mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
[Security Solution][RAC] Adds OR bool for acknowledged status filter (#109348)
This commit is contained in:
Davis Plumlee
GitHub
parent
0ebe3c6b09
commit
acc8465c19
2 changed files with 142 additions and 35 deletions
|
|
@ -6,7 +6,11 @@
|
|||
*/
|
||||
|
||||
import { ExistsFilter, Filter } from '@kbn/es-query';
|
||||
import { buildAlertsRuleIdFilter, buildThreatMatchFilter } from './default_config';
|
||||
import {
|
||||
buildAlertsRuleIdFilter,
|
||||
buildAlertStatusFilter,
|
||||
buildThreatMatchFilter,
|
||||
} from './default_config';
|
||||
|
||||
jest.mock('./actions');
|
||||
|
||||
|
|
@ -61,6 +65,65 @@ describe('alerts default_config', () => {
|
|||
});
|
||||
});
|
||||
|
||||
describe('buildAlertStatusFilter', () => {
|
||||
test('when status is acknowledged, filter will build for both `in-progress` and `acknowledged`', () => {
|
||||
const filters = buildAlertStatusFilter('acknowledged');
|
||||
const expected = {
|
||||
meta: {
|
||||
alias: null,
|
||||
disabled: false,
|
||||
key: 'signal.status',
|
||||
negate: false,
|
||||
params: {
|
||||
query: 'acknowledged',
|
||||
},
|
||||
type: 'phrase',
|
||||
},
|
||||
query: {
|
||||
bool: {
|
||||
should: [
|
||||
{
|
||||
term: {
|
||||
'signal.status': 'acknowledged',
|
||||
},
|
||||
},
|
||||
{
|
||||
term: {
|
||||
'signal.status': 'in-progress',
|
||||
},
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
};
|
||||
expect(filters).toHaveLength(1);
|
||||
expect(filters[0]).toEqual(expected);
|
||||
});
|
||||
|
||||
test('when status is `open` or `closed`, filter will build for solely that status', () => {
|
||||
const filters = buildAlertStatusFilter('open');
|
||||
const expected = {
|
||||
meta: {
|
||||
alias: null,
|
||||
disabled: false,
|
||||
key: 'signal.status',
|
||||
negate: false,
|
||||
params: {
|
||||
query: 'open',
|
||||
},
|
||||
type: 'phrase',
|
||||
},
|
||||
query: {
|
||||
term: {
|
||||
'signal.status': 'open',
|
||||
},
|
||||
},
|
||||
};
|
||||
expect(filters).toHaveLength(1);
|
||||
expect(filters[0]).toEqual(expected);
|
||||
});
|
||||
});
|
||||
|
||||
// TODO: move these tests to ../timelines/components/timeline/body/events/event_column_view.tsx
|
||||
// describe.skip('getAlertActions', () => {
|
||||
// let setEventsLoading: ({ eventIds, isLoading }: SetEventsLoadingProps) => void;
|
||||
|
|
|
|||
|
|
@ -26,25 +26,47 @@ import { SubsetTimelineModel } from '../../../timelines/store/timeline/model';
|
|||
import { timelineDefaults } from '../../../timelines/store/timeline/defaults';
|
||||
import { columns } from '../../configurations/security_solution_detections/columns';
|
||||
|
||||
export const buildAlertStatusFilter = (status: Status): Filter[] => [
|
||||
{
|
||||
meta: {
|
||||
alias: null,
|
||||
negate: false,
|
||||
disabled: false,
|
||||
type: 'phrase',
|
||||
key: 'signal.status',
|
||||
params: {
|
||||
query: status,
|
||||
export const buildAlertStatusFilter = (status: Status): Filter[] => {
|
||||
const combinedQuery =
|
||||
status === 'acknowledged'
|
||||
? {
|
||||
bool: {
|
||||
should: [
|
||||
{
|
||||
term: {
|
||||
'signal.status': status,
|
||||
},
|
||||
},
|
||||
{
|
||||
term: {
|
||||
'signal.status': 'in-progress',
|
||||
},
|
||||
},
|
||||
],
|
||||
},
|
||||
}
|
||||
: {
|
||||
term: {
|
||||
'signal.status': status,
|
||||
},
|
||||
};
|
||||
|
||||
return [
|
||||
{
|
||||
meta: {
|
||||
alias: null,
|
||||
negate: false,
|
||||
disabled: false,
|
||||
type: 'phrase',
|
||||
key: 'signal.status',
|
||||
params: {
|
||||
query: status,
|
||||
},
|
||||
},
|
||||
query: combinedQuery,
|
||||
},
|
||||
query: {
|
||||
term: {
|
||||
'signal.status': status,
|
||||
},
|
||||
},
|
||||
},
|
||||
];
|
||||
];
|
||||
};
|
||||
|
||||
export const buildAlertsRuleIdFilter = (ruleId: string | null): Filter[] =>
|
||||
ruleId
|
||||
|
|
@ -139,25 +161,47 @@ export const requiredFieldsForActions = [
|
|||
];
|
||||
|
||||
// TODO: Once we are past experimental phase this code should be removed
|
||||
export const buildAlertStatusFilterRuleRegistry = (status: Status): Filter[] => [
|
||||
{
|
||||
meta: {
|
||||
alias: null,
|
||||
negate: false,
|
||||
disabled: false,
|
||||
type: 'phrase',
|
||||
key: ALERT_STATUS,
|
||||
params: {
|
||||
query: status,
|
||||
export const buildAlertStatusFilterRuleRegistry = (status: Status): Filter[] => {
|
||||
const combinedQuery =
|
||||
status === 'acknowledged'
|
||||
? {
|
||||
bool: {
|
||||
should: [
|
||||
{
|
||||
term: {
|
||||
[ALERT_STATUS]: status,
|
||||
},
|
||||
},
|
||||
{
|
||||
term: {
|
||||
[ALERT_STATUS]: 'in-progress',
|
||||
},
|
||||
},
|
||||
],
|
||||
},
|
||||
}
|
||||
: {
|
||||
term: {
|
||||
[ALERT_STATUS]: status,
|
||||
},
|
||||
};
|
||||
|
||||
return [
|
||||
{
|
||||
meta: {
|
||||
alias: null,
|
||||
negate: false,
|
||||
disabled: false,
|
||||
type: 'phrase',
|
||||
key: ALERT_STATUS,
|
||||
params: {
|
||||
query: status,
|
||||
},
|
||||
},
|
||||
query: combinedQuery,
|
||||
},
|
||||
query: {
|
||||
term: {
|
||||
[ALERT_STATUS]: status,
|
||||
},
|
||||
},
|
||||
},
|
||||
];
|
||||
];
|
||||
};
|
||||
|
||||
export const buildShowBuildingBlockFilterRuleRegistry = (
|
||||
showBuildingBlockAlerts: boolean
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue