improve timeline types

x-pack/plugins/security_solution/common/api/search_strategy/cti/event_enrichment.ts

@@ -11,7 +11,7 @@ import { requestBasicOptionsSchema } from '../model/request_basic_options';
 import { timerange } from '../model/timerange';
 
 export const eventEnrichmentRequestOptionsSchema = requestBasicOptionsSchema.extend({
-  eventFields: z.record(z.string()),
+  eventFields: z.record(z.unknown()),
   timerange,
   factoryQueryType: z.literal(CtiQueries.eventEnrichment),
 });

x-pack/plugins/security_solution/common/api/search_strategy/index.ts

@@ -78,6 +78,8 @@ export * from './model/pagination';
 
 export * from './model/factory_query_type';
 
+export * from './model/runtime_mappings';
+
 export const searchStrategyRequestSchema = z.discriminatedUnion('factoryQueryType', [
   firstLastSeenRequestOptionsSchema,
   allHostsSchema,

x-pack/plugins/security_solution/common/api/search_strategy/matrix_histogram/matrix_histogram.ts

@@ -9,6 +9,7 @@ import { z } from 'zod';
 import { MatrixHistogramQuery } from '../model/factory_query_type';
 import { inspect } from '../model/inspect';
 import { requestBasicOptionsSchema } from '../model/request_basic_options';
+import { runtimeMappings } from '../model/runtime_mappings';
 import { timerange } from '../model/timerange';
 
 export enum MatrixHistogramType {
@@ -45,8 +46,7 @@ export const matrixHistogramSchema = requestBasicOptionsSchema.extend({
   inspect,
   isPtrIncluded: z.boolean().default(false),
   includeMissingData: z.boolean().default(true),
-  // TODO: add stricter type here
-  runtimeMappings: z.record(z.any()).optional(),
+  runtimeMappings,
   timerange,
   factoryQueryType: z.literal(MatrixHistogramQuery),
 });

x-pack/plugins/security_solution/common/api/search_strategy/model/runtime_mappings.ts

@@ -0,0 +1,49 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from 'zod';
+
+export type MappingRuntimeFieldType =
+  | 'boolean'
+  | 'date'
+  | 'double'
+  | 'geo_point'
+  | 'ip'
+  | 'keyword'
+  | 'long'
+  | 'lookup';
+
+export const runtimeMappings = z
+  .record(
+    z.object({
+      type: z.union([
+        z.literal('boolean'),
+        z.literal('date'),
+        z.literal('double'),
+        z.literal('geo_point'),
+        z.literal('ip'),
+        z.literal('keyword'),
+        z.literal('long'),
+        z.literal('lookup'),
+      ]),
+      script: z
+        .union([
+          z.string(),
+          z.object({ source: z.string() }),
+          z.object({ id: z.string(), params: z.record(z.any()) }),
+        ])
+        .optional(),
+      fetch_fields: z.array(z.string()).optional(),
+      format: z.string().optional(),
+      input_field: z.string().optional(),
+      target_field: z.string().optional(),
+      target_index: z.string().optional(),
+    })
+  )
+  .optional();
+
+export type RunTimeMappings = z.infer<typeof runtimeMappings>;

x-pack/plugins/security_solution/common/search_strategy/timeline/events/all/index.ts

@@ -10,5 +10,4 @@ export type {
   TimelineItem,
   TimelineNonEcsData,
   TimelineEventsAllStrategyResponse,
-  TimelineEventsAllRequestOptions,
 } from '@kbn/timelines-plugin/common';

x-pack/plugins/security_solution/common/search_strategy/timeline/events/details/index.ts

@@ -8,5 +8,4 @@
 export type {
   TimelineEventsDetailsItem,
   TimelineEventsDetailsStrategyResponse,
-  TimelineEventsDetailsRequestOptions,
 } from '@kbn/timelines-plugin/common';

x-pack/plugins/security_solution/common/search_strategy/timeline/events/eql/index.ts

@@ -6,7 +6,6 @@
  */
 
 export type {
-  TimelineEqlRequestOptions,
   TimelineEqlResponse,
   EqlOptionsData,
   EqlOptionsSelected,

x-pack/plugins/security_solution/common/search_strategy/timeline/events/last_event_time/index.ts

@@ -10,7 +10,7 @@ export { LastEventIndexKey } from '@kbn/timelines-plugin/common';
 export type {
   LastTimeDetails,
   TimelineEventsLastEventTimeStrategyResponse,
-  TimelineKpiStrategyRequest,
+  TimelineKpiRequestOptionsInput,
   TimelineKpiStrategyResponse,
-  TimelineEventsLastEventTimeRequestOptions,
+  TimelineEventsLastEventTimeRequestOptionsInput,
 } from '@kbn/timelines-plugin/common';

x-pack/plugins/security_solution/public/common/components/events_viewer/use_timelines_events.tsx

@@ -17,7 +17,8 @@ import type {
   Inspect,
   PaginationInputPaginated,
   TimelineEdges,
-  TimelineEventsAllRequestOptions,
+  TimelineEqlRequestOptionsInput,
+  TimelineEventsAllOptionsInput,
   TimelineEventsAllStrategyResponse,
   TimelineItem,
 } from '@kbn/timelines-plugin/common';
@@ -58,7 +59,7 @@ type TimelineEventsSearchHandler = (onNextResponse?: OnNextResponseHandler) => v
 
 type LoadPage = (newActivePage: number) => void;
 
-type TimelineRequest<T extends KueryFilterQueryKind> = TimelineEventsAllRequestOptions;
+type TimelineRequest = TimelineEventsAllOptionsInput | TimelineEqlRequestOptionsInput;
 
 type TimelineResponse<T extends KueryFilterQueryKind> = TimelineEventsAllStrategyResponse;
 
@@ -161,11 +162,9 @@ export const useTimelineEventsHandler = ({
   const searchSubscription$ = useRef(new Subscription());
   const [loading, setLoading] = useState(true);
   const [activePage, setActivePage] = useState(0);
-  const [timelineRequest, setTimelineRequest] = useState<TimelineRequest<typeof language> | null>(
-    null
-  );
+  const [timelineRequest, setTimelineRequest] = useState<TimelineRequest | null>(null);
   const [prevFilterStatus, setFilterStatus] = useState(filterStatus);
-  const prevTimelineRequest = useRef<TimelineRequest<typeof language> | null>(null);
+  const prevTimelineRequest = useRef<TimelineRequest | null>(null);
 
   const clearSignalsState = useCallback(() => {
     if (id != null && detectionsTimelineIds.some((timelineId) => timelineId === id)) {
@@ -220,7 +219,7 @@ export const useTimelineEventsHandler = ({
   });
 
   const timelineSearch = useCallback(
-    (request: TimelineRequest<typeof language> | null, onNextHandler?: OnNextResponseHandler) => {
+    (request: TimelineRequest | null, onNextHandler?: OnNextResponseHandler) => {
       if (request == null || skip) {
         return;
       }
@@ -233,7 +232,7 @@ export const useTimelineEventsHandler = ({
           startTracking();
           const abortSignal = abortCtrl.current.signal;
           searchSubscription$.current = data.search
-            .search<TimelineRequest<typeof language>, TimelineResponse<typeof language>>(
+            .search<TimelineRequest, TimelineResponse<typeof language>>(
               { ...request, entityType },
               {
                 strategy:
@@ -296,12 +295,12 @@ export const useTimelineEventsHandler = ({
       const prevSearchParameters = {
         defaultIndex: prevRequest?.defaultIndex ?? [],
         filterQuery: prevRequest?.filterQuery ?? '',
-        querySize: prevRequest?.pagination.querySize ?? 0,
+        querySize: prevRequest?.pagination?.querySize ?? 0,
         sort: prevRequest?.sort ?? initSortDefault,
         timerange: prevRequest?.timerange ?? {},
-        runtimeMappings: (prevRequest?.runtimeMappings ?? {}) as RunTimeMappings,
+        runtimeMappings: (prevRequest?.runtimeMappings ?? {}) as unknown as RunTimeMappings,
         filterStatus: prevRequest?.filterStatus,
-      };
+      } as const;
 
       const currentSearchParameters = {
         defaultIndex: indexNames,
@@ -315,7 +314,7 @@ export const useTimelineEventsHandler = ({
           to: endDate,
         },
         filterStatus,
-      };
+      } as const;
 
       const newActivePage = deepEqual(prevSearchParameters, currentSearchParameters)
         ? activePage
@@ -333,7 +332,7 @@ export const useTimelineEventsHandler = ({
           activePage: newActivePage,
           querySize: limit,
         },
-        language,
+        language: language as TimelineRequest['language'],
         runtimeMappings,
         sort,
         timerange: {
@@ -348,7 +347,7 @@ export const useTimelineEventsHandler = ({
         setActivePage(newActivePage);
       }
       if (!deepEqual(prevRequest, currentRequest)) {
-        return currentRequest;
+        return currentRequest as TimelineRequest;
       }
       return prevRequest;
     });

x-pack/plugins/security_solution/public/common/components/matrix_histogram/types.ts

@@ -8,8 +8,8 @@
 import type React from 'react';
 import type { EuiTitleSize } from '@elastic/eui';
 import type { ScaleType, Position, TickFormatter } from '@elastic/charts';
-import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import type { ActionCreator } from 'redux';
+import type { RunTimeMappings } from '@kbn/timelines-plugin/common/api/search_strategy';
 import type { ESQuery } from '../../../../common/typed_json';
 import type { InputsModelId } from '../../store/inputs/constants';
 import type { MatrixHistogramType } from '../../../../common/search_strategy/security_solution';
@@ -83,7 +83,7 @@ export interface MatrixHistogramQueryProps {
   skip?: boolean;
   isPtrIncluded?: boolean;
   includeMissingData?: boolean;
-  runtimeMappings?: MappingRuntimeFields;
+  runtimeMappings?: RunTimeMappings;
 }
 
 export interface MatrixHistogramProps extends MatrixHistogramBasicProps {

x-pack/plugins/security_solution/public/common/containers/events/last_event_time/index.ts

@@ -14,10 +14,10 @@ import { isCompleteResponse } from '@kbn/data-plugin/common';
 import type { inputsModel } from '../../../store';
 import { useKibana } from '../../../lib/kibana';
 import type {
-  TimelineEventsLastEventTimeRequestOptions,
   TimelineEventsLastEventTimeStrategyResponse,
   LastTimeDetails,
   LastEventIndexKey,
+  TimelineEventsLastEventTimeRequestOptionsInput,
 } from '../../../../../common/search_strategy/timeline';
 import { TimelineEventsQueries } from '../../../../../common/search_strategy/timeline';
 import * as i18n from './translations';
@@ -46,7 +46,7 @@ export const useTimelineLastEventTime = ({
   const searchSubscription$ = useRef(new Subscription());
   const [loading, setLoading] = useState(false);
   const [TimelineLastEventTimeRequest, setTimelineLastEventTimeRequest] =
-    useState<TimelineEventsLastEventTimeRequestOptions>({
+    useState<TimelineEventsLastEventTimeRequestOptionsInput>({
       defaultIndex: indexNames,
       factoryQueryType: TimelineEventsQueries.lastEventTime,
       indexKey,
@@ -62,14 +62,14 @@ export const useTimelineLastEventTime = ({
   const { addError } = useAppToasts();
 
   const timelineLastEventTimeSearch = useCallback(
-    (request: TimelineEventsLastEventTimeRequestOptions) => {
+    (request: TimelineEventsLastEventTimeRequestOptionsInput) => {
       const asyncSearch = async () => {
         abortCtrl.current = new AbortController();
         setLoading(true);
 
         searchSubscription$.current = data.search
           .search<
-            TimelineEventsLastEventTimeRequestOptions,
+            TimelineEventsLastEventTimeRequestOptionsInput,
             TimelineEventsLastEventTimeStrategyResponse
           >(request, {
             strategy: 'timelineSearchStrategy',

x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx

@@ -33,6 +33,7 @@ import {
 import { lastValueFrom } from 'rxjs';
 import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs';
 import type { DataTableModel } from '@kbn/securitysolution-data-table';
+import type { TimelineEventsDetailsRequestOptionsInput } from '@kbn/timelines-plugin/common';
 import {
   ALERT_ORIGINAL_TIME,
   ALERT_GROUP_ID,
@@ -54,7 +55,6 @@ import type {
 } from './types';
 import type {
   TimelineEventsDetailsItem,
-  TimelineEventsDetailsRequestOptions,
   TimelineEventsDetailsStrategyResponse,
 } from '../../../../common/search_strategy/timeline';
 import { TimelineEventsQueries } from '../../../../common/search_strategy/timeline';
@@ -956,7 +956,7 @@ export const sendAlertToTimelineAction = async ({
         getTimelineTemplate(timelineId),
         lastValueFrom(
           searchStrategyClient.search<
-            TimelineEventsDetailsRequestOptions,
+            TimelineEventsDetailsRequestOptionsInput,
             TimelineEventsDetailsStrategyResponse
           >(
             {

x-pack/plugins/security_solution/public/detections/pages/alert_details/index.tsx

@@ -11,6 +11,7 @@ import { Routes, Route } from '@kbn/shared-ux-router';
 import { ALERT_RULE_NAME, TIMESTAMP } from '@kbn/rule-data-utils';
 import { EuiSpacer } from '@elastic/eui';
 import { useDispatch } from 'react-redux';
+import type { RunTimeMappings } from '../../../../common/api/search_strategy';
 import { timelineActions } from '../../../timelines/store/timeline';
 import { TimelineId } from '../../../../common/types/timeline';
 import { useGetFieldsData } from '../../../common/hooks/use_get_fields_data';
@@ -42,7 +43,7 @@ export const AlertDetailsPage = memo(() => {
   const [loading, detailsData, searchHit, dataAsNestedObject] = useTimelineEventsDetails({
     indexName,
     eventId,
-    runtimeMappings: sourcererDataView.runtimeMappings,
+    runtimeMappings: sourcererDataView.runtimeMappings as RunTimeMappings,
     skip: !eventID,
   });
   const dataNotFound = !loading && !detailsData;

x-pack/plugins/security_solution/public/flyout/left/hooks/use_threat_intelligence_details.ts

@@ -6,6 +6,7 @@
  */
 
 import { useMemo } from 'react';
+import type { RunTimeMappings } from '../../../../common/api/search_strategy';
 import type { CtiEnrichment, EventFields } from '../../../../common/search_strategy';
 import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers';
 import {
@@ -53,7 +54,7 @@ export const useThreatIntelligenceDetails = (): ThreatIntelligenceDetailsValue =
   const [isEventDataLoading, eventData] = useTimelineEventsDetails({
     indexName,
     eventId,
-    runtimeMappings: sourcererDataView.runtimeMappings,
+    runtimeMappings: sourcererDataView.runtimeMappings as RunTimeMappings,
     skip: !eventId,
   });
 

x-pack/plugins/security_solution/public/flyout/shared/hooks/use_event_details.ts

@@ -9,6 +9,7 @@ import type { BrowserFields, TimelineEventsDetailsItem } from '@kbn/timelines-pl
 import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs';
 import { SecurityPageName } from '@kbn/security-solution-navigation';
 import type { DataViewBase } from '@kbn/es-query';
+import type { RunTimeMappings } from '../../../../common/api/search_strategy';
 import { useSpaceId } from '../../../common/hooks/use_space_id';
 import { getAlertIndexAlias } from '../../../timelines/components/side_panel/event_details/helpers';
 import { useRouteSpy } from '../../../common/utils/route/use_route_spy';
@@ -86,7 +87,7 @@ export const useEventDetails = ({
     useTimelineEventsDetails({
       indexName: eventIndex,
       eventId: eventId ?? '',
-      runtimeMappings: sourcererDataView.runtimeMappings,
+      runtimeMappings: sourcererDataView.runtimeMappings as RunTimeMappings,
       skip: !eventId,
     });
   const getFieldsData = useGetFieldsData(searchHit?.fields);

x-pack/plugins/security_solution/public/overview/components/events_by_dataset/index.tsx

@@ -14,6 +14,7 @@ import type { DataViewBase, Filter, Query } from '@kbn/es-query';
 import styled from 'styled-components';
 import { EuiButton } from '@elastic/eui';
 import { getEsQueryConfig } from '@kbn/data-plugin/common';
+import type { RunTimeMappings } from '@kbn/timelines-plugin/common/api/search_strategy';
 import { DEFAULT_NUMBER_FORMAT, APP_UI_ID } from '../../../../common/constants';
 import { SHOWING, UNIT } from '../../../common/components/events_viewer/translations';
 import { getTabsOnHostsUrl } from '../../../common/components/link_to/redirect_to_hosts';
@@ -195,7 +196,7 @@ const EventsByDatasetComponent: React.FC<Props> = ({
       headerChildren={headerContent}
       id={uniqueQueryId}
       indexNames={indexNames}
-      runtimeMappings={runtimeMappings}
+      runtimeMappings={runtimeMappings as RunTimeMappings}
       onError={toggleTopN}
       paddingSize={paddingSize}
       setAbsoluteRangeDatePickerTarget={setAbsoluteRangeDatePickerTarget}