[Security Solution] Remove a data fetching hook from the add to timeline action component #124331
Conversation
kqualters-elastic
added
v8.0.0
release_note:skip
|
/oblt-deploy |
|
/oblt-deploy |
| estypes.SearchResponse<{ '@timestamp': string; [key: string]: unknown }> | ||
| >(DETECTION_ENGINE_QUERY_SIGNALS_URL, { | ||
| method: 'POST', | ||
| body: JSON.stringify(buildAlertsQuery([ecsData._id] ?? [])), |
There was a problem hiding this comment.
is the nullish operator here necessary? The empty array will never be selected
There was a problem hiding this comment.
ya it's not, will remove.
| @@ -550,7 +613,7 @@ export const sendAlertToTimelineAction = async ({ | |||
| }); | |||
| } | |||
| } else if (isThresholdRule(ecsData)) { | |||
| createThresholdTimeline(ecsData, createTimeline, noteContent, {}); | |||
| return createThresholdTimeline(ecsData, createTimeline, noteContent, {}); | |||
There was a problem hiding this comment.
Is an await required in this context, similar to the return await createThresholdTimeline(ecsData, createTimeline, noteContent, { above?
There was a problem hiding this comment.
I think it's the other way actually, the await is redundant and not needed above. Not sure why the linter did not catch this one, it catches the other
| }); | ||
| const from = DEFAULT_FROM_MOMENT.toISOString(); | ||
| const to = DEFAULT_TO_MOMENT.toISOString(); | ||
| return createTimeline({ |
There was a problem hiding this comment.
consider not invoking createTimeline here, because in this state, we can't fully construct the search criteria
There was a problem hiding this comment.
Thanks for this fix @kqualters-elastic! 🙏
Desk tested locally with threshold, eql, and other rule types
LGTM
...n/public/detections/components/alerts_table/timeline_actions/use_investigate_in_timeline.tsx
Outdated
Show resolved
Hide resolved
| @@ -22,7 +22,6 @@ interface InvestigateInTimelineActionProps { | |||
| alertIds?: string[]; | |||
There was a problem hiding this comment.
We need to do a proper clean up of alertIds usage. That would be great to clarify in the PR description why we don't need any more fetching the alerts and alertIds.
|
Thank you for fixing this! |
💚 Build SucceededMetrics [docs]Module Count
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
|
The following labels were identified as gaps in your version labels and will be added automatically:
If any of these should not be on your pull request, please manually remove them. |
💔 All backports failed
How to fixRe-run the backport manually: Questions ?Please refer to the Backport tool documentation |
…ine action component (elastic#124331) * Fetch alert ecs data in actions.tsx and not a hook in every table row * Add error handling and tests for theshold timelines * Fix bad merge * Remove unused imports * Actually remove unused file * Remove usage of alertIds and dead code from cases * Add basic sanity tests that ensure no extra network calls are being made * Remove unused operator * Remove unused imports * Remove unused mock (cherry picked from commit e312c36)
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
kibanamachine
added
the
backport missing
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
4 similar comments
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
…ine action component (elastic#124331) * Fetch alert ecs data in actions.tsx and not a hook in every table row * Add error handling and tests for theshold timelines * Fix bad merge * Remove unused imports * Actually remove unused file * Remove usage of alertIds and dead code from cases * Add basic sanity tests that ensure no extra network calls are being made * Remove unused operator * Remove unused imports * Remove unused mock (cherry picked from commit e312c36)
…ine action component (elastic#124331) * Fetch alert ecs data in actions.tsx and not a hook in every table row * Add error handling and tests for theshold timelines * Fix bad merge * Remove unused imports * Actually remove unused file * Remove usage of alertIds and dead code from cases * Add basic sanity tests that ensure no extra network calls are being made * Remove unused operator * Remove unused imports * Remove unused mock (cherry picked from commit e312c36) # Conflicts: # x-pack/plugins/cases/public/components/case_view/case_view_page.tsx # x-pack/plugins/cases/public/components/user_actions/types.ts # x-pack/plugins/security_solution/public/cases/pages/index.tsx # x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/footer.tsx
…ine action component (#124331) (#125800) * Fetch alert ecs data in actions.tsx and not a hook in every table row * Add error handling and tests for theshold timelines * Fix bad merge * Remove unused imports * Actually remove unused file * Remove usage of alertIds and dead code from cases * Add basic sanity tests that ensure no extra network calls are being made * Remove unused operator * Remove unused imports * Remove unused mock (cherry picked from commit e312c36)
kibanamachine
removed
the
backport missing
… timeline action component (#124331) (#125810) * [Security Solution] Remove a data fetching hook from the add to timeline action component (#124331) * Fetch alert ecs data in actions.tsx and not a hook in every table row * Add error handling and tests for theshold timelines * Fix bad merge * Remove unused imports * Actually remove unused file * Remove usage of alertIds and dead code from cases * Add basic sanity tests that ensure no extra network calls are being made * Remove unused operator * Remove unused imports * Remove unused mock (cherry picked from commit e312c36) # Conflicts: # x-pack/plugins/cases/public/components/case_view/case_view_page.tsx # x-pack/plugins/cases/public/components/user_actions/types.ts # x-pack/plugins/security_solution/public/cases/pages/index.tsx # x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/footer.tsx * Fix types * Fix failing tests
Summary
Fixes #124307 for all alert types by removing a hook that conditionally fetched data in every row. Instead this logic is moved into the callback from the click, so the data is fetched once and only once and only when needed. This api call can and should be removed soon by updating the alerts table search strategy to return all needed fields for building the timeline filters/data providers etc. By adding all kibana.alert.* referenced in https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx to https://github.com/elastic/kibana/blob/main/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/constants.ts#L45 the request that was previously made in useFetchEcsAlertsData and moved to https://github.com/elastic/kibana/compare/main...kqualters-elastic:fetch-ecs-in-actions?expand=1#diff-972b23879f146e612234cef06ac25c143709767be35c69d621861d7b50d8ce24R402 can be removed entirely.
Checklist