[SIEM] Bugfix for Events Table query timestamp regression (#36952) (#36994)

## Summary

There was a regression that resulted in the `timestamp` field not being returned as part of the Events Table query. This PR fixes that and adds an api integration test that will catch this in the future.

Before Fix:
![image](https://user-images.githubusercontent.com/2946766/58217994-8518b780-7cc2-11e9-8abd-5c54c6d5c67d.png)

After Fix:
![image](https://user-images.githubusercontent.com/2946766/58218059-c3ae7200-7cc2-11e9-9427-b9c16c9be0e0.png)




### Checklist
~- [ ] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~
~- [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~
~- [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~
- [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios

~- [ ] This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~

### For maintainers

~- [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~
~- [ ] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~

x-pack/plugins/siem/server/lib/events/elasticsearch_adapter.ts

@@ -56,10 +56,12 @@ export class ElasticsearchEventsAdapter implements EventsAdapter {
   constructor(private readonly framework: FrameworkAdapter) {}
 
   public async getEvents(request: FrameworkRequest, options: RequestOptions): Promise<EventsData> {
+    const queryOptions = cloneDeep(options);
+    queryOptions.fields = reduceFields(options.fields, eventFieldsMap);
     const response = await this.framework.callWithRequest<EventHit, TermAggregation>(
       request,
       'search',
-      buildQuery(options)
+      buildQuery(queryOptions)
     );
 
     const kpiEventType: KpiItem[] =

x-pack/plugins/siem/server/lib/framework/types.ts

@@ -151,6 +151,6 @@ export interface RequestBasicOptions {
 
 export interface RequestOptions extends RequestBasicOptions {
   pagination: PaginationInput;
-  fields: string[];
+  fields: ReadonlyArray<string>;
   sortField?: SortField;
 }

x-pack/test/api_integration/apis/siem/events.ts

@@ -95,6 +95,34 @@ const eventsTests: KbnTestProvider = ({ getService }) => {
             expect(events.edges[0]!.node.host!.name).to.eql([HOST_NAME]);
           });
       });
+      it('Make sure that timestamp is returned in the Events query', () => {
+        return client
+          .query<GetEventsQuery.Query>({
+            query: eventsQuery,
+            variables: {
+              sourceId: 'default',
+              timerange: {
+                interval: '12h',
+                to: TO,
+                from: FROM,
+              },
+              pagination: {
+                limit: 2,
+                cursor: CURSOR_ID,
+                tiebreaker: '193',
+              },
+              sortField: {
+                sortFieldId: 'timestamp',
+                direction: Direction.desc,
+              },
+              defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
+            },
+          })
+          .then(resp => {
+            const events = resp.data.source.Events;
+            expect(events.edges[0]!.node.timestamp).to.eql('2019-02-19T20:42:29.965Z');
+          });
+      });
     });
     describe('last event time', () => {
       describe('packetbeat', () => {