send entity type to search strategy

x-pack/plugins/security_solution/public/cases/components/case_view/index.tsx

@@ -34,6 +34,7 @@ import { SpyRoute } from '../../../common/utils/route/spy_routes';
 import * as timelineMarkdownPlugin from '../../../common/components/markdown_editor/plugins/timeline';
 import { CaseDetailsRefreshContext } from '../../../common/components/endpoint/host_isolation/endpoint_host_isolation_cases_context';
 import { getEndpointDetailsPath } from '../../../management/common/routing';
+import { EntityType } from '../../../timelines/containers/details';
 
 interface Props {
   caseId: string;
@@ -64,6 +65,7 @@ const TimelineDetailsPanel = ({ alertConsumers }: { alertConsumers?: AlertConsum
       alertConsumers={alertConsumers}
       browserFields={browserFields}
       docValueFields={docValueFields}
+      entityType={EntityType.ALERTS}
       isFlyoutView
       timelineId={TimelineId.casePage}
     />

x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx

@@ -31,6 +31,7 @@ import { useKibana } from '../../lib/kibana';
 import { defaultControlColumn } from '../../../timelines/components/timeline/body/control_columns';
 import { EventsViewer } from './events_viewer';
 import * as i18n from './translations';
+import { EntityType } from '../../../timelines/containers/details';
 
 const EMPTY_CONTROL_COLUMNS: ControlColumnProps[] = [];
 const leadingControlColumns: ControlColumnProps[] = [
@@ -68,7 +69,7 @@ export interface OwnProps {
 
 type Props = OwnProps & PropsFromRedux;
 
-const alertsConsumers: AlertConsumers[] = [AlertConsumers.SIEM];
+const alertConsumers: AlertConsumers[] = [AlertConsumers.SIEM];
 
 /**
  * The stateful events viewer component is the highest level component that is utilized across the security_solution pages layer where
@@ -208,8 +209,9 @@ const StatefulEventsViewerComponent: React.FC<Props> = ({
         </InspectButtonContainer>
       </FullScreenContainer>
       <DetailsPanel
-        alertConsumers={alertsConsumers}
+        alertConsumers={alertConsumers}
         browserFields={browserFields}
+        entityType={EntityType.ALERTS}
         docValueFields={docValueFields}
         isFlyoutView
         timelineId={id}

x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/index.tsx

@@ -20,7 +20,7 @@ import deepEqual from 'fast-deep-equal';
 import { AlertConsumers } from '@kbn/rule-data-utils/target/alerts_as_data_rbac';
 import { BrowserFields, DocValueFields } from '../../../../common/containers/source';
 import { ExpandableEvent, ExpandableEventTitle } from './expandable_event';
-import { useTimelineEventsDetails } from '../../../containers/details';
+import { EntityType, useTimelineEventsDetails } from '../../../containers/details';
 import { TimelineTabs } from '../../../../../common/types/timeline';
 import { HostIsolationPanel } from '../../../../detections/components/host_isolation';
 import { EndpointIsolateSuccess } from '../../../../common/components/endpoint/host_isolation';
@@ -53,6 +53,7 @@ interface EventDetailsPanelProps {
   alertConsumers?: AlertConsumers[];
   browserFields: BrowserFields;
   docValueFields: DocValueFields[];
+  entityType?: EntityType;
   expandedEvent: {
     eventId: string;
     indexName: string;
@@ -70,6 +71,7 @@ const EventDetailsPanelComponent: React.FC<EventDetailsPanelProps> = ({
   alertConsumers,
   browserFields,
   docValueFields,
+  entityType,
   expandedEvent,
   handleOnEventClosed,
   isFlyoutView,
@@ -79,6 +81,7 @@ const EventDetailsPanelComponent: React.FC<EventDetailsPanelProps> = ({
   const [loading, detailsData] = useTimelineEventsDetails({
     alertConsumers,
     docValueFields,
+    entityType,
     indexName: expandedEvent.indexName ?? '',
     eventId: expandedEvent.eventId ?? '',
     skip: !expandedEvent.eventId,

x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx

@@ -18,11 +18,13 @@ import { useDeepEqualSelector } from '../../../common/hooks/use_selector';
 import { EventDetailsPanel } from './event_details';
 import { HostDetailsPanel } from './host_details';
 import { NetworkDetailsPanel } from './network_details';
+import { EntityType } from '../../containers/details';
 
 interface DetailsPanelProps {
   alertConsumers?: AlertConsumers[];
   browserFields: BrowserFields;
   docValueFields: DocValueFields[];
+  entityType?: EntityType;
   handleOnPanelClosed?: () => void;
   isFlyoutView?: boolean;
   tabType?: TimelineTabs;
@@ -39,6 +41,7 @@ export const DetailsPanel = React.memo(
     alertConsumers,
     browserFields,
     docValueFields,
+    entityType,
     handleOnPanelClosed,
     isFlyoutView,
     tabType,
@@ -77,6 +80,7 @@ export const DetailsPanel = React.memo(
           alertConsumers={alertConsumers}
           browserFields={browserFields}
           docValueFields={docValueFields}
+          entityType={entityType}
           expandedEvent={currentTabDetail?.params}
           handleOnEventClosed={closePanel}
           isFlyoutView={isFlyoutView}

x-pack/plugins/security_solution/public/timelines/components/timeline/eql_tab_content/index.tsx

@@ -13,6 +13,7 @@ import {
   EuiFlyoutFooter,
   EuiBadge,
 } from '@elastic/eui';
+import { AlertConsumers } from '@kbn/rule-data-utils/target/alerts_as_data_rbac';
 import { isEmpty } from 'lodash/fp';
 import React, { useEffect, useCallback } from 'react';
 import styled from 'styled-components';
@@ -151,6 +152,8 @@ export type Props = OwnProps & PropsFromRedux;
 
 const NO_SORTING: Sort[] = [];
 
+const alertConsumers: AlertConsumers[] = [AlertConsumers.SIEM];
+
 export const EqlTabContentComponent: React.FC<Props> = ({
   activeTab,
   columns,
@@ -346,6 +349,7 @@ export const EqlTabContentComponent: React.FC<Props> = ({
             <VerticalRule />
             <ScrollableFlexItem grow={1}>
               <DetailsPanel
+                alertConsumers={alertConsumers}
                 browserFields={browserFields}
                 docValueFields={docValueFields}
                 tabType={TimelineTabs.eql}

x-pack/plugins/security_solution/public/timelines/components/timeline/notes_tab_content/index.tsx

@@ -16,6 +16,8 @@ import {
   EuiPanel,
   EuiHorizontalRule,
 } from '@elastic/eui';
+import { AlertConsumers } from '@kbn/rule-data-utils/target/alerts_as_data_rbac';
+
 import React, { Fragment, useCallback, useMemo, useState } from 'react';
 import { useDispatch } from 'react-redux';
 import styled from 'styled-components';
@@ -64,6 +66,8 @@ const Username = styled(EuiText)`
   font-weight: bold;
 `;
 
+const alertConsumers: AlertConsumers[] = [AlertConsumers.SIEM];
+
 interface UsernameWithAvatar {
   username: string;
 }
@@ -170,6 +174,7 @@ const NotesTabContentComponent: React.FC<NotesTabContentProps> = ({ timelineId }
     () =>
       expandedDetail[TimelineTabs.notes]?.panelView ? (
         <DetailsPanel
+          alertConsumers={alertConsumers}
           browserFields={browserFields}
           docValueFields={docValueFields}
           handleOnPanelClosed={handleOnPanelClosed}

x-pack/plugins/security_solution/public/timelines/components/timeline/pinned_tab_content/index.tsx

@@ -6,6 +6,7 @@
  */
 
 import { EuiFlexGroup, EuiFlexItem, EuiFlyoutBody, EuiFlyoutFooter } from '@elastic/eui';
+import { AlertConsumers } from '@kbn/rule-data-utils/target/alerts_as_data_rbac';
 import { isEmpty } from 'lodash/fp';
 import React, { useMemo, useCallback } from 'react';
 import styled from 'styled-components';
@@ -88,6 +89,8 @@ const VerticalRule = styled.div`
 
 VerticalRule.displayName = 'VerticalRule';
 
+const alertConsumers: AlertConsumers[] = [AlertConsumers.SIEM];
+
 interface OwnProps {
   renderCellValue: (props: CellValueElementProps) => React.ReactNode;
   rowRenderers: RowRenderer[];
@@ -266,6 +269,7 @@ export const PinnedTabContentComponent: React.FC<Props> = ({
             <VerticalRule />
             <ScrollableFlexItem grow={1}>
               <DetailsPanel
+                alertConsumers={alertConsumers}
                 browserFields={browserFields}
                 docValueFields={docValueFields}
                 handleOnPanelClosed={handleOnPanelClosed}

x-pack/plugins/security_solution/public/timelines/components/timeline/query_tab_content/index.tsx

@@ -13,6 +13,7 @@ import {
   EuiFlyoutFooter,
   EuiBadge,
 } from '@elastic/eui';
+import { AlertConsumers } from '@kbn/rule-data-utils/target/alerts_as_data_rbac';
 import { isEmpty } from 'lodash/fp';
 import React, { useState, useMemo, useEffect, useCallback } from 'react';
 import styled from 'styled-components';
@@ -135,6 +136,8 @@ const EventsCountBadge = styled(EuiBadge)`
   margin-left: ${({ theme }) => theme.eui.paddingSizes.s};
 `;
 
+const alertConsumers: AlertConsumers[] = [AlertConsumers.SIEM];
+
 const isTimerangeSame = (prevProps: Props, nextProps: Props) =>
   prevProps.end === nextProps.end &&
   prevProps.start === nextProps.start &&
@@ -414,6 +417,7 @@ export const QueryTabContentComponent: React.FC<Props> = ({
             <VerticalRule />
             <ScrollableFlexItem grow={1}>
               <DetailsPanel
+                alertConsumers={alertConsumers}
                 browserFields={browserFields}
                 docValueFields={docValueFields}
                 handleOnPanelClosed={handleOnPanelClosed}

x-pack/plugins/security_solution/public/timelines/containers/details/index.tsx

@@ -24,7 +24,7 @@ import { isCompleteResponse, isErrorResponse } from '../../../../../../../src/pl
 import { useAppToasts } from '../../../common/hooks/use_app_toasts';
 import * as i18n from './translations';
 
-enum EntityType {
+export enum EntityType {
   ALERTS = 'alerts',
   EVENTS = 'events',
 }
@@ -34,6 +34,7 @@ export interface EventsArgs {
 
 export interface UseTimelineEventsDetailsProps {
   alertConsumers?: AlertConsumers[];
+  entityType?: EntityType;
   docValueFields: DocValueFields[];
   indexName: string;
   eventId: string;
@@ -44,6 +45,7 @@ const EMPTY_ARRAY: AlertConsumers[] = [];
 
 export const useTimelineEventsDetails = ({
   alertConsumers = EMPTY_ARRAY,
+  entityType = EntityType.EVENTS,
   docValueFields,
   indexName,
   eventId,
@@ -76,7 +78,7 @@ export const useTimelineEventsDetails = ({
 
         searchSubscription$.current = data.search
           .search<TimelineEventsDetailsRequestOptions, TimelineEventsDetailsStrategyResponse>(
-            { ...request, entityType: EntityType.ALERTS },
+            request,
             {
               strategy: 'timelineSearchStrategy',
               abortSignal: abortCtrl.current.signal,
@@ -115,6 +117,7 @@ export const useTimelineEventsDetails = ({
         ...(prevRequest ?? {}),
         alertConsumers,
         docValueFields,
+        entityType,
         indexName,
         eventId,
         factoryQueryType: TimelineEventsQueries.details,
@@ -124,7 +127,7 @@ export const useTimelineEventsDetails = ({
       }
       return prevRequest;
     });
-  }, [alertConsumers, docValueFields, eventId, indexName]);
+  }, [alertConsumers, docValueFields, entityType, eventId, indexName]);
 
   useEffect(() => {
     timelineDetailsSearch(timelineDetailsRequest);