diff --git a/api_docs/timelines.json b/api_docs/timelines.json index f273ee5fc24ba..4294381952216 100644 --- a/api_docs/timelines.json +++ b/api_docs/timelines.json @@ -10918,7 +10918,7 @@ "label": "alertConsumers", "description": [], "signature": [ - "ALERTS_CONSUMERS", + "AlertConsumers", "[] | undefined" ], "path": "x-pack/plugins/timelines/common/search_strategy/timeline/index.ts", diff --git a/packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts b/packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts index 2d0b0ec4a726c..d3d20edffa286 100644 --- a/packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts +++ b/packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts @@ -15,7 +15,7 @@ * setting, with which the user can change the index prefix. */ -export const ALERTS_CONSUMERS = { +export const AlertConsumers = { APM: 'apm', LOGS: 'logs', INFRASTRUCTURE: 'infrastructure', @@ -23,9 +23,9 @@ export const ALERTS_CONSUMERS = { SIEM: 'siem', SYNTHETICS: 'synthetics', } as const; -export type ALERTS_CONSUMERS = typeof ALERTS_CONSUMERS[keyof typeof ALERTS_CONSUMERS]; +export type AlertConsumers = typeof AlertConsumers[keyof typeof AlertConsumers]; -export const mapConsumerToIndexName: Record = { +export const mapConsumerToIndexName: Record = { apm: '.alerts-observability-apm', logs: '.alerts-observability.logs', infrastructure: '.alerts-observability.metrics', diff --git a/x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx b/x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx index aecc4ea03670c..4bc9c40e6e917 100644 --- a/x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx +++ b/x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx @@ -5,6 +5,7 @@ * 2.0. */ +import { AlertConsumers } from '@kbn/rule-data-utils/target/alerts_as_data_rbac'; import { EuiButtonIcon, EuiDataGridColumn } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import styled from 'styled-components'; @@ -115,6 +116,13 @@ const NO_ROW_RENDER: RowRenderer[] = []; const trailingControlColumns: never[] = []; +const OBSERVABILITY_ALERT_CONSUMERS = [ + AlertConsumers.APM, + AlertConsumers.LOGS, + AlertConsumers.INFRASTRUCTURE, + AlertConsumers.SYNTHETICS, +]; + export function AlertsTableTGrid(props: AlertsTableTGridProps) { const { core, observabilityRuleTypeRegistry } = usePluginContext(); const { prepend } = core.http.basePath; @@ -190,6 +198,7 @@ export function AlertsTableTGrid(props: AlertsTableTGridProps) { )} {timelines.getTGrid<'standalone'>({ + alertConsumers: OBSERVABILITY_ALERT_CONSUMERS, type: 'standalone', columns, deletedEventIds: [], diff --git a/x-pack/plugins/timelines/common/search_strategy/timeline/events/index.ts b/x-pack/plugins/timelines/common/search_strategy/timeline/events/index.ts index 82e439b386d60..6b204224d3d5d 100644 --- a/x-pack/plugins/timelines/common/search_strategy/timeline/events/index.ts +++ b/x-pack/plugins/timelines/common/search_strategy/timeline/events/index.ts @@ -17,7 +17,8 @@ export enum TimelineEventsQueries { lastEventTime = 'eventsLastEventTime', } -export enum EntityType { - ALERTS = 'alerts', - EVENTS = 'events', -} +export const EntityType = { + ALERTS: 'alerts', + EVENTS: 'events', +} as const; +export type EntityType = typeof EntityType[keyof typeof EntityType]; diff --git a/x-pack/plugins/timelines/common/search_strategy/timeline/index.ts b/x-pack/plugins/timelines/common/search_strategy/timeline/index.ts index cb5e27ec84d47..99ee021cb6800 100644 --- a/x-pack/plugins/timelines/common/search_strategy/timeline/index.ts +++ b/x-pack/plugins/timelines/common/search_strategy/timeline/index.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import type { ALERTS_CONSUMERS } from '@kbn/rule-data-utils/target/alerts_as_data_rbac'; +import type { AlertConsumers } from '@kbn/rule-data-utils/target/alerts_as_data_rbac'; import { IEsSearchRequest } from '../../../../../../src/plugins/data/common'; import { ESQuery } from '../../typed_json'; @@ -44,7 +44,7 @@ export interface TimelineRequestBasicOptions extends IEsSearchRequest { docValueFields?: DocValueFields[]; factoryQueryType?: TimelineFactoryQueryTypes; entityType?: EntityType; - alertConsumers?: ALERTS_CONSUMERS[]; + alertConsumers?: AlertConsumers[]; } export interface TimelineRequestSortField extends SortField { diff --git a/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx b/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx index 2da414ba881f6..ef140924d4347 100644 --- a/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx +++ b/x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx @@ -4,6 +4,8 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ + +import { AlertConsumers } from '@kbn/rule-data-utils/target/alerts_as_data_rbac'; import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui'; import { isEmpty } from 'lodash/fp'; import React, { useEffect, useMemo, useState } from 'react'; @@ -100,6 +102,8 @@ const HeaderFilterGroupWrapper = styled.header<{ show: boolean }>` ${({ show }) => (show ? '' : 'visibility: hidden;')} `; +const SECURITY_ALERTS_CONSUMERS = [AlertConsumers.SIEM]; + export interface TGridIntegratedProps { browserFields: BrowserFields; columns: ColumnHeaderOptions[]; @@ -237,6 +241,7 @@ const TGridIntegratedComponent: React.FC = ({ loading, { events, updatedAt, loadPage, pageInfo, refetch, totalCount = 0, inspect }, ] = useTimelineEvents({ + alertConsumers: SECURITY_ALERTS_CONSUMERS, docValueFields, fields, filterQuery: combinedQueries!.filterQuery, diff --git a/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx b/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx index 80b250e468170..df8a5897bfcd1 100644 --- a/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx +++ b/x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx @@ -4,6 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ +import type { AlertConsumers } from '@kbn/rule-data-utils/target/alerts_as_data_rbac'; import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui'; import { isEmpty } from 'lodash/fp'; import React, { useEffect, useMemo, useState } from 'react'; @@ -97,6 +98,7 @@ const HeaderFilterGroupWrapper = styled.header<{ show: boolean }>` `; export interface TGridStandaloneProps { + alertConsumers: AlertConsumers[]; columns: ColumnHeaderOptions[]; defaultCellActions?: TGridCellAction[]; deletedEventIds: Readonly; @@ -127,6 +129,7 @@ export interface TGridStandaloneProps { const basicUnit = (n: number) => i18n.UNIT(n); const TGridStandaloneComponent: React.FC = ({ + alertConsumers, columns, defaultCellActions, deletedEventIds, @@ -221,6 +224,7 @@ const TGridStandaloneComponent: React.FC = ({ loading, { events, updatedAt, loadPage, pageInfo, refetch, totalCount = 0, inspect }, ] = useTimelineEvents({ + alertConsumers, docValueFields: [], excludeEcsData: true, fields, diff --git a/x-pack/plugins/timelines/public/container/index.tsx b/x-pack/plugins/timelines/public/container/index.tsx index c00d3ea7f934e..5fb0ed56afaae 100644 --- a/x-pack/plugins/timelines/public/container/index.tsx +++ b/x-pack/plugins/timelines/public/container/index.tsx @@ -5,6 +5,7 @@ * 2.0. */ +import type { AlertConsumers } from '@kbn/rule-data-utils/target/alerts_as_data_rbac'; import deepEqual from 'fast-deep-equal'; import { isEmpty, isString, noop } from 'lodash/fp'; import { useCallback, useEffect, useRef, useState } from 'react'; @@ -80,6 +81,7 @@ export interface UseTimelineEventsProps { startDate: string; timerangeKind?: 'absolute' | 'relative'; data?: DataPublicPluginStart; + alertConsumers?: AlertConsumers[]; } const createFilter = (filterQuery: ESQuery | string | undefined) => @@ -106,7 +108,9 @@ export const initSortDefault = [ }, ]; +const NO_CONSUMERS: AlertConsumers[] = []; export const useTimelineEvents = ({ + alertConsumers = NO_CONSUMERS, docValueFields, endDate, excludeEcsData = false, @@ -185,11 +189,16 @@ export const useTimelineEvents = ({ setLoading(true); if (data && data.search) { searchSubscription$.current = data.search - .search, TimelineResponse>(request, { - strategy: - request.language === 'eql' ? 'timelineEqlSearchStrategy' : 'timelineSearchStrategy', - abortSignal: abortCtrl.current.signal, - }) + .search, TimelineResponse>( + { ...request, entityType: 'alerts' }, + { + strategy: + request.language === 'eql' + ? 'timelineEqlSearchStrategy' + : 'timelineSearchStrategy', + abortSignal: abortCtrl.current.signal, + } + ) .subscribe({ next: (response) => { if (isCompleteResponse(response)) { @@ -262,6 +271,7 @@ export const useTimelineEvents = ({ : 0; const currentRequest = { + alertConsumers, defaultIndex: indexNames, docValueFields: docValueFields ?? [], excludeEcsData, @@ -291,6 +301,7 @@ export const useTimelineEvents = ({ return prevRequest; }); }, [ + alertConsumers, dispatch, indexNames, activePage, diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/index.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/index.ts index 431a71faf847e..dfba32f8a238c 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/index.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/index.ts @@ -11,7 +11,7 @@ import { from } from 'rxjs'; import { isValidFeatureId, mapConsumerToIndexName, - ALERTS_CONSUMERS, + AlertConsumers, } from '@kbn/rule-data-utils/target/alerts_as_data_rbac'; import { @@ -125,7 +125,7 @@ const timelineAlertsSearchStrategy = ({ deps: SearchStrategyDependencies; alerting: AlertingPluginStartContract; queryFactory: TimelineFactory; - alertConsumers: ALERTS_CONSUMERS[]; + alertConsumers: AlertConsumers[]; }) => { // Based on what solution alerts you want to see, figures out what corresponding // index to query (ex: siem --> .alerts-security.alerts) diff --git a/x-pack/test/plugin_functional/plugins/timelines_test/public/applications/timelines_test/index.tsx b/x-pack/test/plugin_functional/plugins/timelines_test/public/applications/timelines_test/index.tsx index 3e5d0cab55a5f..317010aca24bd 100644 --- a/x-pack/test/plugin_functional/plugins/timelines_test/public/applications/timelines_test/index.tsx +++ b/x-pack/test/plugin_functional/plugins/timelines_test/public/applications/timelines_test/index.tsx @@ -5,6 +5,7 @@ * 2.0. */ +import { AlertConsumers } from '@kbn/rule-data-utils/target/alerts_as_data_rbac'; import { Router } from 'react-router-dom'; import React, { useCallback, useRef } from 'react'; import ReactDOM from 'react-dom'; @@ -37,6 +38,7 @@ export function renderApp( ReactDOM.unmountComponentAtNode(parameters.element); }; } +const ALERT_CONSUMER = [AlertConsumers.SIEM]; const AppRoot = React.memo( ({ @@ -61,6 +63,7 @@ const AppRoot = React.memo( {(timelinesPluginSetup && timelinesPluginSetup.getTGrid && timelinesPluginSetup.getTGrid<'standalone'>({ + alertConsumers: ALERT_CONSUMER, type: 'standalone', columns: [], indexNames: [],