Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution] fix from-to values investigate in timeline pulled…
… from timestamp instead of @timestamp field (elastic#156884) ## Summary In Kibana 8.8 we've done a huge refactor of the alert table (see [PR](elastic#149128)). The new table's trigger actions are no longer some of the Security Solution server side methods that were adding a `timestamp` field to the response (see [here](https://github.com/elastic/kibana/blob/main/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts#L28)). That `timestamp` field was basically a duplication of the `@timestamp` field (done via [this helper function](https://github.com/elastic/kibana/blob/main/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/get_timestamp.ts#L12)) Running the stack locally, you would see that clicking on the `Investigate in timeline` icon button or ANY alerts in the alerts table (pretty new or months/years old) would bring the timeline flyout with always the `to` value being the `current date`, and the `from` value being the `current date - kibana.alert.rule.from`. The `timetamp` field [here](https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx#L158) does not exists, so we always fall back to `new Date()` (unless you're looking at an alert generated by a threshold rule, a new terms rule or a suppressed alert). This PR fixes the issue by retrieving the `@timestamp` field instead of the unwanted `timestamp` field. More work will be done in the future to actually entirely remove and cleanup the `timestamp` field (see [this WIP ticket](elastic#156879)). ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Before (recorded on May 4th and we're looking at an alert generated on May 3rd) https://user-images.githubusercontent.com/17276605/236509848-a5b0a363-c9c5-4d80-a139-84e3df3a1bd6.mov After https://user-images.githubusercontent.com/17276605/236509884-74805cef-ccf2-4b09-a174-2fcb6b75d4bb.mov Closes elastic#126077 (cherry picked from commit 114c98d)
- Loading branch information