[Security Solution][Entity details] - move osquery, response and investigation guide related hooks and components to flyout folder (#190110)

2025-04-24 09:48:58 -04:00 · 2024-08-19 17:01:07 +02:00 · 2024-08-19 17:01:07 +02:00 · 04503bffe9
commit 04503bffe9
parent 35c0671414
12 changed files with 114 additions and 82 deletions
--- a/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/translations.ts
@ -7,28 +7,10 @@

 import { i18n } from '@kbn/i18n';

-export const INVESTIGATION_GUIDE = i18n.translate(
-  'xpack.securitySolution.alertDetails.overview.investigationGuide',
-  {
-    defaultMessage: 'Investigation guide',
-  }
-);
-
 export const TABLE = i18n.translate('xpack.securitySolution.eventDetails.table', {
  defaultMessage: 'Table',
 });

-export const OSQUERY_VIEW = i18n.translate('xpack.securitySolution.eventDetails.osqueryView', {
-  defaultMessage: 'Osquery Results',
-});
-
-export const RESPONSE_ACTIONS_VIEW = i18n.translate(
-  'xpack.securitySolution.eventDetails.responseActionsView',
-  {
-    defaultMessage: 'Response Results',
-  }
-);
-
 export const DESCRIPTION = i18n.translate('xpack.securitySolution.eventDetails.description', {
  defaultMessage: 'Description',
 });
@ -48,20 +30,6 @@ export const RULE_TYPE = i18n.translate('xpack.securitySolution.detections.alert
  defaultMessage: 'Rule type',
 });

-export const MULTI_FIELD_TOOLTIP = i18n.translate(
-  'xpack.securitySolution.eventDetails.multiFieldTooltipContent',
-  {
-    defaultMessage: 'Multi-fields can have multiple values per field',
-  }
-);
-
-export const MULTI_FIELD_BADGE = i18n.translate(
-  'xpack.securitySolution.eventDetails.multiFieldBadge',
-  {
-    defaultMessage: 'multi-field',
-  }
-);
-
 export const ACTIONS = i18n.translate('xpack.securitySolution.eventDetails.table.actions', {
  defaultMessage: 'Actions',
 });
--- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/insight/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/insight/index.tsx
@ -42,7 +42,7 @@ import { useAppToasts } from '../../../../hooks/use_app_toasts';
 import { useKibana } from '../../../../lib/kibana';
 import { useInsightQuery } from './use_insight_query';
 import { useInsightDataProviders, type Provider } from './use_insight_data_providers';
-import { BasicAlertDataContext } from '../../../event_details/investigation_guide_view';
+import { BasicAlertDataContext } from '../../../../../flyout/document_details/left/components/investigation_guide_view';
 import { InvestigateInTimelineButton } from '../../../event_details/table/investigate_in_timeline_button';
 import {
  getTimeRangeSettings,
--- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/osquery/renderer.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/osquery/renderer.tsx
@ -13,7 +13,7 @@ import styled from 'styled-components';
 import { EuiButton, EuiToolTip } from '@elastic/eui';
 import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs';
 import { useUpsellingMessage } from '../../../../hooks/use_upselling';
-import { BasicAlertDataContext } from '../../../event_details/investigation_guide_view';
+import { BasicAlertDataContext } from '../../../../../flyout/document_details/left/components/investigation_guide_view';
 import { expandDottedObject } from '../../../../../../common/utils/expand_dotted';
 import OsqueryLogo from './osquery_icon/osquery.svg';
 import { OsqueryFlyout } from '../../../../../detections/components/osquery/osquery_flyout';
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.tsx
@ -10,7 +10,7 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide';
 import { useDocumentDetailsContext } from '../../shared/context';
 import { INVESTIGATION_GUIDE_TEST_ID, INVESTIGATION_GUIDE_LOADING_TEST_ID } from './test_ids';
-import { InvestigationGuideView } from '../../../../common/components/event_details/investigation_guide_view';
+import { InvestigationGuideView } from './investigation_guide_view';
 import { FlyoutLoading } from '../../../shared/components/flyout_loading';

 /**
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide_view.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide_view.test.tsx
@ -8,7 +8,7 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import { InvestigationGuideView } from './investigation_guide_view';
-import type { UseBasicDataFromDetailsDataResult } from '../../../flyout/document_details/shared/hooks/use_basic_data_from_details_data';
+import type { UseBasicDataFromDetailsDataResult } from '../../shared/hooks/use_basic_data_from_details_data';

 const defaultProps = {
  basicData: {
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide_view.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide_view.tsx
@ -8,10 +8,17 @@
 import { EuiSpacer, EuiTitle, EuiText } from '@elastic/eui';
 import React, { createContext } from 'react';
 import styled from 'styled-components';
-import type { UseBasicDataFromDetailsDataResult } from '../../../flyout/document_details/shared/hooks/use_basic_data_from_details_data';
-import * as i18n from './translations';
-import { MarkdownRenderer } from '../markdown_editor';
-import { LineClamp } from '../line_clamp';
+import { i18n } from '@kbn/i18n';
+import type { UseBasicDataFromDetailsDataResult } from '../../shared/hooks/use_basic_data_from_details_data';
+import { LineClamp } from '../../../../common/components/line_clamp';
+import { MarkdownRenderer } from '../../../../common/components/markdown_editor';
+
+const INVESTIGATION_GUIDE = i18n.translate(
+  'xpack.securitySolution.flyout.left.investigationGuide',
+  {
+    defaultMessage: 'Investigation guide',
+  }
+);

 export const Indent = styled.div`
  padding: 0 8px;
@ -43,7 +50,6 @@ interface InvestigationGuideViewProps {
 /**
 * Investigation guide that shows the markdown text of rule.note
 */
-// TODO: MOVE TO FLYOUT FOLDER - https://github.com/elastic/security-team/issues/7462
 const InvestigationGuideViewComponent: React.FC<InvestigationGuideViewProps> = ({
  basicData,
  ruleNote,
@ -56,7 +62,7 @@ const InvestigationGuideViewComponent: React.FC<InvestigationGuideViewProps> = (
        <>
          <EuiSpacer size="l" />
          <EuiTitle size="xxxs" data-test-subj="summary-view-guide">
-            <h5>{i18n.INVESTIGATION_GUIDE}</h5>
+            <h5>{INVESTIGATION_GUIDE}</h5>
          </EuiTitle>
          <EuiSpacer size="s" />
        </>
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.tsx
@ -11,7 +11,7 @@ import styled from 'styled-components';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { RESPONSE_DETAILS_TEST_ID } from './test_ids';
 import { useDocumentDetailsContext } from '../../shared/context';
-import { useResponseActionsView } from '../../../../common/components/event_details/response_actions_view';
+import { useResponseActionsView } from '../hooks/use_response_actions_view';

 const ExtendedFlyoutWrapper = styled.div`
 figure {
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_response_actions_view.test.ts
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_response_actions_view.test.ts
@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { renderHook } from '@testing-library/react-hooks';
+import { useResponseActionsView } from './use_response_actions_view';
+import { mockSearchHit } from '../../shared/mocks/mock_search_hit';
+import { mockDataAsNestedObject } from '../../shared/mocks/mock_data_as_nested_object';
+import { useGetAutomatedActionList } from '../../../../management/hooks/response_actions/use_get_automated_action_list';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
+
+const ecsData = mockDataAsNestedObject;
+const rawEventData = mockSearchHit;
+
+jest.mock('../../../../common/hooks/use_experimental_features');
+jest.mock('../../../../management/hooks/response_actions/use_get_automated_action_list');
+
+describe('useResponseActionsView', () => {
+  it('should return the normal component', () => {
+    (useIsExperimentalFeatureEnabled as jest.Mock).mockReturnValue(true);
+    (useGetAutomatedActionList as jest.Mock).mockReturnValue({
+      data: [],
+      isFetched: true,
+    });
+
+    const { result } = renderHook(() =>
+      useResponseActionsView({
+        ecsData,
+        rawEventData,
+      })
+    );
+
+    expect(result.current.id).toEqual('response-actions-results-view');
+    expect(result.current.name).toEqual('Response Results');
+    expect(result.current.append).toBeDefined();
+    expect(result.current.content).toBeDefined();
+  });
+
+  it('returns early return if rawEventData is undefined', () => {
+    (useIsExperimentalFeatureEnabled as jest.Mock).mockReturnValue(true);
+    (useGetAutomatedActionList as jest.Mock).mockReturnValue({
+      data: [],
+      isFetched: true,
+    });
+
+    const { result } = renderHook(() =>
+      useResponseActionsView({
+        ecsData,
+        rawEventData: undefined,
+      })
+    );
+
+    expect(result.current.id).toEqual('response-actions-results-view');
+    expect(result.current.name).toEqual('Response Results');
+    expect(result.current.append).not.toBeDefined();
+    expect(result.current.content).toBeDefined();
+  });
+});
--- a/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_response_actions_view.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_response_actions_view.tsx
@ -5,23 +5,29 @@
 * 2.0.
 */

-import React, { useMemo, useState, useEffect } from 'react';
-import styled from 'styled-components';
+import React, { useState, useEffect } from 'react';
+import styled from '@emotion/styled';
 import type { EuiTabbedContentTab } from '@elastic/eui';
 import { EuiLink, EuiNotificationBadge, EuiSpacer } from '@elastic/eui';
 import type { Ecs } from '@kbn/cases-plugin/common';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { RESPONSE_NO_DATA_TEST_ID } from '../../../flyout/document_details/left/components/test_ids';
-import type { SearchHit } from '../../../../common/search_strategy';
+import { i18n } from '@kbn/i18n';
+import { RESPONSE_NO_DATA_TEST_ID } from '../components/test_ids';
+import type { SearchHit } from '../../../../../common/search_strategy';
 import type {
  ExpandedEventFieldsObject,
  RawEventData,
-} from '../../../../common/types/response_actions';
-import { ResponseActionsResults } from '../response_actions/response_actions_results';
-import { expandDottedObject } from '../../../../common/utils/expand_dotted';
-import { useGetAutomatedActionList } from '../../../management/hooks/response_actions/use_get_automated_action_list';
-import { EventsViewType } from './event_details';
-import * as i18n from './translations';
+} from '../../../../../common/types/response_actions';
+import { ResponseActionsResults } from '../../../../common/components/response_actions/response_actions_results';
+import { expandDottedObject } from '../../../../../common/utils/expand_dotted';
+import { useGetAutomatedActionList } from '../../../../management/hooks/response_actions/use_get_automated_action_list';
+
+const RESPONSE_ACTIONS_VIEW = i18n.translate(
+  'xpack.securitySolution.flyout.response.responseActionsView',
+  {
+    defaultMessage: 'Response Results',
+  }
+);

 const TabContentWrapper = styled.div`
  height: 100%;
@ -56,23 +62,29 @@ const EmptyResponseActions = () => {
  );
 };

-// TODO: MOVE TO FLYOUT FOLDER - https://github.com/elastic/security-team/issues/7462
+const viewData = {
+  id: 'response-actions-results-view',
+  name: RESPONSE_ACTIONS_VIEW,
+};
+
+export interface UseResponseActionsViewParams {
+  /**
+   * An object with top level fields from the ECS object
+   */
+  ecsData?: Ecs | null;
+  /**
+   * The actual raw document object
+   */
+  rawEventData: SearchHit | undefined;
+}
+
+/**
+ *
+ */
 export const useResponseActionsView = <T extends object = JSX.Element>({
  rawEventData,
  ecsData,
-}: {
-  ecsData?: Ecs | null;
-  rawEventData: SearchHit | undefined;
-}): EuiTabbedContentTab | undefined => {
-  // can not be moved outside of the component, because then EventsViewType throws runtime error regarding not being initialized yet
-  const viewData = useMemo(
-    () => ({
-      id: EventsViewType.responseActionsView,
-      'data-test-subj': 'responseActionsViewTab',
-      name: i18n.RESPONSE_ACTIONS_VIEW,
-    }),
-    []
-  );
+}: UseResponseActionsViewParams): EuiTabbedContentTab => {
  const expandedEventFieldsObject = rawEventData
    ? (expandDottedObject((rawEventData as RawEventData).fields) as ExpandedEventFieldsObject)
    : undefined;
--- a/x-pack/plugins/translations/translations/fr-FR.json
+++ b/x-pack/plugins/translations/translations/fr-FR.json
@ -35559,7 +35559,6 @@
    "xpack.securitySolution.alertCountByRuleByStatus.tooltipTitle": "Nom de règle",
    "xpack.securitySolution.alertDetails.overview.hostRiskDataTitle": "Données de risque de {riskEntity}",
    "xpack.securitySolution.alertDetails.overview.insights.suppressedAlertsCountTechnicalPreview": "Version d'évaluation technique",
-    "xpack.securitySolution.alertDetails.overview.investigationGuide": "Guide d'investigation",
    "xpack.securitySolution.alertDetails.summary.readLess": "Lire moins",
    "xpack.securitySolution.alertDetails.summary.readMore": "En savoir plus",
    "xpack.securitySolution.alerts.badge.readOnly.tooltip": "Impossible de mettre à jour les alertes",
@ -38924,14 +38923,10 @@
    "xpack.securitySolution.event.summary.threat_indicator.showMatches": "Afficher les {count} alertes de correspondance d'indicateur",
    "xpack.securitySolution.eventDetails.alertReason": "Raison d'alerte",
    "xpack.securitySolution.eventDetails.description": "Description",
-    "xpack.securitySolution.eventDetails.multiFieldBadge": "champ multiple",
-    "xpack.securitySolution.eventDetails.multiFieldTooltipContent": "Les champs multiples peuvent avoir plusieurs valeurs.",
-    "xpack.securitySolution.eventDetails.osqueryView": "Résultats Osquery",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.executed": "a exécuté la commande {command}",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.failed": "n'a pas pu exécuter la commande {command}",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.pending": "exécute la commande {command}",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.tried": "a tenté d'exécuter la commande {command}",
-    "xpack.securitySolution.eventDetails.responseActionsView": "Résultats de la réponse",
    "xpack.securitySolution.eventDetails.summaryView": "résumé",
    "xpack.securitySolution.eventDetails.table": "Tableau",
    "xpack.securitySolution.eventDetails.table.actions": "Actions",
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@ -35543,7 +35543,6 @@
    "xpack.securitySolution.alertCountByRuleByStatus.tooltipTitle": "ルール名",
    "xpack.securitySolution.alertDetails.overview.hostRiskDataTitle": "{riskEntity}リスクデータ",
    "xpack.securitySolution.alertDetails.overview.insights.suppressedAlertsCountTechnicalPreview": "テクニカルプレビュー",
-    "xpack.securitySolution.alertDetails.overview.investigationGuide": "調査ガイド",
    "xpack.securitySolution.alertDetails.summary.readLess": "表示を減らす",
    "xpack.securitySolution.alertDetails.summary.readMore": "続きを読む",
    "xpack.securitySolution.alerts.badge.readOnly.tooltip": "アラートを更新できません",
@ -38905,14 +38904,10 @@
    "xpack.securitySolution.event.summary.threat_indicator.showMatches": "すべての{count}件のインジケーター一致アラートを表示",
    "xpack.securitySolution.eventDetails.alertReason": "アラートの理由",
    "xpack.securitySolution.eventDetails.description": "説明",
-    "xpack.securitySolution.eventDetails.multiFieldBadge": "複数フィールド",
-    "xpack.securitySolution.eventDetails.multiFieldTooltipContent": "複数フィールドにはフィールドごとに複数の値を入力できます",
-    "xpack.securitySolution.eventDetails.osqueryView": "Osquery結果",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.executed": "{command}コマンドを実行しました",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.failed": "{command}コマンドを実行できませんでした",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.pending": "{command}コマンドを実行しています",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.tried": "{command}コマンドを実行しようとしました",
-    "xpack.securitySolution.eventDetails.responseActionsView": "対応の結果",
    "xpack.securitySolution.eventDetails.summaryView": "まとめ",
    "xpack.securitySolution.eventDetails.table": "表",
    "xpack.securitySolution.eventDetails.table.actions": "アクション",
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@ -35584,7 +35584,6 @@
    "xpack.securitySolution.alertCountByRuleByStatus.tooltipTitle": "规则名称",
    "xpack.securitySolution.alertDetails.overview.hostRiskDataTitle": "{riskEntity}风险数据",
    "xpack.securitySolution.alertDetails.overview.insights.suppressedAlertsCountTechnicalPreview": "技术预览",
-    "xpack.securitySolution.alertDetails.overview.investigationGuide": "调查指南",
    "xpack.securitySolution.alertDetails.summary.readLess": "阅读更少内容",
    "xpack.securitySolution.alertDetails.summary.readMore": "阅读更多内容",
    "xpack.securitySolution.alerts.badge.readOnly.tooltip": "无法更新告警",
@ -38949,14 +38948,10 @@
    "xpack.securitySolution.event.summary.threat_indicator.showMatches": "显示所有 {count} 个指标匹配告警",
    "xpack.securitySolution.eventDetails.alertReason": "告警原因",
    "xpack.securitySolution.eventDetails.description": "描述",
-    "xpack.securitySolution.eventDetails.multiFieldBadge": "多字段",
-    "xpack.securitySolution.eventDetails.multiFieldTooltipContent": "多字段的每个字段可以有多个值",
-    "xpack.securitySolution.eventDetails.osqueryView": "Osquery 结果",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.executed": "已执行 {command} 命令",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.failed": "无法执行 {command} 命令",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.pending": "正在执行 {command} 命令",
    "xpack.securitySolution.eventDetails.responseActions.endpoint.tried": "已尝试执行 {command} 命令",
-    "xpack.securitySolution.eventDetails.responseActionsView": "响应结果",
    "xpack.securitySolution.eventDetails.summaryView": "摘要",
    "xpack.securitySolution.eventDetails.table": "表",
    "xpack.securitySolution.eventDetails.table.actions": "操作",