[7.6] [SIEM] Default the Timeline events filter to show All events (#58953) (#59059)

* [SIEM] Default the Timeline events filter to show All events (#58953) ## [SIEM] Default the Timeline events filter to show All events The Timeline events filter introduced in `7.6` to support the [detection engine](https://www.elastic.co/guide/en/siem/guide/current/detection-engine-overview.html) defaulted to filtering by `Raw events`, and thus required manually selecting `All events` or `Signal events` from the dropdown to view signals. The new default is `All events`, per the screenshots below: ### Before ![event-filter-before](https://user-images.githubusercontent.com/4459398/75593223-ecc61500-5a41-11ea-8d7d-8db5eccb1eb4.png) ### After ![event-filter-after](https://user-images.githubusercontent.com/4459398/75593238-f5b6e680-5a41-11ea-9e12-2fc1232f58d1.png) * * Added `eventType`, which is a required prop in `7.6.x` to pass the type check, along with this note: ``` CAUTION: `eventType` is an optional prop in post-`7.6.x` branches. In later branches, `eventType` is omitted from this test, to truly verify the new default from redux. In this branch, we must specify `eventType` to pass the type check, but this is not the true intent of this test. ```
2025-04-24 09:48:58 -04:00 · 2020-03-03 13:41:54 -07:00 · 2020-03-03 13:41:54 -07:00 · e29a53f5ba
commit e29a53f5ba
parent 188e9faa9c
4 changed files with 50 additions and 5 deletions
--- a/x-pack/legacy/plugins/siem/public/components/open_timeline/helpers.test.ts
+++ b/x-pack/legacy/plugins/siem/public/components/open_timeline/helpers.test.ts
@ -236,7 +236,7 @@ describe('helpers', () => {
        description: '',
        deletedEventIds: [],
        eventIdToNoteIds: {},
-        eventType: 'raw',
+        eventType: 'all',
        filters: [],
        highlightedDropAndProviderId: '',
        historyIds: [],
@ -330,7 +330,7 @@ describe('helpers', () => {
        description: '',
        deletedEventIds: [],
        eventIdToNoteIds: {},
-        eventType: 'raw',
+        eventType: 'all',
        filters: [],
        highlightedDropAndProviderId: '',
        historyIds: [],
@ -417,7 +417,7 @@ describe('helpers', () => {
        description: '',
        deletedEventIds: [],
        eventIdToNoteIds: {},
-        eventType: 'raw',
+        eventType: 'all',
        filters: [],
        highlightedDropAndProviderId: '',
        historyIds: [],
@ -539,7 +539,7 @@ describe('helpers', () => {
        description: '',
        deletedEventIds: [],
        eventIdToNoteIds: {},
-        eventType: 'raw',
+        eventType: 'all',
        filters: [
          {
            $state: {
--- a/x-pack/legacy/plugins/siem/public/components/timeline/search_or_filter/pick_events.tsx
+++ b/x-pack/legacy/plugins/siem/public/components/timeline/search_or_filter/pick_events.tsx
@ -77,6 +77,7 @@ const PickEventTypeComponents: React.FC<PickEventTypeProps> = ({
  return (
    <PickEventContainer>
      <EuiSuperSelect
+        data-test-subj="pick-event-type"
        fullWidth={false}
        valueOfSelected={eventType}
        onChange={onChangeEventType}
--- a/x-pack/legacy/plugins/siem/public/components/timeline/timeline.test.tsx
+++ b/x-pack/legacy/plugins/siem/public/components/timeline/timeline.test.tsx
@ -208,6 +208,50 @@ describe('Timeline', () => {

      expect(wrapper.find('[data-test-subj="table-pagination"]').exists()).toEqual(false);
    });
+
+    test('it defaults to showing `All events`', () => {
+      const wrapper = mount(
+        <TestProviders>
+          <MockedProvider mocks={mocks}>
+            <TimelineComponent
+              browserFields={mockBrowserFields}
+              columns={defaultHeaders}
+              id="foo"
+              dataProviders={mockDataProviders}
+              end={endDate}
+              eventType="all" // CAUTION: `eventType` is an optional prop in post-`7.6.x` branches. In later branches, `eventType` is omitted from this test, to truly verify the new default from redux. In this branch, we must specify `eventType` to pass the type check, but this is not the true intent of this test.
+              filters={[]}
+              flyoutHeight={testFlyoutHeight}
+              flyoutHeaderHeight={flyoutHeaderHeight}
+              indexPattern={indexPattern}
+              indexToAdd={[]}
+              isLive={false}
+              itemsPerPage={5}
+              itemsPerPageOptions={[5, 10, 20]}
+              kqlMode="search"
+              kqlQueryExpression=""
+              loadingIndexName={false}
+              onChangeDataProviderKqlQuery={jest.fn()}
+              onChangeDroppableAndProvider={jest.fn()}
+              onChangeItemsPerPage={jest.fn()}
+              onDataProviderEdited={jest.fn()}
+              onDataProviderRemoved={jest.fn()}
+              onToggleDataProviderEnabled={jest.fn()}
+              onToggleDataProviderExcluded={jest.fn()}
+              show={true}
+              showCallOutUnauthorizedMsg={false}
+              start={startDate}
+              sort={sort}
+              toggleColumn={jest.fn()}
+            />
+          </MockedProvider>
+        </TestProviders>
+      );
+
+      expect(wrapper.find('[data-test-subj="pick-event-type"] button').text()).toEqual(
+        'All events'
+      );
+    });
  });

  describe('event wire up', () => {
--- a/x-pack/legacy/plugins/siem/public/store/timeline/defaults.ts
+++ b/x-pack/legacy/plugins/siem/public/store/timeline/defaults.ts
@ -14,7 +14,7 @@ export const timelineDefaults: SubsetTimelineModel & Pick<TimelineModel, 'filter
  dataProviders: [],
  deletedEventIds: [],
  description: '',
-  eventType: 'raw',
+  eventType: 'all',
  eventIdToNoteIds: {},
  highlightedDropAndProviderId: '',
  historyIds: [],