[SecuritySolution] Hide the "Investigate in TL" button for the agent …

…status field (#132829) (#133395)

* fix: don't show the "Investigate in TL" button for the agent status field

#132095

* copy: typo 🐏

(cherry picked from commit 469094c)

x-pack/plugins/security_solution/public/common/components/event_details/helpers.tsx

@@ -24,6 +24,7 @@ import type { EnrichedFieldInfo, EventSummaryField } from './types';
 
 import * as i18n from './translations';
 import { ColumnHeaderOptions } from '../../../../common/types';
+import { AGENT_STATUS_FIELD_NAME } from '../../../timelines/components/timeline/body/renderers/constants';
 
 /**
  * Defines the behavior of the search input that appears above the table of data
@@ -225,3 +226,18 @@ export function getEnrichedFieldInfo({
     fieldFromBrowserField: browserField,
   };
 }
+
+/**
+ * A lookup table for fields that should not have actions
+ */
+export const FIELDS_WITHOUT_ACTIONS: { [field: string]: boolean } = {
+  [AGENT_STATUS_FIELD_NAME]: true,
+};
+
+/**
+ * Checks whether the given field should have hover or row actions.
+ * The lookup is fast, so it is not necessary to memoize the result.
+ */
+export function hasHoverOrRowActions(field: string): boolean {
+  return !FIELDS_WITHOUT_ACTIONS[field];
+}

x-pack/plugins/security_solution/public/common/components/event_details/table/add_to_timeline_cell.test.tsx

@@ -15,6 +15,7 @@ import { EventFieldsData } from '../types';
 import { TimelineId } from '../../../../../common/types';
 
 import { ACTION_INVESTIGATE_IN_TIMELINE } from '../../../../detections/components/alerts_table/translations';
+import { AGENT_STATUS_FIELD_NAME } from '../../../../timelines/components/timeline/body/renderers/constants';
 
 jest.mock('../../../lib/kibana');
 
@@ -45,6 +46,37 @@ const hostIpData: EventFieldsData = {
   values: ['127.0.0.1', '::1', '10.1.2.3', '2001:0DB8:AC10:FE01::'],
 };
 
+const agentStatusFieldFromBrowserField: BrowserField = {
+  aggregatable: true,
+  category: 'agent',
+  description: 'Agent status.',
+  fields: {},
+  format: '',
+  indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'],
+  name: AGENT_STATUS_FIELD_NAME,
+  readFromDocValues: false,
+  searchable: true,
+  type: 'string',
+  example: 'status',
+};
+
+const agentStatusData: EventFieldsData = {
+  field: AGENT_STATUS_FIELD_NAME,
+  format: '',
+  type: '',
+  aggregatable: false,
+  description: '',
+  example: '',
+  category: '',
+  fields: {},
+  indexes: [],
+  name: AGENT_STATUS_FIELD_NAME,
+  searchable: false,
+  readFromDocValues: false,
+  isObjectArray: false,
+  values: ['status'],
+};
+
 describe('AddToTimelineCellRenderer', () => {
   describe('When all props are provided', () => {
     test('it should display the add to timeline button', () => {
@@ -81,4 +113,22 @@ describe('AddToTimelineCellRenderer', () => {
       expect(screen.queryByLabelText(ACTION_INVESTIGATE_IN_TIMELINE)).not.toBeInTheDocument();
     });
   });
+
+  describe('When the field is the host status field', () => {
+    test('it should not render', () => {
+      render(
+        <TestProviders>
+          <AddToTimelineCellRenderer
+            data={agentStatusData}
+            eventId={eventId}
+            fieldFromBrowserField={agentStatusFieldFromBrowserField}
+            linkValue={undefined}
+            timelineId={TimelineId.test}
+            values={agentStatusData.values}
+          />
+        </TestProviders>
+      );
+      expect(screen.queryByLabelText(ACTION_INVESTIGATE_IN_TIMELINE)).not.toBeInTheDocument();
+    });
+  });
 });

x-pack/plugins/security_solution/public/common/components/event_details/table/add_to_timeline_cell.tsx

@@ -10,7 +10,7 @@ import { EuiButtonIcon } from '@elastic/eui';
 import { isEmpty } from 'lodash';
 import { useDispatch } from 'react-redux';
 
-import { AlertSummaryRow } from '../helpers';
+import { AlertSummaryRow, hasHoverOrRowActions } from '../helpers';
 import { inputsActions } from '../../../store/inputs';
 import { updateProviders } from '../../../../timelines/store/timeline/actions';
 import { sourcererActions } from '../../../store/actions';
@@ -66,7 +66,9 @@ const AddToTimelineCell = React.memo<AlertSummaryRow['description']>(
       }
     }, [dispatch, clearTimeline, actionCellConfig]);
 
-    const showButton = values != null && !isEmpty(actionCellConfig?.dataProvider);
+    const fieldHasActionsEnabled = hasHoverOrRowActions(data.field);
+    const showButton =
+      values != null && !isEmpty(actionCellConfig?.dataProvider) && fieldHasActionsEnabled;
 
     if (showButton) {
       return (

x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.tsx

@@ -9,13 +9,9 @@ import React from 'react';
 
 import { ActionCell } from './action_cell';
 import { FieldValueCell } from './field_value_cell';
-import { AlertSummaryRow } from '../helpers';
+import { AlertSummaryRow, hasHoverOrRowActions } from '../helpers';
 import { TimelineId } from '../../../../../common/types';
 
-import { AGENT_STATUS_FIELD_NAME } from '../../../../timelines/components/timeline/body/renderers/constants';
-
-const FIELDS_WITHOUT_ACTIONS: { [field: string]: boolean } = { [AGENT_STATUS_FIELD_NAME]: true };
-
 const style = { flexGrow: 0 };
 
 export const SummaryValueCell: React.FC<AlertSummaryRow['description']> = ({
@@ -28,7 +24,7 @@ export const SummaryValueCell: React.FC<AlertSummaryRow['description']> = ({
   values,
   isReadOnly,
 }) => {
-  const hoverActionsEnabled = !FIELDS_WITHOUT_ACTIONS[data.field];
+  const hoverActionsEnabled = hasHoverOrRowActions(data.field);
 
   return (
     <>