From d49d5ab260f385fd68a3a86ecb59dd4a31209fbd Mon Sep 17 00:00:00 2001
From: animehart <rickyangwyn@gmail.com>
Date: Fri, 8 Nov 2024 02:24:19 -0800
Subject: [PATCH] updated hooks used

---
 .../common/utils/helpers.ts                   | 40 ++++++++++++++++++
 .../components/alerts/alerts_preview.test.tsx | 39 +++++++++++++++--
 .../components/alerts/alerts_preview.tsx      | 42 +++++++++++--------
 .../components/entity_insight.tsx             | 29 ++++---------
 4 files changed, 109 insertions(+), 41 deletions(-)

diff --git a/x-pack/packages/kbn-cloud-security-posture/common/utils/helpers.ts b/x-pack/packages/kbn-cloud-security-posture/common/utils/helpers.ts
index 7039c99af6d53..1c520fb85118c 100644
--- a/x-pack/packages/kbn-cloud-security-posture/common/utils/helpers.ts
+++ b/x-pack/packages/kbn-cloud-security-posture/common/utils/helpers.ts
@@ -62,3 +62,43 @@ export const buildEntityFlyoutPreviewQuery = (field: string, queryValue?: string
     },
   };
 };
+
+export const buildEntityAlertsQuery = (field: string, queryValue?: string, size?: number) => {
+  return {
+    size: size || 0,
+    _source: false,
+    fields: [
+      'kibana.alert.rule.uuid',
+      'signal.rule.name',
+      'signal.rule.severity',
+      'kibana.alert.reason',
+    ],
+    query: {
+      bool: {
+        filter: [
+          {
+            bool: {
+              must: [],
+              filter: [
+                {
+                  match_phrase: {
+                    [field]: {
+                      query: queryValue,
+                    },
+                  },
+                },
+              ],
+              should: [],
+              must_not: [],
+            },
+          },
+          {
+            terms: {
+              'kibana.alert.workflow_status': ['open', 'acknowledged'],
+            },
+          },
+        ],
+      },
+    },
+  };
+};
diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.test.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.test.tsx
index 40d6d687f8608..9a035435ad718 100644
--- a/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.test.tsx
+++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.test.tsx
@@ -10,11 +10,42 @@ import { render } from '@testing-library/react';
 import { AlertsPreview } from './alerts_preview';
 import { TestProviders } from '../../../common/mock/test_providers';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
-import type { ParsedAlertsData } from '../../../overview/components/detection_response/alerts_by_status/types';
+import type { AlertSearchResponse } from '../../../detections/containers/detection_engine/alerts/types';
 
-const mockAlertsData: ParsedAlertsData = {
-  closed: { total: 1, severities: [{ key: 'low', value: 1, label: 'Low' }] },
-  open: { total: 1, severities: [{ key: 'low', value: 1, label: 'Low' }] },
+const mockAlertsData: AlertSearchResponse<unknown, unknown> = {
+  took: 0,
+  timeout: false,
+  _shards: {
+    total: 1,
+    successful: 1,
+    skipped: 0,
+    failed: 0,
+  },
+  hits: {
+    total: {
+      value: 2,
+      relation: 'eq',
+    },
+    max_score: 0,
+    hits: [
+      {
+        fields: {
+          'signal.rule.name': ['Low Alert'],
+          'kibana.alert.reason': ['Low Alert Reason'],
+          'kibana.alert.rule.uuid': ['Low Alert UUID'],
+          'signal.rule.severity': ['low'],
+        },
+      },
+      {
+        fields: {
+          'signal.rule.name': ['Medium Alert'],
+          'kibana.alert.reason': ['Medium Alert Reason'],
+          'kibana.alert.rule.uuid': ['Medium Alert UUID'],
+          'signal.rule.severity': ['medium'],
+        },
+      },
+    ],
+  },
 };
 
 jest.mock(
diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.tsx
index 30d492cf460a1..2369050ef0526 100644
--- a/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.tsx
+++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.tsx
@@ -12,12 +12,20 @@ import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText, EuiTitle, useEuiTheme }
 import { FormattedMessage } from '@kbn/i18n-react';
 import { DistributionBar } from '@kbn/security-solution-distribution-bar';
 import { getAbbreviatedNumber } from '@kbn/cloud-security-posture-common';
+import type { AlertSearchResponse } from '../../../detections/containers/detection_engine/alerts/types';
 import { ExpandablePanel } from '../../../flyout/shared/components/expandable_panel';
 import { getSeverityColor } from '../../../detections/components/alerts_kpis/severity_level_panel/helpers';
-import type {
-  AlertsByStatus,
-  ParsedAlertsData,
-} from '../../../overview/components/detection_response/alerts_by_status/types';
+
+interface CspAlertsField {
+  'kibana.alert.rule.uuid': string[];
+  'kibana.alert.reason': string[];
+  'signal.rule.name': string[];
+  'signal.rule.severity': string[];
+}
+
+interface AlertsDetailsFields {
+  fields: CspAlertsField;
+}
 
 const AlertsCount = ({
   alertsTotal,
@@ -57,25 +65,25 @@ export const AlertsPreview = ({
   alertsCount,
   isPreviewMode,
 }: {
-  alertsData: ParsedAlertsData;
+  alertsData: AlertSearchResponse<unknown, unknown> | null;
   alertsCount: number;
   isPreviewMode?: boolean;
 }) => {
   const { euiTheme } = useEuiTheme();
 
-  const severityMap = new Map<string, number>();
-
-  (['open', 'acknowledged'] as AlertsByStatus[]).forEach((status) => {
-    alertsData?.[status]?.severities.forEach((severity) => {
-      if (severityMap.has(severity.key)) {
-        severityMap.set(severity.key, (severityMap?.get(severity.key) || 0) + severity.value);
-      } else {
-        severityMap.set(severity.key, severity.value);
-      }
-    });
-  });
+  const resultX = (alertsData?.hits?.hits as AlertsDetailsFields[])?.map(
+    (item: AlertsDetailsFields) => {
+      return { fields: item.fields };
+    }
+  );
 
-  const alertStats = Array.from(severityMap, ([key, count]) => ({
+  const severities = resultX?.map((item) => item.fields['signal.rule.severity'][0]) || [];
+  const alertStats = Object.entries(
+    severities.reduce((acc: Record<string, number>, item) => {
+      acc[item] = (acc[item] || 0) + 1;
+      return acc;
+    }, {})
+  ).map(([key, count]) => ({
     key,
     count,
     color: getSeverityColor(key),
diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/entity_insight.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/entity_insight.tsx
index 093debe1427c9..d9a43ee9ce38f 100644
--- a/x-pack/plugins/security_solution/public/cloud_security_posture/components/entity_insight.tsx
+++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/entity_insight.tsx
@@ -7,20 +7,20 @@
 
 import { EuiAccordion, EuiHorizontalRule, EuiSpacer, EuiTitle, useEuiTheme } from '@elastic/eui';
 
-import React, { useMemo } from 'react';
+import React from 'react';
 import { css } from '@emotion/react';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { useMisconfigurationPreview } from '@kbn/cloud-security-posture/src/hooks/use_misconfiguration_preview';
 import { buildEntityFlyoutPreviewQuery } from '@kbn/cloud-security-posture-common';
 import { useVulnerabilitiesPreview } from '@kbn/cloud-security-posture/src/hooks/use_vulnerabilities_preview';
 import { hasVulnerabilitiesData } from '@kbn/cloud-security-posture';
+import { buildEntityAlertsQuery } from '@kbn/cloud-security-posture-common/utils/helpers';
 import { MisconfigurationsPreview } from './misconfiguration/misconfiguration_preview';
 import { VulnerabilitiesPreview } from './vulnerabilities/vulnerabilities_preview';
 import { AlertsPreview } from './alerts/alerts_preview';
-import { useGlobalTime } from '../../common/containers/use_global_time';
-import { DETECTION_RESPONSE_ALERTS_BY_STATUS_ID } from '../../overview/components/detection_response/alerts_by_status/types';
-import { useAlertsByStatus } from '../../overview/components/detection_response/alerts_by_status/use_alerts_by_status';
 import { useSignalIndex } from '../../detections/containers/detection_engine/alerts/use_signal_index';
+import { ALERTS_QUERY_NAMES } from '../../detections/containers/detection_engine/alerts/constants';
+import { useQueryAlerts } from '../../detections/containers/detection_engine/alerts/use_query';
 
 export const EntityInsight = <T,>({
   name,
@@ -67,24 +67,13 @@ export const EntityInsight = <T,>({
 
   const { signalIndexName } = useSignalIndex();
 
-  const entityFilter = useMemo(() => ({ field: fieldName, value: name }), [fieldName, name]);
-
-  const { to, from } = useGlobalTime();
-
-  const { items: alertsData } = useAlertsByStatus({
-    entityFilter,
-    signalIndexName,
-    queryId: DETECTION_RESPONSE_ALERTS_BY_STATUS_ID,
-    to,
-    from,
+  const { data: alertsData } = useQueryAlerts({
+    query: buildEntityAlertsQuery(fieldName, name, 500),
+    queryName: ALERTS_QUERY_NAMES.ALERTS_COUNT_BY_STATUS,
+    indexName: signalIndexName,
   });
 
-  const alertsOpenCount = alertsData?.open?.total || 0;
-
-  const alertsAcknowledgedCount = alertsData?.acknowledged?.total || 0;
-
-  const alertsCount = alertsOpenCount + alertsAcknowledgedCount;
-
+  const alertsCount = alertsData?.hits?.total.value || 0;
   if (alertsCount > 0) {
     insightContent.push(
       <>