From 949c8c2fe0cf0fc5ca91b28e55559b4bfedd1460 Mon Sep 17 00:00:00 2001 From: Pablo Machado Date: Tue, 21 Feb 2023 17:31:40 +0100 Subject: [PATCH] [Security Solutions] Fix timeline not able to save on investigating alert from dashboard (#151616) issue: https://github.com/elastic/kibana/issues/149800 ## Summary The timeline endpoint is returning an error everywhere we call `openTimelineWithFilters` (entity analytics and detections and response pages) I compare a broken data provider with one that works and spotted the extra `and: []` Screenshot 2023-02-20 at 13 54 19 After removing `and: []` it works. ### How to test it? * On entity analytics and detections and response pages * Open the timeline from the alerts column * Check if the timeline HTTP call status code is 200 * Save the timeline and check if it is saved ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> --- .../table/use_action_cell_data_provider.ts | 12 +++++++++++- .../components/detection_response/hooks/mock_data.ts | 4 ---- .../hooks/use_navigate_to_timeline.tsx | 8 ++++++-- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/use_action_cell_data_provider.ts b/x-pack/plugins/security_solution/public/common/components/event_details/table/use_action_cell_data_provider.ts index 5f3ca6feb6cf1..8e35d3a7881b1 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/table/use_action_cell_data_provider.ts +++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/use_action_cell_data_provider.ts @@ -29,7 +29,7 @@ import { getDisplayValue } from '../../../../timelines/components/timeline/data_ import { PORT_NAMES } from '../../../../explore/network/components/port/helpers'; import { INDICATOR_REFERENCE } from '../../../../../common/cti/constants'; import type { BrowserField } from '../../../containers/source'; -import type { DataProvider, QueryOperator } from '../../../../../common/types'; +import type { DataProvider, DataProvidersAnd, QueryOperator } from '../../../../../common/types'; import { IS_OPERATOR } from '../../../../../common/types'; export interface UseActionCellDataProvider { @@ -69,6 +69,16 @@ export const getDataProvider = ( }, }); +export const getDataProviderAnd = ( + field: string, + id: string, + value: string | string[], + operator: QueryOperator = IS_OPERATOR +): DataProvidersAnd => { + const { and, ...dataProvider } = getDataProvider(field, id, value, operator); + return dataProvider; +}; + export const useActionCellDataProvider = ({ contextId, eventId, diff --git a/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/mock_data.ts b/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/mock_data.ts index a18546a77fe27..0c2ced6d3ad98 100644 --- a/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/mock_data.ts +++ b/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/mock_data.ts @@ -47,7 +47,6 @@ export const dataProviderWithAndFilters = [ { and: [ { - and: [], enabled: true, excluded: false, id: 'mock-id', @@ -80,7 +79,6 @@ export const dataProviderWithOrFilters = [ { and: [ { - and: [], enabled: true, id: 'mock-id', name: 'kibana.alerts.workflow_status', @@ -109,7 +107,6 @@ export const dataProviderWithOrFilters = [ { and: [ { - and: [], enabled: true, id: 'mock-id', name: 'kibana.alerts.workflow_status', @@ -138,7 +135,6 @@ export const dataProviderWithOrFilters = [ { and: [ { - and: [], enabled: true, id: 'mock-id', name: 'kibana.alerts.workflow_status', diff --git a/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/use_navigate_to_timeline.tsx b/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/use_navigate_to_timeline.tsx index d40ccada2a398..793105b46299d 100644 --- a/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/use_navigate_to_timeline.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/use_navigate_to_timeline.tsx @@ -12,7 +12,10 @@ import { v4 as uuidv4 } from 'uuid'; import { useDeepEqualSelector } from '../../../../common/hooks/use_selector'; import { SourcererScopeName } from '../../../../common/store/sourcerer/model'; import { sourcererActions } from '../../../../common/store/sourcerer'; -import { getDataProvider } from '../../../../common/components/event_details/table/use_action_cell_data_provider'; +import { + getDataProvider, + getDataProviderAnd, +} from '../../../../common/components/event_details/table/use_action_cell_data_provider'; import type { DataProvider, QueryOperator } from '../../../../../common/types/timeline'; import { TimelineId, TimelineType } from '../../../../../common/types/timeline'; import { useCreateTimeline } from '../../../../timelines/components/timeline/properties/use_create_timeline'; @@ -90,12 +93,13 @@ export const useNavigateToTimeline = () => { for (const filter of orFilterGroup.slice(1)) { dataProvider.and.push( - getDataProvider(filter.field, uuidv4(), filter.value, filter.operator) + getDataProviderAnd(filter.field, uuidv4(), filter.value, filter.operator) ); } dataProviders.push(dataProvider); } } + navigateToTimeline(dataProviders, timeRange); }, [navigateToTimeline]