[Security Solution] Allow to configure Event Renderers settings

x-pack/plugins/security_solution/common/types/timeline/index.ts

@@ -4,12 +4,12 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-/* eslint-disable @typescript-eslint/no-empty-interface */
+/* eslint-disable @typescript-eslint/camelcase, @typescript-eslint/no-empty-interface */
 
 import * as runtimeTypes from 'io-ts';
 import { SavedObjectsClient } from 'kibana/server';
 
-import { unionWithNullType } from '../../utility_types';
+import { stringEnum, unionWithNullType } from '../../utility_types';
 import { NoteSavedObject, NoteSavedObjectToReturnRuntimeType } from './note';
 import { PinnedEventToReturnSavedObjectRuntimeType, PinnedEventSavedObject } from './pinned_event';
 
@@ -164,6 +164,24 @@ export type TimelineStatusLiteralWithNull = runtimeTypes.TypeOf<
   typeof TimelineStatusLiteralWithNullRt
 >;
 
+export enum RowRendererId {
+  auditd = 'auditd',
+  auditd_file = 'auditd_file',
+  netflow = 'netflow',
+  plain = 'plain',
+  suricata = 'suricata',
+  system = 'system',
+  system_dns = 'system_dns',
+  system_endgame_process = 'system_endgame_process',
+  system_file = 'system_file',
+  system_fim = 'system_fim',
+  system_security_event = 'system_security_event',
+  system_socket = 'system_socket',
+  zeek = 'zeek',
+}
+
+export const RowRendererIdRuntimeType = stringEnum(RowRendererId, 'RowRendererId');
+
 /**
  * Timeline template type
  */
@@ -211,6 +229,7 @@ export const SavedTimelineRuntimeType = runtimeTypes.partial({
   dataProviders: unionWithNullType(runtimeTypes.array(SavedDataProviderRuntimeType)),
   description: unionWithNullType(runtimeTypes.string),
   eventType: unionWithNullType(runtimeTypes.string),
+  excludedRowRendererIds: unionWithNullType(runtimeTypes.array(RowRendererIdRuntimeType)),
   favorite: unionWithNullType(runtimeTypes.array(SavedFavoriteRuntimeType)),
   filters: unionWithNullType(runtimeTypes.array(SavedFilterRuntimeType)),
   kqlMode: unionWithNullType(runtimeTypes.string),

x-pack/plugins/security_solution/common/utility_types.ts

@@ -15,3 +15,14 @@ export interface DescriptionList {
 
 export const unionWithNullType = <T extends runtimeTypes.Mixed>(type: T) =>
   runtimeTypes.union([type, runtimeTypes.null]);
+
+export const stringEnum = <T>(enumObj: T, enumName = 'enum') =>
+  new runtimeTypes.Type<T[keyof T], string>(
+    enumName,
+    (u): u is T[keyof T] => Object.values(enumObj).includes(u),
+    (u, c) =>
+      Object.values(enumObj).includes(u)
+        ? runtimeTypes.success(u as T[keyof T])
+        : runtimeTypes.failure(u, c),
+    (a) => (a as unknown) as string
+  );

x-pack/plugins/security_solution/cypress/screens/hosts/events.ts

@@ -7,7 +7,7 @@
 export const CLOSE_MODAL = '[data-test-subj="modal-inspect-close"]';
 
 export const EVENTS_VIEWER_FIELDS_BUTTON =
-  '[data-test-subj="events-viewer-panel"] [data-test-subj="show-field-browser-gear"]';
+  '[data-test-subj="events-viewer-panel"] [data-test-subj="show-field-browser"]';
 
 export const EVENTS_VIEWER_PANEL = '[data-test-subj="events-viewer-panel"]';
 

x-pack/plugins/security_solution/public/common/components/alerts_viewer/default_headers.ts

@@ -4,6 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { RowRendererId } from '../../../../common/types/timeline';
 import { defaultColumnHeaderType } from '../../../timelines/components/timeline/body/column_headers/default_headers';
 import {
   DEFAULT_COLUMN_MIN_WIDTH,
@@ -69,5 +70,5 @@ export const alertsHeaders: ColumnHeaderOptions[] = [
 export const alertsDefaultModel: SubsetTimelineModel = {
   ...timelineDefaults,
   columns: alertsHeaders,
-  showRowRenderers: false,
+  excludedRowRendererIds: Object.values(RowRendererId),
 };