Skip to content

Commit

Permalink
[8.7] [Security Solution][Investigations] - 8.7 minor fixes (#152284) (
Browse files Browse the repository at this point in the history
…#152758)

# Backport

This will backport the following commits from `main` to `8.7`:
- [[Security Solution][Investigations] - 8.7 minor fixes
(#152284)](#152284)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Michael
Olorunnisola","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-03-06T19:08:28Z","message":"[Security
Solution][Investigations] - 8.7 minor fixes (#152284)\n\n##
Summary\r\n\r\nThis PR includes minor fixes for the following items by
commit\r\n\r\n**[Timeline ui alignment
fix]**\r\nhttps://github.com//issues/149017
-\r\nhttps://github.com//pull/152284/commits/01281497dcad8f09f22db2c25155b586e02b2532\r\n**[Saving
empty eql query]**\r\nhttps://github.com//issues/148950**
-\r\nhttps://github.com//pull/152284/commits/b9715cb5e5d75fe12ed0af1672d22370cec9207d\r\n**[Re-add
alert count to top
n]**\r\nhttps://github.com//issues/148631
-\r\nhttps://github.com//pull/152284/commits/4c8d1e6021b37ad90bd34aa7cb25527a7a60cd21","sha":"1f6de13232dd1fbc6d1dcbd887ce66cdc0496544","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Threat
Hunting","Team:Threat
Hunting:Investigations","v8.7.0","v8.8.0"],"number":152284,"url":"https://github.com/elastic/kibana/pull/152284","mergeCommit":{"message":"[Security
Solution][Investigations] - 8.7 minor fixes (#152284)\n\n##
Summary\r\n\r\nThis PR includes minor fixes for the following items by
commit\r\n\r\n**[Timeline ui alignment
fix]**\r\nhttps://github.com//issues/149017
-\r\nhttps://github.com//pull/152284/commits/01281497dcad8f09f22db2c25155b586e02b2532\r\n**[Saving
empty eql query]**\r\nhttps://github.com//issues/148950**
-\r\nhttps://github.com//pull/152284/commits/b9715cb5e5d75fe12ed0af1672d22370cec9207d\r\n**[Re-add
alert count to top
n]**\r\nhttps://github.com//issues/148631
-\r\nhttps://github.com//pull/152284/commits/4c8d1e6021b37ad90bd34aa7cb25527a7a60cd21","sha":"1f6de13232dd1fbc6d1dcbd887ce66cdc0496544"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/152284","number":152284,"mergeCommit":{"message":"[Security
Solution][Investigations] - 8.7 minor fixes (#152284)\n\n##
Summary\r\n\r\nThis PR includes minor fixes for the following items by
commit\r\n\r\n**[Timeline ui alignment
fix]**\r\nhttps://github.com//issues/149017
-\r\nhttps://github.com//pull/152284/commits/01281497dcad8f09f22db2c25155b586e02b2532\r\n**[Saving
empty eql query]**\r\nhttps://github.com//issues/148950**
-\r\nhttps://github.com//pull/152284/commits/b9715cb5e5d75fe12ed0af1672d22370cec9207d\r\n**[Re-add
alert count to top
n]**\r\nhttps://github.com//issues/148631
-\r\nhttps://github.com//pull/152284/commits/4c8d1e6021b37ad90bd34aa7cb25527a7a60cd21","sha":"1f6de13232dd1fbc6d1dcbd887ce66cdc0496544"}}]}]
BACKPORT-->

Co-authored-by: Michael Olorunnisola <[email protected]>
  • Loading branch information
kibanamachine and michaelolo24 authored Mar 7, 2023
1 parent a74084d commit e724259
Show file tree
Hide file tree
Showing 5 changed files with 74 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import {
TIMELINE_TAB_CONTENT_GRAPHS_NOTES,
EDIT_TIMELINE_BTN,
EDIT_TIMELINE_TOOLTIP,
TIMELINE_CORRELATION_INPUT,
} from '../../screens/timeline';
import { createTimelineTemplate } from '../../tasks/api_calls/timelines';

Expand All @@ -41,9 +42,11 @@ import {
goToQueryTab,
pinFirstEvent,
populateTimeline,
waitForTimelineChanges,
} from '../../tasks/timeline';

import { OVERVIEW_URL, TIMELINE_TEMPLATES_URL } from '../../urls/navigation';
import { EQL_QUERY_VALIDATION_ERROR } from '../../screens/create_new_rule';

describe('Create a timeline from a template', () => {
before(() => {
Expand Down Expand Up @@ -154,5 +157,67 @@ describe('Timelines', (): void => {
.then(parseInt)
.should('be.gt', 0);
});

// Skipped in this PR until the underlying re-renders are fixed: https://github.com/elastic/kibana/pull/152284
describe.skip('correlation tab', () => {
it('should update timeline after adding eql', () => {
cy.intercept('PATCH', '/api/timeline').as('updateTimeline');
const eql = 'any where process.name == "zsh"';
addEqlToTimeline(eql);

cy.wait('@updateTimeline', { timeout: 10000 }).its('response.statusCode').should('eq', 200);

cy.get(`${TIMELINE_TAB_CONTENT_EQL} ${SERVER_SIDE_EVENT_COUNT}`)
.invoke('text')
.then(parseInt)
.should('be.gt', 0);
});

describe.skip('updates', () => {
const eql = 'any where process.name == "zsh"';
beforeEach(() => {
cy.intercept('PATCH', '/api/timeline').as('updateTimeline');
addEqlToTimeline(eql);
// TODO: It may need a further refactor to handle the frequency with which react calls this api
// Since it's based on real time text changes...and real time query validation
// there's almost no guarantee on the number of calls, so a cypress.wait may actually be more appropriate
cy.wait('@updateTimeline');
cy.wait('@updateTimeline');
cy.reload();
cy.get(TIMELINE_CORRELATION_INPUT).should('be.visible');
cy.get(TIMELINE_CORRELATION_INPUT).should('have.text', eql);
});

it('should update timeline after removing eql', () => {
cy.intercept('PATCH', '/api/timeline').as('updateTimeline');
cy.get(TIMELINE_CORRELATION_INPUT).should('be.visible');
waitForTimelineChanges();
cy.get(TIMELINE_CORRELATION_INPUT).type('{selectAll} {del}').clear();
// TODO: It may need a further refactor to handle the frequency with which react calls this api
// Since it's based on real time text changes...and real time query validation
// there's almost no guarantee on the number of calls, so a cypress.wait may actually be more appropriate
cy.wait('@updateTimeline');
cy.wait('@updateTimeline');
cy.wait('@updateTimeline');
cy.wait('@updateTimeline');
waitForTimelineChanges();
cy.reload();
cy.get(TIMELINE_CORRELATION_INPUT).should('be.visible');

cy.get(TIMELINE_CORRELATION_INPUT).should('have.text', '');
});

it('should NOT update timeline after adding wrong eql', () => {
cy.intercept('PATCH', '/api/timeline').as('updateTimeline');
const nonFunctionalEql = 'this is not valid eql';
addEqlToTimeline(nonFunctionalEql);
cy.get(EQL_QUERY_VALIDATION_ERROR).should('be.visible');
cy.reload();
cy.get(TIMELINE_CORRELATION_INPUT).should('be.visible');

cy.get(TIMELINE_CORRELATION_INPUT).should('have.text', eql);
});
});
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,8 @@ export const EQL_QUERY_INPUT = '[data-test-subj="eqlQueryBarTextInput"]';

export const EQL_QUERY_VALIDATION_SPINNER = '[data-test-subj="eql-validation-loading"]';

export const EQL_QUERY_VALIDATION_ERROR = '[data-test-subj="eql-validation-errors-popover-button"]';

export const IMPORT_QUERY_FROM_SAVED_TIMELINE_LINK =
'[data-test-subj="importQueryFromSavedTimeline"]';

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -385,15 +385,14 @@ export const AlertsHistogramPanel = memo<AlertsHistogramPanelProps>(
alignHeader={alignHeader}
id={uniqueQueryId}
inspectTitle={inspectTitle}
outerDirection="row"
outerDirection="column"
title={titleText}
titleSize={titleSize}
toggleStatus={showHistogram}
toggleQuery={hideQueryToggle ? undefined : toggleQuery}
showInspectButton={isChartEmbeddablesEnabled ? false : chartOptionsContextMenu == null}
subtitle={!isInitialLoading && showTotalAlertsCount && totalAlerts}
isInspectDisabled={isInspectDisabled}
hideSubtitle
>
<EuiFlexGroup alignItems="flexStart" data-test-subj="panelFlexGroup" gutterSize="none">
<EuiFlexItem grow={false}>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,12 @@ const StyledEuiFlyoutHeader = styled(EuiFlyoutHeader)`
box-shadow: none;
display: flex;
flex-direction: column;
margin-top: ${({ theme }) => theme.eui.euiSizeM}
padding: 0;
&.euiFlyoutHeader {
${({ theme }) =>
`padding: 0 ${theme.eui.euiSizeS} ${theme.eui.euiSizeS} ${theme.eui.euiSizeS};`}
`padding: 0 ${theme.eui.euiSizeM} ${theme.eui.euiSizeS} ${theme.eui.euiSizeS};`}
}
`;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,8 @@ export const EqlQueryBarTimeline = memo(({ timelineId }: { timelineId: string })
watch: ['eqlQueryBar'],
});

const prevEqlQuery = useRef<TimelineEqlQueryBar['eqlQueryBar']['query']['query']>('');

const optionsData = useMemo(
() =>
isEmpty(indexPattern.fields)
Expand Down Expand Up @@ -156,10 +158,11 @@ export const EqlQueryBarTimeline = memo(({ timelineId }: { timelineId: string })
useEffect(() => {
if (
formEqlQueryBar != null &&
!isEmpty(formEqlQueryBar.query.query) &&
prevEqlQuery.current !== formEqlQueryBar.query.query &&
isQueryBarValid &&
!isQueryBarValidating
) {
prevEqlQuery.current = formEqlQueryBar.query.query;
dispatch(
timelineActions.updateEqlOptions({
id: timelineId,
Expand Down

0 comments on commit e724259

Please sign in to comment.