[SIEM] Adds a configuraton option for the default SIEM date time range (

elastic#44540) (elastic#44558) ## Summary Adds a configuration for the SIEM date time picker and interval within advanced settings: ``` ${root}/app/kibana#/management/kibana/settings ``` <img width="696" alt="Screen Shot 2019-08-30 at 1 24 29 PM" src="https://user-images.githubusercontent.com/1151048/64046623-95de9200-cb29-11e9-9f5a-dc396494210c.png"> ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [x] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [x] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios - [ ] This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist) ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process) - [x] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
stacey-gammon · Aug 31, 2019 · d068365 · d068365
1 parent b701e88
commit d068365
Show file tree

Hide file tree

Showing 10 changed files with 829 additions and 33 deletions.
diff --git a/x-pack/legacy/plugins/siem/common/constants.ts b/x-pack/legacy/plugins/siem/common/constants.ts
@@ -11,8 +11,17 @@ export const DEFAULT_DATE_FORMAT = 'dateFormat';
 export const DEFAULT_DATE_FORMAT_TZ = 'dateFormat:tz';
 export const DEFAULT_DARK_MODE = 'theme:darkMode';
 export const DEFAULT_INDEX_KEY = 'siem:defaultIndex';
+export const DEFAULT_TIME_RANGE = 'timepicker:timeDefaults';
+export const DEFAULT_REFRESH_RATE_INTERVAL = 'timepicker:refreshIntervalDefaults';
+export const DEFAULT_SIEM_TIME_RANGE = 'siem:timeDefaults';
+export const DEFAULT_SIEM_REFRESH_INTERVAL = 'siem:refreshIntervalDefaults';
 export const DEFAULT_ANOMALY_SCORE = 'siem:defaultAnomalyScore';
 export const DEFAULT_MAX_TABLE_QUERY_SIZE = 10000;
 export const DEFAULT_SCALE_DATE_FORMAT = 'dateFormat:scaled';
 export const DEFAULT_KBN_VERSION = 'kbnVersion';
 export const DEFAULT_TIMEZONE_BROWSER = 'timezoneBrowser';
+export const DEFAULT_FROM = 'now-24h';
+export const DEFAULT_TO = 'now';
+export const DEFAULT_INTERVAL_PAUSE = true;
+export const DEFAULT_INTERVAL_TYPE = 'manual';
+export const DEFAULT_INTERVAL_VALUE = 300000; // ms
diff --git a/x-pack/legacy/plugins/siem/index.ts b/x-pack/legacy/plugins/siem/index.ts
@@ -11,7 +11,18 @@ import { Server } from 'hapi';
 import { initServerWithKibana } from './server/kibana.index';
 import { savedObjectMappings } from './server/saved_objects';
 
-import { APP_ID, APP_NAME, DEFAULT_INDEX_KEY, DEFAULT_ANOMALY_SCORE } from './common/constants';
+import {
+  APP_ID,
+  APP_NAME,
+  DEFAULT_INDEX_KEY,
+  DEFAULT_ANOMALY_SCORE,
+  DEFAULT_SIEM_TIME_RANGE,
+  DEFAULT_SIEM_REFRESH_INTERVAL,
+  DEFAULT_INTERVAL_PAUSE,
+  DEFAULT_INTERVAL_VALUE,
+  DEFAULT_FROM,
+  DEFAULT_TO,
+} from './common/constants';
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 export function siem(kibana: any) {
@@ -45,6 +56,37 @@ export function siem(kibana: any) {
         },
       ],
       uiSettingDefaults: {
+        [DEFAULT_SIEM_REFRESH_INTERVAL]: {
+          type: 'json',
+          name: i18n.translate('xpack.siem.uiSettings.defaultRefreshIntervalLabel', {
+            defaultMessage: 'Time picker refresh interval',
+          }),
+          value: `{
+  "pause": ${DEFAULT_INTERVAL_PAUSE},
+  "value": ${DEFAULT_INTERVAL_VALUE}
+}`,
+          description: i18n.translate('xpack.siem.uiSettings.defaultRefreshIntervalDescription', {
+            defaultMessage: "The SIEM timefilter's default refresh interval",
+          }),
+          category: ['siem'],
+          requiresPageReload: true,
+        },
+        [DEFAULT_SIEM_TIME_RANGE]: {
+          type: 'json',
+          name: i18n.translate('xpack.siem.uiSettings.defaultTimeRangeLabel', {
+            defaultMessage: 'Time picker defaults',
+          }),
+          value: `{
+  "from": "${DEFAULT_FROM}",
+  "to": "${DEFAULT_TO}"
+}`,
+          description: i18n.translate('xpack.siem.uiSettings.defaultTimeRangeDescription', {
+            defaultMessage:
+              'The SIEM timefilter selection to use when Kibana is started without one',
+          }),
+          category: ['siem'],
+          requiresPageReload: true,
+        },
         [DEFAULT_INDEX_KEY]: {
           name: i18n.translate('xpack.siem.uiSettings.defaultIndexLabel', {
             defaultMessage: 'Default index',

diff --git a/x-pack/legacy/plugins/siem/public/components/charts/common.tsx b/x-pack/legacy/plugins/siem/public/components/charts/common.tsx
@@ -23,6 +23,7 @@ import {
 import { i18n } from '@kbn/i18n';
 import chrome from 'ui/chrome';
 import moment from 'moment-timezone';
+import { DEFAULT_DATE_FORMAT_TZ, DEFAULT_DARK_MODE } from '../../../common/constants';
 
 const chartHeight = 74;
 const chartDefaultRotation: Rotation = 0;
@@ -138,10 +139,10 @@ export const getTheme = () => {
       barsPadding: 0.5,
     },
   };
-  const isDarkMode = chrome.getUiSettingsClient().get('theme:darkMode');
+  const isDarkMode: boolean = chrome.getUiSettingsClient().get(DEFAULT_DARK_MODE);
   const defaultTheme = isDarkMode ? DARK_THEME : LIGHT_THEME;
   return mergeWithDefaultTheme(theme, defaultTheme);
 };
 
-const kibanaTimezone = chrome.getUiSettingsClient().get('dateFormat:tz');
+const kibanaTimezone: string = chrome.getUiSettingsClient().get(DEFAULT_DATE_FORMAT_TZ);
 export const browserTimezone = kibanaTimezone === 'Browser' ? moment.tz.guess() : kibanaTimezone;
diff --git a/x-pack/legacy/plugins/siem/public/components/open_timeline/helpers.ts b/x-pack/legacy/plugins/siem/public/components/open_timeline/helpers.ts
@@ -4,7 +4,6 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import dateMath from '@elastic/datemath';
 import ApolloClient from 'apollo-client';
 import { getOr, set } from 'lodash/fp';
 import { ActionCreator } from 'typescript-fsa';
@@ -28,6 +27,7 @@ import {
 import { DEFAULT_DATE_COLUMN_MIN_WIDTH, DEFAULT_COLUMN_MIN_WIDTH } from '../timeline/body/helpers';
 
 import { OpenTimelineResult, UpdateTimeline, DispatchUpdateTimeline } from './types';
+import { getDefaultFromValue, getDefaultToValue } from '../../utils/default_date_settings';
 
 export const OPEN_TIMELINE_CLASS_NAME = 'open-timeline';
 
@@ -177,16 +177,14 @@ export const queryTimelineById = <TCache>({
         );
 
         const { timeline, notes } = formatTimelineResultToModel(timelineToOpen, duplicate);
-
-        const momentDate = dateMath.parse('now-24h');
         if (updateTimeline) {
           updateTimeline({
             duplicate,
-            from: getOr(momentDate ? momentDate.valueOf() : 0, 'dateRange.start', timeline),
+            from: getOr(getDefaultFromValue(), 'dateRange.start', timeline),
             id: 'timeline-1',
             notes,
             timeline,
-            to: getOr(Date.now(), 'dateRange.end', timeline),
+            to: getOr(getDefaultToValue(), 'dateRange.end', timeline),
           })();
         }
       })

diff --git a/x-pack/legacy/plugins/siem/public/components/super_date_picker/index.tsx b/x-pack/legacy/plugins/siem/public/components/super_date_picker/index.tsx
@@ -31,7 +31,7 @@ import {
   isLoadingSelector,
   refetchSelector,
 } from './selectors';
-import { InputsRange } from '../../store/inputs/model';
+import { InputsRange, Policy } from '../../store/inputs/model';
 
 const MAX_RECENTLY_USED_RANGES = 9;
 
@@ -53,7 +53,7 @@ const MyEuiSuperDatePicker: React.SFC<MyEuiSuperDatePickerProps> = EuiSuperDateP
 
 interface SuperDatePickerStateRedux {
   duration: number;
-  policy: string;
+  policy: Policy['kind'];
   kind: string;
   fromStr: string;
   toStr: string;

diff --git a/x-pack/legacy/plugins/siem/public/mock/global_state.ts b/x-pack/legacy/plugins/siem/public/mock/global_state.ts
@@ -19,6 +19,12 @@ import {
 import { State } from '../store';
 
 import { defaultHeaders } from './header';
+import {
+  DEFAULT_FROM,
+  DEFAULT_TO,
+  DEFAULT_INTERVAL_TYPE,
+  DEFAULT_INTERVAL_VALUE,
+} from '../../common/constants';
 
 export const mockGlobalState: State = {
   app: {
@@ -111,16 +117,16 @@ export const mockGlobalState: State = {
   },
   inputs: {
     global: {
-      timerange: { kind: 'relative', fromStr: 'now-24h', toStr: 'now', from: 0, to: 1 },
+      timerange: { kind: 'relative', fromStr: DEFAULT_FROM, toStr: DEFAULT_TO, from: 0, to: 1 },
       linkTo: ['timeline'],
       query: [],
-      policy: { kind: 'manual', duration: 300000 },
+      policy: { kind: DEFAULT_INTERVAL_TYPE, duration: DEFAULT_INTERVAL_VALUE },
     },
     timeline: {
-      timerange: { kind: 'relative', fromStr: 'now-24h', toStr: 'now', from: 0, to: 1 },
+      timerange: { kind: 'relative', fromStr: DEFAULT_FROM, toStr: DEFAULT_TO, from: 0, to: 1 },
       linkTo: ['global'],
       query: [],
-      policy: { kind: 'manual', duration: 300000 },
+      policy: { kind: DEFAULT_INTERVAL_TYPE, duration: DEFAULT_INTERVAL_VALUE },
     },
   },
   dragAndDrop: { dataProviders: {} },

diff --git a/x-pack/legacy/plugins/siem/public/mock/ui_settings.ts b/x-pack/legacy/plugins/siem/public/mock/ui_settings.ts
@@ -5,18 +5,41 @@
  */
 
 import chrome from 'ui/chrome';
+import {
+  DEFAULT_SIEM_TIME_RANGE,
+  DEFAULT_SIEM_REFRESH_INTERVAL,
+  DEFAULT_INDEX_KEY,
+  DEFAULT_DATE_FORMAT_TZ,
+  DEFAULT_DARK_MODE,
+  DEFAULT_TIME_RANGE,
+  DEFAULT_REFRESH_RATE_INTERVAL,
+  DEFAULT_FROM,
+  DEFAULT_TO,
+  DEFAULT_INTERVAL_PAUSE,
+  DEFAULT_INTERVAL_VALUE,
+} from '../../common/constants';
 
 chrome.getUiSettingsClient().get.mockImplementation((key: string) => {
   switch (key) {
-    case 'timepicker:timeDefaults':
+    case DEFAULT_TIME_RANGE:
       return { from: 'now-15m', to: 'now', mode: 'quick' };
-    case 'timepicker:refreshIntervalDefaults':
+    case DEFAULT_REFRESH_RATE_INTERVAL:
       return { pause: false, value: 0 };
-    case 'siem:defaultIndex':
+    case DEFAULT_SIEM_TIME_RANGE:
+      return {
+        from: DEFAULT_FROM,
+        to: DEFAULT_TO,
+      };
+    case DEFAULT_SIEM_REFRESH_INTERVAL:
+      return {
+        pause: DEFAULT_INTERVAL_PAUSE,
+        value: DEFAULT_INTERVAL_VALUE,
+      };
+    case DEFAULT_INDEX_KEY:
       return ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'];
-    case 'dateFormat:tz':
+    case DEFAULT_DATE_FORMAT_TZ:
       return 'Asia/Taipei';
-    case 'theme:darkMode':
+    case DEFAULT_DARK_MODE:
       return false;
     default:
       throw new Error(`Unexpected config key: ${key}`);

diff --git a/x-pack/legacy/plugins/siem/public/store/inputs/reducer.ts b/x-pack/legacy/plugins/siem/public/store/inputs/reducer.ts
@@ -4,7 +4,6 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import dateMath from '@elastic/datemath';
 import { get } from 'lodash/fp';
 import { reducerWithInitialState } from 'typescript-fsa-reducers';
 
@@ -35,37 +34,45 @@ import {
   addTimelineLink,
 } from './helpers';
 import { InputsModel, TimeRange } from './model';
+import {
+  getDefaultFromValue,
+  getDefaultToValue,
+  getDefaultFromString,
+  getDefaultToString,
+  getDefaultIntervalKind,
+  getDefaultIntervalDuration,
+} from '../../utils/default_date_settings';
 
 export type InputsState = InputsModel;
-const momentDate = dateMath.parse('now-24h');
+
 export const initialInputsState: InputsState = {
   global: {
     timerange: {
       kind: 'relative',
-      fromStr: 'now-24h',
-      toStr: 'now',
-      from: momentDate ? momentDate.valueOf() : 0,
-      to: Date.now(),
+      fromStr: getDefaultFromString(),
+      toStr: getDefaultToString(),
+      from: getDefaultFromValue(),
+      to: getDefaultToValue(),
     },
     query: [],
     policy: {
-      kind: 'manual',
-      duration: 300000,
+      kind: getDefaultIntervalKind(),
+      duration: getDefaultIntervalDuration(),
     },
     linkTo: ['timeline'],
   },
   timeline: {
     timerange: {
       kind: 'relative',
-      fromStr: 'now-24h',
-      toStr: 'now',
-      from: momentDate ? momentDate.valueOf() : 0,
-      to: Date.now(),
+      fromStr: getDefaultFromString(),
+      toStr: getDefaultToString(),
+      from: getDefaultFromValue(),
+      to: getDefaultToValue(),
     },
     query: [],
     policy: {
-      kind: 'manual',
-      duration: 300000,
+      kind: getDefaultIntervalKind(),
+      duration: getDefaultIntervalDuration(),
     },
     linkTo: ['global'],
   },