[7.x] [Security Solutions] Adds a default for indicator match custom query of *:* (#81727) #83352
Commits on Nov 12, 2020
-
[Security Solutions] Adds a default for indicator match custom query …
…of *:* (elastic#81727) ## Summary Allows for Indicator matches to have a default of `*:*` for the query field when it is selected. Before, indicator query is blank when first selecting the rule: <img width="1037" alt="Screen Shot 2020-11-05 at 5 44 50 PM" src="https://user-images.githubusercontent.com/1151048/98312312-afc9ff00-1f8e-11eb-822b-ad95104ca54e.png"> After, indicator query is by default `*:*` unless the user has previously edited the query field: <img width="1038" alt="Screen Shot 2020-11-05 at 5 45 38 PM" src="https://user-images.githubusercontent.com/1151048/98312363-cb350a00-1f8e-11eb-9137-8da2f770ec7e.png"> Adds a stable reference for threat matching to determine when the query field has been modified or not. This is keep the current behavior and the rules operate like this: * If you select an indicator match rule and nothing has been previously edited it will select `*:*` for the query * If you have modified your custom query and select indicator match rule, then `*:*` will be replaced with that custom query and `*:*` will not be used. * If you select EQL rule and then _back_ to this rule type the `*:*` will be re-inserted and `edit: true` will flip back to false, due to the magic that is keys within React and how the EQL rule type relies on that. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.