[SIEM] Create template timeline

x-pack/legacy/plugins/siem/public/components/open_timeline/types.ts

@@ -36,6 +36,10 @@ export interface TimelineActionsOverflowColumns {
   } | null>;
 }
 
+enum TimelineTypes {
+  default = 'default',
+  template = 'template',
+}
 /** The results of the query run by the OpenTimeline component */
 export interface OpenTimelineResult {
   created?: number | null;
@@ -47,6 +51,8 @@ export interface OpenTimelineResult {
   pinnedEventIds?: Readonly<Record<string, boolean>> | null;
   savedObjectId?: string | null;
   title?: string | null;
+  templateTimelineId?: string | null;
+  type?: TimelineTypes.template | TimelineTypes.default;
   updated?: number | null;
   updatedBy?: string | null;
 }

x-pack/legacy/plugins/siem/public/containers/timeline/all/index.gql_query.ts

@@ -55,6 +55,8 @@ export const allTimelinesQuery = gql`
         noteIds
         pinnedEventIds
         title
+        timelineType
+        templateTimelineId
         created
         createdBy
         updated

x-pack/legacy/plugins/siem/public/graphql/introspection.json

@@ -9728,6 +9728,22 @@
             "isDeprecated": false,
             "deprecationReason": null
           },
+          {
+            "name": "templateTimelineId",
+            "description": "",
+            "args": [],
+            "type": { "kind": "SCALAR", "name": "String", "ofType": null },
+            "isDeprecated": false,
+            "deprecationReason": null
+          },
+          {
+            "name": "timelineType",
+            "description": "",
+            "args": [],
+            "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null },
+            "isDeprecated": false,
+            "deprecationReason": null
+          },
           {
             "name": "updated",
             "description": "",
@@ -10323,6 +10339,29 @@
         "enumValues": null,
         "possibleTypes": null
       },
+      {
+        "kind": "ENUM",
+        "name": "TimelineType",
+        "description": "",
+        "fields": null,
+        "inputFields": null,
+        "interfaces": null,
+        "enumValues": [
+          {
+            "name": "default",
+            "description": "",
+            "isDeprecated": false,
+            "deprecationReason": null
+          },
+          {
+            "name": "template",
+            "description": "",
+            "isDeprecated": false,
+            "deprecationReason": null
+          }
+        ],
+        "possibleTypes": null
+      },
       {
         "kind": "INPUT_OBJECT",
         "name": "PageInfoTimeline",
@@ -10863,6 +10902,18 @@
             "type": { "kind": "SCALAR", "name": "String", "ofType": null },
             "defaultValue": null
           },
+          {
+            "name": "templateTimelineId",
+            "description": "",
+            "type": { "kind": "SCALAR", "name": "String", "ofType": null },
+            "defaultValue": null
+          },
+          {
+            "name": "timelineType",
+            "description": "",
+            "type": { "kind": "ENUM", "name": "TimelineType", "ofType": null },
+            "defaultValue": null
+          },
           {
             "name": "dateRange",
             "description": "",

x-pack/legacy/plugins/siem/public/graphql/types.ts

@@ -132,6 +132,10 @@ export interface TimelineInput {
 
   title?: Maybe<string>;
 
+  templateTimelineId?: Maybe<string>;
+
+  timelineType?: Maybe<TimelineType>;
+
   dateRange?: Maybe<DateRangePickerInput>;
 
   savedQueryId?: Maybe<string>;
@@ -334,6 +338,11 @@ export enum TlsFields {
   _id = '_id',
 }
 
+export enum TimelineType {
+  default = 'default',
+  template = 'template',
+}
+
 export enum SortFieldTimeline {
   title = 'title',
   description = 'description',
@@ -1944,6 +1953,10 @@ export interface TimelineResult {
 
   title?: Maybe<string>;
 
+  templateTimelineId?: Maybe<string>;
+
+  timelineType?: Maybe<TimelineType>;
+
   updated?: Maybe<number>;
 
   updatedBy?: Maybe<string>;
@@ -4030,6 +4043,10 @@ export namespace GetAllTimeline {
 
     title: Maybe<string>;
 
+    timelineType: Maybe<TimelineType>;
+
+    templateTimelineId: Maybe<string>;
+
     created: Maybe<number>;
 
     createdBy: Maybe<string>;

x-pack/legacy/plugins/siem/server/graphql/timeline/schema.gql.ts

@@ -125,6 +125,11 @@ export const timelineSchema = gql`
     script: String
   }
 
+  enum TimelineType {
+    default
+    template
+  }
+
   input TimelineInput {
     columns: [ColumnHeaderInput!]
     dataProviders: [DataProviderInput!]
@@ -134,6 +139,8 @@ export const timelineSchema = gql`
     kqlMode: String
     kqlQuery: SerializedFilterQueryInput
     title: String
+    templateTimelineId: String
+    timelineType: TimelineType
     dateRange: DateRangePickerInput
     savedQueryId: String
     sort: SortTimelineInput
@@ -237,6 +244,8 @@ export const timelineSchema = gql`
     savedObjectId: String!
     sort: SortTimelineResult
     title: String
+    templateTimelineId: String
+    timelineType: TimelineType
     updated: Float
     updatedBy: String
     version: String!

x-pack/legacy/plugins/siem/server/graphql/types.ts

@@ -134,6 +134,10 @@ export interface TimelineInput {
 
   title?: Maybe<string>;
 
+  templateTimelineId?: Maybe<string>;
+
+  timelineType?: Maybe<TimelineType>;
+
   dateRange?: Maybe<DateRangePickerInput>;
 
   savedQueryId?: Maybe<string>;
@@ -336,6 +340,11 @@ export enum TlsFields {
   _id = '_id',
 }
 
+export enum TimelineType {
+  default = 'default',
+  template = 'template',
+}
+
 export enum SortFieldTimeline {
   title = 'title',
   description = 'description',
@@ -1946,6 +1955,10 @@ export interface TimelineResult {
 
   title?: Maybe<string>;
 
+  templateTimelineId?: Maybe<string>;
+
+  timelineType?: Maybe<TimelineType>;
+
   updated?: Maybe<number>;
 
   updatedBy?: Maybe<string>;
@@ -8023,6 +8036,10 @@ export namespace TimelineResultResolvers {
 
     title?: TitleResolver<Maybe<string>, TypeParent, TContext>;
 
+    templateTimelineId?: TemplateTimelineIdResolver<Maybe<string>, TypeParent, TContext>;
+
+    timelineType?: TimelineTypeResolver<Maybe<TimelineType>, TypeParent, TContext>;
+
     updated?: UpdatedResolver<Maybe<number>, TypeParent, TContext>;
 
     updatedBy?: UpdatedByResolver<Maybe<string>, TypeParent, TContext>;
@@ -8130,6 +8147,16 @@ export namespace TimelineResultResolvers {
     Parent = TimelineResult,
     TContext = SiemContext
   > = Resolver<R, Parent, TContext>;
+  export type TemplateTimelineIdResolver<
+    R = Maybe<string>,
+    Parent = TimelineResult,
+    TContext = SiemContext
+  > = Resolver<R, Parent, TContext>;
+  export type TimelineTypeResolver<
+    R = Maybe<TimelineType>,
+    Parent = TimelineResult,
+    TContext = SiemContext
+  > = Resolver<R, Parent, TContext>;
   export type UpdatedResolver<
     R = Maybe<number>,
     Parent = TimelineResult,

x-pack/legacy/plugins/siem/server/lib/timeline/convert_saved_object_to_savedtimeline.ts

@@ -13,11 +13,13 @@ import { TimelineSavedObjectRuntimeType, TimelineSavedObject } from './types';
 export const convertSavedObjectToSavedTimeline = (savedObject: unknown): TimelineSavedObject => {
   const timeline = pipe(
     TimelineSavedObjectRuntimeType.decode(savedObject),
-    map(savedTimeline => ({
-      savedObjectId: savedTimeline.id,
-      version: savedTimeline.version,
-      ...savedTimeline.attributes,
-    })),
+    map(savedTimeline => {
+      return {
+        savedObjectId: savedTimeline.id,
+        version: savedTimeline.version,
+        ...savedTimeline.attributes,
+      };
+    }),
     fold(errors => {
       throw new Error(failure(errors).join('\n'));
     }, identity)

x-pack/legacy/plugins/siem/server/lib/timeline/pick_saved_timeline.ts

@@ -3,15 +3,17 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-
+import uuid from 'uuid';
 import { AuthenticatedUser } from '../../../../../../plugins/security/common/model';
 import { UNAUTHENTICATED_USER } from '../../../common/constants';
 import { SavedTimeline } from './types';
+import { TimelineType } from '../../../public/graphql/types';
 
 export const pickSavedTimeline = (
   timelineId: string | null,
   savedTimeline: SavedTimeline,
-  userInfo: AuthenticatedUser | null
+  userInfo: AuthenticatedUser | null,
+  timelineType?: TimelineType | null
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
 ): any => {
   const dateNow = new Date().valueOf();
@@ -24,5 +26,15 @@ export const pickSavedTimeline = (
     savedTimeline.updated = dateNow;
     savedTimeline.updatedBy = userInfo?.username ?? UNAUTHENTICATED_USER;
   }
+
+  if (timelineType === TimelineType.template) {
+    savedTimeline.timelineType = TimelineType.template;
+    if (savedTimeline.templateTimelineId === null) {
+      savedTimeline.templateTimelineId = uuid.v4();
+    }
+  } else {
+    savedTimeline.timelineType = TimelineType.default;
+  }
+
   return savedTimeline;
 };

x-pack/legacy/plugins/siem/server/lib/timeline/routes/__mocks__/import_timelines.ts

@@ -5,6 +5,7 @@
  */
 
 import { omit } from 'lodash/fp';
+import { TimelineType } from '../../../../graphql/types';
 
 export const mockDuplicateIdErrors = [];
 
@@ -148,6 +149,12 @@ export const mockGetTimelineValue = {
   pinnedEventIds: ['k-gi8nABm-sIqJ_scOoS'],
 };
 
+export const mockGetTemplateTimelineValue = {
+  ...mockGetTimelineValue,
+  timelineType: TimelineType.template,
+  templateTimelineId: 'existing template timeline id',
+};
+
 export const mockParsedTimelineObject = omit(
   [
     'globalNotes',