diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/__mocks__/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/__mocks__/index.ts index f915d21664e4f..77b0b1e459bcd 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/__mocks__/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/__mocks__/index.ts @@ -118,6 +118,7 @@ export const mockSearchStrategyResponse: IEsSearchResponse = { _id: 'dd4fa2d4bd-1526378075029582', _score: 0, fields: { + '@timestamp': ['2022-07-18T15:08:48.064Z'], 'source.geo.continent_name': ['North America'], 'source.geo.region_iso_code': ['US-VA'], 'source.geo.country_iso_code': ['US'], diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/helpers.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/helpers.ts index 7c2abcf5bb344..54419b3902539 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/helpers.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/network/top_n_flow/helpers.ts @@ -17,11 +17,9 @@ import type { NetworkTopNFlowEdges, NetworkTopNFlowRequestOptions, AutonomousSystemItem, -} from '../../../../../../common/search_strategy'; -import { - NetworkTopTablesFields, FlowTargetSourceDest, } from '../../../../../../common/search_strategy'; +import { NetworkTopTablesFields } from '../../../../../../common/search_strategy'; import { getOppositeField } from '../helpers'; import { formatResponseObjectValues, @@ -48,7 +46,7 @@ const formatTopNFlowEdges = ( [flowTarget]: { domain: bucket.domain.buckets.map((bucketDomain) => bucketDomain.key), ip: bucket.key, - location: getGeoItem(bucket), + location: getGeoItem(bucket, flowTarget), autonomous_system: getAsItem(bucket), flows: getOr(0, 'flows.value', bucket), [`${getOppositeField(flowTarget)}_ips`]: getOr( @@ -68,24 +66,22 @@ const formatTopNFlowEdges = ( }, })); -const getFlowTargetFromString = (flowAsString: string) => - flowAsString === 'source' ? FlowTargetSourceDest.source : FlowTargetSourceDest.destination; - -const getGeoItem = (result: NetworkTopNFlowBuckets): GeoItem | null => +const getGeoItem = ( + result: NetworkTopNFlowBuckets, + flowTarget: FlowTargetSourceDest +): GeoItem | null => result.location.top_geo.hits.hits.length > 0 && result.location.top_geo.hits.hits[0].fields ? { geo: formatResponseObjectValues( getOr( '', - `${Object.keys(result.location.top_geo.hits.hits[0].fields)[0].split('.geo')[0]}.geo`, + `${flowTarget}.geo`, unflattenObject( transformLocationFields(getOr({}, `location.top_geo.hits.hits[0].fields`, result)) ) ) ), - flowTarget: getFlowTargetFromString( - Object.keys(result.location.top_geo.hits.hits[0].fields)[0].split('.geo')[0] - ), + flowTarget, } : null;