Merge branch 'master' into update-alert-status-usage

elastic · Aug 20, 2021 · 3d0b71c · 3d0b71c
2 parents 902ff37 + 5a00ff3
commit 3d0b71c
Show file tree

Hide file tree

Showing 5 changed files with 148 additions and 36 deletions.
diff --git a/...ugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx b/...ugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx
@@ -6,7 +6,11 @@
  */
 
 import { ExistsFilter, Filter } from '@kbn/es-query';
-import { buildAlertsRuleIdFilter, buildThreatMatchFilter } from './default_config';
+import {
+  buildAlertsRuleIdFilter,
+  buildAlertStatusFilter,
+  buildThreatMatchFilter,
+} from './default_config';
 
 jest.mock('./actions');
 
@@ -61,6 +65,65 @@ describe('alerts default_config', () => {
     });
   });
 
+  describe('buildAlertStatusFilter', () => {
+    test('when status is acknowledged, filter will build for both `in-progress` and `acknowledged`', () => {
+      const filters = buildAlertStatusFilter('acknowledged');
+      const expected = {
+        meta: {
+          alias: null,
+          disabled: false,
+          key: 'signal.status',
+          negate: false,
+          params: {
+            query: 'acknowledged',
+          },
+          type: 'phrase',
+        },
+        query: {
+          bool: {
+            should: [
+              {
+                term: {
+                  'signal.status': 'acknowledged',
+                },
+              },
+              {
+                term: {
+                  'signal.status': 'in-progress',
+                },
+              },
+            ],
+          },
+        },
+      };
+      expect(filters).toHaveLength(1);
+      expect(filters[0]).toEqual(expected);
+    });
+
+    test('when status is `open` or `closed`, filter will build for solely that status', () => {
+      const filters = buildAlertStatusFilter('open');
+      const expected = {
+        meta: {
+          alias: null,
+          disabled: false,
+          key: 'signal.status',
+          negate: false,
+          params: {
+            query: 'open',
+          },
+          type: 'phrase',
+        },
+        query: {
+          term: {
+            'signal.status': 'open',
+          },
+        },
+      };
+      expect(filters).toHaveLength(1);
+      expect(filters[0]).toEqual(expected);
+    });
+  });
+
   // TODO: move these tests to ../timelines/components/timeline/body/events/event_column_view.tsx
   // describe.skip('getAlertActions', () => {
   //   let setEventsLoading: ({ eventIds, isLoading }: SetEventsLoadingProps) => void;

diff --git a/...ck/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/...ck/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
@@ -26,25 +26,47 @@ import { SubsetTimelineModel } from '../../../timelines/store/timeline/model';
 import { timelineDefaults } from '../../../timelines/store/timeline/defaults';
 import { columns } from '../../configurations/security_solution_detections/columns';
 
-export const buildAlertStatusFilter = (status: Status): Filter[] => [
-  {
-    meta: {
-      alias: null,
-      negate: false,
-      disabled: false,
-      type: 'phrase',
-      key: 'signal.status',
-      params: {
-        query: status,
-      },
-    },
-    query: {
-      term: {
-        'signal.status': status,
+export const buildAlertStatusFilter = (status: Status): Filter[] => {
+  const combinedQuery =
+    status === 'acknowledged'
+      ? {
+          bool: {
+            should: [
+              {
+                term: {
+                  'signal.status': status,
+                },
+              },
+              {
+                term: {
+                  'signal.status': 'in-progress',
+                },
+              },
+            ],
+          },
+        }
+      : {
+          term: {
+            'signal.status': status,
+          },
+        };
+
+  return [
+    {
+      meta: {
+        alias: null,
+        negate: false,
+        disabled: false,
+        type: 'phrase',
+        key: 'signal.status',
+        params: {
+          query: status,
+        },
       },
+      query: combinedQuery,
     },
-  },
-];
+  ];
+};
 
 export const buildAlertsRuleIdFilter = (ruleId: string | null): Filter[] =>
   ruleId
@@ -139,25 +161,48 @@ export const requiredFieldsForActions = [
 ];
 
 // TODO: Once we are past experimental phase this code should be removed
-export const buildAlertStatusFilterRuleRegistry = (status: Status): Filter[] => [
-  {
-    meta: {
-      alias: null,
-      negate: false,
-      disabled: false,
-      type: 'phrase',
-      key: ALERT_WORKFLOW_STATUS,
-      params: {
-        query: status,
-      },
-    },
-    query: {
-      term: {
-        [ALERT_WORKFLOW_STATUS]: status,
+
+export const buildAlertStatusFilterRuleRegistry = (status: Status): Filter[] => {
+  const combinedQuery =
+    status === 'acknowledged'
+      ? {
+          bool: {
+            should: [
+              {
+                term: {
+                  [ALERT_WORKFLOW_STATUS]: status,
+                },
+              },
+              {
+                term: {
+                  [ALERT_WORKFLOW_STATUS]: 'in-progress',
+                },
+              },
+            ],
+          },
+        }
+      : {
+          term: {
+            [ALERT_WORKFLOW_STATUS]: status,
+          },
+        };
+
+  return [
+    {
+      meta: {
+        alias: null,
+        negate: false,
+        disabled: false,
+        type: 'phrase',
+        key: ALERT_WORKFLOW_STATUS,
+        params: {
+          query: status,
+        },
       },
+      query: combinedQuery,
     },
-  },
-];
+  ];
+};
 
 export const buildShowBuildingBlockFilterRuleRegistry = (
   showBuildingBlockAlerts: boolean

diff --git a/...ecurity_solution/public/detections/configurations/security_solution_detections/columns.ts b/...ecurity_solution/public/detections/configurations/security_solution_detections/columns.ts
@@ -26,7 +26,7 @@ export const columns: Array<
   {
     columnHeaderType: defaultColumnHeaderType,
     id: '@timestamp',
-    initialWidth: DEFAULT_DATE_COLUMN_MIN_WIDTH + 5,
+    initialWidth: DEFAULT_DATE_COLUMN_MIN_WIDTH + 10,
   },
   {
     columnHeaderType: defaultColumnHeaderType,

diff --git a/...ublic/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap b/...ublic/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap
diff --git a/...ins/security_solution/public/timelines/components/timeline/body/control_columns/index.tsx b/...ins/security_solution/public/timelines/components/timeline/body/control_columns/index.tsx
@@ -9,8 +9,11 @@ import { ControlColumnProps } from '../../../../../../common/types/timeline';
 import { Actions } from '../actions';
 import { HeaderActions } from '../actions/header_actions';
 
+const DEFAULT_CONTROL_COLUMN_WIDTH = 108;
+
 export const defaultControlColumn: ControlColumnProps = {
   id: 'default-timeline-control-column',
+  width: DEFAULT_CONTROL_COLUMN_WIDTH,
   headerCellRender: HeaderActions,
   rowCellRender: Actions,
 };