Skip to content

Commit

Permalink
fix 508 (#56520)
Browse files Browse the repository at this point in the history
  • Loading branch information
@XavierM
XavierM authored Feb 1, 2020
1 parent 0a17cde commit 7b876c0
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 38 deletions.
78 changes: 42 additions & 36 deletions x-pack/legacy/plugins/siem/public/pages/detection_engine/components/signals/actions.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
*/

import dateMath from '@elastic/datemath';
import { getOr } from 'lodash/fp';
import { getOr, isEmpty } from 'lodash/fp';
import moment from 'moment';

import { updateSignalStatus } from '../../../../containers/detection_engine/signals/api';
Expand Down Expand Up @@ -78,6 +78,7 @@ export const sendSignalToTimelineAction = async ({
ecsData,
updateTimelineIsLoading,
}: SendSignalToTimelineActionProps) => {
let openSignalInBasicTimeline = true;
const timelineId =
ecsData.signal?.rule?.timeline_id != null ? ecsData.signal?.rule?.timeline_id[0] : '';

Expand Down Expand Up @@ -105,52 +106,57 @@ export const sendSignalToTimelineAction = async ({
id: timelineId,
},
});

const timelineTemplate: TimelineResult = omitTypenameInTimeline(
getOr({}, 'data.getOneTimeline', responseTimeline)
);
const { timeline } = formatTimelineResultToModel(timelineTemplate, true);
const query = replaceTemplateFieldFromQuery(
timeline.kqlQuery?.filterQuery?.kuery?.expression ?? '',
ecsData
);
const filters = replaceTemplateFieldFromMatchFilters(timeline.filters ?? [], ecsData);
const dataProviders = replaceTemplateFieldFromDataProviders(
timeline.dataProviders ?? [],
ecsData
);
createTimeline({
from,
timeline: {
...timeline,
dataProviders,
eventType: 'all',
filters,
dateRange: {
start: from,
end: to,
},
kqlQuery: {
filterQuery: {
kuery: {
if (!isEmpty(timelineTemplate)) {
openSignalInBasicTimeline = false;
const { timeline } = formatTimelineResultToModel(timelineTemplate, true);
const query = replaceTemplateFieldFromQuery(
timeline.kqlQuery?.filterQuery?.kuery?.expression ?? '',
ecsData
);
const filters = replaceTemplateFieldFromMatchFilters(timeline.filters ?? [], ecsData);
const dataProviders = replaceTemplateFieldFromDataProviders(
timeline.dataProviders ?? [],
ecsData
);
createTimeline({
from,
timeline: {
...timeline,
dataProviders,
eventType: 'all',
filters,
dateRange: {
start: from,
end: to,
},
kqlQuery: {
filterQuery: {
kuery: {
kind: timeline.kqlQuery?.filterQuery?.kuery?.kind ?? 'kuery',
expression: query,
},
serializedQuery: convertKueryToElasticSearchQuery(query),
},
filterQueryDraft: {
kind: timeline.kqlQuery?.filterQuery?.kuery?.kind ?? 'kuery',
expression: query,
},
serializedQuery: convertKueryToElasticSearchQuery(query),
},
filterQueryDraft: {
kind: timeline.kqlQuery?.filterQuery?.kuery?.kind ?? 'kuery',
expression: query,
},
show: true,
},
show: true,
},
to,
});
to,
});
}
} catch {
openSignalInBasicTimeline = true;
updateTimelineIsLoading({ id: 'timeline-1', isLoading: false });
}
} else {
}

if (openSignalInBasicTimeline) {
createTimeline({
from,
timeline: {
Expand Down
4 changes: 2 additions & 2 deletions x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ export const createUpdateRulesRoute = (server: ServerFacade): Hapi.ServerRoute =
language,
output_index: outputIndex,
saved_id: savedId,
timeline_id: timelineId,
timeline_title: timelineTitle,
timeline_id: timelineId = null,
timeline_title: timelineTitle = null,
meta,
filters,
rule_id: ruleId,
Expand Down

0 comments on commit 7b876c0

Please sign in to comment.