Fixes performance query times with last and first events

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/common/index.ts

@@ -70,7 +70,6 @@ export interface HostAggEsItem {
   cloud_machine_type?: HostBuckets;
   cloud_provider?: HostBuckets;
   cloud_region?: HostBuckets;
-  firstSeen?: HostValue;
   host_architecture?: HostBuckets;
   host_id?: HostBuckets;
   host_ip?: HostBuckets;
@@ -80,7 +79,6 @@ export interface HostAggEsItem {
   host_os_version?: HostBuckets;
   host_type?: HostBuckets;
   key?: string;
-  lastSeen?: HostValue;
   os?: HostOsHitsItem;
 }
 

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/first_last_seen/index.ts

@@ -13,7 +13,9 @@ import { HostsFields } from '../common';
 export interface HostFirstLastSeenRequestOptions
   extends Partial<RequestOptionsPaginated<HostsFields>> {
   hostName: string;
+  order: 'asc' | 'desc';
 }
+
 export interface HostFirstLastSeenStrategyResponse extends IEsSearchResponse {
   inspect?: Maybe<Inspect>;
   firstSeen?: Maybe<string>;

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/index.ts

@@ -17,7 +17,8 @@ export * from './uncommon_processes';
 export enum HostsQueries {
   authentications = 'authentications',
   details = 'details',
-  firstLastSeen = 'firstLastSeen',
+  firstSeen = 'firstSeen',
+  lastSeen = 'lastSeen',
   hosts = 'hosts',
   overview = 'overviewHost',
   uncommonProcesses = 'uncommonProcesses',

x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts

@@ -15,7 +15,6 @@ import {
   HostAuthenticationsStrategyResponse,
   HostOverviewRequestOptions,
   HostFirstLastSeenStrategyResponse,
-  HostFirstLastSeenRequestOptions,
   HostsQueries,
   HostsRequestOptions,
   HostsStrategyResponse,
@@ -28,6 +27,7 @@ import {
   HostsKpiHostsRequestOptions,
   HostsKpiUniqueIpsStrategyResponse,
   HostsKpiUniqueIpsRequestOptions,
+  HostFirstLastSeenRequestOptions,
 } from './hosts';
 import {
   NetworkQueries,
@@ -111,7 +111,9 @@ export type StrategyResponseType<T extends FactoryQueryTypes> = T extends HostsQ
   ? HostsOverviewStrategyResponse
   : T extends HostsQueries.authentications
   ? HostAuthenticationsStrategyResponse
-  : T extends HostsQueries.firstLastSeen
+  : T extends HostsQueries.firstSeen
+  ? HostFirstLastSeenStrategyResponse
+  : T extends HostsQueries.lastSeen
   ? HostFirstLastSeenStrategyResponse
   : T extends HostsQueries.uncommonProcesses
   ? HostsUncommonProcessesStrategyResponse
@@ -159,7 +161,9 @@ export type StrategyRequestType<T extends FactoryQueryTypes> = T extends HostsQu
   ? HostOverviewRequestOptions
   : T extends HostsQueries.authentications
   ? HostAuthenticationsRequestOptions
-  : T extends HostsQueries.firstLastSeen
+  : T extends HostsQueries.firstSeen
+  ? HostFirstLastSeenRequestOptions
+  : T extends HostsQueries.lastSeen
   ? HostFirstLastSeenRequestOptions
   : T extends HostsQueries.uncommonProcesses
   ? HostsUncommonProcessesRequestOptions

x-pack/plugins/security_solution/public/hosts/components/first_last_seen_host/index.tsx

@@ -31,6 +31,7 @@ export const FirstLastSeenHost = React.memo<FirstLastSeenHostProps>(
       docValueFields,
       hostName,
       indexNames,
+      order: type === FirstLastSeenHostType.FIRST_SEEN ? 'asc' : 'desc',
     });
     const valueSeen = useMemo(
       () => (type === FirstLastSeenHostType.FIRST_SEEN ? firstSeen : lastSeen),

x-pack/plugins/security_solution/public/hosts/containers/hosts/first_last_seen/index.tsx

@@ -11,8 +11,8 @@ import { useCallback, useEffect, useRef, useState } from 'react';
 import { useKibana } from '../../../../common/lib/kibana';
 import {
   HostsQueries,
-  HostFirstLastSeenRequestOptions,
   HostFirstLastSeenStrategyResponse,
+  HostFirstLastSeenRequestOptions,
 } from '../../../../../common/search_strategy/security_solution';
 
 import * as i18n from './translations';
@@ -30,17 +30,20 @@ export interface FirstLastSeenHostArgs {
   errorMessage: string | null;
   firstSeen?: string | null;
   lastSeen?: string | null;
+  order: 'asc' | 'desc' | null;
 }
 interface UseHostFirstLastSeen {
   docValueFields: DocValueFields[];
   hostName: string;
   indexNames: string[];
+  order: 'asc' | 'desc';
 }
 
 export const useFirstLastSeenHost = ({
   docValueFields,
   hostName,
   indexNames,
+  order,
 }: UseHostFirstLastSeen): [boolean, FirstLastSeenHostArgs] => {
   const { data, notifications } = useKibana().services;
   const abortCtrl = useRef(new AbortController());
@@ -51,12 +54,14 @@ export const useFirstLastSeenHost = ({
   ] = useState<HostFirstLastSeenRequestOptions>({
     defaultIndex: indexNames,
     docValueFields: docValueFields ?? [],
-    factoryQueryType: HostsQueries.firstLastSeen,
+    factoryQueryType: order === 'asc' ? HostsQueries.firstSeen : HostsQueries.lastSeen,
     hostName,
+    order,
   });
 
   const [firstLastSeenHostResponse, setFirstLastSeenHostResponse] = useState<FirstLastSeenHostArgs>(
     {
+      order: null,
       firstSeen: null,
       lastSeen: null,
       errorMessage: null,

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/index.test.ts

@@ -10,7 +10,7 @@ import { HostsQueries, HostsKpiQueries } from '../../../../../common/search_stra
 import { allHosts } from './all';
 import { hostDetails } from './details';
 import { hostOverview } from './overview';
-import { firstLastSeenHost } from './last_first_seen';
+import { firstSeenHost, lastSeenHost } from './last_first_seen';
 import { uncommonProcesses } from './uncommon_processes';
 import { authentications } from './authentications';
 import { hostsKpiAuthentications } from './kpi/authentications';
@@ -33,7 +33,8 @@ describe('hostsFactory', () => {
       [HostsQueries.details]: hostDetails,
       [HostsQueries.hosts]: allHosts,
       [HostsQueries.overview]: hostOverview,
-      [HostsQueries.firstLastSeen]: firstLastSeenHost,
+      [HostsQueries.firstSeen]: firstSeenHost,
+      [HostsQueries.lastSeen]: lastSeenHost,
       [HostsQueries.uncommonProcesses]: uncommonProcesses,
       [HostsQueries.authentications]: authentications,
       [HostsKpiQueries.kpiAuthentications]: hostsKpiAuthentications,

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/index.ts

@@ -15,7 +15,7 @@ import { SecuritySolutionFactory } from '../types';
 import { allHosts } from './all';
 import { hostDetails } from './details';
 import { hostOverview } from './overview';
-import { firstLastSeenHost } from './last_first_seen';
+import { firstSeenHost, lastSeenHost } from './last_first_seen';
 import { uncommonProcesses } from './uncommon_processes';
 import { authentications } from './authentications';
 import { hostsKpiAuthentications } from './kpi/authentications';
@@ -29,7 +29,8 @@ export const hostsFactory: Record<
   [HostsQueries.details]: hostDetails,
   [HostsQueries.hosts]: allHosts,
   [HostsQueries.overview]: hostOverview,
-  [HostsQueries.firstLastSeen]: firstLastSeenHost,
+  [HostsQueries.firstSeen]: firstSeenHost,
+  [HostsQueries.lastSeen]: lastSeenHost,
   [HostsQueries.uncommonProcesses]: uncommonProcesses,
   [HostsQueries.authentications]: authentications,
   [HostsKpiQueries.kpiAuthentications]: hostsKpiAuthentications,