diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.tsx index 500f14aaa531..8bf8fdf0691a 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.tsx @@ -265,7 +265,6 @@ const AlertSummaryViewComponent: React.FC<{ return ( <> - {maybeRule?.note && ( <> diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx index 3b5519825f99..0448def018d4 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx @@ -35,6 +35,7 @@ import { timelineDataToEnrichment, } from './cti_details/helpers'; import { NoEnrichmentsPanel } from './cti_details/no_enrichments_panel'; +import { Reason } from './reason'; type EventViewTab = EuiTabbedContentTab; @@ -134,6 +135,7 @@ const EventDetailsComponent: React.FC = ({ name: i18n.OVERVIEW, content: ( <> + = ({ eventId, data }) => { + const { navigateToApp } = useKibana().services.application; + const { formatUrl } = useFormatUrl(SecurityPageName.rules); + + const reason = useMemo( + () => getFieldValue({ category: 'signal', field: 'signal.reason' }, data), + [data] + ); + + const ruleId = useMemo( + () => getFieldValue({ category: 'signal', field: 'signal.rule.id' }, data), + [data] + ); + + if (!eventId) { + return {EVENT_DETAILS_PLACEHOLDER}; + } + + return reason ? ( + + + +
{i18n.REASON}
+
+ + + {reason} + + + + + void }) => { + ev.preventDefault(); + navigateToApp(APP_ID, { + deepLinkId: SecurityPageName.rules, + path: getRuleDetailsUrl(ruleId), + }); + }} + href={formatUrl(getRuleDetailsUrl(ruleId))} + > + {i18n.VIEW_RULE_DETAIL_PAGE} + + + + +
+ ) : null; +}; + +ReasonComponent.displayName = 'ReasonComponent'; + +export const Reason = React.memo(ReasonComponent); diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts b/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts index 98fd0c61a539..05fe58529887 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts +++ b/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts @@ -101,3 +101,14 @@ export const MULTI_FIELD_BADGE = i18n.translate( export const ACTIONS = i18n.translate('xpack.securitySolution.eventDetails.table.actions', { defaultMessage: 'Actions', }); + +export const REASON = i18n.translate('xpack.securitySolution.eventDetails.reason', { + defaultMessage: 'Reason', +}); + +export const VIEW_RULE_DETAIL_PAGE = i18n.translate( + 'xpack.securitySolution.eventDetails.viewRuleDetailPage', + { + defaultMessage: 'View Rule detail page', + } +);