[Osquery] Remove @kbn/timelines-plugin dependency from osquery plugin

x-pack/platform/plugins/shared/osquery/cypress/e2e/all/alerts_cases.cy.ts

@@ -25,8 +25,7 @@ import {
 } from '../../tasks/live_query';
 import { generateRandomStringName, interceptCaseId } from '../../tasks/integrations';
 
-// Failing: See https://github.com/elastic/kibana/issues/197151
-describe.skip(
+describe(
   'Alert Event Details - Cases',
   { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] },
   () => {
@@ -107,7 +106,7 @@ describe.skip(
         cy.getBySel('securitySolutionFlyoutResponseButton').click();
         cy.getBySel('responseActionsViewWrapper').should('exist');
         cy.contains('select * from users;');
-        cy.contains("SELECT * FROM os_version where name='Ubuntu';");
+        cy.contains(/SELECT \* FROM os_version where name='.+'/);
         cy.getBySel('osquery-results-comment').each(($comment) => {
           cy.wrap($comment).within(() => {
             // On initial load result table might not render due to displayed error

x-pack/platform/plugins/shared/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts

@@ -17,8 +17,7 @@ import {
 } from '../../tasks/live_query';
 import { closeModalIfVisible, closeToastIfVisible } from '../../tasks/integrations';
 
-// FLAKY: https://github.com/elastic/kibana/issues/218206
-describe.skip(
+describe(
   'Alert Event Details',
   {
     tags: ['@ess', '@serverless', '@skipInServerlessMKI'],

x-pack/platform/plugins/shared/osquery/cypress/e2e/all/cases.cy.ts

@@ -46,7 +46,7 @@ describe('Add to Cases', () => {
       cleanupCase(caseId);
     });
 
-    it('should add result a case and not have add to timeline in result', () => {
+    it('should add result to a case without showing add to timeline button', () => {
       addLiveQueryToCase(liveQueryId, caseId);
       cy.contains(`Case ${caseTitle} updated`);
       viewRecentCaseAndCheckResults();
@@ -78,7 +78,7 @@ describe('Add to Cases', () => {
       cleanupCase(caseId);
     });
 
-    it('should add result a case and have add to timeline in result', () => {
+    it('should add result to a case without showing add to timeline button', () => {
       addLiveQueryToCase(liveQueryId, caseId);
       cy.contains(`Case ${caseTitle} updated`);
       viewRecentCaseAndCheckResults();
@@ -88,7 +88,7 @@ describe('Add to Cases', () => {
         lens: true,
         discover: true,
         cases: false,
-        timeline: true,
+        timeline: false,
       });
     });
   });

x-pack/platform/plugins/shared/osquery/cypress/e2e/all/timelines.cy.ts

@@ -10,8 +10,7 @@ import { takeOsqueryActionWithParams } from '../../tasks/live_query';
 import { ServerlessRoleName } from '../../support/roles';
 import { disableNewFeaturesTours } from '../../tasks/navigation';
 
-// FLAKY: https://github.com/elastic/kibana/issues/229432
-describe.skip('ALL - Timelines', { tags: ['@ess'] }, () => {
+describe('ALL - Timelines', { tags: ['@ess'] }, () => {
   before(() => {
     initializeDataViews();
   });

x-pack/platform/plugins/shared/osquery/moon.yml

@@ -36,7 +36,6 @@ dependsOn:
   - '@kbn/lens-plugin'
   - '@kbn/security-plugin'
   - '@kbn/triggers-actions-ui-plugin'
-  - '@kbn/timelines-plugin'
   - '@kbn/spaces-plugin'
   - '@kbn/i18n'
   - '@kbn/rison'

x-pack/platform/plugins/shared/osquery/public/live_queries/form/index.tsx

@@ -26,6 +26,7 @@ import { usePacks } from '../../packs/use_packs';
 import { useCreateLiveQuery } from '../use_create_live_query_action';
 import { useLiveQueryDetails } from '../../actions/use_live_query_details';
 import type { AgentSelection } from '../../agents/types';
+import type { AddToTimelineHandler } from '../../types';
 import LiveQueryQueryField from './live_query_query_field';
 import { AgentsTableField } from './agents_table_field';
 import { savedQueryDataSerializer } from '../../saved_queries/form/use_saved_query_form';
@@ -63,6 +64,7 @@ interface LiveQueryFormProps {
   formType?: FormType;
   enabled?: boolean;
   hideAgentsField?: boolean;
+  addToTimeline?: AddToTimelineHandler;
 }
 
 const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
@@ -72,6 +74,7 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
   formType = 'steps',
   enabled = true,
   hideAgentsField = false,
+  addToTimeline,
 }) => {
   const alertAttachmentContext = useContext(AlertAttachmentContext);
 
@@ -228,9 +231,11 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
           endDate={singleQueryDetails?.expiration}
           agentIds={singleQueryDetails?.agents}
           liveQueryActionId={liveQueryActionId}
+          addToTimeline={addToTimeline}
         />
       ) : null,
     [
+      addToTimeline,
       singleQueryDetails?.action_id,
       singleQueryDetails?.expiration,
       singleQueryDetails?.agents,
@@ -316,6 +321,7 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
               liveQueryDetails={liveQueryDetails}
               submitButtonContent={submitButtonContent}
               showResultsHeader
+              addToTimeline={addToTimeline}
             />
           ) : (
             <>

x-pack/platform/plugins/shared/osquery/public/live_queries/form/pack_queries_status_table.tsx

@@ -32,6 +32,7 @@ import { PackViewInLensAction } from '../../lens/pack_view_in_lens';
 import { PackViewInDiscoverAction } from '../../discover/pack_view_in_discover';
 import { AddToCaseWrapper } from '../../cases/add_to_cases';
 import { AddToTimelineButton } from '../../timelines/add_to_timeline_button';
+import type { AddToTimelineHandler } from '../../types';
 
 const truncateTooltipTextCss = {
   width: '100%',
@@ -140,6 +141,7 @@ interface PackQueriesStatusTableProps {
   startDate?: string;
   expirationDate?: string;
   showResultsHeader?: boolean;
+  addToTimeline?: AddToTimelineHandler;
 }
 
 const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = ({
@@ -150,6 +152,7 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
   startDate,
   expirationDate,
   showResultsHeader,
+  addToTimeline,
 }) => {
   const [queryDetailsFlyoutOpen, setQueryDetailsFlyoutOpen] = useState<{
     id: string;
@@ -242,6 +245,7 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
                   agentIds={agentIds}
                   failedAgentsCount={item?.failed ?? 0}
                   error={item.error}
+                  addToTimeline={addToTimeline}
                 />
               </EuiFlexItem>
             </EuiFlexGroup>
@@ -251,7 +255,7 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
         return itemIdToExpandedRowMapValues;
       });
     },
-    [actionId, startDate, expirationDate, agentIds]
+    [actionId, startDate, expirationDate, agentIds, addToTimeline]
   );
 
   const renderToggleResultsAction = useCallback(
@@ -285,7 +289,12 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
         {
           render: (item: { action_id: string }) =>
             item.action_id && (
-              <AddToTimelineButton field="action_id" value={item.action_id} isIcon={true} />
+              <AddToTimelineButton
+                field="action_id"
+                value={item.action_id}
+                isIcon={true}
+                addToTimeline={addToTimeline}
+              />
             ),
         },
         {
@@ -317,6 +326,7 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
     },
     [
       actionId,
+      addToTimeline,
       agentIds,
       handleQueryFlyoutOpen,
       renderDiscoverResultsAction,
@@ -422,6 +432,7 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
           queryIds={queryIds as string[]}
           actionId={actionId}
           agentIds={agentIds}
+          addToTimeline={addToTimeline}
         />
       )}
       <EuiBasicTable

x-pack/platform/plugins/shared/osquery/public/live_queries/form/pack_results_header.tsx

@@ -10,11 +10,13 @@ import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { AddToTimelineButton } from '../../timelines/add_to_timeline_button';
 import { AddToCaseWrapper } from '../../cases/add_to_cases';
+import type { AddToTimelineHandler } from '../../types';
 
 interface PackResultsHeadersProps {
   actionId?: string;
   queryIds: string[];
   agentIds?: string[];
+  addToTimeline?: AddToTimelineHandler;
 }
 
 const resultsHeadingCss = ({ euiTheme }: UseEuiTheme) => ({
@@ -29,8 +31,8 @@ const iconsListCss = {
 };
 
 export const PackResultsHeader = React.memo<PackResultsHeadersProps>(
-  ({ actionId, agentIds, queryIds }) => {
-    const iconProps = useMemo(() => ({ color: 'text', size: 'xs', iconSize: 'l' }), []);
+  ({ actionId, agentIds, queryIds, addToTimeline }) => {
+    const iconProps = useMemo(() => ({ color: 'text', size: 'xs', iconSize: 'l' } as const), []);
 
     return (
       <>
@@ -64,6 +66,7 @@ export const PackResultsHeader = React.memo<PackResultsHeadersProps>(
                       value={queryIds}
                       isIcon={true}
                       iconProps={iconProps}
+                      addToTimeline={addToTimeline}
                     />
                   </EuiFlexItem>
                 </EuiFlexGroup>

x-pack/platform/plugins/shared/osquery/public/live_queries/index.tsx

@@ -13,6 +13,7 @@ import { replaceParamsQuery } from '../../common/utils/replace_params_query';
 import { AlertAttachmentContext } from '../common/contexts';
 import { LiveQueryForm } from './form';
 import type { AgentSelection } from '../agents/types';
+import type { AddToTimelineHandler } from '../types';
 
 interface LiveQueryProps {
   agentId?: string;
@@ -32,6 +33,7 @@ interface LiveQueryProps {
   hideAgentsField?: boolean;
   packId?: string;
   agentSelection?: AgentSelection;
+  addToTimeline?: AddToTimelineHandler;
 }
 
 const LiveQueryComponent: React.FC<LiveQueryProps> = ({
@@ -51,6 +53,7 @@ const LiveQueryComponent: React.FC<LiveQueryProps> = ({
   packId,
   agentSelection,
   timeout,
+  addToTimeline,
 }) => {
   const initialAgentSelection = useMemo(() => {
     if (agentSelection) {
@@ -103,6 +106,7 @@ const LiveQueryComponent: React.FC<LiveQueryProps> = ({
       formType={formType}
       enabled={enabled}
       hideAgentsField={hideAgentsField}
+      addToTimeline={addToTimeline}
     />
   );
 };

x-pack/platform/plugins/shared/osquery/public/results/results_table.tsx

@@ -30,6 +30,7 @@ import React, { createContext, useEffect, useState, useCallback, useContext, use
 import type { ECSMapping } from '@kbn/osquery-io-ts-types';
 import { pagePathGetters } from '@kbn/fleet-plugin/public';
 import { AddToTimelineButton } from '../timelines/add_to_timeline_button';
+import type { AddToTimelineHandler } from '../types';
 import { useAllResults } from './use_all_results';
 import type { ResultEdges } from '../../common/search_strategy';
 import { Direction } from '../../common/search_strategy';
@@ -99,6 +100,7 @@ export interface ResultsTableComponentProps {
   startDate?: string;
   liveQueryActionId?: string;
   error?: string;
+  addToTimeline?: AddToTimelineHandler;
 }
 
 const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
@@ -109,6 +111,7 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
   endDate,
   liveQueryActionId,
   error,
+  addToTimeline,
 }) => {
   const [isLive, setIsLive] = useState(true);
 
@@ -126,7 +129,6 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
   const {
     application: { getUrlForApp },
     appName,
-    timelines,
     notifications: { toasts },
     i18n: i18nStart,
     theme,
@@ -369,7 +371,7 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
 
   const leadingControlColumns: EuiDataGridControlColumn[] = useMemo(() => {
     const edges = allResultsData?.edges;
-    if (timelines && edges) {
+    if (addToTimeline && edges) {
       return [
         {
           id: 'timeline',
@@ -381,14 +383,21 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
             };
             const eventId = edges[visibleRowIndex]?._id;
 
-            return <AddToTimelineButton field="_id" value={eventId!} isIcon={true} />;
+            return (
+              <AddToTimelineButton
+                field="_id"
+                value={eventId!}
+                isIcon={true}
+                addToTimeline={addToTimeline}
+              />
+            );
           },
         },
       ];
     }
 
     return [];
-  }, [allResultsData?.edges, timelines]);
+  }, [addToTimeline, allResultsData?.edges]);
 
   const toolbarVisibility = useMemo(
     () => ({
@@ -408,14 +417,14 @@ const ResultsTableComponent: React.FC<ResultsTableComponentProps> = ({
             endDate={endDate}
             startDate={startDate}
           />
-          <AddToTimelineButton field="action_id" value={actionId} />
+          <AddToTimelineButton field="action_id" value={actionId} addToTimeline={addToTimeline} />
           {liveQueryActionId && (
             <AddToCaseWrapper actionId={liveQueryActionId} queryId={actionId} agentIds={agentIds} />
           )}
         </>
       ),
     }),
-    [actionId, agentIds, appName, endDate, liveQueryActionId, startDate]
+    [actionId, addToTimeline, agentIds, appName, endDate, liveQueryActionId, startDate]
   );
 
   useEffect(

x-pack/platform/plugins/shared/osquery/public/routes/saved_queries/edit/tabs.tsx

@@ -11,6 +11,7 @@ import type { ECSMapping } from '@kbn/osquery-io-ts-types';
 
 import { ResultsTable } from '../../../results/results_table';
 import { ActionResultsSummary } from '../../../action_results/action_results_summary';
+import type { AddToTimelineHandler } from '../../../types';
 
 const euiTabbedContentCss = {
   'div.euiTabs': {
@@ -27,6 +28,7 @@ interface ResultTabsProps {
   endDate?: string;
   liveQueryActionId?: string;
   error?: string;
+  addToTimeline?: AddToTimelineHandler;
 }
 
 const ResultTabsComponent: React.FC<ResultTabsProps> = ({
@@ -38,6 +40,7 @@ const ResultTabsComponent: React.FC<ResultTabsProps> = ({
   startDate,
   liveQueryActionId,
   error,
+  addToTimeline,
 }) => {
   const tabs = useMemo(
     () => [
@@ -54,6 +57,7 @@ const ResultTabsComponent: React.FC<ResultTabsProps> = ({
             endDate={endDate}
             liveQueryActionId={liveQueryActionId}
             error={error}
+            addToTimeline={addToTimeline}
           />
         ),
       },
@@ -86,6 +90,7 @@ const ResultTabsComponent: React.FC<ResultTabsProps> = ({
       liveQueryActionId,
       error,
       failedAgentsCount,
+      addToTimeline,
     ]
   );