limit ecs fields

elastic · Feb 22, 2024 · ea82637 · ea82637
1 parent 8650791
commit ea82637
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 23 deletions.
diff --git a/...plugins/security_solution/public/flyout/document_details/right/utils/event_utils.test.tsx b/...plugins/security_solution/public/flyout/document_details/right/utils/event_utils.test.tsx
@@ -11,7 +11,6 @@ describe('test isEcsAllowedValue', () => {
     expect(isEcsAllowedValue('event.kind', 'event')).toBe(true);
     expect(isEcsAllowedValue('event.kind', 'not ecs')).toBe(false);
     expect(isEcsAllowedValue('event.category', 'not ecs')).toBe(false);
-    expect(isEcsAllowedValue('not ecs field', 'file')).toBe(false);
   });
 });
 

diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/utils/event_utils.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/utils/event_utils.tsx
@@ -14,34 +14,22 @@ export interface AllowedValue {
   name?: string;
 }
 
-export interface EcsMetadata {
-  allowed_values?: AllowedValue[];
-  dashed_name?: string;
-  description?: string;
-  example?: string;
-  flat_name?: string;
-  format?: string;
-  ignore_above?: number;
-  level?: string;
-  name?: string;
-  normalize?: string[];
-  required?: boolean;
-  short?: string;
-  type?: string;
-}
+type FieldName = 'event.kind' | 'event.category';
 
 /**
  * Helper function to return if the value is in the allowed value list of an ecs field
  * @param fieldName
  * @param value
  * @returns boolean if value is an allowed value
  */
-export const isEcsAllowedValue = (fieldName: string, value: string | undefined | null): boolean => {
+export const isEcsAllowedValue = (
+  fieldName: FieldName,
+  value: string | undefined | null
+): boolean => {
   if (!value || value == null) {
     return false;
   }
-  const ecsMetadata = EcsFlat as unknown as Record<string, EcsMetadata>;
-  const allowedValues: AllowedValue[] | undefined = ecsMetadata[fieldName]?.allowed_values;
+  const allowedValues: AllowedValue[] = EcsFlat[fieldName]?.allowed_values ?? [];
   return Boolean(allowedValues?.find((item) => item.name === value));
 };
 
@@ -51,11 +39,10 @@ export const isEcsAllowedValue = (fieldName: string, value: string | undefined |
  * @param value
  * @returns ecs description of the value
  */
-export const getEcsAllowedValueDescription = (fieldName: string, value: string): string => {
-  const ecsMetadata = EcsFlat as unknown as Record<string, EcsMetadata>;
-  const eventKindArray: AllowedValue[] | undefined = ecsMetadata[fieldName]?.allowed_values;
+export const getEcsAllowedValueDescription = (fieldName: FieldName, value: string): string => {
+  const allowedValues: AllowedValue[] = EcsFlat[fieldName]?.allowed_values ?? [];
   return (
-    eventKindArray?.find((item) => item.name === value)?.description ??
+    allowedValues?.find((item) => item.name === value)?.description ??
     i18n.translate('xpack.securitySolution.flyout.right.about.noEventKindDescriptionMessage', {
       defaultMessage: 'This field is not an ecs field, description is not available.',
     })