Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Response Ops][Cases] Define a better type for useFetchAlertData hooks #124048

Open
jonathan-buttner opened this issue Jan 28, 2022 · 2 comments
Open

[Response Ops][Cases] Define a better type for useFetchAlertData hooks #124048

jonathan-buttner opened this issue Jan 28, 2022 · 2 comments
Labels
Feature:Cases Cases feature Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) technical debt Improvement of the software architecture and operational architecture

Comments

@jonathan-buttner
Copy link
Contributor

The useFetchAlertData hooks defined for security solution and observability will return Record<string, unknown> when this PR is merged: #123883

Ideally we could help the recipient by returning a more definitive type. The issue is that security solution's implementation recursively breaks the results up into a nested object here:
https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/cases/pages/use_fetch_alert_data.ts#L30
https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/common/utils/alerts.ts#L128

where as the observability function does not. It simply returns the data the way the alerts client sends it which looks more like:

Alerts client response 
{
  "took": 2,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "max_score": null,
    "hits": [
      {
        "_index": ".internal.alerts-observability.metrics.alerts-default-000001",
        "_id": "662aba44-d24f-47f9-8933-0e0f81cae6df",
        "_seq_no": 696,
        "_primary_term": 1,
        "_score": null,
        "_source": {
          "kibana.alert.rule.category": "Metric threshold",
          "kibana.alert.rule.consumer": "infrastructure",
          "kibana.alert.rule.execution.uuid": "40cc6f59-1101-45b1-81df-fdb47f87fcc4",
          "kibana.alert.rule.name": "Jon rule",
          "kibana.alert.rule.producer": "infrastructure",
          "kibana.alert.rule.rule_type_id": "metrics.alert.threshold",
          "kibana.alert.rule.uuid": "325830a0-7eba-11ec-a3b9-350ed5c64d7e",
          "kibana.space_ids": [
            "default"
          ],
          "kibana.alert.rule.tags": [],
          "@timestamp": "2022-01-26T22:37:20.409Z",
          "kibana.alert.reason": "Document count has reported no data over the past 1m for *",
          "kibana.alert.duration.us": 26767233000,
          "kibana.alert.instance.id": "*",
          "kibana.alert.start": "2022-01-26T15:11:13.176Z",
          "kibana.alert.uuid": "662aba44-d24f-47f9-8933-0e0f81cae6df",
          "kibana.alert.status": "active",
          "kibana.alert.workflow_status": "open",
          "event.kind": "signal",
          "event.action": "active",
          "kibana.version": "8.1.0",
          "tags": []
        },
        "fields": {
          "kibana.alert.rule.rule_type_id": [
            "metrics.alert.threshold"
          ],
          "kibana.alert.workflow_status": [
            "open"
          ],
          "kibana.space_ids": [
            "default"
          ],
          "kibana.alert.rule.consumer": [
            "infrastructure"
          ]
        },
        "sort": [
          1643236640409
        ]
      }
    ]
  }
}
Observability formatted result 
{
  "<_id value>": {
    _id: <value>,
    _index: <value>
    ... <contents of the _source field spread here>
  }
}
@jonathan-buttner jonathan-buttner added technical debt Improvement of the software architecture and operational architecture Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Feature:Cases Cases feature labels Jan 28, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops-cases (Feature:Cases)

@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@jonathan-buttner jonathan-buttner mentioned this issue Jan 28, 2022
Merged
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Cases Cases feature Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) technical debt Improvement of the software architecture and operational architecture
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kobelb @elasticmachine @jonathan-buttner