[Security Solutions] Fix timeline not able to save on investigating alert from dashboard (#151616)

issue: https://github.com/elastic/kibana/issues/149800 ## Summary The timeline endpoint is returning an error everywhere we call `openTimelineWithFilters` (entity analytics and detections and response pages) I compare a broken data provider with one that works and spotted the extra `and: []` <img width="1424" alt="Screenshot 2023-02-20 at 13 54 19" src="https://user-images.githubusercontent.com/1490444/220121799-9d33a0f8-d319-4161-95e2-c9c3fb324972.png"> After removing `and: []` it works. ### How to test it? * On entity analytics and detections and response pages * Open the timeline from the alerts column * Check if the timeline HTTP call status code is 200 * Save the timeline and check if it is saved ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2025-04-24 17:59:23 -04:00 · 2023-02-21 17:31:40 +01:00 · 2023-02-21 17:31:40 +01:00 · 949c8c2fe0
commit 949c8c2fe0
parent cd910bee1c
3 changed files with 17 additions and 7 deletions
--- a/x-pack/plugins/security_solution/public/common/components/event_details/table/use_action_cell_data_provider.ts
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/use_action_cell_data_provider.ts
@ -29,7 +29,7 @@ import { getDisplayValue } from '../../../../timelines/components/timeline/data_
 import { PORT_NAMES } from '../../../../explore/network/components/port/helpers';
 import { INDICATOR_REFERENCE } from '../../../../../common/cti/constants';
 import type { BrowserField } from '../../../containers/source';
-import type { DataProvider, QueryOperator } from '../../../../../common/types';
+import type { DataProvider, DataProvidersAnd, QueryOperator } from '../../../../../common/types';
 import { IS_OPERATOR } from '../../../../../common/types';

 export interface UseActionCellDataProvider {
@ -69,6 +69,16 @@ export const getDataProvider = (
  },
 });

+export const getDataProviderAnd = (
+  field: string,
+  id: string,
+  value: string | string[],
+  operator: QueryOperator = IS_OPERATOR
+): DataProvidersAnd => {
+  const { and, ...dataProvider } = getDataProvider(field, id, value, operator);
+  return dataProvider;
+};
+
 export const useActionCellDataProvider = ({
  contextId,
  eventId,
--- a/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/mock_data.ts
+++ b/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/mock_data.ts
@ -47,7 +47,6 @@ export const dataProviderWithAndFilters = [
  {
    and: [
      {
-        and: [],
        enabled: true,
        excluded: false,
        id: 'mock-id',
@ -80,7 +79,6 @@ export const dataProviderWithOrFilters = [
  {
    and: [
      {
-        and: [],
        enabled: true,
        id: 'mock-id',
        name: 'kibana.alerts.workflow_status',
@ -109,7 +107,6 @@ export const dataProviderWithOrFilters = [
  {
    and: [
      {
-        and: [],
        enabled: true,
        id: 'mock-id',
        name: 'kibana.alerts.workflow_status',
@ -138,7 +135,6 @@ export const dataProviderWithOrFilters = [
  {
    and: [
      {
-        and: [],
        enabled: true,
        id: 'mock-id',
        name: 'kibana.alerts.workflow_status',
--- a/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/use_navigate_to_timeline.tsx
+++ b/x-pack/plugins/security_solution/public/overview/components/detection_response/hooks/use_navigate_to_timeline.tsx
@ -12,7 +12,10 @@ import { v4 as uuidv4 } from 'uuid';
 import { useDeepEqualSelector } from '../../../../common/hooks/use_selector';
 import { SourcererScopeName } from '../../../../common/store/sourcerer/model';
 import { sourcererActions } from '../../../../common/store/sourcerer';
-import { getDataProvider } from '../../../../common/components/event_details/table/use_action_cell_data_provider';
+import {
+  getDataProvider,
+  getDataProviderAnd,
+} from '../../../../common/components/event_details/table/use_action_cell_data_provider';
 import type { DataProvider, QueryOperator } from '../../../../../common/types/timeline';
 import { TimelineId, TimelineType } from '../../../../../common/types/timeline';
 import { useCreateTimeline } from '../../../../timelines/components/timeline/properties/use_create_timeline';
@ -90,12 +93,13 @@ export const useNavigateToTimeline = () => {

          for (const filter of orFilterGroup.slice(1)) {
            dataProvider.and.push(
-              getDataProvider(filter.field, uuidv4(), filter.value, filter.operator)
+              getDataProviderAnd(filter.field, uuidv4(), filter.value, filter.operator)
            );
          }
          dataProviders.push(dataProvider);
        }
      }
+
      navigateToTimeline(dataProviders, timeRange);
    },
    [navigateToTimeline]