[Security Solution] Add aliases, fix types, remove extra fields (#122880)

* Add aliases, fix types, remove extra fields * Update aliases version and update tests * Update aliases version test * Remove dangling references to fields * Update test Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-24 17:59:23 -04:00 · 2022-01-18 14:31:14 -08:00 · 2022-01-18 14:31:14 -08:00 · 886ad6fdaf
commit 886ad6fdaf
parent 4d98af824f
16 changed files with 52 additions and 498 deletions
--- a/x-pack/plugins/timelines/public/components/t_grid/body/helpers.tsx
+++ b/x-pack/plugins/timelines/public/components/t_grid/body/helpers.tsx
@ -165,32 +165,21 @@ export const allowSorting = ({
    'kibana.alert.original_event.timezone',
    'kibana.alert.original_event.type',
    'kibana.alert.original_time',
-    'kibana.alert.parent.depth',
-    'kibana.alert.parent.id',
-    'kibana.alert.parent.index',
-    'kibana.alert.parent.rule',
-    'kibana.alert.parent.type',
    'kibana.alert.reason',
    'kibana.alert.rule.created_by',
    'kibana.alert.rule.description',
    'kibana.alert.rule.enabled',
    'kibana.alert.rule.false_positives',
-    'kibana.alert.rule.filters',
    'kibana.alert.rule.from',
    'kibana.alert.rule.uuid',
    'kibana.alert.rule.immutable',
-    'kibana.alert.rule.index',
    'kibana.alert.rule.interval',
-    'kibana.alert.rule.language',
    'kibana.alert.rule.max_signals',
    'kibana.alert.rule.name',
    'kibana.alert.rule.note',
-    'kibana.alert.rule.output_index',
-    'kibana.alert.rule.query',
    'kibana.alert.rule.references',
    'kibana.alert.risk_score',
    'kibana.alert.rule.rule_id',
-    'kibana.alert.rule.saved_id',
    'kibana.alert.severity',
    'kibana.alert.rule.size',
    'kibana.alert.rule.tags',
--- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/constants.ts
+++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/constants.ts
@ -49,14 +49,10 @@ export const TIMELINE_EVENTS_FIELDS = [
  'kibana.alert.group.id',
  'kibana.alert.original_time',
  'kibana.alert.reason',
-  'kibana.alert.rule.filters',
  'kibana.alert.rule.from',
-  'kibana.alert.rule.language',
-  'kibana.alert.rule.query',
  'kibana.alert.rule.name',
  'kibana.alert.rule.to',
  'kibana.alert.rule.uuid',
-  'kibana.alert.rule.index',
  'kibana.alert.rule.type',
  'kibana.alert.original_event.kind',
  'kibana.alert.original_event.module',
@ -175,12 +171,9 @@ export const TIMELINE_EVENTS_FIELDS = [
  'endgame.target_domain_name',
  'endgame.target_logon_id',
  'endgame.target_user_name',
-  'kibana.alert.rule.saved_id',
  'kibana.alert.rule.timeline_id',
  'kibana.alert.rule.timeline_title',
-  'kibana.alert.rule.output_index',
  'kibana.alert.rule.note',
-  'kibana.alert.rule.threshold',
  'kibana.alert.rule.exceptions_list',
  'kibana.alert.rule.building_block_type',
  'suricata.eve.proto',
--- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.test.ts
+++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.test.ts
@ -139,13 +139,6 @@ describe('formatTimelineData', () => {
              count: 10000,
              value: '2a990c11-f61b-4c8e-b210-da2574e9f9db',
            },
-            parent: {
-              depth: 0,
-              index:
-                'apm-*-transaction*,traces-apm*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,winlogbeat-*',
-              id: '0268af90-d8da-576a-9747-2a191519416a',
-              type: 'event',
-            },
            depth: 1,
            _meta: {
              version: 14,
@ -158,13 +151,7 @@ describe('formatTimelineData', () => {
              references: [],
              description: 'asdasd',
              created_at: '2021-01-09T11:25:45.046Z',
-              language: 'kuery',
-              threshold: {
-                field: '',
-                value: 200,
-              },
              building_block_type: null,
-              output_index: '.siem-signals-patrykkopycinski-default',
              type: 'threshold',
              rule_name_override: null,
              enabled: true,
@ -176,54 +163,8 @@ describe('formatTimelineData', () => {
              timeline_id: null,
              max_signals: 100,
              author: [],
-              query: '_id :*',
-              index: [
-                'apm-*-transaction*',
-                'traces-apm*',
-                'auditbeat-*',
-                'endgame-*',
-                'filebeat-*',
-                'logs-*',
-                'packetbeat-*',
-                'winlogbeat-*',
-              ],
-              filters: [
-                {
-                  $state: {
-                    store: 'appState',
-                  },
-                  meta: {
-                    negate: false,
-                    alias: null,
-                    disabled: false,
-                    type: 'exists',
-                    value: 'exists',
-                    key: '_index',
-                  },
-                  exists: {
-                    field: '_index',
-                  },
-                },
-                {
-                  $state: {
-                    store: 'appState',
-                  },
-                  meta: {
-                    negate: false,
-                    alias: 'id_exists',
-                    disabled: false,
-                    type: 'exists',
-                    value: 'exists',
-                    key: '_id',
-                  },
-                  exists: {
-                    field: '_id',
-                  },
-                },
-              ],
              created_by: 'patryk_test_user',
              version: 1,
-              saved_id: null,
              tags: [],
              rule_id: '2a990c11-f61b-4c8e-b210-da2574e9f9db',
              license: '',
@ -251,25 +192,13 @@ describe('formatTimelineData', () => {
                type: 'event',
              },
            ],
-            parents: [
-              {
-                depth: 0,
-                index:
-                  'apm-*-transaction*,traces-apm*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,winlogbeat-*',
-                id: '0268af90-d8da-576a-9747-2a191519416a',
-                type: 'event',
-              },
-            ],
            workflow_status: 'open',
          },
        },
      },
      fields: {
-        'kibana.alert.rule.output_index': ['.siem-signals-patrykkopycinski-default'],
        'kibana.alert.rule.from': ['now-360s'],
-        'kibana.alert.rule.language': ['kuery'],
        '@timestamp': ['2021-01-09T13:41:40.517Z'],
-        'kibana.alert.rule.query': ['_id :*'],
        'kibana.alert.rule.type': ['threshold'],
        'kibana.alert.rule.uuid': ['696c24e0-526d-11eb-836c-e1620268b945'],
        'kibana.alert.risk_score': [21],
@ -278,16 +207,6 @@ describe('formatTimelineData', () => {
        'kibana.alert.original_time': ['2021-01-09T13:39:32.595Z'],
        'kibana.alert.severity': ['low'],
        'kibana.alert.rule.version': ['1'],
-        'kibana.alert.rule.index': [
-          'apm-*-transaction*',
-          'traces-apm*',
-          'auditbeat-*',
-          'endgame-*',
-          'filebeat-*',
-          'logs-*',
-          'packetbeat-*',
-          'winlogbeat-*',
-        ],
        'kibana.alert.rule.name': ['Threshold test'],
        'kibana.alert.rule.to': ['now'],
      },
@ -334,67 +253,13 @@ describe('formatTimelineData', () => {
                exceptions_list: [],
                from: ['now-360s'],
                uuid: ['696c24e0-526d-11eb-836c-e1620268b945'],
-                index: [
-                  'apm-*-transaction*',
-                  'traces-apm*',
-                  'auditbeat-*',
-                  'endgame-*',
-                  'filebeat-*',
-                  'logs-*',
-                  'packetbeat-*',
-                  'winlogbeat-*',
-                ],
-                language: ['kuery'],
                name: ['Threshold test'],
-                output_index: ['.siem-signals-patrykkopycinski-default'],
-                query: ['_id :*'],
                to: ['now'],
                type: ['threshold'],
                version: ['1'],
                timeline_id: [],
                timeline_title: [],
-                saved_id: [],
                note: [],
-                threshold: [
-                  JSON.stringify({
-                    field: '',
-                    value: 200,
-                  }),
-                ],
-                filters: [
-                  JSON.stringify({
-                    $state: {
-                      store: 'appState',
-                    },
-                    meta: {
-                      negate: false,
-                      alias: null,
-                      disabled: false,
-                      type: 'exists',
-                      value: 'exists',
-                      key: '_index',
-                    },
-                    exists: {
-                      field: '_index',
-                    },
-                  }),
-                  JSON.stringify({
-                    $state: {
-                      store: 'appState',
-                    },
-                    meta: {
-                      negate: false,
-                      alias: 'id_exists',
-                      disabled: false,
-                      type: 'exists',
-                      value: 'exists',
-                      key: '_id',
-                    },
-                    exists: {
-                      field: '_id',
-                    },
-                  }),
-                ],
              },
            },
          },