
const { openPreviewPanel } = useExpandableFlyoutApi();
const onClick = useCallback(() => {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx
index b3b129a75c13d..ca1dde090cfa8 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx
@@ -27,8 +27,9 @@ import { useFetchRelatedAlertsByAncestry } from '../../shared/hooks/use_fetch_re
import { useFetchRelatedAlertsBySameSourceEvent } from '../../shared/hooks/use_fetch_related_alerts_by_same_source_event';
import { useFetchRelatedCases } from '../../shared/hooks/use_fetch_related_cases';
import { mockContextValue } from '../../shared/mocks/mock_context';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
import { EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID } from '../../../shared/components/test_ids';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
jest.mock('react-router-dom', () => {
const actual = jest.requireActual('react-router-dom');
@@ -43,11 +44,8 @@ jest.mock('../../shared/hooks/use_fetch_related_alerts_by_session');
jest.mock('../../shared/hooks/use_fetch_related_alerts_by_ancestry');
jest.mock('../../shared/hooks/use_fetch_related_alerts_by_same_source_event');
jest.mock('../../shared/hooks/use_fetch_related_cases');
-
-jest.mock('../../../../timelines/containers/use_timeline_data_filters', () => ({
- useTimelineDataFilters: jest.fn(),
-}));
-const mockUseTimelineDataFilters = useTimelineDataFilters as jest.Mock;
+jest.mock('../../../../data_view_manager/hooks/use_security_default_patterns');
+jest.mock('../../../../common/hooks/use_experimental_features');
const renderCorrelationDetails = () => {
return render(
@@ -68,7 +66,12 @@ const NO_DATA_MESSAGE = 'No correlations data available.';
describe('CorrelationsDetails', () => {
beforeEach(() => {
jest.clearAllMocks();
- mockUseTimelineDataFilters.mockReturnValue({ selectedPatterns: ['index'] });
+ (useEnableExperimental as jest.Mock).mockReturnValue({
+ newDataViewPickerEnabled: true,
+ });
+ (useSecurityDefaultPatterns as jest.Mock).mockReturnValue({
+ indexPatterns: ['index'],
+ });
});
it('renders all sections', () => {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx
index 89a34701400d6..9100b6b6dc9e7 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx
@@ -8,6 +8,7 @@
import React from 'react';
import { EuiPanel, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
import { FormattedMessage } from '@kbn/i18n-react';
+import { useSelector } from 'react-redux';
import { CORRELATIONS_DETAILS_TEST_ID } from './test_ids';
import { RelatedAlertsBySession } from './related_alerts_by_session';
import { RelatedAlertsBySameSourceEvent } from './related_alerts_by_same_source_event';
@@ -20,8 +21,9 @@ import { useShowRelatedAlertsBySameSourceEvent } from '../../shared/hooks/use_sh
import { useShowRelatedAlertsBySession } from '../../shared/hooks/use_show_related_alerts_by_session';
import { RelatedAlertsByAncestry } from './related_alerts_by_ancestry';
import { SuppressedAlerts } from './suppressed_alerts';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
-import { isActiveTimeline } from '../../../../helpers';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
+import { sourcererSelectors } from '../../../../sourcerer/store';
export const CORRELATIONS_TAB_ID = 'correlations';
@@ -32,7 +34,13 @@ export const CorrelationsDetails: React.FC = () => {
const { dataAsNestedObject, eventId, getFieldsData, scopeId, isRulePreview } =
useDocumentDetailsContext();
- const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline(scopeId));
+ const { newDataViewPickerEnabled } = useEnableExperimental();
+ const oldSecurityDefaultPatterns =
+ useSelector(sourcererSelectors.defaultDataView)?.patternList ?? [];
+ const { indexPatterns: experimentalSecurityDefaultIndexPatterns } = useSecurityDefaultPatterns();
+ const securityDefaultPatterns = newDataViewPickerEnabled
+ ? experimentalSecurityDefaultIndexPatterns
+ : oldSecurityDefaultPatterns;
const { show: showAlertsByAncestry, documentId } = useShowRelatedAlertsByAncestry({
getFieldsData,
@@ -92,7 +100,7 @@ export const CorrelationsDetails: React.FC = () => {
{showAlertsByAncestry && (
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx
index 5527ce0de44bd..b97a7084d93cd 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx
@@ -9,12 +9,14 @@ import { render } from '@testing-library/react';
import React from 'react';
import { TestProviders } from '../../../../common/mock';
import { useAlertPrevalenceFromProcessTree } from '../../shared/hooks/use_alert_prevalence_from_process_tree';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
import { mockContextValue } from '../../shared/mocks/mock_context';
import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
import { DocumentDetailsContext } from '../../shared/context';
import { AnalyzerPreview } from './analyzer_preview';
import { ANALYZER_PREVIEW_TEST_ID } from './test_ids';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
+
import * as mock from '../mocks/mock_analyzer_data';
jest.mock('../../shared/hooks/use_alert_prevalence_from_process_tree', () => ({
@@ -22,10 +24,8 @@ jest.mock('../../shared/hooks/use_alert_prevalence_from_process_tree', () => ({
}));
const mockUseAlertPrevalenceFromProcessTree = useAlertPrevalenceFromProcessTree as jest.Mock;
-jest.mock('../../../../timelines/containers/use_timeline_data_filters', () => ({
- useTimelineDataFilters: jest.fn(),
-}));
-const mockUseTimelineDataFilters = useTimelineDataFilters as jest.Mock;
+jest.mock('../../../../data_view_manager/hooks/use_security_default_patterns');
+jest.mock('../../../../common/hooks/use_experimental_features');
const mockTreeValues = {
loading: false,
@@ -48,7 +48,12 @@ const NO_DATA_MESSAGE = 'An error is preventing this alert from being analyzed.'
describe('', () => {
beforeEach(() => {
jest.clearAllMocks();
- mockUseTimelineDataFilters.mockReturnValue({ selectedPatterns: ['index'] });
+ (useEnableExperimental as jest.Mock).mockReturnValue({
+ newDataViewPickerEnabled: true,
+ });
+ (useSecurityDefaultPatterns as jest.Mock).mockReturnValue({
+ indexPatterns: ['index'],
+ });
});
it('shows analyzer preview correctly when documentId and index are present', () => {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx
index fa0e3dd33b51b..02460b52877e4 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx
@@ -9,6 +9,7 @@ import { find } from 'lodash/fp';
import { EuiTreeView, EuiSkeletonText } from '@elastic/eui';
import { i18n } from '@kbn/i18n';
import { FormattedMessage } from '@kbn/i18n-react';
+import { useSelector } from 'react-redux';
import { ANALYZER_PREVIEW_TEST_ID, ANALYZER_PREVIEW_LOADING_TEST_ID } from './test_ids';
import { getTreeNodes } from '../utils/analyzer_helpers';
import { ANCESTOR_ID, RULE_INDICES } from '../../shared/constants/field_names';
@@ -17,7 +18,9 @@ import { useAlertPrevalenceFromProcessTree } from '../../shared/hooks/use_alert_
import type { StatsNode } from '../../shared/hooks/use_alert_prevalence_from_process_tree';
import { isActiveTimeline } from '../../../../helpers';
import { getField } from '../../shared/utils';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
+import { sourcererSelectors } from '../../../../sourcerer/store';
const CHILD_COUNT_LIMIT = 3;
const ANCESTOR_LEVEL = 3;
@@ -45,9 +48,16 @@ export const AnalyzerPreview: React.FC = () => {
const ancestorId = getField(getFieldsData(ANCESTOR_ID)) ?? '';
const documentId = isRulePreview ? ancestorId : eventId; // use ancestor as fallback for alert preview
- const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline(scopeId));
+ const { newDataViewPickerEnabled } = useEnableExperimental();
+ const oldSecurityDefaultPatterns =
+ useSelector(sourcererSelectors.defaultDataView)?.patternList ?? [];
+ const { indexPatterns: experimentalSecurityDefaultIndexPatterns } = useSecurityDefaultPatterns();
+ const securityDefaultPatterns = newDataViewPickerEnabled
+ ? experimentalSecurityDefaultIndexPatterns
+ : oldSecurityDefaultPatterns;
+
const index = find({ category: 'kibana', field: RULE_INDICES }, data);
- const indices = index?.values ?? selectedPatterns; // adding sourcerer indices for non-alert documents
+ const indices = index?.values ?? securityDefaultPatterns; // adding sourcerer indices for non-alert documents
const { statsNodes, loading, error } = useAlertPrevalenceFromProcessTree({
isActiveTimeline: isActiveTimeline(scopeId),
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx
index fe8a2c9e7160b..633aaa3a5a45d 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx
@@ -28,7 +28,6 @@ import { useShowSuppressedAlerts } from '../../shared/hooks/use_show_suppressed_
import { useFetchRelatedAlertsByAncestry } from '../../shared/hooks/use_fetch_related_alerts_by_ancestry';
import { useFetchRelatedAlertsBySameSourceEvent } from '../../shared/hooks/use_fetch_related_alerts_by_same_source_event';
import { useFetchRelatedAlertsBySession } from '../../shared/hooks/use_fetch_related_alerts_by_session';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
import { useFetchRelatedCases } from '../../shared/hooks/use_fetch_related_cases';
import { useNavigateToLeftPanel } from '../../shared/hooks/use_navigate_to_left_panel';
import {
@@ -39,6 +38,8 @@ import {
} from '../../../shared/components/test_ids';
import { useTourContext } from '../../../../common/components/guided_onboarding_tour';
import { AlertsCasesTourSteps } from '../../../../common/components/guided_onboarding_tour/tour_config';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
jest.mock('../../shared/hooks/use_show_related_alerts_by_ancestry');
jest.mock('../../shared/hooks/use_show_related_alerts_by_same_source_event');
@@ -101,11 +102,8 @@ const renderCorrelationsOverview = (contextValue: DocumentDetailsContext) => (
const NO_DATA_MESSAGE = 'No correlations data available.';
-jest.mock('../../../../timelines/containers/use_timeline_data_filters', () => ({
- useTimelineDataFilters: jest.fn(),
-}));
-const mockUseTimelineDataFilters = useTimelineDataFilters as jest.Mock;
-
+jest.mock('../../../../data_view_manager/hooks/use_security_default_patterns');
+jest.mock('../../../../common/hooks/use_experimental_features');
jest.mock('../../../../common/components/guided_onboarding_tour', () => ({
useTourContext: jest.fn(),
}));
@@ -133,7 +131,12 @@ describe('', () => {
jest.mocked(useShowRelatedAlertsBySession).mockReturnValue({ show: false });
jest.mocked(useShowRelatedCases).mockReturnValue(false);
jest.mocked(useShowSuppressedAlerts).mockReturnValue({ show: false, alertSuppressionCount: 0 });
- mockUseTimelineDataFilters.mockReturnValue({ selectedPatterns: ['index'] });
+ (useEnableExperimental as jest.Mock).mockReturnValue({
+ newDataViewPickerEnabled: true,
+ });
+ (useSecurityDefaultPatterns as jest.Mock).mockReturnValue({
+ indexPatterns: ['index'],
+ });
(useNavigateToLeftPanel as jest.Mock).mockReturnValue({
navigateToLeftPanel: mockNavigateToLeftPanel,
isEnabled: true,
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx
index 614297338925b..0d82c1031bffc 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx
@@ -11,6 +11,7 @@ import { EuiFlexGroup } from '@elastic/eui';
import { FormattedMessage } from '@kbn/i18n-react';
import { ALERT_RULE_TYPE } from '@kbn/rule-data-utils';
import type { Type } from '@kbn/securitysolution-io-ts-alerting-types';
+import { useSelector } from 'react-redux';
import { ExpandablePanel } from '../../../shared/components/expandable_panel';
import { useShowRelatedAlertsBySession } from '../../shared/hooks/use_show_related_alerts_by_session';
import { RelatedAlertsBySession } from './related_alerts_by_session';
@@ -26,9 +27,10 @@ import { CORRELATIONS_TEST_ID } from './test_ids';
import { useDocumentDetailsContext } from '../../shared/context';
import { LeftPanelInsightsTab } from '../../left';
import { CORRELATIONS_TAB_ID } from '../../left/components/correlations_details';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
-import { isActiveTimeline } from '../../../../helpers';
import { useTourContext } from '../../../../common/components/guided_onboarding_tour';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
+import { sourcererSelectors } from '../../../../sourcerer/store';
import {
AlertsCasesTourSteps,
SecurityStepId,
@@ -45,7 +47,13 @@ export const CorrelationsOverview: React.FC = () => {
useDocumentDetailsContext();
const { isTourShown, activeStep } = useTourContext();
- const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline(scopeId));
+ const { newDataViewPickerEnabled } = useEnableExperimental();
+ const oldSecurityDefaultPatterns =
+ useSelector(sourcererSelectors.defaultDataView)?.patternList ?? [];
+ const { indexPatterns: experimentalSecurityDefaultIndexPatterns } = useSecurityDefaultPatterns();
+ const securityDefaultPatterns = newDataViewPickerEnabled
+ ? experimentalSecurityDefaultIndexPatterns
+ : oldSecurityDefaultPatterns;
const { navigateToLeftPanel: goToCorrelationsTab, isEnabled: isLinkEnabled } =
useNavigateToLeftPanel({
@@ -129,7 +137,7 @@ export const CorrelationsOverview: React.FC = () => {
{showAlertsByAncestry && (
)}
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx
index c06481c6b2812..f6b9d53626c46 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx
@@ -28,8 +28,9 @@ import { InsightsSection } from './insights_section';
import { useAlertPrevalence } from '../../shared/hooks/use_alert_prevalence';
import { useRiskScore } from '../../../../entity_analytics/api/hooks/use_risk_score';
import { useExpandSection } from '../hooks/use_expand_section';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
import { useTourContext } from '../../../../common/components/guided_onboarding_tour';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
jest.mock('../../shared/hooks/use_alert_prevalence');
@@ -57,10 +58,8 @@ jest.mock('react-router-dom', () => {
alertIds: [],
});
-jest.mock('../../../../timelines/containers/use_timeline_data_filters', () => ({
- useTimelineDataFilters: jest.fn(),
-}));
-const mockUseTimelineDataFilters = useTimelineDataFilters as jest.Mock;
+jest.mock('../../../../data_view_manager/hooks/use_security_default_patterns');
+jest.mock('../../../../common/hooks/use_experimental_features');
const from = '2022-04-05T12:00:00.000Z';
const to = '2022-04-08T12:00:00.;000Z';
@@ -113,7 +112,12 @@ const renderInsightsSection = (contextValue: DocumentDetailsContext) =>
describe('', () => {
beforeEach(() => {
- mockUseTimelineDataFilters.mockReturnValue({ selectedPatterns: ['index'] });
+ (useEnableExperimental as jest.Mock).mockReturnValue({
+ newDataViewPickerEnabled: true,
+ });
+ (useSecurityDefaultPatterns as jest.Mock).mockReturnValue({
+ indexPatterns: ['index'],
+ });
mockUseUserDetails.mockReturnValue([false, { userDetails: null }]);
mockUseRiskScore.mockReturnValue({ data: null, isAuthorized: false });
mockUseHostDetails.mockReturnValue([false, { hostDetails: null }]);
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx
index 31863b4404d90..431b6af7df8bb 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx
@@ -26,26 +26,24 @@ import { mockContextValue } from '../../shared/mocks/mock_context';
import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser';
import { DocumentDetailsContext } from '../../shared/context';
import { useAlertPrevalenceFromProcessTree } from '../../shared/hooks/use_alert_prevalence_from_process_tree';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
-import { TestProvider } from '@kbn/expandable-flyout/src/test/provider';
+import { TestProviders } from '../../../../common/mock';
import { useExpandSection } from '../hooks/use_expand_section';
import { useInvestigateInTimeline } from '../../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline';
import { useIsInvestigateInResolverActionEnabled } from '../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver';
import { useGraphPreview } from '../../shared/hooks/use_graph_preview';
-import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
import { createUseUiSetting$Mock } from '../../../../common/lib/kibana/kibana_react.mock';
import { ENABLE_GRAPH_VISUALIZATION_SETTING } from '../../../../../common/constants';
-
+import { useSelectedPatterns } from '../../../../data_view_manager/hooks/use_selected_patterns';
jest.mock('../hooks/use_expand_section');
jest.mock('../../shared/hooks/use_alert_prevalence_from_process_tree', () => ({
useAlertPrevalenceFromProcessTree: jest.fn(),
}));
const mockUseAlertPrevalenceFromProcessTree = useAlertPrevalenceFromProcessTree as jest.Mock;
-jest.mock('../../../../timelines/containers/use_timeline_data_filters', () => ({
- useTimelineDataFilters: jest.fn(),
-}));
-const mockUseTimelineDataFilters = useTimelineDataFilters as jest.Mock;
+jest.mock('../../../../common/hooks/use_experimental_features');
+jest.mock('../../../../data_view_manager/hooks/use_selected_patterns');
+
jest.mock('react-redux', () => {
const original = jest.requireActual('react-redux');
@@ -61,13 +59,6 @@ jest.mock(
'../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver'
);
-jest.mock('../../../../common/hooks/use_experimental_features', () => ({
- useIsExperimentalFeatureEnabled: jest.fn(),
-}));
-
-const useIsExperimentalFeatureEnabledMock = useIsExperimentalFeatureEnabled as jest.Mock;
-useIsExperimentalFeatureEnabledMock.mockReturnValue(true);
-
const mockUseUiSetting = jest.fn().mockImplementation((key) => [false]);
jest.mock('@kbn/kibana-react-plugin/public', () => {
const original = jest.requireActual('@kbn/kibana-react-plugin/public');
@@ -102,18 +93,21 @@ const panelContextValue = {
const renderVisualizationsSection = (contextValue = panelContextValue) =>
render(
-
+
-
+
);
describe('', () => {
beforeEach(() => {
mockUseUiSetting.mockImplementation(() => [false]);
- mockUseTimelineDataFilters.mockReturnValue({ selectedPatterns: ['index'] });
+ (useSelectedPatterns as jest.Mock).mockReturnValue(['index']);
+ (useEnableExperimental as jest.Mock).mockReturnValue({
+ newDataViewPickerEnabled: true,
+ });
mockUseAlertPrevalenceFromProcessTree.mockReturnValue({
loading: false,
error: false,
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_alert_prevalence_from_process_tree.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_alert_prevalence_from_process_tree.test.tsx
index 668f233e65710..2feed7fbfe6ef 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_alert_prevalence_from_process_tree.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_alert_prevalence_from_process_tree.test.tsx
@@ -13,7 +13,8 @@ import type {
} from './use_alert_prevalence_from_process_tree';
import { useAlertPrevalenceFromProcessTree } from './use_alert_prevalence_from_process_tree';
import { useHttp } from '../../../../common/lib/kibana';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
import { useQuery } from '@tanstack/react-query';
import { useAlertDocumentAnalyzerSchema } from './use_alert_document_analyzer_schema';
import { mockStatsNode } from '../../right/mocks/mock_analyzer_data';
@@ -22,6 +23,17 @@ jest.mock('../../../../common/lib/kibana');
jest.mock('../../../../timelines/containers/use_timeline_data_filters');
jest.mock('./use_alert_document_analyzer_schema');
jest.mock('@tanstack/react-query');
+jest.mock('../../../../data_view_manager/hooks/use_security_default_patterns');
+jest.mock('../../../../common/hooks/use_experimental_features');
+
+jest.mock('react-redux', () => {
+ const originalModule = jest.requireActual('react-redux');
+
+ return {
+ ...originalModule,
+ useSelector: jest.fn().mockReturnValue({ patternList: ['index'] }),
+ };
+});
describe('useAlertPrevalenceFromProcessTree', () => {
let hookResult: RenderHookResult<
@@ -33,8 +45,11 @@ describe('useAlertPrevalenceFromProcessTree', () => {
(useHttp as jest.Mock).mockReturnValue({
post: jest.fn(),
});
- (useTimelineDataFilters as jest.Mock).mockReturnValue({
- selectedPatterns: [],
+ (useEnableExperimental as jest.Mock).mockReturnValue({
+ newDataViewPickerEnabled: true,
+ });
+ (useSecurityDefaultPatterns as jest.Mock).mockReturnValue({
+ indexPatterns: ['index'],
});
});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_alert_prevalence_from_process_tree.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_alert_prevalence_from_process_tree.ts
index f9c27f6e2ccb4..552953ed5155a 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_alert_prevalence_from_process_tree.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_alert_prevalence_from_process_tree.ts
@@ -7,9 +7,12 @@
import { useQuery } from '@tanstack/react-query';
import { useMemo } from 'react';
+import { useSelector } from 'react-redux';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
import { useAlertDocumentAnalyzerSchema } from './use_alert_document_analyzer_schema';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
import { useHttp } from '../../../../common/lib/kibana';
+import { sourcererSelectors } from '../../../../sourcerer/store';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
export interface StatsNode {
/**
@@ -108,10 +111,17 @@ export function useAlertPrevalenceFromProcessTree({
}: UseAlertPrevalenceFromProcessTreeParams): UserAlertPrevalenceFromProcessTreeResult {
const http = useHttp();
- const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline);
+ const { newDataViewPickerEnabled } = useEnableExperimental();
+ const oldSecurityDefaultPatterns =
+ useSelector(sourcererSelectors.defaultDataView)?.patternList ?? [];
+ const { indexPatterns: experimentalSecurityDefaultIndexPatterns } = useSecurityDefaultPatterns();
+ const securityDefaultPatterns = newDataViewPickerEnabled
+ ? experimentalSecurityDefaultIndexPatterns
+ : oldSecurityDefaultPatterns;
+
const alertAndOriginalIndices = useMemo(
- () => [...new Set(selectedPatterns.concat(indices))],
- [indices, selectedPatterns]
+ () => [...new Set(securityDefaultPatterns.concat(indices))],
+ [indices, securityDefaultPatterns]
);
const { loading, id, schema, agentId } = useAlertDocumentAnalyzerSchema({
documentId,
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_fetch_prevalence.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_fetch_prevalence.ts
index 3b27ff0e00d36..44d885759599a 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_fetch_prevalence.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_fetch_prevalence.ts
@@ -9,11 +9,12 @@ import { buildEsQuery } from '@kbn/es-query';
import type { IEsSearchRequest } from '@kbn/search-types';
import { useQuery } from '@tanstack/react-query';
import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
+import { useSelector } from 'react-redux';
import { createFetchData } from '../utils/fetch_data';
import { useKibana } from '../../../../common/lib/kibana';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
-import { isActiveTimeline } from '../../../../helpers';
-import { SourcererScopeName } from '../../../../sourcerer/store/model';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
+import { sourcererSelectors } from '../../../../sourcerer/store';
const QUERY_KEY = 'useFetchFieldValuePairWithAggregation';
@@ -103,9 +104,20 @@ export const useFetchPrevalence = ({
} = useKibana();
// retrieves detections and non-detections indices (for example, the alert security index from the current space and 'logs-*' indices)
- const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline(SourcererScopeName.default));
+ const { newDataViewPickerEnabled } = useEnableExperimental();
+ const oldSecurityDefaultPatterns =
+ useSelector(sourcererSelectors.defaultDataView)?.patternList ?? [];
+ const { indexPatterns: experimentalSecurityDefaultIndexPatterns } = useSecurityDefaultPatterns();
+ const securityDefaultPatterns = newDataViewPickerEnabled
+ ? experimentalSecurityDefaultIndexPatterns
+ : oldSecurityDefaultPatterns;
- const searchRequest = buildSearchRequest(highlightedFieldsFilters, from, to, selectedPatterns);
+ const searchRequest = buildSearchRequest(
+ highlightedFieldsFilters,
+ from,
+ to,
+ securityDefaultPatterns
+ );
const { data, isLoading, isError } = useQuery(
[QUERY_KEY, highlightedFieldsFilters, from, to],
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host.ts
index 5933be6e1a1b7..5a2e3eac2cc9b 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host.ts
@@ -6,8 +6,9 @@
*/
import { useMemo } from 'react';
+import { useSelector } from 'react-redux';
import { useDeepEqualSelector } from '../../../../common/hooks/use_selector';
-import { inputsSelectors } from '../../../../common/store';
+import { inputsSelectors, sourcererSelectors } from '../../../../common/store';
import { useHostDetails } from '../../../../explore/hosts/containers/hosts/details';
import { useFirstLastSeen } from '../../../../common/containers/use_first_last_seen';
import { useGlobalTime } from '../../../../common/containers/use_global_time';
@@ -17,7 +18,8 @@ import { HOST_PANEL_OBSERVED_HOST_QUERY_ID, HOST_PANEL_RISK_SCORE_QUERY_ID } fro
import { useQueryInspector } from '../../../../common/components/page/manage_query';
import type { ObservedEntityData } from '../../shared/components/observed_entity/types';
import { isActiveTimeline } from '../../../../helpers';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
export const useObservedHost = (
hostName: string,
@@ -31,12 +33,18 @@ export const useObservedHost = (
const { to, from } = isActiveTimelines ? timelineTime : globalTime;
const { isInitializing, setQuery, deleteQuery } = globalTime;
- const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline(scopeId));
+ const { newDataViewPickerEnabled } = useEnableExperimental();
+ const oldSecurityDefaultPatterns =
+ useSelector(sourcererSelectors.defaultDataView)?.patternList ?? [];
+ const { indexPatterns: experimentalSecurityDefaultIndexPatterns } = useSecurityDefaultPatterns();
+ const securityDefaultPatterns = newDataViewPickerEnabled
+ ? experimentalSecurityDefaultIndexPatterns
+ : oldSecurityDefaultPatterns;
const [isLoading, { hostDetails, inspect: inspectObservedHost }, refetch] = useHostDetails({
endDate: to,
hostName,
- indexNames: selectedPatterns,
+ indexNames: securityDefaultPatterns,
id: HOST_PANEL_RISK_SCORE_QUERY_ID,
skip: isInitializing,
startDate: from,
@@ -54,7 +62,7 @@ export const useObservedHost = (
const [loadingFirstSeen, { firstSeen }] = useFirstLastSeen({
field: 'host.name',
value: hostName,
- defaultIndex: selectedPatterns,
+ defaultIndex: securityDefaultPatterns,
order: Direction.asc,
filterQuery: NOT_EVENT_KIND_ASSET_FILTER,
});
@@ -62,7 +70,7 @@ export const useObservedHost = (
const [loadingLastSeen, { lastSeen }] = useFirstLastSeen({
field: 'host.name',
value: hostName,
- defaultIndex: selectedPatterns,
+ defaultIndex: securityDefaultPatterns,
order: Direction.desc,
filterQuery: NOT_EVENT_KIND_ASSET_FILTER,
});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/service_right/hooks/use_observed_service.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/service_right/hooks/use_observed_service.ts
index 8a71dd3f20f44..3c08ab724dd5f 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/service_right/hooks/use_observed_service.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/service_right/hooks/use_observed_service.ts
@@ -6,6 +6,7 @@
*/
import { useMemo } from 'react';
+import { useSelector } from 'react-redux';
import { useDeepEqualSelector } from '../../../../common/hooks/use_selector';
import { inputsSelectors } from '../../../../common/store';
import { useQueryInspector } from '../../../../common/components/page/manage_query';
@@ -15,7 +16,9 @@ import { Direction, NOT_EVENT_KIND_ASSET_FILTER } from '../../../../../common/se
import { useGlobalTime } from '../../../../common/containers/use_global_time';
import { useFirstLastSeen } from '../../../../common/containers/use_first_last_seen';
import { isActiveTimeline } from '../../../../helpers';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
+import { sourcererSelectors } from '../../../../sourcerer/store';
import { useObservedServiceDetails } from './observed_service_details';
export const useObservedService = (
@@ -30,7 +33,13 @@ export const useObservedService = (
const { to, from } = isActiveTimelines ? timelineTime : globalTime;
const { isInitializing, setQuery, deleteQuery } = globalTime;
- const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline(scopeId));
+ const { newDataViewPickerEnabled } = useEnableExperimental();
+ const oldSecurityDefaultPatterns =
+ useSelector(sourcererSelectors.defaultDataView)?.patternList ?? [];
+ const { indexPatterns: experimentalSecurityDefaultIndexPatterns } = useSecurityDefaultPatterns();
+ const securityDefaultPatterns = newDataViewPickerEnabled
+ ? experimentalSecurityDefaultIndexPatterns
+ : oldSecurityDefaultPatterns;
const [
loadingObservedService,
@@ -39,7 +48,7 @@ export const useObservedService = (
endDate: to,
startDate: from,
serviceName,
- indexNames: selectedPatterns,
+ indexNames: securityDefaultPatterns,
skip: isInitializing,
});
@@ -55,7 +64,7 @@ export const useObservedService = (
const [loadingFirstSeen, { firstSeen }] = useFirstLastSeen({
field: 'service.name',
value: serviceName,
- defaultIndex: selectedPatterns,
+ defaultIndex: securityDefaultPatterns,
order: Direction.asc,
filterQuery: NOT_EVENT_KIND_ASSET_FILTER,
});
@@ -63,7 +72,7 @@ export const useObservedService = (
const [loadingLastSeen, { lastSeen }] = useFirstLastSeen({
field: 'service.name',
value: serviceName,
- defaultIndex: selectedPatterns,
+ defaultIndex: securityDefaultPatterns,
order: Direction.desc,
filterQuery: NOT_EVENT_KIND_ASSET_FILTER,
});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/user_right/hooks/use_observed_user.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/user_right/hooks/use_observed_user.ts
index 7918a400bb074..0a8367b2fb832 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/user_right/hooks/use_observed_user.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/user_right/hooks/use_observed_user.ts
@@ -6,6 +6,7 @@
*/
import { useMemo } from 'react';
+import { useSelector } from 'react-redux';
import { useDeepEqualSelector } from '../../../../common/hooks/use_selector';
import { inputsSelectors } from '../../../../common/store';
import { useQueryInspector } from '../../../../common/components/page/manage_query';
@@ -16,7 +17,9 @@ import { Direction, NOT_EVENT_KIND_ASSET_FILTER } from '../../../../../common/se
import { useGlobalTime } from '../../../../common/containers/use_global_time';
import { useFirstLastSeen } from '../../../../common/containers/use_first_last_seen';
import { isActiveTimeline } from '../../../../helpers';
-import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters';
+import { useEnableExperimental } from '../../../../common/hooks/use_experimental_features';
+import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
+import { sourcererSelectors } from '../../../../sourcerer/store';
export const useObservedUser = (
userName: string,
@@ -30,14 +33,20 @@ export const useObservedUser = (
const { to, from } = isActiveTimelines ? timelineTime : globalTime;
const { isInitializing, setQuery, deleteQuery } = globalTime;
- const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline(scopeId));
+ const { newDataViewPickerEnabled } = useEnableExperimental();
+ const oldSecurityDefaultPatterns =
+ useSelector(sourcererSelectors.defaultDataView)?.patternList ?? [];
+ const { indexPatterns: experimentalSecurityDefaultIndexPatterns } = useSecurityDefaultPatterns();
+ const securityDefaultPatterns = newDataViewPickerEnabled
+ ? experimentalSecurityDefaultIndexPatterns
+ : oldSecurityDefaultPatterns;
const [loadingObservedUser, { userDetails: observedUserDetails, inspect, refetch, id: queryId }] =
useObservedUserDetails({
endDate: to,
startDate: from,
userName,
- indexNames: selectedPatterns,
+ indexNames: securityDefaultPatterns,
skip: isInitializing,
});
@@ -53,7 +62,7 @@ export const useObservedUser = (
const [loadingFirstSeen, { firstSeen }] = useFirstLastSeen({
field: 'user.name',
value: userName,
- defaultIndex: selectedPatterns,
+ defaultIndex: securityDefaultPatterns,
order: Direction.asc,
filterQuery: NOT_EVENT_KIND_ASSET_FILTER,
});
@@ -61,7 +70,7 @@ export const useObservedUser = (
const [loadingLastSeen, { lastSeen }] = useFirstLastSeen({
field: 'user.name',
value: userName,
- defaultIndex: selectedPatterns,
+ defaultIndex: securityDefaultPatterns,
order: Direction.desc,
filterQuery: NOT_EVENT_KIND_ASSET_FILTER,
});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/timelines/containers/use_timeline_data_filters.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/timelines/containers/use_timeline_data_filters.test.tsx
index db9413df30595..32cd8b89ced24 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/timelines/containers/use_timeline_data_filters.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/timelines/containers/use_timeline_data_filters.test.tsx
@@ -56,15 +56,6 @@ const wrapper = ({ children }: { children: React.ReactNode }) => (
describe('useTimelineDataFilters', () => {
describe('on alerts page', () => {
- it('uses the same selected patterns throughout the app', () => {
- const { result } = renderHook(() => useTimelineDataFilters(false), { wrapper });
- const { result: timelineResult } = renderHook(() => useTimelineDataFilters(true), {
- wrapper,
- });
-
- expect(result.current.selectedPatterns).toEqual(timelineResult.current.selectedPatterns);
- });
-
it('allows the other parts of the query to remain unique', () => {
const { result } = renderHook(() => useTimelineDataFilters(false), { wrapper });
const { result: timelineResult } = renderHook(() => useTimelineDataFilters(true), {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/timelines/containers/use_timeline_data_filters.ts b/x-pack/solutions/security/plugins/security_solution/public/timelines/containers/use_timeline_data_filters.ts
index 891f0b16aec53..f962dce984edb 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/timelines/containers/use_timeline_data_filters.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/timelines/containers/use_timeline_data_filters.ts
@@ -12,10 +12,6 @@ import {
startSelector,
endSelector,
} from '../../common/components/super_date_picker/selectors';
-import { SourcererScopeName } from '../../sourcerer/store/model';
-import { useSelectedPatterns } from '../../data_view_manager/hooks/use_selected_patterns';
-import { useSourcererDataView } from '../../sourcerer/containers';
-import { useEnableExperimental } from '../../common/hooks/use_experimental_features';
export function useTimelineDataFilters(isActiveTimelines: boolean) {
const getStartSelector = useMemo(() => startSelector(), []);
@@ -44,22 +40,11 @@ export function useTimelineDataFilters(isActiveTimelines: boolean) {
}
});
- const { newDataViewPickerEnabled } = useEnableExperimental();
- const { selectedPatterns: oldAnalyzerPatterns } = useSourcererDataView(
- SourcererScopeName.analyzer
- );
- const experimentalAnalyzerPatterns = useSelectedPatterns(SourcererScopeName.analyzer);
-
- const analyzerPatterns = newDataViewPickerEnabled
- ? experimentalAnalyzerPatterns
- : oldAnalyzerPatterns;
-
return useMemo(() => {
return {
- selectedPatterns: analyzerPatterns,
from,
to,
shouldUpdate,
};
- }, [from, to, shouldUpdate, analyzerPatterns]);
+ }, [from, to, shouldUpdate]);
}
diff --git a/x-pack/solutions/security/plugins/security_solution/public/timelines/hooks/use_create_timeline.tsx b/x-pack/solutions/security/plugins/security_solution/public/timelines/hooks/use_create_timeline.tsx
index 955cbac9abd6a..1a63f893414a5 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/timelines/hooks/use_create_timeline.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/timelines/hooks/use_create_timeline.tsx
@@ -21,11 +21,10 @@ import { defaultUdtHeaders } from '../components/timeline/body/column_headers/de
import { timelineDefaults } from '../store/defaults';
import { useSelectDataView } from '../../data_view_manager/hooks/use_select_data_view';
import { DataViewManagerScopeName } from '../../data_view_manager/constants';
-import { useSelectedPatterns } from '../../data_view_manager/hooks/use_selected_patterns';
import { sourcererActions, sourcererSelectors } from '../../sourcerer/store';
import { SourcererScopeName } from '../../sourcerer/store/model';
import { useEnableExperimental } from '../../common/hooks/use_experimental_features';
-import { useDataView } from '../../data_view_manager/hooks/use_data_view';
+import { useSecurityDefaultPatterns } from '../../data_view_manager/hooks/use_security_default_patterns';
export interface UseCreateTimelineParams {
/**
@@ -59,16 +58,20 @@ export const useCreateTimeline = ({
) ?? { id: '', patternList: [] };
const { newDataViewPickerEnabled } = useEnableExperimental();
- const { dataView: experimentalDataView } = useDataView(DataViewManagerScopeName.default);
- const experimentalSelectedPatterns = useSelectedPatterns(DataViewManagerScopeName.default);
+
+ const {
+ id: experimentalSecurityDefaultDataViewId,
+ indexPatterns: experimentalSecurityDefaultIndexPatterns,
+ } = useSecurityDefaultPatterns();
const dataViewId = useMemo(
- () => (newDataViewPickerEnabled ? experimentalDataView?.id ?? '' : oldDataViewId),
- [experimentalDataView?.id, newDataViewPickerEnabled, oldDataViewId]
+ () => (newDataViewPickerEnabled ? experimentalSecurityDefaultDataViewId ?? '' : oldDataViewId),
+ [experimentalSecurityDefaultDataViewId, newDataViewPickerEnabled, oldDataViewId]
);
const selectedPatterns = useMemo(
- () => (newDataViewPickerEnabled ? experimentalSelectedPatterns : oldSelectedPatterns),
- [experimentalSelectedPatterns, newDataViewPickerEnabled, oldSelectedPatterns]
+ () =>
+ newDataViewPickerEnabled ? experimentalSecurityDefaultIndexPatterns : oldSelectedPatterns,
+ [experimentalSecurityDefaultIndexPatterns, newDataViewPickerEnabled, oldSelectedPatterns]
);
const { timelineFullScreen, setTimelineFullScreen } = useTimelineFullScreen();