Fixes histogram intervals and requested text cleanup

x-pack/legacy/plugins/siem/public/components/timeline/search_super_select/index.tsx

@@ -73,6 +73,7 @@ const MyEuiFlexGroup = styled(EuiFlexGroup)`
 
 interface SearchTimelineSuperSelectProps {
   isDisabled: boolean;
+  hideUntitled?: boolean;
   timelineId: string | null;
   timelineTitle: string | null;
   onTimelineChange: (timelineTitle: string, timelineId: string | null) => void;
@@ -101,6 +102,7 @@ const POPOVER_HEIGHT = 260;
 const TIMELINE_ITEM_HEIGHT = 50;
 const SearchTimelineSuperSelectComponent: React.FC<SearchTimelineSuperSelectProps> = ({
   isDisabled,
+  hideUntitled = false,
   timelineId,
   timelineTitle,
   onTimelineChange,
@@ -287,7 +289,11 @@ const SearchTimelineSuperSelectComponent: React.FC<SearchTimelineSuperSelectProp
                 rowHeight: TIMELINE_ITEM_HEIGHT,
                 showIcons: false,
                 virtualizedProps: ({
-                  onScroll: handleOnScroll.bind(null, timelines.length, totalCount),
+                  onScroll: handleOnScroll.bind(
+                    null,
+                    timelines.filter(t => !hideUntitled || t.title !== '').length,
+                    totalCount
+                  ),
                 } as unknown) as ListProps,
               }}
               renderOption={renderTimelineOption}
@@ -308,18 +314,20 @@ const SearchTimelineSuperSelectComponent: React.FC<SearchTimelineSuperSelectProp
                 ...(!onlyFavorites && searchTimelineValue === ''
                   ? getBasicSelectableOptions(timelineId == null ? '-1' : timelineId)
                   : []),
-                ...timelines.map(
-                  (t, index) =>
-                    ({
-                      description: t.description,
-                      favorite: t.favorite,
-                      label: t.title,
-                      id: t.savedObjectId,
-                      key: `${t.title}-${index}`,
-                      title: t.title,
-                      checked: t.savedObjectId === timelineId ? 'on' : undefined,
-                    } as Option)
-                ),
+                ...timelines
+                  .filter(t => !hideUntitled || t.title !== '')
+                  .map(
+                    (t, index) =>
+                      ({
+                        description: t.description,
+                        favorite: t.favorite,
+                        label: t.title,
+                        id: t.savedObjectId,
+                        key: `${t.title}-${index}`,
+                        title: t.title,
+                        checked: t.savedObjectId === timelineId ? 'on' : undefined,
+                      } as Option)
+                  ),
               ]}
             >
               {(list, search) => (

x-pack/legacy/plugins/siem/public/pages/detection_engine/components/signals_histogram_panel/helpers.tsx

@@ -47,9 +47,14 @@ export const getSignalsHistogramQuery = (
       },
       aggs: {
         signals: {
-          auto_date_histogram: {
+          date_histogram: {
             field: '@timestamp',
-            buckets: 36,
+            fixed_interval: `${Math.floor((to - from) / 32)}ms`,
+            min_doc_count: 0,
+            extended_bounds: {
+              min: from,
+              max: to,
+            },
           },
         },
       },

x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/components/pick_timeline/index.tsx

@@ -65,6 +65,7 @@ export const PickTimeline = ({
     >
       <SearchTimelineSuperSelect
         isDisabled={isDisabled}
+        hideUntitled={true}
         timelineId={timelineId}
         timelineTitle={timelineTitle}
         onTimelineChange={handleOnTimelineChange}

x-pack/legacy/plugins/siem/public/pages/hosts/translations.ts

@@ -47,7 +47,7 @@ export const NAVIGATION_EVENTS_TITLE = i18n.translate('xpack.siem.hosts.navigati
 });
 
 export const NAVIGATION_ALERTS_TITLE = i18n.translate('xpack.siem.hosts.navigation.alertsTitle', {
-  defaultMessage: 'Alerts',
+  defaultMessage: 'External alerts',
 });
 
 export const ERROR_FETCHING_AUTHENTICATIONS_DATA = i18n.translate(

x-pack/legacy/plugins/siem/public/pages/network/translations.ts

@@ -45,7 +45,7 @@ export const NAVIGATION_ANOMALIES_TITLE = i18n.translate(
 );
 
 export const NAVIGATION_ALERTS_TITLE = i18n.translate('xpack.siem.network.navigation.alertsTitle', {
-  defaultMessage: 'Alerts',
+  defaultMessage: 'External alerts',
 });
 
 export const DOMAINS_COUNT_BY = (groupByField: string) =>

x-pack/legacy/plugins/siem/server/lib/alerts/query.dsl.ts

@@ -4,7 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query';
+import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query';
 import { buildTimelineQuery } from '../events/query.dsl';
 import { RequestOptions, MatrixHistogramRequestOptions } from '../framework';
 
@@ -68,18 +68,17 @@ export const buildAlertsHistogramQuery = ({
   ];
 
   const getHistogramAggregation = () => {
-    const interval = calculateTimeseriesInterval(from, to);
+    const interval = calculateTimeSeriesInterval(from, to);
     const histogramTimestampField = '@timestamp';
     const dateHistogram = {
       date_histogram: {
         field: histogramTimestampField,
-        fixed_interval: `${interval}s`,
-      },
-    };
-    const autoDateHistogram = {
-      auto_date_histogram: {
-        field: histogramTimestampField,
-        buckets: 36,
+        fixed_interval: interval,
+        min_doc_count: 0,
+        extended_bounds: {
+          min: from,
+          max: to,
+        },
       },
     };
     return {
@@ -93,7 +92,7 @@ export const buildAlertsHistogramQuery = ({
           size: 10,
         },
         aggs: {
-          alerts: interval ? dateHistogram : autoDateHistogram,
+          alerts: dateHistogram,
         },
       },
     };

x-pack/legacy/plugins/siem/server/lib/anomalies/query.anomalies_over_time.dsl.ts

@@ -4,7 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query';
+import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query';
 import { MatrixHistogramRequestOptions } from '../framework';
 
 export const buildAnomaliesOverTimeQuery = ({
@@ -26,18 +26,17 @@ export const buildAnomaliesOverTimeQuery = ({
   ];
 
   const getHistogramAggregation = () => {
-    const interval = calculateTimeseriesInterval(from, to);
+    const interval = calculateTimeSeriesInterval(from, to);
     const histogramTimestampField = 'timestamp';
     const dateHistogram = {
       date_histogram: {
         field: histogramTimestampField,
-        fixed_interval: `${interval}s`,
-      },
-    };
-    const autoDateHistogram = {
-      auto_date_histogram: {
-        field: histogramTimestampField,
-        buckets: 36,
+        fixed_interval: interval,
+        min_doc_count: 0,
+        extended_bounds: {
+          min: from,
+          max: to,
+        },
       },
     };
     return {
@@ -50,7 +49,7 @@ export const buildAnomaliesOverTimeQuery = ({
           size: 10,
         },
         aggs: {
-          anomalies: interval ? dateHistogram : autoDateHistogram,
+          anomalies: dateHistogram,
         },
       },
     };

x-pack/legacy/plugins/siem/server/lib/authentications/query.authentications_over_time.dsl.ts

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query';
+import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query';
 import { MatrixHistogramRequestOptions } from '../framework';
 
 export const buildAuthenticationsOverTimeQuery = ({
@@ -28,18 +28,17 @@ export const buildAuthenticationsOverTimeQuery = ({
   ];
 
   const getHistogramAggregation = () => {
-    const interval = calculateTimeseriesInterval(from, to);
+    const interval = calculateTimeSeriesInterval(from, to);
     const histogramTimestampField = '@timestamp';
     const dateHistogram = {
       date_histogram: {
         field: histogramTimestampField,
-        fixed_interval: `${interval}s`,
-      },
-    };
-    const autoDateHistogram = {
-      auto_date_histogram: {
-        field: histogramTimestampField,
-        buckets: 36,
+        fixed_interval: interval,
+        min_doc_count: 0,
+        extended_bounds: {
+          min: from,
+          max: to,
+        },
       },
     };
     return {
@@ -53,7 +52,7 @@ export const buildAuthenticationsOverTimeQuery = ({
           size: 2,
         },
         aggs: {
-          events: interval ? dateHistogram : autoDateHistogram,
+          events: dateHistogram,
         },
       },
     };

x-pack/legacy/plugins/siem/server/lib/events/query.events_over_time.dsl.ts

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query';
+import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query';
 import { MatrixHistogramRequestOptions } from '../framework';
 
 export const buildEventsOverTimeQuery = ({
@@ -28,18 +28,17 @@ export const buildEventsOverTimeQuery = ({
   ];
 
   const getHistogramAggregation = () => {
-    const interval = calculateTimeseriesInterval(from, to);
+    const interval = calculateTimeSeriesInterval(from, to);
     const histogramTimestampField = '@timestamp';
     const dateHistogram = {
       date_histogram: {
         field: histogramTimestampField,
-        fixed_interval: `${interval}s`,
-      },
-    };
-    const autoDateHistogram = {
-      auto_date_histogram: {
-        field: histogramTimestampField,
-        buckets: 36,
+        fixed_interval: interval,
+        min_doc_count: 0,
+        extended_bounds: {
+          min: from,
+          max: to,
+        },
       },
     };
     return {
@@ -53,7 +52,7 @@ export const buildEventsOverTimeQuery = ({
           size: 10,
         },
         aggs: {
-          events: interval ? dateHistogram : autoDateHistogram,
+          events: dateHistogram,
         },
       },
     };

x-pack/legacy/plugins/siem/server/lib/network/query_dns_histogram.dsl.ts

@@ -4,7 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { createQueryFilterClauses, calculateTimeseriesInterval } from '../../utils/build_query';
+import { createQueryFilterClauses, calculateTimeSeriesInterval } from '../../utils/build_query';
 import { MatrixHistogramRequestOptions } from '../framework';
 
 export const buildDnsHistogramQuery = ({
@@ -29,12 +29,12 @@ export const buildDnsHistogramQuery = ({
   ];
 
   const getHistogramAggregation = () => {
-    const interval = calculateTimeseriesInterval(from, to);
+    const interval = calculateTimeSeriesInterval(from, to);
     const histogramTimestampField = '@timestamp';
     const dateHistogram = {
       date_histogram: {
         field: histogramTimestampField,
-        fixed_interval: `${interval}s`,
+        fixed_interval: interval,
       },
     };
 

x-pack/legacy/plugins/siem/server/utils/build_query/calculate_timeseries_interval.ts

@@ -89,13 +89,6 @@ export const calculateAuto = {
   }),
 };
 
-export const calculateTimeseriesInterval = (
-  lowerBoundInMsSinceEpoch: number,
-  upperBoundInMsSinceEpoch: number
-) => {
-  const duration = moment.duration(upperBoundInMsSinceEpoch - lowerBoundInMsSinceEpoch, 'ms');
-
-  const matchedInterval = calculateAuto.near(50, duration);
-
-  return matchedInterval ? Math.max(matchedInterval.asSeconds(), 1) : null;
+export const calculateTimeSeriesInterval = (from: number, to: number) => {
+  return `${Math.floor((to - from) / 32)}ms`;
 };