[Security Solution][Timeline] - fix host and user details flyout not using the correct time for requests when open from Timeline #182968
Conversation
PhilippeOberti
added
Team:Threat Hunting:Investigations
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
PhilippeOberti
added
release_note:skip
|
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
| const isActiveTimelines = isActiveTimeline(scopeId); | ||
| const { to, from } = isActiveTimelines ? timelineTime : globalTime; | ||
| const { isInitializing, setQuery, deleteQuery } = globalTime; | ||
|
|
There was a problem hiding this comment.
This is probably not taking the correct sourcerer patterns either. Should we do:
const { selectedPatterns } = useSourcererDataView(getSourcererScopeId(scopeId));
There was a problem hiding this comment.
I missed that. Logging the values, I see a small difference on the alerts page as well as from timeline, so I just want to highlight it:
values when the flyout is opened from the alerts page
values when the flyout is opened from timeline
Is that really what we want?
There was a problem hiding this comment.
Yes, these patterns depend on what the user has set in the data view, they look correct to me.
There was a problem hiding this comment.
yes of course, sorry! Added in this commit
…using the correct time for requests when open from Timeline
PhilippeOberti
force-pushed
the
fix-host-user-timeline-request-time
branch
from
c7ff516
to
c55a87e
Compare
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
…using the correct time for requests when open from Timeline (elastic#182968) (cherry picked from commit 3230010)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…ut not using the correct time for requests when open from Timeline (#182968) (#183081) # Backport This will backport the following commits from `main` to `8.14`: - [[Security Solution][Timeline] - fix host and user details flyout not using the correct time for requests when open from Timeline (#182968)](#182968) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Philippe Oberti","email":"philippe.oberti@elastic.co"},"sourceCommit":{"committedDate":"2024-05-09T17:12:55Z","message":"[Security Solution][Timeline] - fix host and user details flyout not using the correct time for requests when open from Timeline (#182968)","sha":"32300106c3f776107243ad32d0bc0b93d1a2ab09","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat Hunting:Investigations","Team:Entity Analytics","v8.14.0","v8.15.0"],"title":"[Security Solution][Timeline] - fix host and user details flyout not using the correct time for requests when open from Timeline","number":182968,"url":"#182968 Solution][Timeline] - fix host and user details flyout not using the correct time for requests when open from Timeline (#182968)","sha":"32300106c3f776107243ad32d0bc0b93d1a2ab09"}},"sourceBranch":"main","suggestedTargetBranches":["8.14"],"targetPullRequestStates":[{"branch":"8.14","label":"v8.14.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"#182968 Solution][Timeline] - fix host and user details flyout not using the correct time for requests when open from Timeline (#182968)","sha":"32300106c3f776107243ad32d0bc0b93d1a2ab09"}}]}] BACKPORT--> Co-authored-by: Philippe Oberti <philippe.oberti@elastic.co>
Summary
This PR fixes a bug in the user and host detail flyouts (the new ones using the expandable flyout framework). When those flyouts are open from Timeline, the request made to query their data is using the
fromandtovalues from the global query, meaning the date interval selected in the alerts page.They should be instead using the date interval from Timeline.
Before fix
Screen.Recording.2024-05-08.at.10.03.01.AM.mov
After fix
Screen.Recording.2024-05-08.at.10.00.51.AM.mov
#182967
Notes
I did not add any unit tests for this, as the cutoff for the last BC is happening very soon, and also because no tests existed for these 2 hooks. Let me know if that is ok with you for now @machadoum