From 80eef6d01d7555caae8017498bdd37e8621300b2 Mon Sep 17 00:00:00 2001 From: christineweng <18648970+christineweng@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:27:47 -0600 Subject: [PATCH] [Security Solution] Enable actions in document details preview footer (#203691) ## Summary Updated document details preview footer to also show actions ### Before image ### After - Users can perform alert/event actions in a preview ![image](https://github.com/user-attachments/assets/d42be26d-9d4a-4701-bc88-92549ebfb65c) - In analyzer, when examining an event, event actions are also available ![image](https://github.com/user-attachments/assets/d30515d9-b428-4112-86f8-9bb872eaf921) - No change to flyout in rule creation workflow, action is not available in preview nor non-preview ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --- .../document_details/preview/footer.test.tsx | 70 +++++- .../document_details/preview/footer.tsx | 57 +++-- .../document_details/right/footer.test.tsx | 16 +- .../flyout/document_details/right/footer.tsx | 222 +----------------- .../flyout/document_details/right/test_ids.ts | 2 - .../components/take_action_button.test.tsx | 74 ++++++ .../shared/components/take_action_button.tsx | 220 +++++++++++++++++ .../components/take_action_dropdown.test.tsx | 10 +- .../components/take_action_dropdown.tsx | 4 +- .../shared/components/test_ids.ts | 2 + 10 files changed, 421 insertions(+), 256 deletions(-) create mode 100644 x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_button.test.tsx create mode 100644 x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_button.tsx rename x-pack/plugins/security_solution/public/flyout/document_details/{right => shared}/components/take_action_dropdown.test.tsx (97%) rename x-pack/plugins/security_solution/public/flyout/document_details/{right => shared}/components/take_action_dropdown.tsx (99%) diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.test.tsx index 2eee16007f91c..951d9916892f6 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.test.tsx @@ -14,24 +14,58 @@ import { mockContextValue } from '../shared/mocks/mock_context'; import { DocumentDetailsContext } from '../shared/context'; import { PreviewPanelFooter } from './footer'; import { PREVIEW_FOOTER_TEST_ID, PREVIEW_FOOTER_LINK_TEST_ID } from './test_ids'; +import { FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID } from '../shared/components/test_ids'; import { createTelemetryServiceMock } from '../../../common/lib/telemetry/telemetry_service.mock'; +import { useKibana } from '../../../common/lib/kibana'; +import { useAlertExceptionActions } from '../../../detections/components/alerts_table/timeline_actions/use_add_exception_actions'; +import { useInvestigateInTimeline } from '../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline'; +import { useAddToCaseActions } from '../../../detections/components/alerts_table/timeline_actions/use_add_to_case_actions'; jest.mock('@kbn/expandable-flyout'); - -const mockedTelemetry = createTelemetryServiceMock(); -jest.mock('../../../common/lib/kibana', () => { +jest.mock('react-router-dom', () => { + const original = jest.requireActual('react-router-dom'); return { - useKibana: () => ({ - services: { - telemetry: mockedTelemetry, - }, - }), + ...original, + useLocation: jest.fn().mockReturnValue({ search: '' }), }; }); +jest.mock('../../../common/lib/kibana'); +jest.mock('../../../detections/components/alerts_table/timeline_actions/use_add_exception_actions'); +jest.mock( + '../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline' +); +jest.mock('../../../detections/components/alerts_table/timeline_actions/use_add_to_case_actions'); + +const mockedTelemetry = createTelemetryServiceMock(); + describe('', () => { - beforeAll(() => { + beforeEach(() => { jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi); + (useKibana as jest.Mock).mockReturnValue({ + services: { + osquery: { isOsqueryAvailable: jest.fn() }, + telemetry: mockedTelemetry, + cases: { hooks: { useIsAddToCaseOpen: jest.fn().mockReturnValue(false) } }, + }, + }); + (useAlertExceptionActions as jest.Mock).mockReturnValue({ exceptionActionItems: [] }); + (useInvestigateInTimeline as jest.Mock).mockReturnValue({ + investigateInTimelineActionItems: [], + }); + (useAddToCaseActions as jest.Mock).mockReturnValue({ addToCaseActionItems: [] }); + }); + + it('should not render the take action dropdown if preview mode', () => { + const { queryByTestId } = render( + + + + + + ); + + expect(queryByTestId(PREVIEW_FOOTER_TEST_ID)).not.toBeInTheDocument(); }); it('should render footer for alert', () => { @@ -43,7 +77,7 @@ describe('', () => { ); expect(getByTestId(PREVIEW_FOOTER_TEST_ID)).toBeInTheDocument(); - expect(getByTestId(PREVIEW_FOOTER_TEST_ID)).toHaveTextContent('Show full alert details'); + expect(getByTestId(PREVIEW_FOOTER_LINK_TEST_ID)).toHaveTextContent('Show full alert details'); }); it('should render footer for event', () => { @@ -56,7 +90,21 @@ describe('', () => { ); - expect(getByTestId(PREVIEW_FOOTER_TEST_ID)).toHaveTextContent('Show full event details'); + expect(getByTestId(PREVIEW_FOOTER_LINK_TEST_ID)).toHaveTextContent('Show full event details'); + }); + + it('should render the take action button', () => { + (useInvestigateInTimeline as jest.Mock).mockReturnValue({ + investigateInTimelineActionItems: [{ name: 'test', onClick: jest.fn() }], + }); + const { getByTestId } = render( + + + + + + ); + expect(getByTestId(FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID)).toBeInTheDocument(); }); it('should open document details flyout when clicked', () => { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.tsx index b2df6c096e279..1f05e368920f9 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.tsx @@ -5,13 +5,14 @@ * 2.0. */ -import { EuiLink, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; +import type { FC } from 'react'; import React, { useCallback, useMemo } from 'react'; +import { EuiLink, EuiFlyoutFooter, EuiPanel, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; +import { TakeActionButton } from '../shared/components/take_action_button'; import { getField } from '../shared/utils'; import { EventKind } from '../shared/constants/event_kinds'; -import { FlyoutFooter } from '../../shared/components/flyout_footer'; import { DocumentDetailsRightPanelKey } from '../shared/constants/panel_keys'; import { useDocumentDetailsContext } from '../shared/context'; import { PREVIEW_FOOTER_TEST_ID, PREVIEW_FOOTER_LINK_TEST_ID } from './test_ids'; @@ -21,8 +22,8 @@ import { DocumentEventTypes } from '../../../common/lib/telemetry'; /** * Footer at the bottom of preview panel with a link to open document details flyout */ -export const PreviewPanelFooter = () => { - const { eventId, indexName, scopeId, getFieldsData } = useDocumentDetailsContext(); +export const PreviewPanelFooter: FC = () => { + const { eventId, indexName, scopeId, getFieldsData, isPreview } = useDocumentDetailsContext(); const { openFlyout } = useExpandableFlyoutApi(); const { telemetry } = useKibana().services; @@ -48,24 +49,36 @@ export const PreviewPanelFooter = () => { }); }, [openFlyout, eventId, indexName, scopeId, telemetry]); + const fullDetailsLink = useMemo( + () => ( + + <> + {i18n.translate('xpack.securitySolution.flyout.preview.openFlyoutLabel', { + values: { isAlert }, + defaultMessage: 'Show full {isAlert, select, true{alert} other{event}} details', + })} + + + ), + [isAlert, openDocumentFlyout] + ); + + if (isPreview) return null; + return ( - - - - - <> - {i18n.translate('xpack.securitySolution.flyout.preview.openFlyoutLabel', { - values: { isAlert }, - defaultMessage: 'Show full {isAlert, select, true{alert} other{event}} details', - })} - - - - - + + + + {fullDetailsLink} + + + + + + ); }; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.test.tsx index 9ece9b0e52495..026abf135e3ee 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.test.tsx @@ -11,12 +11,20 @@ import { TestProviders } from '../../../common/mock'; import { mockContextValue } from '../shared/mocks/mock_context'; import { DocumentDetailsContext } from '../shared/context'; import { FLYOUT_FOOTER_TEST_ID } from './test_ids'; +import { FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID } from '../shared/components/test_ids'; import { useKibana } from '../../../common/lib/kibana'; import { useAlertExceptionActions } from '../../../detections/components/alerts_table/timeline_actions/use_add_exception_actions'; import { useInvestigateInTimeline } from '../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline'; import { useAddToCaseActions } from '../../../detections/components/alerts_table/timeline_actions/use_add_to_case_actions'; jest.mock('../../../common/lib/kibana'); +jest.mock('react-router-dom', () => { + const original = jest.requireActual('react-router-dom'); + return { + ...original, + useLocation: jest.fn().mockReturnValue({ search: '' }), + }; +}); jest.mock('../../../detections/components/alerts_table/timeline_actions/use_add_exception_actions'); jest.mock( '../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline' @@ -39,14 +47,13 @@ describe('PanelFooter', () => { it('should render the take action dropdown', () => { (useKibana as jest.Mock).mockReturnValue({ services: { - osquery: { - isOsqueryAvailable: jest.fn(), - }, + osquery: { isOsqueryAvailable: jest.fn() }, + cases: { hooks: { useIsAddToCaseOpen: jest.fn().mockReturnValue(false) } }, }, }); (useAlertExceptionActions as jest.Mock).mockReturnValue({ exceptionActionItems: [] }); (useInvestigateInTimeline as jest.Mock).mockReturnValue({ - investigateInTimelineActionItems: [], + investigateInTimelineActionItems: [{ name: 'test', onClick: jest.fn() }], }); (useAddToCaseActions as jest.Mock).mockReturnValue({ addToCaseActionItems: [] }); @@ -58,5 +65,6 @@ describe('PanelFooter', () => { ); expect(wrapper.getByTestId(FLYOUT_FOOTER_TEST_ID)).toBeInTheDocument(); + expect(wrapper.getByTestId(FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID)).toBeInTheDocument(); }); }); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx index e5a5fb12915a6..ce955a0b87ddc 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx @@ -6,47 +6,10 @@ */ import type { FC } from 'react'; -import React, { useCallback, useMemo, useState } from 'react'; -import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; -import { EuiFlexGroup, EuiFlexItem, useEuiTheme, EuiFlyoutFooter, EuiPanel } from '@elastic/eui'; -import { find } from 'lodash/fp'; +import React from 'react'; +import { EuiFlexGroup, EuiFlexItem, EuiFlyoutFooter, EuiPanel } from '@elastic/eui'; import { FLYOUT_FOOTER_TEST_ID } from './test_ids'; -import type { Status } from '../../../../common/api/detection_engine'; -import { getAlertDetailsFieldValue } from '../../../common/lib/endpoint/utils/get_event_details_field_values'; -import { TakeActionDropdown } from './components/take_action_dropdown'; -import { AddExceptionFlyoutWrapper } from '../../../detections/components/alerts_table/timeline_actions/alert_context_menu'; -import { EventFiltersFlyout } from '../../../management/pages/event_filters/view/components/event_filters_flyout'; -import { OsqueryFlyout } from '../../../detections/components/osquery/osquery_flyout'; -import { useDocumentDetailsContext } from '../shared/context'; -import { useHostIsolation } from '../shared/hooks/use_host_isolation'; -import { DocumentDetailsIsolateHostPanelKey } from '../shared/constants/panel_keys'; -import { useRefetchByScope } from './hooks/use_refetch_by_scope'; -import { useExceptionFlyout } from '../../../detections/components/alerts_table/timeline_actions/use_add_exception_flyout'; -import { isActiveTimeline } from '../../../helpers'; -import { useEventFilterModal } from '../../../detections/components/alerts_table/timeline_actions/use_event_filter_modal'; - -interface AlertSummaryData { - /** - * Status of the alert (open, closed...) - */ - alertStatus: Status; - /** - * Id of the document - */ - eventId: string; - /** - * Id of the rule - */ - ruleId: string; - /** - * Property ruleId on the rule - */ - ruleRuleId: string; - /** - * Name of the rule - */ - ruleName: string; -} +import { TakeActionButton } from '../shared/components/take_action_button'; interface PanelFooterProps { /** @@ -59,179 +22,18 @@ interface PanelFooterProps { * Bottom section of the flyout that contains the take action button */ export const PanelFooter: FC = ({ isPreview }) => { - const { euiTheme } = useEuiTheme(); - // we need this flyout to be above the timeline flyout (which has a z-index of 1002) - const flyoutZIndex = useMemo( - () => ({ style: `z-index: ${(euiTheme.levels.flyout as number) + 3}` }), - [euiTheme] - ); - - const { closeFlyout, openRightPanel } = useExpandableFlyoutApi(); - const { - eventId, - indexName, - dataFormattedForFieldBrowser, - dataAsNestedObject, - refetchFlyoutData, - scopeId, - } = useDocumentDetailsContext(); - - // host isolation interaction - const { isHostIsolationPanelOpen, showHostIsolationPanel } = useHostIsolation(); - const showHostIsolationPanelCallback = useCallback( - (action: 'isolateHost' | 'unisolateHost' | undefined) => { - showHostIsolationPanel(action); - openRightPanel({ - id: DocumentDetailsIsolateHostPanelKey, - params: { - id: eventId, - indexName, - scopeId, - isolateAction: action, - }, - }); - }, - [eventId, indexName, openRightPanel, scopeId, showHostIsolationPanel] - ); - - const { refetch: refetchAll } = useRefetchByScope({ scopeId }); - - // exception interaction - const ruleIndexRaw = useMemo( - () => - find({ category: 'signal', field: 'signal.rule.index' }, dataFormattedForFieldBrowser) - ?.values ?? - find( - { category: 'kibana', field: 'kibana.alert.rule.parameters.index' }, - dataFormattedForFieldBrowser - )?.values, - [dataFormattedForFieldBrowser] - ); - const ruleIndex = useMemo( - (): string[] | undefined => (Array.isArray(ruleIndexRaw) ? ruleIndexRaw : undefined), - [ruleIndexRaw] - ); - const ruleDataViewIdRaw = useMemo( - () => - find({ category: 'signal', field: 'signal.rule.data_view_id' }, dataFormattedForFieldBrowser) - ?.values ?? - find( - { category: 'kibana', field: 'kibana.alert.rule.parameters.data_view_id' }, - dataFormattedForFieldBrowser - )?.values, - [dataFormattedForFieldBrowser] - ); - const ruleDataViewId = useMemo( - (): string | undefined => (Array.isArray(ruleDataViewIdRaw) ? ruleDataViewIdRaw[0] : undefined), - [ruleDataViewIdRaw] - ); - const alertSummaryData = useMemo( - () => - [ - { category: 'signal', field: 'signal.rule.id', name: 'ruleId' }, - { category: 'signal', field: 'signal.rule.rule_id', name: 'ruleRuleId' }, - { category: 'signal', field: 'signal.rule.name', name: 'ruleName' }, - { category: 'signal', field: 'kibana.alert.workflow_status', name: 'alertStatus' }, - { category: '_id', field: '_id', name: 'eventId' }, - ].reduce( - (acc, curr) => ({ - ...acc, - [curr.name]: getAlertDetailsFieldValue( - { category: curr.category, field: curr.field }, - dataFormattedForFieldBrowser - ), - }), - {} as AlertSummaryData - ), - [dataFormattedForFieldBrowser] - ); - const { - exceptionFlyoutType, - openAddExceptionFlyout, - onAddExceptionTypeClick, - onAddExceptionCancel, - onAddExceptionConfirm, - } = useExceptionFlyout({ - refetch: refetchAll, - isActiveTimelines: isActiveTimeline(scopeId), - }); - - // event filter interaction - const { closeAddEventFilterModal, isAddEventFilterModalOpen, onAddEventFilterClick } = - useEventFilterModal(); - - // osquery interaction - const [isOsqueryFlyoutOpenWithAgentId, setOsqueryFlyoutOpenWithAgentId] = useState( - null - ); - const closeOsqueryFlyout = useCallback(() => { - setOsqueryFlyoutOpenWithAgentId(null); - }, [setOsqueryFlyoutOpenWithAgentId]); - const alertId = useMemo( - () => (dataAsNestedObject?.kibana?.alert ? dataAsNestedObject?._id : null), - [dataAsNestedObject?._id, dataAsNestedObject?.kibana?.alert] - ); - if (isPreview) return null; return ( - <> - - - - - {dataAsNestedObject && ( - - )} - - - - - - {openAddExceptionFlyout && - alertSummaryData.ruleId != null && - alertSummaryData.ruleRuleId != null && - alertSummaryData.eventId != null && ( - - )} - - {isAddEventFilterModalOpen && dataAsNestedObject != null && ( - - )} - - {isOsqueryFlyoutOpenWithAgentId && dataAsNestedObject != null && ( - - )} - + + + + + + + + + ); }; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/test_ids.ts b/x-pack/plugins/security_solution/public/flyout/document_details/right/test_ids.ts index 89a71e5fd17ba..ebfb197b319a3 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/test_ids.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/test_ids.ts @@ -9,8 +9,6 @@ import { PREFIX } from '../../shared/test_ids'; export const FLYOUT_BODY_TEST_ID = `${PREFIX}Body` as const; export const FLYOUT_FOOTER_TEST_ID = `${PREFIX}Footer` as const; -export const FLYOUT_FOOTER_DEOPDOEN_BUTTON_TEST_ID = - `${FLYOUT_FOOTER_TEST_ID}DropdownButton` as const; export const OVERVIEW_TAB_TEST_ID = `${PREFIX}OverviewTab` as const; export const TABLE_TAB_TEST_ID = `${PREFIX}TableTab` as const; export const JSON_TAB_TEST_ID = `${PREFIX}JsonTab` as const; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_button.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_button.test.tsx new file mode 100644 index 0000000000000..4326a60c4a0cf --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_button.test.tsx @@ -0,0 +1,74 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import React from 'react'; +import { render } from '@testing-library/react'; +import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; +import { TakeActionButton } from './take_action_button'; +import { TestProviders } from '../../../../common/mock'; +import { mockContextValue } from '../mocks/mock_context'; +import { DocumentDetailsContext } from '../context'; +import { FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID } from './test_ids'; +import { useKibana } from '../../../../common/lib/kibana'; +import { useAlertExceptionActions } from '../../../../detections/components/alerts_table/timeline_actions/use_add_exception_actions'; +import { useInvestigateInTimeline } from '../../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline'; +import { useAddToCaseActions } from '../../../../detections/components/alerts_table/timeline_actions/use_add_to_case_actions'; + +jest.mock('../../../../common/lib/kibana'); +jest.mock('react-router-dom', () => { + const original = jest.requireActual('react-router-dom'); + return { + ...original, + useLocation: jest.fn().mockReturnValue({ search: '' }), + }; +}); +jest.mock( + '../../../../detections/components/alerts_table/timeline_actions/use_add_exception_actions' +); +jest.mock( + '../../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline' +); +jest.mock( + '../../../../detections/components/alerts_table/timeline_actions/use_add_to_case_actions' +); + +describe('TakeActionButton', () => { + it('should render the take action button', () => { + (useKibana as jest.Mock).mockReturnValue({ + services: { + osquery: { isOsqueryAvailable: jest.fn() }, + cases: { hooks: { useIsAddToCaseOpen: jest.fn().mockReturnValue(false) } }, + }, + }); + (useAlertExceptionActions as jest.Mock).mockReturnValue({ exceptionActionItems: [] }); + (useInvestigateInTimeline as jest.Mock).mockReturnValue({ + investigateInTimelineActionItems: [{ name: 'test', onClick: jest.fn() }], + }); + (useAddToCaseActions as jest.Mock).mockReturnValue({ addToCaseActionItems: [] }); + + const { getByTestId } = render( + + + + + + ); + expect(getByTestId(FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID)).toBeInTheDocument(); + }); + + it('should not render the take action button if dataAsNestedObject is null', () => { + const { queryByTestId } = render( + + + + + + ); + expect(queryByTestId(FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID)).not.toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_button.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_button.tsx new file mode 100644 index 0000000000000..10595f732fcda --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_button.tsx @@ -0,0 +1,220 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { FC } from 'react'; +import React, { useCallback, useMemo, useState } from 'react'; +import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; +import { useEuiTheme } from '@elastic/eui'; +import { find } from 'lodash/fp'; +import type { Status } from '../../../../../common/api/detection_engine'; +import { getAlertDetailsFieldValue } from '../../../../common/lib/endpoint/utils/get_event_details_field_values'; +import { TakeActionDropdown } from './take_action_dropdown'; +import { AddExceptionFlyoutWrapper } from '../../../../detections/components/alerts_table/timeline_actions/alert_context_menu'; +import { EventFiltersFlyout } from '../../../../management/pages/event_filters/view/components/event_filters_flyout'; +import { OsqueryFlyout } from '../../../../detections/components/osquery/osquery_flyout'; +import { useDocumentDetailsContext } from '../context'; +import { useHostIsolation } from '../hooks/use_host_isolation'; +import { DocumentDetailsIsolateHostPanelKey } from '../constants/panel_keys'; +import { useRefetchByScope } from '../../right/hooks/use_refetch_by_scope'; +import { useExceptionFlyout } from '../../../../detections/components/alerts_table/timeline_actions/use_add_exception_flyout'; +import { isActiveTimeline } from '../../../../helpers'; +import { useEventFilterModal } from '../../../../detections/components/alerts_table/timeline_actions/use_event_filter_modal'; + +interface AlertSummaryData { + /** + * Status of the alert (open, closed...) + */ + alertStatus: Status; + /** + * Id of the document + */ + eventId: string; + /** + * Id of the rule + */ + ruleId: string; + /** + * Property ruleId on the rule + */ + ruleRuleId: string; + /** + * Name of the rule + */ + ruleName: string; +} + +/** + * Take action button in the panel footer + */ +export const TakeActionButton: FC = () => { + const { euiTheme } = useEuiTheme(); + // we need this flyout to be above the timeline flyout (which has a z-index of 1002) + const flyoutZIndex = useMemo( + () => ({ style: `z-index: ${(euiTheme.levels.flyout as number) + 3}` }), + [euiTheme] + ); + + const { closeFlyout, openRightPanel } = useExpandableFlyoutApi(); + const { + eventId, + indexName, + dataFormattedForFieldBrowser, + dataAsNestedObject, + refetchFlyoutData, + scopeId, + } = useDocumentDetailsContext(); + + // host isolation interaction + const { isHostIsolationPanelOpen, showHostIsolationPanel } = useHostIsolation(); + const showHostIsolationPanelCallback = useCallback( + (action: 'isolateHost' | 'unisolateHost' | undefined) => { + showHostIsolationPanel(action); + openRightPanel({ + id: DocumentDetailsIsolateHostPanelKey, + params: { + id: eventId, + indexName, + scopeId, + isolateAction: action, + }, + }); + }, + [eventId, indexName, openRightPanel, scopeId, showHostIsolationPanel] + ); + + const { refetch: refetchAll } = useRefetchByScope({ scopeId }); + + // exception interaction + const ruleIndexRaw = useMemo( + () => + find({ category: 'signal', field: 'signal.rule.index' }, dataFormattedForFieldBrowser) + ?.values ?? + find( + { category: 'kibana', field: 'kibana.alert.rule.parameters.index' }, + dataFormattedForFieldBrowser + )?.values, + [dataFormattedForFieldBrowser] + ); + const ruleIndex = useMemo( + (): string[] | undefined => (Array.isArray(ruleIndexRaw) ? ruleIndexRaw : undefined), + [ruleIndexRaw] + ); + const ruleDataViewIdRaw = useMemo( + () => + find({ category: 'signal', field: 'signal.rule.data_view_id' }, dataFormattedForFieldBrowser) + ?.values ?? + find( + { category: 'kibana', field: 'kibana.alert.rule.parameters.data_view_id' }, + dataFormattedForFieldBrowser + )?.values, + [dataFormattedForFieldBrowser] + ); + const ruleDataViewId = useMemo( + (): string | undefined => (Array.isArray(ruleDataViewIdRaw) ? ruleDataViewIdRaw[0] : undefined), + [ruleDataViewIdRaw] + ); + const alertSummaryData = useMemo( + () => + [ + { category: 'signal', field: 'signal.rule.id', name: 'ruleId' }, + { category: 'signal', field: 'signal.rule.rule_id', name: 'ruleRuleId' }, + { category: 'signal', field: 'signal.rule.name', name: 'ruleName' }, + { category: 'signal', field: 'kibana.alert.workflow_status', name: 'alertStatus' }, + { category: '_id', field: '_id', name: 'eventId' }, + ].reduce( + (acc, curr) => ({ + ...acc, + [curr.name]: getAlertDetailsFieldValue( + { category: curr.category, field: curr.field }, + dataFormattedForFieldBrowser + ), + }), + {} as AlertSummaryData + ), + [dataFormattedForFieldBrowser] + ); + const { + exceptionFlyoutType, + openAddExceptionFlyout, + onAddExceptionTypeClick, + onAddExceptionCancel, + onAddExceptionConfirm, + } = useExceptionFlyout({ + refetch: refetchAll, + isActiveTimelines: isActiveTimeline(scopeId), + }); + + // event filter interaction + const { closeAddEventFilterModal, isAddEventFilterModalOpen, onAddEventFilterClick } = + useEventFilterModal(); + + // osquery interaction + const [isOsqueryFlyoutOpenWithAgentId, setOsqueryFlyoutOpenWithAgentId] = useState( + null + ); + const closeOsqueryFlyout = useCallback(() => { + setOsqueryFlyoutOpenWithAgentId(null); + }, [setOsqueryFlyoutOpenWithAgentId]); + const alertId = useMemo( + () => (dataAsNestedObject?.kibana?.alert ? dataAsNestedObject?._id : null), + [dataAsNestedObject?._id, dataAsNestedObject?.kibana?.alert] + ); + + return ( + <> + {dataAsNestedObject && ( + + )} + + {openAddExceptionFlyout && + alertSummaryData.ruleId != null && + alertSummaryData.ruleRuleId != null && + alertSummaryData.eventId != null && ( + + )} + + {isAddEventFilterModalOpen && dataAsNestedObject != null && ( + + )} + + {isOsqueryFlyoutOpenWithAgentId && dataAsNestedObject != null && ( + + )} + + ); +}; + +TakeActionButton.displayName = 'TakeActionButton'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/take_action_dropdown.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.test.tsx similarity index 97% rename from x-pack/plugins/security_solution/public/flyout/document_details/right/components/take_action_dropdown.test.tsx rename to x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.test.tsx index 6189f1b353ec8..ffed3e064d7f5 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/take_action_dropdown.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.test.tsx @@ -27,7 +27,7 @@ import { ALERT_ASSIGNEES_CONTEXT_MENU_ITEM_TITLE, ALERT_TAGS_CONTEXT_MENU_ITEM_TITLE, } from '../../../../common/components/toolbar/bulk_actions/translations'; -import { FLYOUT_FOOTER_DEOPDOEN_BUTTON_TEST_ID } from '../test_ids'; +import { FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID } from './test_ids'; jest.mock('../../../../common/components/endpoint/host_isolation'); jest.mock('../../../../common/components/endpoint/responder'); @@ -128,7 +128,7 @@ describe('take action dropdown', () => { ); expect( - wrapper.find(`[data-test-subj="${FLYOUT_FOOTER_DEOPDOEN_BUTTON_TEST_ID}"]`).exists() + wrapper.find(`[data-test-subj="${FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID}"]`).exists() ).toBeTruthy(); }); @@ -139,7 +139,7 @@ describe('take action dropdown', () => { ); expect( - wrapper.find(`[data-test-subj="${FLYOUT_FOOTER_DEOPDOEN_BUTTON_TEST_ID}"]`).first().text() + wrapper.find(`[data-test-subj="${FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID}"]`).first().text() ).toEqual('Take action'); }); @@ -153,7 +153,7 @@ describe('take action dropdown', () => { ); wrapper - .find(`button[data-test-subj="${FLYOUT_FOOTER_DEOPDOEN_BUTTON_TEST_ID}"]`) + .find(`button[data-test-subj="${FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID}"]`) .simulate('click'); }); test('should render "Add to existing case"', async () => { @@ -325,7 +325,7 @@ describe('take action dropdown', () => { ); wrapper - .find(`button[data-test-subj="${FLYOUT_FOOTER_DEOPDOEN_BUTTON_TEST_ID}"]`) + .find(`button[data-test-subj="${FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID}"]`) .simulate('click'); return wrapper; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/take_action_dropdown.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.tsx similarity index 99% rename from x-pack/plugins/security_solution/public/flyout/document_details/right/components/take_action_dropdown.tsx rename to x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.tsx index dbc21e82220de..da94ec6e02e99 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/take_action_dropdown.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.tsx @@ -12,7 +12,7 @@ import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; import { TableId } from '@kbn/securitysolution-data-table'; import type { TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common'; import { i18n } from '@kbn/i18n'; -import { FLYOUT_FOOTER_DEOPDOEN_BUTTON_TEST_ID } from '../test_ids'; +import { FLYOUT_FOOTER_DROPDOWN_BUTTON_TEST_ID } from './test_ids'; import { getAlertDetailsFieldValue } from '../../../../common/lib/endpoint/utils/get_event_details_field_values'; import { GuidedOnboardingTourStep } from '../../../../common/components/guided_onboarding_tour/tour_step'; import { @@ -362,7 +362,7 @@ export const TakeActionDropdown = memo( tourId={SecurityStepId.alertsCases} >