Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections][Threshold Rules] Threshold Rule Bug Fixes #84918

Merged
merged 25 commits into from
Dec 20, 2020
Merged

[Security Solution][Detections][Threshold Rules] Threshold Rule Bug Fixes #84918

Show file tree
Hide file tree
Changes from 23 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
0f8c746
Move threshold dupe detection logic to its own function
madirey Nov 30, 2020
679a958
Merge branch 'master' of github.com:elastic/kibana into threshold-fields
madirey Nov 30, 2020
f741972
Minor fixup
madirey Nov 30, 2020
4c3c7bb
Merge branch 'master' of github.com:elastic/kibana into threshold-fields
madirey Dec 1, 2020
da111d0
Refactor and remove property injection for threshold signals
madirey Dec 2, 2020
a4cc0c8
Merge branch 'master' of github.com:elastic/kibana into threshold-fields
madirey Dec 2, 2020
539fa49
Only show aggregatable fields for threshold rule grouping
madirey Dec 3, 2020
788aa13
Merge branch 'master' of github.com:elastic/kibana into threshold-fields
madirey Dec 3, 2020
6482374
Add threshold rule kql filter to timeline
madirey Dec 3, 2020
7e2ca17
Remove outdated getThresholdSignalQueryFields tests
madirey Dec 3, 2020
deefbdf
Merge branch 'master' of github.com:elastic/kibana into threshold-fields
madirey Dec 3, 2020
220ed6f
Merge branch 'master' of github.com:elastic/kibana into threshold-fields
madirey Dec 7, 2020
550da9d
Merge master, fix conflicts
madirey Dec 15, 2020
6f9d468
Filter aggregatable fields on client
madirey Dec 16, 2020
01e4340
Merge branch 'master' of github.com:elastic/kibana into threshold-fields
madirey Dec 16, 2020
6e94e3b
Revert "Only show aggregatable fields for threshold rule grouping"
madirey Dec 16, 2020
04b1432
Fix bug with incorrect calculation of threshold signal dupes when no …
madirey Dec 16, 2020
a08f1a0
Merge branch 'master' of github.com:elastic/kibana into threshold-fields
madirey Dec 16, 2020
81b069f
Merge branch 'master' of github.com:elastic/kibana into threshold-fields
madirey Dec 17, 2020
25efc01
Revert "Add threshold rule kql filter to timeline"
madirey Dec 17, 2020
2e6cf19
Add test skeleton
madirey Dec 17, 2020
ad495ab
Merge branch 'master' of github.com:elastic/kibana into threshold-fields
madirey Dec 17, 2020
7dc1e97
Finish tests
madirey Dec 18, 2020
64781a8
Merge branch 'master' of github.com:elastic/kibana into threshold-fields
madirey Dec 20, 2020
8eb8404
Address comment
madirey Dec 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 23 additions & 3 deletions ...k/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ import {
} from '../../../../../common/detection_engine/utils';
import { EqlQueryBar } from '../eql_query_bar';
import { ThreatMatchInput } from '../threatmatch_input';
import { useFetchIndex } from '../../../../common/containers/source';
import { BrowserField, BrowserFields, useFetchIndex } from '../../../../common/containers/source';
import { PreviewQuery, Threshold } from '../query_preview';

const CommonUseField = getUseField({ component: Field });
Expand Down Expand Up @@ -168,6 +168,26 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
const queryBarQuery =
formQuery != null ? formQuery.query.query : '' || initialState.queryBar.query.query;
const [indexPatternsLoading, { browserFields, indexPatterns }] = useFetchIndex(index);
const aggregatableFields = Object.entries(browserFields).reduce<BrowserFields>(
(groupAcc, [groupName, groupValue]) => {
return {
...groupAcc,
[groupName]: {
fields: Object.entries(groupValue.fields ?? {}).reduce<Partial<BrowserField>>(
(fieldAcc, [fieldName, fieldValue]) => {
if (fieldValue.aggregatable === true) {
return { ...fieldAcc, [fieldName]: fieldValue };
}
return fieldAcc;
},
{}
),
} as Partial<BrowserField>,
};
},
{}
);

const [
threatIndexPatternsLoading,
{ browserFields: threatBrowserFields, indexPatterns: threatIndexPatterns },
Expand Down Expand Up @@ -262,12 +282,12 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
const ThresholdInputChildren = useCallback(
({ thresholdField, thresholdValue }) => (
<ThresholdInput
browserFields={browserFields}
browserFields={aggregatableFields}
thresholdField={thresholdField}
thresholdValue={thresholdValue}
/>
),
[browserFields]
[aggregatableFields]
);

const ThreatMatchInputChildren = useCallback(
Expand Down
Loading