diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx index edaba3725e027..e332c96192fab 100644 --- a/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx +++ b/x-pack/plugins/endpoint/public/applications/endpoint/view/alerts/details/metadata/host_accordion.tsx @@ -6,32 +6,60 @@ import React, { memo, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; import { EuiAccordion, EuiDescriptionList } from '@elastic/eui'; -import { Immutable, AlertData } from '../../../../../../../common/types'; +import { EuiHealth } from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n/react'; +import { Immutable, AlertDetails } from '../../../../../../../common/types'; -export const HostAccordion = memo(({ alertData }: { alertData: Immutable }) => { +export const HostAccordion = memo(({ alertData }: { alertData: Immutable }) => { const columns = useMemo(() => { return [ { - title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostName', { - defaultMessage: 'Host Name', + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostNameCurrent', { + defaultMessage: 'Host Name (Current)', + }), + description: alertData.state.host_metadata.host.hostname, + }, + { + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostNameOriginal', { + defaultMessage: 'Host Name (At time of alert)', }), description: alertData.host.hostname, }, { - title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostIP', { - defaultMessage: 'Host IP', + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostIPCurrent', { + defaultMessage: 'Host IP (Current)', + }), + description: alertData.state.host_metadata.host.ip.join(', '), + }, + { + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostIPOriginal', { + defaultMessage: 'Host IP (At time of alert)', }), description: alertData.host.ip.join(', '), }, { - title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.status', { - defaultMessage: 'Status', + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.currentStatus', { + defaultMessage: 'Current Status', + }), + description: ( + + {' '} + + + ), + }, + { + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.osCurrent', { + defaultMessage: 'OS (Current)', }), - description: 'TODO', + description: alertData.state.host_metadata.host.os.name, }, { - title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.os', { - defaultMessage: 'OS', + title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.osOriginal', { + defaultMessage: 'OS (At time of alert)', }), description: alertData.host.os.name, }, diff --git a/x-pack/test/api_integration/apis/endpoint/alerts.ts b/x-pack/test/api_integration/apis/endpoint/alerts.ts index 5d42e85645b2d..7e72a2f9072f3 100644 --- a/x-pack/test/api_integration/apis/endpoint/alerts.ts +++ b/x-pack/test/api_integration/apis/endpoint/alerts.ts @@ -72,7 +72,7 @@ export default function({ getService }: FtrProviderContext) { describe('when data is in elasticsearch', () => { before(async () => { await esArchiver.load('endpoint/alerts/api_feature'); - await esArchiver.load('endpoint/metadata/api_feature'); + await esArchiver.load('endpoint/alerts/host_api_feature'); const res = await es.search({ index: 'events-endpoint-1', body: ES_QUERY_MISSING, @@ -82,7 +82,7 @@ export default function({ getService }: FtrProviderContext) { after(async () => { await esArchiver.unload('endpoint/alerts/api_feature'); - await esArchiver.unload('endpoint/metadata/api_feature'); + await esArchiver.unload('endpoint/alerts/host_api_feature'); }); it('should not support POST requests', async () => { @@ -93,7 +93,7 @@ export default function({ getService }: FtrProviderContext) { .expect(404); }); - it.skip('should return one entry for each alert with default paging', async () => { + it('should return one entry for each alert with default paging', async () => { const { body } = await supertest .get('/api/endpoint/alerts') .set('kbn-xsrf', 'xxx') @@ -111,7 +111,7 @@ export default function({ getService }: FtrProviderContext) { expect(body.result_from_index).to.eql(0); }); - it.skip('should return the page_size and page_index specified in the query params', async () => { + it('should return the page_size and page_index specified in the query params', async () => { const pageSize = 1; const pageIndex = 1; const { body } = await supertest @@ -140,7 +140,7 @@ export default function({ getService }: FtrProviderContext) { .expect(200); body = response.body; }); - it.skip('should return accurate total counts', async () => { + it('should return accurate total counts', async () => { expect(body.total).to.eql(numberOfAlertsInFixture); /** * Nothing was returned due to pagination. @@ -160,7 +160,7 @@ export default function({ getService }: FtrProviderContext) { expect(body.message).to.contain('Value must be equal to or greater than [1]'); }); - it.skip('should return links to the next and previous pages using cursor-based pagination', async () => { + it('should return links to the next and previous pages using cursor-based pagination', async () => { const { body } = await supertest .get('/api/endpoint/alerts?page_index=0') .set('kbn-xsrf', 'xxx') @@ -346,7 +346,7 @@ export default function({ getService }: FtrProviderContext) { expect(valid).to.eql(true); }); - it.skip('should filter results of alert data using rison-encoded filters', async () => { + it('should filter results of alert data using rison-encoded filters', async () => { const hostname = 'Host-abmfhmc5ku'; const { body } = await supertest .get( @@ -361,7 +361,7 @@ export default function({ getService }: FtrProviderContext) { expect(body.result_from_index).to.eql(0); }); - it.skip('should filter results of alert data using KQL', async () => { + it('should filter results of alert data using KQL', async () => { const agentID = '7cf9f7a3-28a6-4d1e-bb45-005aa28f18d0'; const { body } = await supertest .get( @@ -376,7 +376,7 @@ export default function({ getService }: FtrProviderContext) { expect(body.result_from_index).to.eql(0); }); - it.skip('should return alert details by id, getting last alert', async () => { + it('should return alert details by id, getting last alert', async () => { const documentID = 'zbNm0HABdD75WLjLYgcB'; const prevDocumentID = '2rNm0HABdD75WLjLYgcU'; const { body } = await supertest diff --git a/x-pack/test/functional/apps/endpoint/alerts.ts b/x-pack/test/functional/apps/endpoint/alerts.ts index 759574702c0f1..6a5a5cb5c32ad 100644 --- a/x-pack/test/functional/apps/endpoint/alerts.ts +++ b/x-pack/test/functional/apps/endpoint/alerts.ts @@ -16,6 +16,7 @@ export default function({ getPageObjects, getService }: FtrProviderContext) { this.tags(['ciGroup7']); before(async () => { await esArchiver.load('endpoint/alerts/api_feature'); + await esArchiver.load('endpoint/alerts/host_api_feature'); await pageObjects.common.navigateToUrlWithBrowserHistory('endpoint', '/alerts'); }); it('loads the Alert List Page', async () => { @@ -66,6 +67,7 @@ export default function({ getPageObjects, getService }: FtrProviderContext) { after(async () => { await esArchiver.unload('endpoint/alerts/api_feature'); + await esArchiver.unload('endpoint/alerts/host_api_feature'); }); }); } diff --git a/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz new file mode 100644 index 0000000000000..94a96c54ee9cb Binary files /dev/null and b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/data.json.gz differ diff --git a/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/mappings.json b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/mappings.json new file mode 100644 index 0000000000000..61ddf3c4e65db --- /dev/null +++ b/x-pack/test/functional/es_archives/endpoint/alerts/host_api_feature/mappings.json @@ -0,0 +1,156 @@ +{ + "type": "index", + "value": { + "aliases": { + }, + "index": "endpoint-agent-1", + "mappings": { + "properties": { + "@timestamp": { + "type": "long" + }, + "agent": { + "properties": { + "id": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "version": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + } + } + }, + "endpoint": { + "properties": { + "policy": { + "properties": { + "id": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "name": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + } + } + } + } + }, + "event": { + "properties": { + "created": { + "type": "long" + } + } + }, + "host": { + "properties": { + "hostname": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "id": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "ip": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "mac": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "os": { + "properties": { + "full": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "name": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "variant": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + }, + "version": { + "fields": { + "keyword": { + "ignore_above": 256, + "type": "keyword" + } + }, + "type": "text" + } + } + } + } + } + } + }, + "settings": { + "index": { + "number_of_replicas": "1", + "number_of_shards": "1" + } + } + } +} \ No newline at end of file