[Security Solution][Detections][Threshold Rules] Threshold Rule Bug F…

…ixes (#84918) * Move threshold dupe detection logic to its own function * Minor fixup * Refactor and remove property injection for threshold signals * Only show aggregatable fields for threshold rule grouping * Add threshold rule kql filter to timeline * Remove outdated getThresholdSignalQueryFields tests * Filter aggregatable fields on client * Revert "Only show aggregatable fields for threshold rule grouping" This reverts commit 539fa49. * Fix bug with incorrect calculation of threshold signal dupes when no threshold field present * Revert "Add threshold rule kql filter to timeline" This reverts commit 6482374. * Add test skeleton * Finish tests * Address comment
elastic · Dec 20, 2020 · 0d9b40d · 0d9b40d
1 parent 396018f
commit 0d9b40d
Show file tree

Hide file tree

Showing 8 changed files with 228 additions and 436 deletions.
diff --git a/...k/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx b/...k/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx
@@ -52,7 +52,7 @@ import {
 } from '../../../../../common/detection_engine/utils';
 import { EqlQueryBar } from '../eql_query_bar';
 import { ThreatMatchInput } from '../threatmatch_input';
-import { useFetchIndex } from '../../../../common/containers/source';
+import { BrowserField, BrowserFields, useFetchIndex } from '../../../../common/containers/source';
 import { PreviewQuery, Threshold } from '../query_preview';
 
 const CommonUseField = getUseField({ component: Field });
@@ -168,6 +168,26 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
   const queryBarQuery =
     formQuery != null ? formQuery.query.query : '' || initialState.queryBar.query.query;
   const [indexPatternsLoading, { browserFields, indexPatterns }] = useFetchIndex(index);
+  const aggregatableFields = Object.entries(browserFields).reduce<BrowserFields>(
+    (groupAcc, [groupName, groupValue]) => {
+      return {
+        ...groupAcc,
+        [groupName]: {
+          fields: Object.entries(groupValue.fields ?? {}).reduce<Partial<BrowserField>>(
+            (fieldAcc, [fieldName, fieldValue]) => {
+              if (fieldValue.aggregatable === true) {
+                return { ...fieldAcc, [fieldName]: fieldValue };
+              }
+              return fieldAcc;
+            },
+            {}
+          ),
+        } as Partial<BrowserField>,
+      };
+    },
+    {}
+  );
+
   const [
     threatIndexPatternsLoading,
     { browserFields: threatBrowserFields, indexPatterns: threatIndexPatterns },
@@ -262,12 +282,12 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
   const ThresholdInputChildren = useCallback(
     ({ thresholdField, thresholdValue }) => (
       <ThresholdInput
-        browserFields={browserFields}
+        browserFields={aggregatableFields}
         thresholdField={thresholdField}
         thresholdValue={thresholdValue}
       />
     ),
-    [browserFields]
+    [aggregatableFields]
   );
 
   const ThreatMatchInputChildren = useCallback(