[8.16] [Security Solution][Documents Flyout] Fix analyzer preview copy (#197348) (#197519)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[Security Solution][Documents Flyout] Fix analyzer preview copy
(#197348)](https://github.com/elastic/kibana/pull/197348)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"christineweng","email":"18648970+christineweng@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-10-23T19:19:06Z","message":"[Security
Solution][Documents Flyout] Fix analyzer preview copy (#197348)\n\n##
Summary\r\n\r\nThis PR fixed a small copy bug related to the
visualizations in flyout\r\nfeature. When analyzer preview is open, the
header and footer should\r\nreflect whether the document is an alert or
event.\r\n\r\nPrerequisite: enable advanced setting
`enableVisualizationsInFlyout`\r\n\r\n\r\n![image](30b87a52-1a18-4d7c-aab8-edb273faf7f2)\r\n\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"4df5b5ab81cc61eb5492d682576f5113a46bab7d","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["backport","release_note:skip","v9.0.0","Team:Threat
Hunting","Team:Threat
Hunting:Investigations","v8.16.0","v8.17.0"],"title":"[Security
Solution][Documents Flyout] Fix analyzer preview
copy","number":197348,"url":"https://github.com/elastic/kibana/pull/197348","mergeCommit":{"message":"[Security
Solution][Documents Flyout] Fix analyzer preview copy (#197348)\n\n##
Summary\r\n\r\nThis PR fixed a small copy bug related to the
visualizations in flyout\r\nfeature. When analyzer preview is open, the
header and footer should\r\nreflect whether the document is an alert or
event.\r\n\r\nPrerequisite: enable advanced setting
`enableVisualizationsInFlyout`\r\n\r\n\r\n![image](30b87a52-1a18-4d7c-aab8-edb273faf7f2)\r\n\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"4df5b5ab81cc61eb5492d682576f5113a46bab7d"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197348","number":197348,"mergeCommit":{"message":"[Security
Solution][Documents Flyout] Fix analyzer preview copy (#197348)\n\n##
Summary\r\n\r\nThis PR fixed a small copy bug related to the
visualizations in flyout\r\nfeature. When analyzer preview is open, the
header and footer should\r\nreflect whether the document is an alert or
event.\r\n\r\nPrerequisite: enable advanced setting
`enableVisualizationsInFlyout`\r\n\r\n\r\n![image](30b87a52-1a18-4d7c-aab8-edb273faf7f2)\r\n\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"4df5b5ab81cc61eb5492d682576f5113a46bab7d"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: christineweng <18648970+christineweng@users.noreply.github.com>

x-pack/plugins/security_solution/public/flyout/document_details/analyzer_panels/index.tsx

@@ -13,7 +13,7 @@ import type { DocumentDetailsAnalyzerPanelKey } from '../shared/constants/panel_
 import { DetailsPanel } from '../../../resolver/view/details_panel';
 import type { NodeEventOnClick } from '../../../resolver/view/panels/node_events_of_type';
 import { DocumentDetailsPreviewPanelKey } from '../shared/constants/panel_keys';
-import { ALERT_PREVIEW_BANNER } from '../preview/constants';
+import { ALERT_PREVIEW_BANNER, EVENT_PREVIEW_BANNER } from '../preview/constants';
 
 interface AnalyzerPanelProps extends Record<string, unknown> {
   /**
@@ -34,7 +34,7 @@ export const AnalyzerPanel: React.FC<AnalyzerPanelProps> = ({ resolverComponentI
   const { openPreviewPanel } = useExpandableFlyoutApi();
 
   const openPreview = useCallback<NodeEventOnClick>(
-    ({ documentId, indexName, scopeId }) =>
+    ({ documentId, indexName, scopeId, isAlert }) =>
       () => {
         openPreviewPanel({
           id: DocumentDetailsPreviewPanelKey,
@@ -43,7 +43,7 @@ export const AnalyzerPanel: React.FC<AnalyzerPanelProps> = ({ resolverComponentI
             indexName,
             scopeId,
             isPreviewMode: true,
-            banner: ALERT_PREVIEW_BANNER,
+            banner: isAlert ? ALERT_PREVIEW_BANNER : EVENT_PREVIEW_BANNER,
           },
         });
       },

x-pack/plugins/security_solution/public/flyout/document_details/preview/constants.ts

@@ -8,12 +8,17 @@
 import { i18n } from '@kbn/i18n';
 
 export const ALERT_PREVIEW_BANNER = {
-  title: i18n.translate(
-    'xpack.securitySolution.flyout.left.insights.correlations.alertPreviewTitle',
-    {
-      defaultMessage: 'Preview alert details',
-    }
-  ),
+  title: i18n.translate('xpack.securitySolution.flyout.preview.alertPreviewTitle', {
+    defaultMessage: 'Preview alert details',
+  }),
+  backgroundColor: 'warning',
+  textColor: 'warning',
+};
+
+export const EVENT_PREVIEW_BANNER = {
+  title: i18n.translate('xpack.securitySolution.flyout.preview.eventPreviewTitle', {
+    defaultMessage: 'Preview event details',
+  }),
   backgroundColor: 'warning',
   textColor: 'warning',
 };

x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.test.tsx

@@ -34,7 +34,7 @@ describe('<PreviewPanelFooter />', () => {
     jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi);
   });
 
-  it('should render footer', () => {
+  it('should render footer for alert', () => {
     const { getByTestId } = render(
       <TestProviders>
         <DocumentDetailsContext.Provider value={mockContextValue}>
@@ -43,6 +43,20 @@ describe('<PreviewPanelFooter />', () => {
       </TestProviders>
     );
     expect(getByTestId(PREVIEW_FOOTER_TEST_ID)).toBeInTheDocument();
+    expect(getByTestId(PREVIEW_FOOTER_TEST_ID)).toHaveTextContent('Show full alert details');
+  });
+
+  it('should render footer for event', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <DocumentDetailsContext.Provider
+          value={{ ...mockContextValue, getFieldsData: () => 'event' }}
+        >
+          <PreviewPanelFooter />
+        </DocumentDetailsContext.Provider>
+      </TestProviders>
+    );
+    expect(getByTestId(PREVIEW_FOOTER_TEST_ID)).toHaveTextContent('Show full event details');
   });
 
   it('should open document details flyout when clicked', () => {

x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.tsx

@@ -6,10 +6,12 @@
  */
 
 import { EuiLink, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
-import React, { useCallback } from 'react';
+import React, { useCallback, useMemo } from 'react';
 import { i18n } from '@kbn/i18n';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { FlyoutFooter } from '@kbn/security-solution-common';
+import { getField } from '../shared/utils';
+import { EventKind } from '../shared/constants/event_kinds';
 import { DocumentDetailsRightPanelKey } from '../shared/constants/panel_keys';
 import { useDocumentDetailsContext } from '../shared/context';
 import { PREVIEW_FOOTER_TEST_ID, PREVIEW_FOOTER_LINK_TEST_ID } from './test_ids';
@@ -19,10 +21,15 @@ import { useKibana } from '../../../common/lib/kibana';
  * Footer at the bottom of preview panel with a link to open document details flyout
  */
 export const PreviewPanelFooter = () => {
-  const { eventId, indexName, scopeId } = useDocumentDetailsContext();
+  const { eventId, indexName, scopeId, getFieldsData } = useDocumentDetailsContext();
   const { openFlyout } = useExpandableFlyoutApi();
   const { telemetry } = useKibana().services;
 
+  const isAlert = useMemo(
+    () => getField(getFieldsData('event.kind')) === EventKind.signal,
+    [getFieldsData]
+  );
+
   const openDocumentFlyout = useCallback(() => {
     openFlyout({
       right: {
@@ -49,9 +56,12 @@ export const PreviewPanelFooter = () => {
             target="_blank"
             data-test-subj={PREVIEW_FOOTER_LINK_TEST_ID}
           >
-            {i18n.translate('xpack.securitySolution.flyout.preview.openFlyoutLabel', {
-              defaultMessage: 'Show full alert details',
-            })}
+            <>
+              {i18n.translate('xpack.securitySolution.flyout.preview.openFlyoutLabel', {
+                values: { isAlert },
+                defaultMessage: 'Show full {isAlert, select, true{alert} other{event}} details',
+              })}
+            </>
           </EuiLink>
         </EuiFlexItem>
       </EuiFlexGroup>

x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.test.tsx

@@ -130,6 +130,7 @@ describe('<NodeEventsListItem />', () => {
             '@timestamp': 1726589803115,
             event: {
               id: 'event id',
+              kind: 'signal',
             },
           }}
         />
@@ -141,6 +142,7 @@ describe('<NodeEventsListItem />', () => {
       documentId: 'test _id',
       indexName: '_index',
       scopeId: 'test',
+      isAlert: true,
     });
   });
 });

x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.tsx

@@ -30,15 +30,18 @@ import { useFormattedDate } from './use_formatted_date';
 import { expandDottedObject } from '../../../../common/utils/expand_dotted';
 import type { State } from '../../../common/store/types';
 import { userRequestedAdditionalRelatedEvents } from '../../store/data/action';
+import { EventKind } from '../../../flyout/document_details/shared/constants/event_kinds';
 
 export type NodeEventOnClick = ({
   documentId,
   indexName,
   scopeId,
+  isAlert,
 }: {
   documentId: string | undefined;
   indexName: string | undefined;
   scopeId: string;
+  isAlert: boolean;
 }) => () => void;
 
 /**
@@ -128,6 +131,7 @@ export const NodeEventsListItem = memo(function ({
   const expandedEvent = expandDottedObject(event);
   const timestamp = eventModel.eventTimestamp(expandedEvent);
   const eventID = eventModel.eventID(expandedEvent);
+  const isAlert = eventModel.eventKind(expandedEvent)[0] === EventKind.signal;
   const documentId = eventModel.documentID(expandedEvent);
   const indexName = eventModel.indexName(expandedEvent);
   const winlogRecordID = eventModel.winlogRecordID(expandedEvent);
@@ -172,7 +176,7 @@ export const NodeEventsListItem = memo(function ({
       {nodeEventOnClick ? (
         <EuiButtonEmpty
           data-test-subj="resolver:panel:node-events-in-category:event-link"
-          onClick={nodeEventOnClick({ documentId, indexName, scopeId: id })}
+          onClick={nodeEventOnClick({ documentId, indexName, scopeId: id, isAlert })}
         >
           <DescriptiveName event={expandedEvent} />
         </EuiButtonEmpty>

x-pack/plugins/translations/translations/fr-FR.json

@@ -38752,7 +38752,6 @@
     "xpack.securitySolution.flyout.entityDetails.valuesColumnTitle": "Valeurs",
     "xpack.securitySolution.flyout.host.preview.viewDetailsLabel": "Ouvrir le menu volant des détails de l'hôte",
     "xpack.securitySolution.flyout.left.insights.buttonGroupLegendLabel": "Options des informations exploitables",
-    "xpack.securitySolution.flyout.left.insights.correlations.alertPreviewTitle": "Aperçu des détails de l'alerte",
     "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsNoDataDescription": "Aucune alerte associée par ancêtre.",
     "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsTitle": "{count} {count, plural, one {alerte associée} other {alertes associées}} par ancêtre",
     "xpack.securitySolution.flyout.left.insights.correlations.nameColumnLabel": "Nom",
@@ -38828,7 +38827,6 @@
     "xpack.securitySolution.flyout.left.visualize.sessionViewButtonLabel": "Vue de session",
     "xpack.securitySolution.flyout.left.visualize.tabLabel": "Visualize",
     "xpack.securitySolution.flyout.preview.alertReason.panelTitle": "Raison d'alerte",
-    "xpack.securitySolution.flyout.preview.openFlyoutLabel": "Afficher tous les détails de l'alerte",
     "xpack.securitySolution.flyout.preview.rule.aboutLabel": "À propos",
     "xpack.securitySolution.flyout.preview.rule.actionsLabel": "Actions",
     "xpack.securitySolution.flyout.preview.rule.definitionLabel": "Définition",

x-pack/plugins/translations/translations/ja-JP.json

@@ -38495,7 +38495,6 @@
     "xpack.securitySolution.flyout.entityDetails.valuesColumnTitle": "値",
     "xpack.securitySolution.flyout.host.preview.viewDetailsLabel": "ホスト詳細フライアウトを開く",
     "xpack.securitySolution.flyout.left.insights.buttonGroupLegendLabel": "インサイトオプション",
-    "xpack.securitySolution.flyout.left.insights.correlations.alertPreviewTitle": "アラート詳細を表示",
     "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsNoDataDescription": "上位項目に関連するアラートはありません。",
     "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsTitle": "上位項目に関連する{count}件の{count, plural, other {アラート}}",
     "xpack.securitySolution.flyout.left.insights.correlations.nameColumnLabel": "名前",
@@ -38571,7 +38570,6 @@
     "xpack.securitySolution.flyout.left.visualize.sessionViewButtonLabel": "セッションビュー",
     "xpack.securitySolution.flyout.left.visualize.tabLabel": "可視化",
     "xpack.securitySolution.flyout.preview.alertReason.panelTitle": "アラートの理由",
-    "xpack.securitySolution.flyout.preview.openFlyoutLabel": "完全なアラート詳細を表示",
     "xpack.securitySolution.flyout.preview.rule.aboutLabel": "概要",
     "xpack.securitySolution.flyout.preview.rule.actionsLabel": "アクション",
     "xpack.securitySolution.flyout.preview.rule.definitionLabel": "定義",

x-pack/plugins/translations/translations/zh-CN.json

@@ -38541,7 +38541,6 @@
     "xpack.securitySolution.flyout.entityDetails.valuesColumnTitle": "值",
     "xpack.securitySolution.flyout.host.preview.viewDetailsLabel": "打开主机详情浮出控件",
     "xpack.securitySolution.flyout.left.insights.buttonGroupLegendLabel": "洞见选项",
-    "xpack.securitySolution.flyout.left.insights.correlations.alertPreviewTitle": "预览告警详情",
     "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsNoDataDescription": "无告警与体系相关。",
     "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsTitle": "{count} 个{count, plural, other {告警}}与体系相关",
     "xpack.securitySolution.flyout.left.insights.correlations.nameColumnLabel": "名称",
@@ -38617,7 +38616,6 @@
     "xpack.securitySolution.flyout.left.visualize.sessionViewButtonLabel": "会话视图",
     "xpack.securitySolution.flyout.left.visualize.tabLabel": "Visualize",
     "xpack.securitySolution.flyout.preview.alertReason.panelTitle": "告警原因",
-    "xpack.securitySolution.flyout.preview.openFlyoutLabel": "显示完整告警详情",
     "xpack.securitySolution.flyout.preview.rule.aboutLabel": "关于",
     "xpack.securitySolution.flyout.preview.rule.actionsLabel": "操作",
     "xpack.securitySolution.flyout.preview.rule.definitionLabel": "定义",