Add correlation rule details into the finding details flyout #563 #565

Signed-off-by: Jovan Cvetkovic <jovanca.cvetkovic@gmail.com>

public/pages/Correlations/containers/CorrelationsContainer.tsx

@@ -391,17 +391,20 @@ export class Correlations extends React.Component<CorrelationsProps, Correlation
               <EuiSpacer />
               {findingCardsData.correlatedFindings.map((finding, index) => {
                 return (
-                  <FindingCard
-                    key={index}
-                    id={finding.id}
-                    logType={finding.logType}
-                    timestamp={finding.timestamp}
-                    detectionRule={finding.detectionRule}
-                    correlationData={{
-                      score: finding.correlationScore || 0,
-                      onInspect: this.onFindingInspect,
-                    }}
-                  />
+                  <>
+                    <FindingCard
+                      key={index}
+                      id={finding.id}
+                      logType={finding.logType}
+                      timestamp={finding.timestamp}
+                      detectionRule={finding.detectionRule}
+                      correlationData={{
+                        score: finding.correlationScore || 0,
+                        onInspect: this.onFindingInspect,
+                      }}
+                    />
+                    <EuiSpacer size="m" />
+                  </>
                 );
               })}
             </EuiFlyoutBody>

public/pages/Findings/components/CorrelationsTable/CorrelationsTable.tsx

@@ -95,8 +95,7 @@ export const CorrelationsTable: React.FC<CorrelationsTableProps> = ({
     {
       name: 'Correlated rule',
       truncateText: true,
-      render: (item: CorrelationFinding) =>
-        item?.correlationRule?._source?.name || DEFAULT_EMPTY_DATA,
+      render: (item: CorrelationFinding) => item?.correlationRule.name || DEFAULT_EMPTY_DATA,
     },
     {
       field: 'logType',

public/pages/Findings/components/FindingDetailsFlyout.tsx

@@ -106,7 +106,7 @@ export default class FindingDetailsFlyout extends Component<
                   correlatedFindings.push({
                     ...finding,
                     correlationRule: correlationRules.find(
-                      (rule) => finding.rules?.indexOf(rule._id) !== -1
+                      (rule) => finding.rules?.indexOf(rule.id) !== -1
                     ),
                   });
                 }
@@ -390,11 +390,7 @@ export default class FindingDetailsFlyout extends Component<
     }
   }
 
-  private getTabContent(
-    tabId: FindingFlyoutTabId,
-    isDocumentLoading = false,
-    areCorrelationsLoading = false
-  ) {
+  private getTabContent(tabId: FindingFlyoutTabId, isDocumentLoading = false) {
     switch (tabId) {
       case FindingFlyoutTabId.CORRELATIONS:
         return (
@@ -441,7 +437,7 @@ export default class FindingDetailsFlyout extends Component<
         timestamp,
       },
     } = this.props;
-    const { isDocumentLoading, areCorrelationsLoading } = this.state;
+    const { isDocumentLoading } = this.state;
     return (
       <EuiFlyout
         onClose={closeFlyout}
@@ -524,11 +520,7 @@ export default class FindingDetailsFlyout extends Component<
                     this.setState({
                       selectedTab: {
                         id: tab.id,
-                        content: this.getTabContent(
-                          tab.id,
-                          isDocumentLoading,
-                          areCorrelationsLoading
-                        ),
+                        content: this.getTabContent(tab.id, isDocumentLoading),
                       },
                     });
                   }}

public/store/CorrelationsStore.ts

@@ -93,10 +93,11 @@ export class CorrelationsStore implements ICorrelationsStore {
     if (this.cache[cacheKey]) {
       return this.cache[cacheKey];
     }
+
     const response = await this.service.getCorrelationRules(index);
 
     if (response?.ok) {
-      return response.response.hits.hits.map((hit) => {
+      return (this.cache[cacheKey] = response.response.hits.hits.map((hit) => {
         const queries: CorrelationRuleQuery[] = hit._source.correlate.map((queryData) => {
           return {
             index: queryData.index,
@@ -105,12 +106,12 @@ export class CorrelationsStore implements ICorrelationsStore {
           };
         });
 
-        return (this.cache[cacheKey] = {
+        return {
           id: hit._id,
           name: hit._source.name,
           queries,
-        });
-      });
+        };
+      }));
     }
 
     return [];

public/store/DataStore.ts

@@ -7,15 +7,14 @@ import { RulesStore } from './RulesStore';
 import { BrowserServices } from '../models/interfaces';
 import { NotificationsStart } from 'opensearch-dashboards/public';
 import { DetectorsStore } from './DetectorsStore';
-import { ICorrelationsStore } from '../../types';
 import { CorrelationsStore } from './CorrelationsStore';
-import { FindingsStore, IFindingsStore } from './FindingsStore';
+import { FindingsStore } from './FindingsStore';
 
 export class DataStore {
   public static rules: RulesStore;
   public static detectors: DetectorsStore;
-  public static correlations: ICorrelationsStore;
-  public static findings: IFindingsStore;
+  public static correlations: CorrelationsStore;
+  public static findings: FindingsStore;
 
   public static init = (services: BrowserServices, notifications: NotificationsStart) => {
     const rulesStore = new RulesStore(services.ruleService, notifications);

types/Correlations.ts

@@ -46,15 +46,15 @@ export interface CorrelationFieldCondition {
   condition: 'AND' | 'OR';
 }
 
-export interface CorrelationRule extends CorrelationRuleModel {
-  id: string;
-}
-
 export interface CorrelationRuleModel {
   name: string;
   queries: CorrelationRuleQuery[];
 }
 
+export interface CorrelationRule extends CorrelationRuleModel {
+  id: string;
+}
+
 export interface CorrelationRuleSourceQueries {
   index: string;
   query: string;