[Security Solution] Options to select index patterns

src/plugins/data/common/index_patterns/index_patterns/index_patterns.ts

@@ -114,6 +114,21 @@ export class IndexPatternsService {
     return this.savedObjectsCache.map((obj) => obj?.attributes?.title);
   };
 
+  getIdsWithTitle = async (
+    refresh: boolean = false
+  ): Promise<Array<{ id: string; title: string }>> => {
+    if (!this.savedObjectsCache || refresh) {
+      await this.refreshSavedObjectsCache();
+    }
+    if (!this.savedObjectsCache) {
+      return [];
+    }
+    return this.savedObjectsCache.map((obj) => ({
+      id: obj?.id,
+      title: obj?.attributes?.title,
+    }));
+  };
+
   getFieldsForTimePattern = (options: GetFieldsOptions = {}) => {
     return this.apiClient.getFieldsForTimePattern(options);
   };

x-pack/plugins/security_solution/common/constants.ts

@@ -11,7 +11,6 @@ export const APP_ICON = 'securityAnalyticsApp';
 export const APP_ICON_SOLUTION = 'logoSecurity';
 export const APP_PATH = `/app/security`;
 export const ADD_DATA_PATH = `/app/home#/tutorial_directory/security`;
-export const ADD_INDEX_PATH = `/app/management/kibana/indexPatterns/create`;
 export const DEFAULT_BYTES_FORMAT = 'format:bytes:defaultPattern';
 export const DEFAULT_DATE_FORMAT = 'dateFormat';
 export const DEFAULT_DATE_FORMAT_TZ = 'dateFormat:tz';
@@ -58,6 +57,8 @@ export const APP_TIMELINES_PATH = `${APP_PATH}/timelines`;
 export const APP_CASES_PATH = `${APP_PATH}/cases`;
 export const APP_MANAGEMENT_PATH = `${APP_PATH}/administration`;
 
+export const DETECTIONS_SUB_PLUGIN_ID = `${APP_ID}:${SecurityPageName.detections}`;
+
 /** The comma-delimited list of Elasticsearch indices from which the SIEM app collects events */
 export const DEFAULT_INDEX_PATTERN = [
   'apm-*-transaction*',

x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts

@@ -0,0 +1,59 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import {
+  IEsSearchRequest,
+  IEsSearchResponse,
+  IFieldSubType,
+} from '../../../../../../src/plugins/data/common';
+import { Maybe } from '../common';
+
+export type BeatFieldsFactoryQueryType = 'beatFields';
+
+interface FieldInfo {
+  category: string;
+  description?: string;
+  example?: string | number;
+  format?: string;
+  name: string;
+  type?: string;
+}
+
+export interface IndexField {
+  /** Where the field belong */
+  category: string;
+  /** Example of field's value */
+  example?: Maybe<string | number>;
+  /** whether the field's belong to an alias index */
+  indexes: Array<Maybe<string>>;
+  /** The name of the field */
+  name: string;
+  /** The type of the field's values as recognized by Kibana */
+  type: string;
+  /** Whether the field's values can be efficiently searched for */
+  searchable: boolean;
+  /** Whether the field's values can be aggregated */
+  aggregatable: boolean;
+  /** Description of the field */
+  description?: Maybe<string>;
+  format?: Maybe<string>;
+  /** the elastic type as mapped in the index */
+  esTypes?: string[];
+  subType?: IFieldSubType;
+  readFromDocValues: boolean;
+}
+
+export type BeatFields = Record<string, FieldInfo>;
+
+export interface IndexFieldsStrategyRequest extends IEsSearchRequest {
+  indices: string[];
+  onlyCheckIfIndicesExist: boolean;
+}
+
+export interface IndexFieldsStrategyResponse extends IEsSearchResponse {
+  indexFields: IndexField[];
+  indicesExists: string[];
+}

x-pack/plugins/security_solution/common/types/timeline/index.ts

@@ -239,6 +239,7 @@ export const SavedTimelineRuntimeType = runtimeTypes.partial({
   excludedRowRendererIds: unionWithNullType(runtimeTypes.array(RowRendererIdRuntimeType)),
   favorite: unionWithNullType(runtimeTypes.array(SavedFavoriteRuntimeType)),
   filters: unionWithNullType(runtimeTypes.array(SavedFilterRuntimeType)),
+  indexNames: unionWithNullType(runtimeTypes.array(runtimeTypes.string)),
   kqlMode: unionWithNullType(runtimeTypes.string),
   kqlQuery: unionWithNullType(SavedFilterQueryQueryRuntimeType),
   title: unionWithNullType(runtimeTypes.string),
@@ -398,3 +399,5 @@ export const importTimelineResultSchema = runtimeTypes.exact(
 );
 
 export type ImportTimelineResultSchema = runtimeTypes.TypeOf<typeof importTimelineResultSchema>;
+
+export type TimelineEventsType = 'all' | 'raw' | 'alert' | 'signal' | 'custom';

x-pack/plugins/security_solution/package.json

@@ -6,6 +6,7 @@
   "license": "Elastic-License",
   "scripts": {
     "extract-mitre-attacks": "node scripts/extract_tactics_techniques_mitre.js && node ../../../scripts/eslint ./public/pages/detection_engine/mitre/mitre_tactics_techniques.ts --fix",
+    "build-beat-doc": "node scripts/beat_docs/build.js && node ../../../scripts/eslint ./server/utils/beat_schema/fields.ts --fix",
     "build-graphql-types": "node scripts/generate_types_from_graphql.js",
     "cypress:open": "cypress open --config-file ./cypress/cypress.json",
     "cypress:open-as-ci": "node ../../../scripts/functional_tests --config ../../test/security_solution_cypress/visual_config.ts",

x-pack/plugins/security_solution/public/app/app.tsx

@@ -28,8 +28,6 @@ import { ApolloClientContext } from '../common/utils/apollo_context';
 import { ManageGlobalTimeline } from '../timelines/components/manage_timeline';
 import { StartServices } from '../types';
 import { PageRouter } from './routes';
-import { ManageSource } from '../common/containers/sourcerer';
-
 interface StartAppComponent extends AppFrontendLibs {
   children: React.ReactNode;
   history: History;
@@ -56,15 +54,13 @@ const StartAppComponent: FC<StartAppComponent> = ({ children, apolloClient, hist
             <ReduxStoreProvider store={store}>
               <ApolloProvider client={apolloClient}>
                 <ApolloClientContext.Provider value={apolloClient}>
-                  <ManageSource>
-                    <ThemeProvider theme={theme}>
-                      <MlCapabilitiesProvider>
-                        <ManageUserInfo>
-                          <PageRouter history={history}>{children}</PageRouter>
-                        </ManageUserInfo>
-                      </MlCapabilitiesProvider>
-                    </ThemeProvider>
-                  </ManageSource>
+                  <ThemeProvider theme={theme}>
+                    <MlCapabilitiesProvider>
+                      <ManageUserInfo>
+                        <PageRouter history={history}>{children}</PageRouter>
+                      </ManageUserInfo>
+                    </MlCapabilitiesProvider>
+                  </ThemeProvider>
                   <ErrorToastDispatcher />
                   <GlobalToaster />
                 </ApolloClientContext.Provider>

x-pack/plugins/security_solution/public/app/home/index.tsx

@@ -4,7 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import React, { useMemo } from 'react';
+import React, { useRef } from 'react';
 import styled from 'styled-components';
 
 import { TimelineId } from '../../../common/types/timeline';
@@ -14,11 +14,12 @@ import { HeaderGlobal } from '../../common/components/header_global';
 import { HelpMenu } from '../../common/components/help_menu';
 import { AutoSaveWarningMsg } from '../../timelines/components/timeline/auto_save_warning';
 import { UseUrlState } from '../../common/components/url_state';
-import { useWithSource } from '../../common/containers/source';
 import { useShowTimeline } from '../../common/utils/timeline/use_show_timeline';
 import { navTabs } from './home_navigations';
-import { useSignalIndex } from '../../detections/containers/detection_engine/alerts/use_signal_index';
-import { useUserInfo } from '../../detections/components/user_info';
+import { useInitSourcerer, useSourcererScope } from '../../common/containers/sourcerer';
+import { useKibana } from '../../common/lib/kibana';
+import { DETECTIONS_SUB_PLUGIN_ID } from '../../../common/constants';
+import { SourcererScopeName } from '../../common/store/sourcerer/model';
 
 const SecuritySolutionAppWrapper = styled.div`
   display: flex;
@@ -42,20 +43,21 @@ interface HomePageProps {
 }
 
 const HomePageComponent: React.FC<HomePageProps> = ({ children }) => {
-  const { signalIndexExists, signalIndexName } = useSignalIndex();
+  const { application } = useKibana().services;
+  const subPluginId = useRef<string>('');
 
-  const indexToAdd = useMemo<string[] | null>(() => {
-    if (signalIndexExists && signalIndexName != null) {
-      return [signalIndexName];
-    }
-    return null;
-  }, [signalIndexExists, signalIndexName]);
+  application.currentAppId$.subscribe((appId) => {
+    subPluginId.current = appId ?? '';
+  });
 
+  useInitSourcerer(
+    subPluginId.current === DETECTIONS_SUB_PLUGIN_ID
+      ? SourcererScopeName.detections
+      : SourcererScopeName.default
+  );
   const [showTimeline] = useShowTimeline();
-  const { browserFields, indexPattern, indicesExist } = useWithSource('default', indexToAdd);
 
-  // side effect: this will attempt to create the signals index if it doesn't exist
-  useUserInfo();
+  const { browserFields, indexPattern, indicesExist } = useSourcererScope();
 
   return (
     <SecuritySolutionAppWrapper>

x-pack/plugins/security_solution/public/cases/components/case_header_page/index.tsx

@@ -9,7 +9,9 @@ import React from 'react';
 import { HeaderPage, HeaderPageProps } from '../../../common/components/header_page';
 import * as i18n from './translations';
 
-const CaseHeaderPageComponent: React.FC<HeaderPageProps> = (props) => <HeaderPage {...props} />;
+const CaseHeaderPageComponent: React.FC<HeaderPageProps> = (props) => (
+  <HeaderPage hideSourcerer={true} {...props} />
+);
 
 CaseHeaderPageComponent.defaultProps = {
   badgeOptions: {

x-pack/plugins/security_solution/public/cases/components/case_view/index.tsx

@@ -294,6 +294,7 @@ export const CaseComponent = React.memo<CaseProps>(
           <HeaderPage
             backOptions={backOptions}
             data-test-subj="case-view-title"
+            hideSourcerer={true}
             titleNode={
               <EditableTitle
                 disabled={!userCanCrud}

x-pack/plugins/security_solution/public/common/components/alerts_viewer/alerts_table.tsx

@@ -13,6 +13,7 @@ import { alertsDefaultModel } from './default_headers';
 import { useManageTimeline } from '../../../timelines/components/manage_timeline';
 import * as i18n from './translations';
 import { useKibana } from '../../lib/kibana';
+import { SourcererScopeName } from '../../store/sourcerer/model';
 
 export interface OwnProps {
   end: string;
@@ -89,6 +90,7 @@ const AlertsTableComponent: React.FC<Props> = ({
       defaultModel={alertsDefaultModel}
       end={endDate}
       id={timelineId}
+      scopeId={SourcererScopeName.default}
       start={startDate}
     />
   );

x-pack/plugins/security_solution/public/common/components/alerts_viewer/index.tsx

@@ -24,6 +24,7 @@ const AlertsViewComponent: React.FC<AlertsComponentsProps> = ({
   deleteQuery,
   endDate,
   filterQuery,
+  indexNames,
   pageFilters,
   setQuery,
   startDate,
@@ -62,6 +63,7 @@ const AlertsViewComponent: React.FC<AlertsComponentsProps> = ({
           endDate={endDate}
           filterQuery={filterQuery}
           id={ID}
+          indexNames={indexNames}
           setQuery={setQuery}
           startDate={startDate}
           {...alertsHistogramConfigs}

x-pack/plugins/security_solution/public/common/components/alerts_viewer/types.ts

@@ -15,7 +15,7 @@ type CommonQueryProps = HostsComponentsQueryProps | NetworkComponentQueryProps;
 export interface AlertsComponentsProps
   extends Pick<
     CommonQueryProps,
-    'deleteQuery' | 'endDate' | 'filterQuery' | 'skip' | 'setQuery' | 'startDate'
+    'deleteQuery' | 'endDate' | 'filterQuery' | 'indexNames' | 'skip' | 'setQuery' | 'startDate'
   > {
   timelineId: TimelineIdLiteral;
   pageFilters: Filter[];

x-pack/plugins/security_solution/public/common/components/drag_and_drop/drag_drop_context_wrapper.test.tsx

@@ -6,9 +6,8 @@
 
 import { mount, shallow } from 'enzyme';
 import React from 'react';
-import { MockedProvider } from 'react-apollo/test-utils';
 
-import { mockBrowserFields, mocksSource } from '../../containers/source/mock';
+import { mockBrowserFields } from '../../containers/source/mock';
 import { TestProviders } from '../../mock';
 
 import { DragDropContextWrapper } from './drag_drop_context_wrapper';
@@ -20,11 +19,9 @@ describe('DragDropContextWrapper', () => {
 
       const wrapper = shallow(
         <TestProviders>
-          <MockedProvider mocks={{}} addTypename={false}>
-            <DragDropContextWrapper browserFields={mockBrowserFields}>
-              {message}
-            </DragDropContextWrapper>
-          </MockedProvider>
+          <DragDropContextWrapper browserFields={mockBrowserFields}>
+            {message}
+          </DragDropContextWrapper>
         </TestProviders>
       );
       expect(wrapper.find('DragDropContextWrapper')).toMatchSnapshot();
@@ -35,11 +32,9 @@ describe('DragDropContextWrapper', () => {
 
       const wrapper = mount(
         <TestProviders>
-          <MockedProvider mocks={mocksSource} addTypename={false}>
-            <DragDropContextWrapper browserFields={mockBrowserFields}>
-              {message}
-            </DragDropContextWrapper>
-          </MockedProvider>
+          <DragDropContextWrapper browserFields={mockBrowserFields}>
+            {message}
+          </DragDropContextWrapper>
         </TestProviders>
       );