Fixed failing FTR

x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.tsx

@@ -7,15 +7,14 @@
 
 import React from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
+import moment from 'moment';
 import { useDocumentDetailsContext } from '../../shared/context';
 import { GRAPH_PREVIEW_TEST_ID } from './test_ids';
 import { GraphPreview } from './graph_preview';
 import { useFetchGraphData } from '../hooks/use_fetch_graph_data';
 import { useGraphPreview } from '../hooks/use_graph_preview';
 import { ExpandablePanel } from '../../../shared/components/expandable_panel';
-
-const DEFAULT_FROM = 'now-60d/d';
-const DEFAULT_TO = 'now/d';
+import { getField } from '../../shared/utils';
 
 /**
  * Graph preview under Overview, Visualizations. It shows a graph representation of entities.
@@ -28,16 +27,21 @@ export const GraphPreviewContainer: React.FC = () => {
     ecsData: dataAsNestedObject,
   });
 
+  const timestamp = getField(getFieldsData('@timestamp'));
+
   // TODO: default start and end might not capture the original event
-  const graphFetchQuery = useFetchGraphData({
+  const { isLoading, isError, data } = useFetchGraphData({
     req: {
       query: {
         actorIds: [],
         eventIds,
-        start: DEFAULT_FROM,
-        end: DEFAULT_TO,
+        start: moment(timestamp).subtract(30, 'minutes').toISOString(),
+        end: moment(timestamp).add(30, 'minutes').toISOString(),
       },
     },
+    options: {
+      refetchOnWindowFocus: false,
+    },
   });
 
   return (
@@ -53,18 +57,14 @@ export const GraphPreviewContainer: React.FC = () => {
       }}
       data-test-subj={GRAPH_PREVIEW_TEST_ID}
       content={
-        !graphFetchQuery.isLoading && !graphFetchQuery.isError
+        !isLoading && !isError
           ? {
               paddingSize: 'none',
             }
           : undefined
       }
     >
-      <GraphPreview
-        isLoading={graphFetchQuery.isLoading}
-        isError={graphFetchQuery.isError}
-        data={graphFetchQuery.data}
-      />
+      <GraphPreview isLoading={isLoading} isError={isError} data={data} />
     </ExpandablePanel>
   );
 };

x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_fetch_graph_data.ts

@@ -30,6 +30,11 @@ export interface UseFetchGraphDataParams {
      * Defaults to true.
      */
     enabled?: boolean;
+    /**
+     * If true, the query will refetch on window focus.
+     * Defaults to true.
+     */
+    refetchOnWindowFocus?: boolean;
   };
 }
 
@@ -72,7 +77,10 @@ export const useFetchGraphData = ({
         body: JSON.stringify(req),
       });
     },
-    options
+    {
+      enabled: options?.enabled ?? true,
+      refetchOnWindowFocus: options?.refetchOnWindowFocus ?? true,
+    }
   );
 
   return {

x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_graph_preview.test.tsx

@@ -83,6 +83,34 @@ describe('useGraphPreview', () => {
     expect(hookResult.result.current.isAuditLog).toEqual(false);
   });
 
+  it(`should return false when timestamp is missing`, () => {
+    const getFieldsData: GetFieldsData = (field: string) => {
+      if (field === '@timestamp') {
+        return;
+      } else if (field === 'kibana.alert.original_event.id') {
+        return 'eventId';
+      } else if (field === 'actor.entity.id') {
+        return 'actorId';
+      }
+
+      return mockFieldData[field];
+    };
+
+    hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), {
+      initialProps: {
+        getFieldsData,
+        ecsData: {
+          _id: 'id',
+          event: {
+            action: ['action'],
+          },
+        },
+      },
+    });
+
+    expect(hookResult.result.current.isAuditLog).toEqual(false);
+  });
+
   it(`should return true when alert is has graph preview`, () => {
     const getFieldsData: GetFieldsData = (field: string) => {
       if (field === 'kibana.alert.original_event.id') {

x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_graph_preview.ts

@@ -8,7 +8,7 @@
 import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs';
 import { get } from 'lodash/fp';
 import type { GetFieldsData } from '../../shared/hooks/use_get_fields_data';
-import { getFieldArray } from '../../shared/utils';
+import { getField, getFieldArray } from '../../shared/utils';
 
 export interface UseGraphPreviewParams {
   /**
@@ -25,6 +25,11 @@ export interface UseGraphPreviewParams {
  * Interface for the result of the useGraphPreview hook
  */
 export interface UseGraphPreviewResult {
+  /**
+   * The timestamp of the event
+   */
+  timestamp: string | null;
+
   /**
    * Array of event IDs associated with the alert
    */
@@ -53,13 +58,15 @@ export const useGraphPreview = ({
   getFieldsData,
   ecsData,
 }: UseGraphPreviewParams): UseGraphPreviewResult => {
+  const timestamp = getField(getFieldsData('@timestamp'));
   const originalEventId = getFieldsData('kibana.alert.original_event.id');
   const eventId = getFieldsData('event.id');
   const eventIds = originalEventId ? getFieldArray(originalEventId) : getFieldArray(eventId);
 
   const actorIds = getFieldArray(getFieldsData('actor.entity.id'));
   const action = get(['event', 'action'], ecsData);
-  const isAuditLog = actorIds.length > 0 && action?.length > 0 && eventIds.length > 0;
+  const isAuditLog =
+    Boolean(timestamp) && actorIds.length > 0 && action?.length > 0 && eventIds.length > 0;
 
-  return { eventIds, actorIds, action, isAuditLog };
+  return { timestamp, eventIds, actorIds, action, isAuditLog };
 };