diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx index 0b99a8b059df7..2d10928da570a 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx @@ -6,6 +6,7 @@ import { noop } from 'lodash/fp'; import React, { useEffect, useCallback } from 'react'; import { EuiSpacer } from '@elastic/eui'; +import numeral from '@elastic/numeral'; import { AlertsComponentsQueryProps } from './types'; import { AlertsTable } from './alerts_table'; @@ -13,6 +14,8 @@ import * as i18n from './translations'; import { MatrixHistogramOption } from '../matrix_histogram/types'; import { MatrixHistogramContainer } from '../../containers/matrix_histogram'; import { MatrixHistogramGqlQuery } from '../../containers/matrix_histogram/index.gql_query'; +import { useUiSetting$ } from '../../lib/kibana'; +import { DEFAULT_NUMBER_FORMAT } from '../../../common/constants'; const ID = 'alertsOverTimeQuery'; export const alertsStackByOptions: MatrixHistogramOption[] = [ { @@ -37,6 +40,8 @@ export const AlertsView = ({ type, updateDateRange = noop, }: AlertsComponentsQueryProps) => { + const [defaultNumberFormat] = useUiSetting$(DEFAULT_NUMBER_FORMAT); + useEffect(() => { return () => { if (deleteQuery) { @@ -46,7 +51,10 @@ export const AlertsView = ({ }, []); const getSubtitle = useCallback( - (totalCount: number) => `${i18n.SHOWING}: ${totalCount} ${i18n.UNIT(totalCount)}`, + (totalCount: number) => + `${i18n.SHOWING}: ${numeral(totalCount).format(defaultNumberFormat)} ${i18n.UNIT( + totalCount + )}`, [] ); diff --git a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts index 408c406a854be..b0bc38bd3ebdc 100644 --- a/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts +++ b/x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts @@ -7,19 +7,19 @@ import { i18n } from '@kbn/i18n'; export const ALERTS_DOCUMENT_TYPE = i18n.translate('xpack.siem.alertsView.alertsDocumentType', { - defaultMessage: 'Alerts', + defaultMessage: 'External alerts', }); export const TOTAL_COUNT_OF_ALERTS = i18n.translate('xpack.siem.alertsView.totalCountOfAlerts', { - defaultMessage: 'alerts match the search criteria', + defaultMessage: 'external alerts match the search criteria', }); export const ALERTS_TABLE_TITLE = i18n.translate('xpack.siem.alertsView.alertsTableTitle', { - defaultMessage: 'Alerts', + defaultMessage: 'External alerts', }); export const ALERTS_GRAPH_TITLE = i18n.translate('xpack.siem.alertsView.alertsGraphTitle', { - defaultMessage: 'Alert detection frequency', + defaultMessage: 'External alerts count', }); export const ALERTS_STACK_BY_MODULE = i18n.translate( @@ -36,7 +36,7 @@ export const SHOWING = i18n.translate('xpack.siem.alertsView.showing', { export const UNIT = (totalCount: number) => i18n.translate('xpack.siem.alertsView.unit', { values: { totalCount }, - defaultMessage: `{totalCount, plural, =1 {alert} other {alerts}}`, + defaultMessage: `external {totalCount, plural, =1 {alert} other {alerts}}`, }); export const ERROR_FETCHING_ALERTS_DATA = i18n.translate( diff --git a/x-pack/legacy/plugins/siem/public/components/timeline/search_super_select/index.tsx b/x-pack/legacy/plugins/siem/public/components/timeline/search_super_select/index.tsx index 009ab141e958e..b8280aedd12fa 100644 --- a/x-pack/legacy/plugins/siem/public/components/timeline/search_super_select/index.tsx +++ b/x-pack/legacy/plugins/siem/public/components/timeline/search_super_select/index.tsx @@ -73,6 +73,7 @@ const MyEuiFlexGroup = styled(EuiFlexGroup)` interface SearchTimelineSuperSelectProps { isDisabled: boolean; + hideUntitled?: boolean; timelineId: string | null; timelineTitle: string | null; onTimelineChange: (timelineTitle: string, timelineId: string | null) => void; @@ -101,6 +102,7 @@ const POPOVER_HEIGHT = 260; const TIMELINE_ITEM_HEIGHT = 50; const SearchTimelineSuperSelectComponent: React.FC = ({ isDisabled, + hideUntitled = false, timelineId, timelineTitle, onTimelineChange, @@ -287,7 +289,11 @@ const SearchTimelineSuperSelectComponent: React.FC !hideUntitled || t.title !== '').length, + totalCount + ), } as unknown) as ListProps, }} renderOption={renderTimelineOption} @@ -308,18 +314,20 @@ const SearchTimelineSuperSelectComponent: React.FC - ({ - description: t.description, - favorite: t.favorite, - label: t.title, - id: t.savedObjectId, - key: `${t.title}-${index}`, - title: t.title, - checked: t.savedObjectId === timelineId ? 'on' : undefined, - } as Option) - ), + ...timelines + .filter(t => !hideUntitled || t.title !== '') + .map( + (t, index) => + ({ + description: t.description, + favorite: t.favorite, + label: t.title, + id: t.savedObjectId, + key: `${t.title}-${index}`, + title: t.title, + checked: t.savedObjectId === timelineId ? 'on' : undefined, + } as Option) + ), ]} > {(list, search) => ( diff --git a/x-pack/legacy/plugins/siem/public/pages/detection_engine/components/signals_histogram_panel/helpers.tsx b/x-pack/legacy/plugins/siem/public/pages/detection_engine/components/signals_histogram_panel/helpers.tsx index 71a19d4595f6a..551850fa610db 100644 --- a/x-pack/legacy/plugins/siem/public/pages/detection_engine/components/signals_histogram_panel/helpers.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/detection_engine/components/signals_histogram_panel/helpers.tsx @@ -47,9 +47,14 @@ export const getSignalsHistogramQuery = ( }, aggs: { signals: { - auto_date_histogram: { + date_histogram: { field: '@timestamp', - buckets: 36, + fixed_interval: `${Math.floor((to - from) / 32)}ms`, + min_doc_count: 0, + extended_bounds: { + min: from, + max: to, + }, }, }, }, diff --git a/x-pack/legacy/plugins/siem/public/pages/detection_engine/components/signals_histogram_panel/translations.ts b/x-pack/legacy/plugins/siem/public/pages/detection_engine/components/signals_histogram_panel/translations.ts index 8c88fa4a5dae6..4cecf7376ca41 100644 --- a/x-pack/legacy/plugins/siem/public/pages/detection_engine/components/signals_histogram_panel/translations.ts +++ b/x-pack/legacy/plugins/siem/public/pages/detection_engine/components/signals_histogram_panel/translations.ts @@ -86,7 +86,7 @@ export const STACK_BY_USERS = i18n.translate( export const HISTOGRAM_HEADER = i18n.translate( 'xpack.siem.detectionEngine.signals.histogram.headerTitle', { - defaultMessage: 'Signal count', + defaultMessage: 'Signals count', } ); diff --git a/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine_no_signal_index.tsx b/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine_no_signal_index.tsx index 1be6317a91607..f1478ab5858c9 100644 --- a/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine_no_signal_index.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine_no_signal_index.tsx @@ -5,23 +5,24 @@ */ import React from 'react'; -import chrome from 'ui/chrome'; import { EmptyPage } from '../../components/empty_page'; import * as i18n from './translations'; +import { useKibana } from '../../lib/kibana'; -const basePath = chrome.getBasePath(); - -export const DetectionEngineNoIndex = React.memo(() => ( - -)); +export const DetectionEngineNoIndex = React.memo(() => { + const docLinks = useKibana().services.docLinks; + return ( + + ); +}); DetectionEngineNoIndex.displayName = 'DetectionEngineNoIndex'; diff --git a/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine_user_unauthenticated.tsx b/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine_user_unauthenticated.tsx index 33b63aa3bf0fe..b5c805f92135a 100644 --- a/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine_user_unauthenticated.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine_user_unauthenticated.tsx @@ -5,23 +5,25 @@ */ import React from 'react'; -import chrome from 'ui/chrome'; import { EmptyPage } from '../../components/empty_page'; import * as i18n from './translations'; +import { useKibana } from '../../lib/kibana'; -const basePath = chrome.getBasePath(); +export const DetectionEngineUserUnauthenticated = React.memo(() => { + const docLinks = useKibana().services.docLinks; -export const DetectionEngineUserUnauthenticated = React.memo(() => ( - -)); + return ( + + ); +}); DetectionEngineUserUnauthenticated.displayName = 'DetectionEngineUserUnauthenticated'; diff --git a/x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/components/pick_timeline/index.tsx b/x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/components/pick_timeline/index.tsx index 873e0c2184c61..f467d0ebede41 100644 --- a/x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/components/pick_timeline/index.tsx +++ b/x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/components/pick_timeline/index.tsx @@ -65,6 +65,7 @@ export const PickTimeline = ({ > diff --git a/x-pack/legacy/plugins/siem/public/pages/overview/translations.ts b/x-pack/legacy/plugins/siem/public/pages/overview/translations.ts index 662fc721111ed..656abd3dc0570 100644 --- a/x-pack/legacy/plugins/siem/public/pages/overview/translations.ts +++ b/x-pack/legacy/plugins/siem/public/pages/overview/translations.ts @@ -13,7 +13,7 @@ export const ALERTS_COUNT_BY = (groupByField: string) => }); export const ALERTS_GRAPH_TITLE = i18n.translate('xpack.siem.overview.alertsGraphTitle', { - defaultMessage: 'Alert detection frequency', + defaultMessage: 'External alerts count', }); export const EVENTS_COUNT_BY = (groupByField: string) => diff --git a/x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts index 08015c3508b86..eb82327197543 100644 --- a/x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query'; +import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; import { buildTimelineQuery } from '../events/query.dsl'; import { RequestOptions, MatrixHistogramRequestOptions } from '../framework'; @@ -68,18 +68,17 @@ export const buildAlertsHistogramQuery = ({ ]; const getHistogramAggregation = () => { - const interval = calculateTimeseriesInterval(from, to); + const interval = calculateTimeSeriesInterval(from, to); const histogramTimestampField = '@timestamp'; const dateHistogram = { date_histogram: { field: histogramTimestampField, - fixed_interval: `${interval}s`, - }, - }; - const autoDateHistogram = { - auto_date_histogram: { - field: histogramTimestampField, - buckets: 36, + fixed_interval: interval, + min_doc_count: 0, + extended_bounds: { + min: from, + max: to, + }, }, }; return { @@ -93,7 +92,7 @@ export const buildAlertsHistogramQuery = ({ size: 10, }, aggs: { - alerts: interval ? dateHistogram : autoDateHistogram, + alerts: dateHistogram, }, }, }; diff --git a/x-pack/legacy/plugins/siem/server/lib/anomalies/query.anomalies_over_time.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/anomalies/query.anomalies_over_time.dsl.ts index b0892a68f0a2e..38e8387f43ffd 100644 --- a/x-pack/legacy/plugins/siem/server/lib/anomalies/query.anomalies_over_time.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/anomalies/query.anomalies_over_time.dsl.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query'; +import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; import { MatrixHistogramRequestOptions } from '../framework'; export const buildAnomaliesOverTimeQuery = ({ @@ -26,18 +26,17 @@ export const buildAnomaliesOverTimeQuery = ({ ]; const getHistogramAggregation = () => { - const interval = calculateTimeseriesInterval(from, to); + const interval = calculateTimeSeriesInterval(from, to); const histogramTimestampField = 'timestamp'; const dateHistogram = { date_histogram: { field: histogramTimestampField, - fixed_interval: `${interval}s`, - }, - }; - const autoDateHistogram = { - auto_date_histogram: { - field: histogramTimestampField, - buckets: 36, + fixed_interval: interval, + min_doc_count: 0, + extended_bounds: { + min: from, + max: to, + }, }, }; return { @@ -50,7 +49,7 @@ export const buildAnomaliesOverTimeQuery = ({ size: 10, }, aggs: { - anomalies: interval ? dateHistogram : autoDateHistogram, + anomalies: dateHistogram, }, }, }; diff --git a/x-pack/legacy/plugins/siem/server/lib/authentications/query.authentications_over_time.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/authentications/query.authentications_over_time.dsl.ts index 77b35fef77dca..ccf0d235abdd3 100644 --- a/x-pack/legacy/plugins/siem/server/lib/authentications/query.authentications_over_time.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/authentications/query.authentications_over_time.dsl.ts @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query'; +import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; import { MatrixHistogramRequestOptions } from '../framework'; export const buildAuthenticationsOverTimeQuery = ({ @@ -28,18 +28,17 @@ export const buildAuthenticationsOverTimeQuery = ({ ]; const getHistogramAggregation = () => { - const interval = calculateTimeseriesInterval(from, to); + const interval = calculateTimeSeriesInterval(from, to); const histogramTimestampField = '@timestamp'; const dateHistogram = { date_histogram: { field: histogramTimestampField, - fixed_interval: `${interval}s`, - }, - }; - const autoDateHistogram = { - auto_date_histogram: { - field: histogramTimestampField, - buckets: 36, + fixed_interval: interval, + min_doc_count: 0, + extended_bounds: { + min: from, + max: to, + }, }, }; return { @@ -53,7 +52,7 @@ export const buildAuthenticationsOverTimeQuery = ({ size: 2, }, aggs: { - events: interval ? dateHistogram : autoDateHistogram, + events: dateHistogram, }, }, }; diff --git a/x-pack/legacy/plugins/siem/server/lib/events/query.events_over_time.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/events/query.events_over_time.dsl.ts index 4b1837497669f..3a4281b980cc4 100644 --- a/x-pack/legacy/plugins/siem/server/lib/events/query.events_over_time.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/events/query.events_over_time.dsl.ts @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query'; +import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; import { MatrixHistogramRequestOptions } from '../framework'; export const buildEventsOverTimeQuery = ({ @@ -28,18 +28,17 @@ export const buildEventsOverTimeQuery = ({ ]; const getHistogramAggregation = () => { - const interval = calculateTimeseriesInterval(from, to); + const interval = calculateTimeSeriesInterval(from, to); const histogramTimestampField = '@timestamp'; const dateHistogram = { date_histogram: { field: histogramTimestampField, - fixed_interval: `${interval}s`, - }, - }; - const autoDateHistogram = { - auto_date_histogram: { - field: histogramTimestampField, - buckets: 36, + fixed_interval: interval, + min_doc_count: 0, + extended_bounds: { + min: from, + max: to, + }, }, }; return { @@ -53,7 +52,7 @@ export const buildEventsOverTimeQuery = ({ size: 10, }, aggs: { - events: interval ? dateHistogram : autoDateHistogram, + events: dateHistogram, }, }, }; diff --git a/x-pack/legacy/plugins/siem/server/lib/network/query_dns_histogram.dsl.ts b/x-pack/legacy/plugins/siem/server/lib/network/query_dns_histogram.dsl.ts index 67457ab4840ac..1ce324e0ffff8 100644 --- a/x-pack/legacy/plugins/siem/server/lib/network/query_dns_histogram.dsl.ts +++ b/x-pack/legacy/plugins/siem/server/lib/network/query_dns_histogram.dsl.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query'; +import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query'; import { MatrixHistogramRequestOptions } from '../framework'; export const buildDnsHistogramQuery = ({ @@ -29,12 +29,12 @@ export const buildDnsHistogramQuery = ({ ]; const getHistogramAggregation = () => { - const interval = calculateTimeseriesInterval(from, to); + const interval = calculateTimeSeriesInterval(from, to); const histogramTimestampField = '@timestamp'; const dateHistogram = { date_histogram: { field: histogramTimestampField, - fixed_interval: `${interval}s`, + fixed_interval: interval, }, }; diff --git a/x-pack/legacy/plugins/siem/server/utils/build_query/calculate_timeseries_interval.ts b/x-pack/legacy/plugins/siem/server/utils/build_query/calculate_timeseries_interval.ts index 752c686b243ac..5b667f461fc60 100644 --- a/x-pack/legacy/plugins/siem/server/utils/build_query/calculate_timeseries_interval.ts +++ b/x-pack/legacy/plugins/siem/server/utils/build_query/calculate_timeseries_interval.ts @@ -89,13 +89,6 @@ export const calculateAuto = { }), }; -export const calculateTimeseriesInterval = ( - lowerBoundInMsSinceEpoch: number, - upperBoundInMsSinceEpoch: number -) => { - const duration = moment.duration(upperBoundInMsSinceEpoch - lowerBoundInMsSinceEpoch, 'ms'); - - const matchedInterval = calculateAuto.near(50, duration); - - return matchedInterval ? Math.max(matchedInterval.asSeconds(), 1) : null; +export const calculateTimeSeriesInterval = (from: number, to: number) => { + return `${Math.floor((to - from) / 32)}ms`; };