From 81dd9277bb8f236fa64e66dca4a847107650f808 Mon Sep 17 00:00:00 2001 From: Ryland Herrick Date: Mon, 28 Jun 2021 18:19:59 -0500 Subject: [PATCH] Use existing constant as the source of our enrichments query This is now used by both the overview card and the enrichment query. --- .../cti/event_enrichment/use_investigation_enrichment.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/use_investigation_enrichment.ts b/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/use_investigation_enrichment.ts index 05cddbede7ef0..e6264235be4c5 100644 --- a/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/use_investigation_enrichment.ts +++ b/x-pack/plugins/security_solution/public/common/containers/cti/event_enrichment/use_investigation_enrichment.ts @@ -15,6 +15,7 @@ import { useKibana } from '../../../lib/kibana'; import { inputsActions } from '../../../store/actions'; import * as i18n from './translations'; import { useEventEnrichment } from '.'; +import { DEFAULT_CTI_SOURCE_INDEX } from '../../../../../common/cti/constants'; export const QUERY_ID = 'investigation_time_enrichment'; const noop = () => {}; @@ -60,9 +61,9 @@ export const useInvestigationTimeEnrichment = (eventFields: EventFields) => { start({ data: kibana.services.data, timerange: { from, to, interval: '' }, - defaultIndex: ['filebeat-*'], // TODO do we apply the current sources here? + defaultIndex: DEFAULT_CTI_SOURCE_INDEX, eventFields, - filterQuery: '', // TODO do we apply the current filters here? + filterQuery: '', }); } }, [from, start, kibana.services.data, to, eventFields]);