[Security Solution][Endpoint] Restrict action_status API request fo…

…r `endpoint` agent (#178881) ## Summary On alerts page, alert details flyouts, metadata and action status APIs are being called for sentinel one alerts that should not be triggered for anything other than endpoints and endpoint response actions. This commit fixes that and restricts those API calls to endpoint agents/actions **Before:** ![Screenshot 2024-03-18 at 5 42 45 PM](https://github.com/elastic/kibana/assets/1849116/7f01675e-9add-4ddb-bb04-b803223fcd4e) ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
elastic · Mar 19, 2024 · 416a0a5 · 416a0a5
1 parent ee64c66
commit 416a0a5
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 8 deletions.
diff --git a/...curity_solution/public/detections/components/host_isolation/use_host_isolation_action.tsx b/...curity_solution/public/detections/components/host_isolation/use_host_isolation_action.tsx
@@ -15,7 +15,7 @@ import type { TimelineEventsDetailsItem } from '../../../../common/search_strate
 import { isIsolationSupported } from '../../../../common/endpoint/service/host_isolation/utils';
 import { HostStatus } from '../../../../common/endpoint/types';
 import { isAlertFromEndpointEvent } from '../../../common/utils/endpoint_alert_check';
-import { useHostIsolationStatus } from '../../containers/detection_engine/alerts/use_host_isolation_status';
+import { useEndpointHostIsolationStatus } from '../../containers/detection_engine/alerts/use_host_isolation_status';
 import { ISOLATE_HOST, UNISOLATE_HOST } from './translations';
 import { getFieldValue } from './helpers';
 import { useUserPrivileges } from '../../../common/components/user_privileges';
@@ -74,8 +74,9 @@ export const useHostIsolationAction = ({
     isIsolated,
     agentStatus,
     capabilities,
-  } = useHostIsolationStatus({
+  } = useEndpointHostIsolationStatus({
     agentId,
+    agentType: sentinelOneAgentId ? 'sentinel_one' : 'endpoint',
   });
 
   const { data: sentinelOneAgentData } = useGetSentinelOneAgentStatus([sentinelOneAgentId || '']);

diff --git a/...lugins/security_solution/public/detections/components/take_action_dropdown/index.test.tsx b/...lugins/security_solution/public/detections/components/take_action_dropdown/index.test.tsx
@@ -88,7 +88,7 @@ jest.mock('../../../../common/endpoint/service/host_isolation/utils', () => {
 
 jest.mock('../../containers/detection_engine/alerts/use_host_isolation_status', () => {
   return {
-    useHostIsolationStatus: jest.fn().mockReturnValue({
+    useEndpointHostIsolationStatus: jest.fn().mockReturnValue({
       loading: false,
       isIsolated: false,
       agentStatus: 'healthy',

diff --git a/...lution/public/detections/containers/detection_engine/alerts/use_host_isolation_status.tsx b/...lution/public/detections/containers/detection_engine/alerts/use_host_isolation_status.tsx
@@ -7,6 +7,7 @@
 
 import { isEmpty } from 'lodash';
 import { useEffect, useState } from 'react';
+import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants';
 import { getHostMetadata } from './api';
 import { fetchPendingActionsByAgentId } from '../../../../common/lib/endpoint_pending_actions';
 import { isEndpointHostIsolated } from '../../../../common/utils/validators';
@@ -23,10 +24,12 @@ interface HostIsolationStatusResponse {
 
 /*
  * Retrieves the current isolation status of a host and the agent/host status */
-export const useHostIsolationStatus = ({
+export const useEndpointHostIsolationStatus = ({
   agentId,
+  agentType,
 }: {
   agentId: string;
+  agentType: ResponseActionAgentType;
 }): HostIsolationStatusResponse => {
   const [isIsolated, setIsIsolated] = useState<boolean>(false);
   const [capabilities, setCapabilities] = useState<string[]>([]);
@@ -64,6 +67,10 @@ export const useHostIsolationStatus = ({
         }
       }
 
+      if (!(fleetAgentId && fleetAgentId.length)) {
+        return;
+      }
+
       try {
         const { data } = await fetchPendingActionsByAgentId(fleetAgentId);
         if (isMounted) {
@@ -80,14 +87,14 @@ export const useHostIsolationStatus = ({
       }
     };
 
-    if (!isEmpty(agentId)) {
+    if (!isEmpty(agentId) && agentType === 'endpoint') {
       fetchData();
     }
     return () => {
       // updates to show component is unmounted
       isMounted = false;
       abortCtrl.abort();
     };
-  }, [agentId]);
+  }, [agentId, agentType]);
   return { loading, capabilities, isIsolated, agentStatus, pendingIsolation, pendingUnisolation };
 };
diff --git a/...rity_solution/public/timelines/components/side_panel/event_details/flyout/footer.test.tsx b/...rity_solution/public/timelines/components/side_panel/event_details/flyout/footer.test.tsx
@@ -48,7 +48,7 @@ jest.mock(
   '../../../../../detections/containers/detection_engine/alerts/use_host_isolation_status',
   () => {
     return {
-      useHostIsolationStatus: jest.fn().mockReturnValue({
+      useEndpointHostIsolationStatus: jest.fn().mockReturnValue({
         loading: false,
         isIsolated: false,
         agentStatus: 'healthy',

diff --git a/...ins/security_solution/public/timelines/components/side_panel/event_details/index.test.tsx b/...ins/security_solution/public/timelines/components/side_panel/event_details/index.test.tsx
@@ -61,7 +61,7 @@ jest.mock(
   '../../../../detections/containers/detection_engine/alerts/use_host_isolation_status',
   () => {
     return {
-      useHostIsolationStatus: jest.fn().mockReturnValue({
+      useEndpointHostIsolationStatus: jest.fn().mockReturnValue({
         loading: false,
         isIsolated: false,
         agentStatus: 'healthy',