[Security Solution] Normalize the selected event with expandDottedObject to improve panel display (#138582)

* Normalize the selected event with expandDottedObject to improve panel display * Remove debugging tsconfig change
2025-04-23 09:19:04 -04:00 · 2022-08-15 11:07:20 -04:00 · 2022-08-15 11:07:20 -04:00 · 1f57ee2c9c
commit 1f57ee2c9c
parent 1c36664801
4 changed files with 15 additions and 12 deletions
--- a/x-pack/plugins/security_solution/public/resolver/data_access_layer/factory.ts
+++ b/x-pack/plugins/security_solution/public/resolver/data_access_layer/factory.ts
@ -89,7 +89,7 @@ export function dataAccessLayerFactory(
          indexPatterns,
        },
      };
-      if (category === 'alerts') {
+      if (category === 'alert') {
        return context.services.http.post('/api/endpoint/resolver/events', {
          query: commonFields.query,
          body: JSON.stringify({
@ -193,7 +193,7 @@ export function dataAccessLayerFactory(
                filter: [{ term: { 'event.id': eventID } }],
              },
            };
-      if (eventCategory.includes('alerts') === false) {
+      if (eventCategory.includes('alert') === false) {
        const response: ResolverPaginatedEvents = await context.services.http.post(
          '/api/endpoint/resolver/events',
          {
--- a/x-pack/plugins/security_solution/public/resolver/view/panels/event_detail.tsx
+++ b/x-pack/plugins/security_solution/public/resolver/view/panels/event_detail.tsx
@ -39,6 +39,7 @@ import type { SafeResolverEvent } from '../../../../common/endpoint/types';
 import { deepObjectEntries } from './deep_object_entries';
 import { useFormattedDate } from './use_formatted_date';
 import * as nodeDataModel from '../../models/node_data';
+import { expandDottedObject } from '../../../../common/utils/expand_dotted';

 const eventDetailRequestError = i18n.translate(
  'xpack.securitySolution.resolver.panel.eventDetail.requestError',
@ -158,9 +159,10 @@ function EventDetailFields({ event }: { event: SafeResolverEvent }) {
      namespace: React.ReactNode;
      descriptions: Array<{ title: React.ReactNode; description: React.ReactNode }>;
    }> = [];
-    for (const [key, value] of Object.entries(event)) {
+    const expandedEventObject: object = expandDottedObject(event);
+    for (const [key, value] of Object.entries(expandedEventObject)) {
      // ignore these keys
-      if (key === 'agent' || key === 'ecs' || key === '@timestamp') {
+      if (key === 'agent' || key === 'ecs' || key === '@timestamp' || !value) {
        continue;
      }

--- a/x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.tsx
+++ b/x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.tsx
@ -104,9 +104,10 @@ const NodeEventsListItem = memo(function ({
  nodeID: string;
  eventCategory: string;
 }) {
-  const timestamp = eventModel.eventTimestamp(event);
-  const eventID = eventModel.eventID(expandDottedObject(event));
-  const winlogRecordID = eventModel.winlogRecordID(event);
+  const expandedEvent = expandDottedObject(event);
+  const timestamp = eventModel.eventTimestamp(expandedEvent);
+  const eventID = eventModel.eventID(expandedEvent);
+  const winlogRecordID = eventModel.winlogRecordID(expandedEvent);
  const date =
    useFormattedDate(timestamp) ||
    i18n.translate('xpack.securitySolution.enpdoint.resolver.panelutils.noTimestampRetrieved', {
@ -129,8 +130,8 @@ const NodeEventsListItem = memo(function ({
          <FormattedMessage
            id="xpack.securitySolution.endpoint.resolver.panel.relatedEventDetail.categoryAndType"
            values={{
-              category: eventModel.eventCategory(event).join(', '),
-              eventType: eventModel.eventType(event).join(', '),
+              category: eventModel.eventCategory(expandedEvent).join(', '),
+              eventType: eventModel.eventType(expandedEvent).join(', '),
            }}
            defaultMessage="{category} {eventType}"
          />
@ -148,7 +149,7 @@ const NodeEventsListItem = memo(function ({
        data-test-subj="resolver:panel:node-events-in-category:event-link"
        {...linkProps}
      >
-        <DescriptiveName event={event} />
+        <DescriptiveName event={expandedEvent} />
      </EuiButtonEmpty>
    </>
  );
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/stats.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree/queries/stats.ts
@ -211,7 +211,7 @@ export class StatsQuery {
              [id]: {
                total: alertCount + otherEvents.total,
                byCategory: {
-                  alerts: alertCount,
+                  alert: alertCount,
                  ...otherEvents.byCategory,
                },
              },
@ -222,7 +222,7 @@ export class StatsQuery {
              [id]: {
                total: alertCount,
                byCategory: {
-                  alerts: alertCount,
+                  alert: alertCount,
                },
              },
            };