[Security Solution][Cases] sync closing reason from cases to alerts

x-pack/platform/packages/shared/response-ops/alerts-table/components/closing_reason/closing_reason_panel.tsx

@@ -0,0 +1,69 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useCallback, useMemo, useState } from 'react';
+import { EuiButton, EuiSelectable } from '@elastic/eui';
+import type { EuiSelectableOption } from '@elastic/eui';
+import { useKibana } from '@kbn/kibana-react-plugin/public';
+import type { IUiSettingsClient } from '@kbn/core-ui-settings-browser';
+import * as i18n from './translations';
+
+const CUSTOM_ALERT_CLOSE_REASONS_SETTING_KEY = 'securitySolution:alertCloseReasons';
+
+interface ClosingReasonOption {
+  key?: string;
+}
+
+const defaultClosingReasons: Array<EuiSelectableOption<ClosingReasonOption>> = [
+  { label: i18n.CLOSING_REASON_CLOSE_WITHOUT_REASON, key: undefined },
+  { label: i18n.CLOSING_REASON_DUPLICATE, key: 'duplicate' },
+  { label: i18n.CLOSING_REASON_FALSE_POSITIVE, key: 'false_positive' },
+  { label: i18n.CLOSING_REASON_TRUE_POSITIVE, key: 'true_positive' },
+  { label: i18n.CLOSING_REASON_BENIGN_POSITIVE, key: 'benign_positive' },
+  { label: i18n.CLOSING_REASON_OTHER, key: 'other' },
+];
+
+export interface ClosingReasonPanelProps {
+  onSubmit: (reason?: string) => void;
+}
+
+const ClosingReasonPanelComponent: React.FC<ClosingReasonPanelProps> = ({ onSubmit }) => {
+  const {
+    services: { uiSettings },
+  } = useKibana<{ uiSettings: IUiSettingsClient }>();
+
+  const customClosingReasons =
+    uiSettings.get<string[]>(CUSTOM_ALERT_CLOSE_REASONS_SETTING_KEY) ?? [];
+
+  const [options, setOptions] = useState<Array<EuiSelectableOption<ClosingReasonOption>>>([
+    ...defaultClosingReasons,
+    ...customClosingReasons.map((reason) => ({ label: reason, key: reason })),
+  ]);
+
+  const selectedOption = useMemo(() => options.find((option) => option.checked), [options]);
+
+  const onSubmitHandler = useCallback(() => {
+    if (!selectedOption) {
+      return;
+    }
+
+    onSubmit(selectedOption.key);
+  }, [onSubmit, selectedOption]);
+
+  return (
+    <>
+      <EuiSelectable options={options} onChange={setOptions} singleSelection="always">
+        {(list) => list}
+      </EuiSelectable>
+      <EuiButton fullWidth size="s" disabled={!selectedOption} onClick={onSubmitHandler}>
+        {i18n.CLOSING_REASON_BUTTON_MESSAGE}
+      </EuiButton>
+    </>
+  );
+};
+
+export const ClosingReasonPanel = memo(ClosingReasonPanelComponent);

x-pack/platform/packages/shared/response-ops/alerts-table/components/closing_reason/translations.ts

@@ -0,0 +1,71 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const BULK_ACTION_CLOSE_SELECTED = i18n.translate(
+  'xpack.responseOps.alertsTable.bulkActions.closeSelectedTitle',
+  {
+    defaultMessage: 'Mark as closed',
+  }
+);
+
+export const CLOSING_REASON_MENU_TITLE = i18n.translate(
+  'xpack.responseOps.alertsTable.bulkActions.closingReason.menuTitle',
+  {
+    defaultMessage: 'Reason for closing',
+  }
+);
+
+export const CLOSING_REASON_BUTTON_MESSAGE = i18n.translate(
+  'xpack.responseOps.alertsTable.bulkActions.closingReason.buttonMessage',
+  {
+    defaultMessage: 'Close',
+  }
+);
+
+export const CLOSING_REASON_DUPLICATE = i18n.translate(
+  'xpack.responseOps.alertsTable.defaultClosingReason.duplicate',
+  {
+    defaultMessage: 'Duplicate',
+  }
+);
+
+export const CLOSING_REASON_FALSE_POSITIVE = i18n.translate(
+  'xpack.responseOps.alertsTable.defaultClosingReason.falsePositive',
+  {
+    defaultMessage: 'False Positive',
+  }
+);
+
+export const CLOSING_REASON_CLOSE_WITHOUT_REASON = i18n.translate(
+  'xpack.responseOps.alertsTable.defaultClosingReason.closeWithoutReason',
+  {
+    defaultMessage: 'Close without reason',
+  }
+);
+
+export const CLOSING_REASON_TRUE_POSITIVE = i18n.translate(
+  'xpack.responseOps.alertsTable.defaultClosingReason.truePositive',
+  {
+    defaultMessage: 'True positive',
+  }
+);
+
+export const CLOSING_REASON_BENIGN_POSITIVE = i18n.translate(
+  'xpack.responseOps.alertsTable.defaultClosingReason.benignPositive',
+  {
+    defaultMessage: 'Benign positive',
+  }
+);
+
+export const CLOSING_REASON_OTHER = i18n.translate(
+  'xpack.responseOps.alertsTable.defaultClosingReason.other',
+  {
+    defaultMessage: 'Other',
+  }
+);

x-pack/platform/packages/shared/response-ops/alerts-table/components/closing_reason/use_bulk_closing_reason_items.test.tsx

@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { renderHook } from '@testing-library/react';
+import {
+  ALERT_CLOSING_REASON_PANEL_ID,
+  useBulkClosingReasonItems,
+} from './use_bulk_closing_reason_items';
+
+describe('useBulkClosingReasonItems', () => {
+  it('returns one item and one panel when enabled', () => {
+    const { result } = renderHook(() =>
+      useBulkClosingReasonItems({
+        isEnabled: true,
+      })
+    );
+
+    expect(result.current.item?.panel).toBe(ALERT_CLOSING_REASON_PANEL_ID);
+    expect(result.current.panels.length).toBe(1);
+  });
+
+  it('returns no item and no panels when disabled', () => {
+    const { result } = renderHook(() =>
+      useBulkClosingReasonItems({
+        isEnabled: false,
+      })
+    );
+
+    expect(result.current.item).toBeUndefined();
+    expect(result.current.panels).toEqual([]);
+  });
+});

x-pack/platform/packages/shared/response-ops/alerts-table/components/closing_reason/use_bulk_closing_reason_items.tsx

@@ -0,0 +1,113 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useMemo } from 'react';
+import type { ContentPanelConfig, RenderContentPanelProps } from '../../types';
+import { ClosingReasonPanel } from './closing_reason_panel';
+import * as i18n from './translations';
+
+export const ALERT_CLOSING_REASON_PANEL_ID = 'ALERT_CLOSING_REASON_PANEL_ID';
+
+export interface OnSubmitClosingReasonParams extends RenderContentPanelProps {
+  /**
+   * The reason the item(s) are being closed
+   */
+  reason?: string;
+}
+
+export interface UseBulkClosingReasonItemsProps {
+  /**
+   * Whether the closing reason action should be shown
+   */
+  isEnabled?: boolean;
+  /**
+   * Called once the user confirms the closing reason
+   */
+  onSubmitCloseReason?: (params: OnSubmitClosingReasonParams) => void;
+}
+
+/**
+ * Returns menu items and panels to be used in a EuiContextMenu component
+ */
+export const useBulkClosingReasonItems = ({
+  isEnabled = true,
+  onSubmitCloseReason,
+}: UseBulkClosingReasonItemsProps = {}) => {
+  const item = useMemo(
+    () =>
+      isEnabled
+        ? {
+            key: 'close-alert-with-reason',
+            'data-test-subj': 'alert-close-context-menu-item',
+            label: i18n.BULK_ACTION_CLOSE_SELECTED,
+            panel: ALERT_CLOSING_REASON_PANEL_ID,
+          }
+        : undefined,
+    [isEnabled]
+  );
+
+  const getRenderContent = useCallback(
+    ({
+      onSubmitCloseReason: onSubmitCloseReasonCb,
+    }: {
+      onSubmitCloseReason?: UseBulkClosingReasonItemsProps['onSubmitCloseReason'];
+    }): ContentPanelConfig['renderContent'] => {
+      return (renderProps: RenderContentPanelProps) => {
+        const handleSubmit = (reason?: string) => {
+          if (onSubmitCloseReasonCb) {
+            onSubmitCloseReasonCb({
+              ...renderProps,
+              reason,
+            });
+            return;
+          }
+
+          renderProps.closePopoverMenu();
+        };
+
+        return <ClosingReasonPanel onSubmit={handleSubmit} />;
+      };
+    },
+    []
+  );
+
+  const getPanel = useCallback(
+    ({
+      onSubmitCloseReason: onSubmitCloseReasonCb,
+    }: {
+      onSubmitCloseReason?: UseBulkClosingReasonItemsProps['onSubmitCloseReason'];
+    }): ContentPanelConfig => ({
+      id: ALERT_CLOSING_REASON_PANEL_ID,
+      title: i18n.CLOSING_REASON_MENU_TITLE,
+      renderContent: getRenderContent({ onSubmitCloseReason: onSubmitCloseReasonCb }),
+    }),
+    [getRenderContent]
+  );
+
+  const panels = useMemo<ContentPanelConfig[]>(
+    () => (isEnabled ? [getPanel({ onSubmitCloseReason })] : []),
+    [isEnabled, getPanel, onSubmitCloseReason]
+  );
+
+  const getPanels = useCallback(
+    ({
+      onSubmitCloseReason: onSubmitCloseReasonCb,
+    }: {
+      onSubmitCloseReason?: UseBulkClosingReasonItemsProps['onSubmitCloseReason'];
+    }) => (isEnabled ? [getPanel({ onSubmitCloseReason: onSubmitCloseReasonCb })] : []),
+    [getPanel, isEnabled]
+  );
+
+  return useMemo(
+    () => ({
+      item,
+      panels,
+      getPanels,
+    }),
+    [item, panels, getPanels]
+  );
+};

x-pack/platform/packages/shared/response-ops/alerts-table/index.ts

@@ -7,6 +7,14 @@
 
 import { AlertsTable } from './components/alerts_table';
 export { AlertsTable } from './components/alerts_table';
+export {
+  ALERT_CLOSING_REASON_PANEL_ID,
+  useBulkClosingReasonItems,
+} from './components/closing_reason/use_bulk_closing_reason_items';
+export type {
+  OnSubmitClosingReasonParams,
+  UseBulkClosingReasonItemsProps,
+} from './components/closing_reason/use_bulk_closing_reason_items';
 // Lazy load helper
 // eslint-disable-next-line import/no-default-export
 export default AlertsTable;

x-pack/platform/packages/shared/response-ops/alerts-table/tsconfig.json

@@ -34,6 +34,7 @@
     "@kbn/core-http-browser-mocks",
     "@kbn/core-application-browser-mocks",
     "@kbn/response-ops-alerts-apis",
+    "@kbn/kibana-react-plugin",
     "@kbn/core-notifications-browser-mocks",
     "@kbn/licensing-plugin",
     "@kbn/core-application-browser",

x-pack/platform/plugins/shared/cases/common/types/api/case/v1.ts

@@ -34,6 +34,7 @@ import {
   CaseCustomFieldToggleRt,
   CustomFieldTextTypeRt,
   CustomFieldNumberTypeRt,
+  CaseCloseReasonRt,
 } from '../../domain';
 import {
   CaseRt,
@@ -135,6 +136,10 @@ export const CaseBaseOptionalFieldsRequestRt = rt.exact(
     settings: CaseSettingsRt,
     template: rt.union([CaseTemplate, rt.null]),
     [CASE_EXTENDED_FIELDS]: rt.union([rt.undefined, rt.record(rt.string, rt.string)]),
+    /**
+     * The case close reason
+     */
+    closeReason: CaseCloseReasonRt,
   })
 );
 

x-pack/platform/plugins/shared/cases/common/types/domain/case/v1.ts

@@ -28,6 +28,19 @@ export const CaseStatusRt = rt.union([
 
 export const caseStatuses = Object.values(CaseStatuses);
 
+/**
+ * Close reason
+ */
+export const CaseCloseReasonRt = rt.union([
+  rt.literal('false_positive'),
+  rt.literal('duplicate'),
+  rt.literal('true_positive'),
+  rt.literal('benign_positive'),
+  rt.literal('automated_closure'),
+  rt.literal('other'),
+  rt.string,
+]);
+
 /**
  * Severity
  */

x-pack/platform/plugins/shared/cases/common/types/domain/user_action/status/v1.ts

@@ -6,10 +6,15 @@
  */
 
 import * as rt from 'io-ts';
-import { CaseStatusRt } from '../../case/v1';
+import { CaseStatusRt, CaseCloseReasonRt } from '../../case/v1';
 import { UserActionTypes } from '../action/v1';
 
-export const StatusUserActionPayloadRt = rt.strict({ status: CaseStatusRt });
+export const StatusUserActionPayloadRt = rt.exact(
+  rt.intersection([
+    rt.type({ status: CaseStatusRt }),
+    rt.partial({ closeReason: CaseCloseReasonRt }),
+  ])
+);
 
 export const StatusUserActionRt = rt.strict({
   type: rt.literal(UserActionTypes.status),

x-pack/platform/plugins/shared/cases/docs/openapi/components/schemas/case_close_reason.yaml

@@ -0,0 +1,14 @@
+description: >
+  The reason for closing the case. Can be one of following predefined reasons:
+  [false_positive, duplicate, true_positive, benign_positive, automated_closure,
+  other] or a custom reason provided by the user.
+oneOf:
+  - type: string
+    enum:
+      - false_positive
+      - duplicate
+      - true_positive
+      - benign_positive
+      - automated_closure
+      - other
+  - type: string

x-pack/platform/plugins/shared/cases/docs/openapi/components/schemas/update_case_request.yaml

@@ -60,6 +60,8 @@ properties:
           $ref: 'case_tags.yaml'
         title:
           $ref: 'case_title.yaml'
+        closeReason:
+          $ref: 'case_close_reason.yaml'
         version:
           description: >
             The current version of the case.