[SIEM] Adds support for specifying default filters to StatefulEventsV…

…iewer (#52413) ## Summary Finishes plumbing through the `defaultFilters` prop on the `StatefuleEventsViewer` component so that your view will always be constrained by a specified filter. Also adds an example of doing so to the current WIP `SignalsTable`. ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ - [ ] ~Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~ - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ ### For maintainers - [ ] ~This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~ - [ ] ~This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~
elastic · Dec 6, 2019 · c3ddb53 · c3ddb53
1 parent e17539c
commit c3ddb53
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 18 deletions.
diff --git a/x-pack/legacy/plugins/siem/public/components/events_viewer/index.tsx b/x-pack/legacy/plugins/siem/public/components/events_viewer/index.tsx
@@ -83,6 +83,7 @@ const StatefulEventsViewerComponent = React.memo<Props>(
     createTimeline,
     columns,
     dataProviders,
+    defaultFilters = [],
     defaultModel,
     defaultIndices,
     deleteEventQuery,
@@ -158,7 +159,7 @@ const StatefulEventsViewerComponent = React.memo<Props>(
           id={id}
           dataProviders={dataProviders!}
           end={end}
-          filters={filters}
+          filters={[...filters, ...defaultFilters]}
           headerFilterGroup={headerFilterGroup}
           indexPattern={indexPatterns ?? { fields: [], title: '' }}
           isLive={isLive}
@@ -201,15 +202,15 @@ const makeMapStateToProps = () => {
   const getGlobalQuerySelector = inputsSelectors.globalQuerySelector();
   const getGlobalFiltersQuerySelector = inputsSelectors.globalFiltersQuerySelector();
   const getEvents = timelineSelectors.getEventsByIdSelector();
-  const mapStateToProps = (state: State, { id, defaultModel }: OwnProps) => {
+  const mapStateToProps = (state: State, { id, defaultFilters = [], defaultModel }: OwnProps) => {
     const input: inputsModel.InputsRange = getInputsTimeline(state);
     const events: TimelineModel = getEvents(state, id) ?? defaultModel;
     const { columns, dataProviders, itemsPerPage, itemsPerPageOptions, kqlMode, sort } = events;
 
     return {
       columns,
       dataProviders,
-      filters: getGlobalFiltersQuerySelector(state),
+      filters: [...getGlobalFiltersQuerySelector(state), ...defaultFilters],
       id,
       isLive: input.policy.kind === 'interval',
       itemsPerPage,

diff --git a/...ection_engine/signals/default_headers.tsx → ...tection_engine/signals/default_config.tsx b/...ection_engine/signals/default_headers.tsx → ...tection_engine/signals/default_config.tsx
@@ -12,6 +12,48 @@ import {
 } from '../../../components/timeline/body/helpers';
 
 import * as i18n from './translations';
+import { SubsetTimelineModel, timelineDefaults } from '../../../store/timeline/model';
+import { esFilters } from '../../../../../../../../src/plugins/data/common/es_query';
+
+export const signalsOpenFilters: esFilters.Filter[] = [
+  {
+    meta: {
+      alias: null,
+      negate: false,
+      disabled: false,
+      type: 'phrase',
+      key: 'signal.status',
+      params: {
+        query: 'open',
+      },
+    },
+    query: {
+      match_phrase: {
+        'signal.status': 'open',
+      },
+    },
+  },
+];
+
+export const signalsClosedFilters: esFilters.Filter[] = [
+  {
+    meta: {
+      alias: null,
+      negate: false,
+      disabled: false,
+      type: 'phrase',
+      key: 'signal.status',
+      params: {
+        query: 'closed',
+      },
+    },
+    query: {
+      match_phrase: {
+        'signal.status': 'closed',
+      },
+    },
+  },
+];
 
 export const signalsHeaders: ColumnHeader[] = [
   {
@@ -77,3 +119,8 @@ export const signalsHeaders: ColumnHeader[] = [
     width: DEFAULT_DATE_COLUMN_MIN_WIDTH,
   },
 ];
+
+export const signalsDefaultModel: SubsetTimelineModel = {
+  ...timelineDefaults,
+  columns: signalsHeaders,
+};
diff --git a/x-pack/legacy/plugins/siem/public/pages/detection_engine/signals/default_model.tsx b/x-pack/legacy/plugins/siem/public/pages/detection_engine/signals/default_model.tsx
diff --git a/x-pack/legacy/plugins/siem/public/pages/detection_engine/signals/index.tsx b/x-pack/legacy/plugins/siem/public/pages/detection_engine/signals/index.tsx
@@ -12,7 +12,7 @@ import { GlobalTime } from '../../../containers/global_time';
 import { StatefulEventsViewer } from '../../../components/events_viewer';
 import * as i18n from './translations';
 import { DEFAULT_SIGNALS_INDEX } from '../../../../common/constants';
-import { signalsDefaultModel } from './default_model';
+import { signalsClosedFilters, signalsDefaultModel, signalsOpenFilters } from './default_config';
 
 const SIGNALS_PAGE_TIMELINE_ID = 'signals-page';
 const FILTER_OPEN = 'open';
@@ -37,7 +37,10 @@ export const SignalsTableFilterGroup = React.memo(
 
         <EuiFilterButton
           hasActiveFilters={filterGroup === FILTER_CLOSED}
-          onClick={() => setFilterGroup(FILTER_CLOSED)}
+          onClick={() => {
+            setFilterGroup(FILTER_CLOSED);
+            onFilterGroupChanged(FILTER_CLOSED);
+          }}
         >
           {'Closed signals'}
         </EuiFilterButton>
@@ -62,6 +65,7 @@ export const SignalsTable = React.memo(() => {
         {({ to, from, setQuery, deleteQuery, isInitializing }) => (
           <StatefulEventsViewer
             defaultIndices={[DEFAULT_SIGNALS_INDEX]}
+            defaultFilters={filterGroup === FILTER_OPEN ? signalsOpenFilters : signalsClosedFilters}
             defaultModel={signalsDefaultModel}
             end={to}
             headerFilterGroup={