diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.tsx
index 500f14aaa531..8bf8fdf0691a 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.tsx
@@ -265,7 +265,6 @@ const AlertSummaryViewComponent: React.FC<{
return (
<>
-
{maybeRule?.note && (
<>
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx
index 3b5519825f99..0448def018d4 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/event_details.tsx
@@ -35,6 +35,7 @@ import {
timelineDataToEnrichment,
} from './cti_details/helpers';
import { NoEnrichmentsPanel } from './cti_details/no_enrichments_panel';
+import { Reason } from './reason';
type EventViewTab = EuiTabbedContentTab;
@@ -134,6 +135,7 @@ const EventDetailsComponent: React.FC = ({
name: i18n.OVERVIEW,
content: (
<>
+
= ({ eventId, data }) => {
+ const { navigateToApp } = useKibana().services.application;
+ const { formatUrl } = useFormatUrl(SecurityPageName.rules);
+
+ const reason = useMemo(
+ () => getFieldValue({ category: 'signal', field: 'signal.reason' }, data),
+ [data]
+ );
+
+ const ruleId = useMemo(
+ () => getFieldValue({ category: 'signal', field: 'signal.rule.id' }, data),
+ [data]
+ );
+
+ if (!eventId) {
+ return {EVENT_DETAILS_PLACEHOLDER};
+ }
+
+ return reason ? (
+
+
+
+ {i18n.REASON}
+
+
+
+ {reason}
+
+
+
+
+ void }) => {
+ ev.preventDefault();
+ navigateToApp(APP_ID, {
+ deepLinkId: SecurityPageName.rules,
+ path: getRuleDetailsUrl(ruleId),
+ });
+ }}
+ href={formatUrl(getRuleDetailsUrl(ruleId))}
+ >
+ {i18n.VIEW_RULE_DETAIL_PAGE}
+
+
+
+
+
+ ) : null;
+};
+
+ReasonComponent.displayName = 'ReasonComponent';
+
+export const Reason = React.memo(ReasonComponent);
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts b/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts
index 98fd0c61a539..05fe58529887 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts
@@ -101,3 +101,14 @@ export const MULTI_FIELD_BADGE = i18n.translate(
export const ACTIONS = i18n.translate('xpack.securitySolution.eventDetails.table.actions', {
defaultMessage: 'Actions',
});
+
+export const REASON = i18n.translate('xpack.securitySolution.eventDetails.reason', {
+ defaultMessage: 'Reason',
+});
+
+export const VIEW_RULE_DETAIL_PAGE = i18n.translate(
+ 'xpack.securitySolution.eventDetails.viewRuleDetailPage',
+ {
+ defaultMessage: 'View Rule detail page',
+ }
+);