diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx index c5a04e3a626df..1ef57a3499922 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.test.tsx @@ -6,7 +6,11 @@ */ import { ExistsFilter, Filter } from '@kbn/es-query'; -import { buildAlertsRuleIdFilter, buildThreatMatchFilter } from './default_config'; +import { + buildAlertsRuleIdFilter, + buildAlertStatusFilter, + buildThreatMatchFilter, +} from './default_config'; jest.mock('./actions'); @@ -61,6 +65,65 @@ describe('alerts default_config', () => { }); }); + describe('buildAlertStatusFilter', () => { + test('when status is acknowledged, filter will build for both `in-progress` and `acknowledged`', () => { + const filters = buildAlertStatusFilter('acknowledged'); + const expected = { + meta: { + alias: null, + disabled: false, + key: 'signal.status', + negate: false, + params: { + query: 'acknowledged', + }, + type: 'phrase', + }, + query: { + bool: { + should: [ + { + term: { + 'signal.status': 'acknowledged', + }, + }, + { + term: { + 'signal.status': 'in-progress', + }, + }, + ], + }, + }, + }; + expect(filters).toHaveLength(1); + expect(filters[0]).toEqual(expected); + }); + + test('when status is `open` or `closed`, filter will build for solely that status', () => { + const filters = buildAlertStatusFilter('open'); + const expected = { + meta: { + alias: null, + disabled: false, + key: 'signal.status', + negate: false, + params: { + query: 'open', + }, + type: 'phrase', + }, + query: { + term: { + 'signal.status': 'open', + }, + }, + }; + expect(filters).toHaveLength(1); + expect(filters[0]).toEqual(expected); + }); + }); + // TODO: move these tests to ../timelines/components/timeline/body/events/event_column_view.tsx // describe.skip('getAlertActions', () => { // let setEventsLoading: ({ eventIds, isLoading }: SetEventsLoadingProps) => void; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx index 4e803638ac16f..b0e1792684598 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx @@ -26,25 +26,47 @@ import { SubsetTimelineModel } from '../../../timelines/store/timeline/model'; import { timelineDefaults } from '../../../timelines/store/timeline/defaults'; import { columns } from '../../configurations/security_solution_detections/columns'; -export const buildAlertStatusFilter = (status: Status): Filter[] => [ - { - meta: { - alias: null, - negate: false, - disabled: false, - type: 'phrase', - key: 'signal.status', - params: { - query: status, - }, - }, - query: { - term: { - 'signal.status': status, +export const buildAlertStatusFilter = (status: Status): Filter[] => { + const combinedQuery = + status === 'acknowledged' + ? { + bool: { + should: [ + { + term: { + 'signal.status': status, + }, + }, + { + term: { + 'signal.status': 'in-progress', + }, + }, + ], + }, + } + : { + term: { + 'signal.status': status, + }, + }; + + return [ + { + meta: { + alias: null, + negate: false, + disabled: false, + type: 'phrase', + key: 'signal.status', + params: { + query: status, + }, }, + query: combinedQuery, }, - }, -]; + ]; +}; export const buildAlertsRuleIdFilter = (ruleId: string | null): Filter[] => ruleId @@ -139,25 +161,48 @@ export const requiredFieldsForActions = [ ]; // TODO: Once we are past experimental phase this code should be removed -export const buildAlertStatusFilterRuleRegistry = (status: Status): Filter[] => [ - { - meta: { - alias: null, - negate: false, - disabled: false, - type: 'phrase', - key: ALERT_WORKFLOW_STATUS, - params: { - query: status, - }, - }, - query: { - term: { - [ALERT_WORKFLOW_STATUS]: status, + +export const buildAlertStatusFilterRuleRegistry = (status: Status): Filter[] => { + const combinedQuery = + status === 'acknowledged' + ? { + bool: { + should: [ + { + term: { + [ALERT_WORKFLOW_STATUS]: status, + }, + }, + { + term: { + [ALERT_WORKFLOW_STATUS]: 'in-progress', + }, + }, + ], + }, + } + : { + term: { + [ALERT_WORKFLOW_STATUS]: status, + }, + }; + + return [ + { + meta: { + alias: null, + negate: false, + disabled: false, + type: 'phrase', + key: ALERT_WORKFLOW_STATUS, + params: { + query: status, + }, }, + query: combinedQuery, }, - }, -]; + ]; +}; export const buildShowBuildingBlockFilterRuleRegistry = ( showBuildingBlockAlerts: boolean diff --git a/x-pack/plugins/security_solution/public/detections/configurations/security_solution_detections/columns.ts b/x-pack/plugins/security_solution/public/detections/configurations/security_solution_detections/columns.ts index 89de83ab6e5cf..beeed344c31ef 100644 --- a/x-pack/plugins/security_solution/public/detections/configurations/security_solution_detections/columns.ts +++ b/x-pack/plugins/security_solution/public/detections/configurations/security_solution_detections/columns.ts @@ -26,7 +26,7 @@ export const columns: Array< { columnHeaderType: defaultColumnHeaderType, id: '@timestamp', - initialWidth: DEFAULT_DATE_COLUMN_MIN_WIDTH + 5, + initialWidth: DEFAULT_DATE_COLUMN_MIN_WIDTH + 10, }, { columnHeaderType: defaultColumnHeaderType, diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap index 6050263fff638..6bc2dc089494d 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap @@ -521,6 +521,7 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "compare": null, "type": [Function], }, + "width": 108, }, ] } diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/control_columns/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/control_columns/index.tsx index e4f4c26417351..d38bf2136513e 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/control_columns/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/control_columns/index.tsx @@ -9,8 +9,11 @@ import { ControlColumnProps } from '../../../../../../common/types/timeline'; import { Actions } from '../actions'; import { HeaderActions } from '../actions/header_actions'; +const DEFAULT_CONTROL_COLUMN_WIDTH = 108; + export const defaultControlColumn: ControlColumnProps = { id: 'default-timeline-control-column', + width: DEFAULT_CONTROL_COLUMN_WIDTH, headerCellRender: HeaderActions, rowCellRender: Actions, };