diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/analyzer_panels/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/analyzer_panels/index.tsx index ff1e0cd73e7a3..f61993da5321a 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/analyzer_panels/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/analyzer_panels/index.tsx @@ -13,7 +13,7 @@ import type { DocumentDetailsAnalyzerPanelKey } from '../shared/constants/panel_ import { DetailsPanel } from '../../../resolver/view/details_panel'; import type { NodeEventOnClick } from '../../../resolver/view/panels/node_events_of_type'; import { DocumentDetailsPreviewPanelKey } from '../shared/constants/panel_keys'; -import { ALERT_PREVIEW_BANNER } from '../preview/constants'; +import { ALERT_PREVIEW_BANNER, EVENT_PREVIEW_BANNER } from '../preview/constants'; interface AnalyzerPanelProps extends Record { /** @@ -34,7 +34,7 @@ export const AnalyzerPanel: React.FC = ({ resolverComponentI const { openPreviewPanel } = useExpandableFlyoutApi(); const openPreview = useCallback( - ({ documentId, indexName, scopeId }) => + ({ documentId, indexName, scopeId, isAlert }) => () => { openPreviewPanel({ id: DocumentDetailsPreviewPanelKey, @@ -43,7 +43,7 @@ export const AnalyzerPanel: React.FC = ({ resolverComponentI indexName, scopeId, isPreviewMode: true, - banner: ALERT_PREVIEW_BANNER, + banner: isAlert ? ALERT_PREVIEW_BANNER : EVENT_PREVIEW_BANNER, }, }); }, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/constants.ts b/x-pack/plugins/security_solution/public/flyout/document_details/preview/constants.ts index 0c07633c4c11e..0d91a4852ece0 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/constants.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/preview/constants.ts @@ -8,12 +8,17 @@ import { i18n } from '@kbn/i18n'; export const ALERT_PREVIEW_BANNER = { - title: i18n.translate( - 'xpack.securitySolution.flyout.left.insights.correlations.alertPreviewTitle', - { - defaultMessage: 'Preview alert details', - } - ), + title: i18n.translate('xpack.securitySolution.flyout.preview.alertPreviewTitle', { + defaultMessage: 'Preview alert details', + }), + backgroundColor: 'warning', + textColor: 'warning', +}; + +export const EVENT_PREVIEW_BANNER = { + title: i18n.translate('xpack.securitySolution.flyout.preview.eventPreviewTitle', { + defaultMessage: 'Preview event details', + }), backgroundColor: 'warning', textColor: 'warning', }; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.test.tsx index 4abd9ab7763ac..2eee16007f91c 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.test.tsx @@ -34,7 +34,7 @@ describe('', () => { jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi); }); - it('should render footer', () => { + it('should render footer for alert', () => { const { getByTestId } = render( @@ -43,6 +43,20 @@ describe('', () => { ); expect(getByTestId(PREVIEW_FOOTER_TEST_ID)).toBeInTheDocument(); + expect(getByTestId(PREVIEW_FOOTER_TEST_ID)).toHaveTextContent('Show full alert details'); + }); + + it('should render footer for event', () => { + const { getByTestId } = render( + + 'event' }} + > + + + + ); + expect(getByTestId(PREVIEW_FOOTER_TEST_ID)).toHaveTextContent('Show full event details'); }); it('should open document details flyout when clicked', () => { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.tsx index 404a3debefc2e..f437c9e77a158 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/preview/footer.tsx @@ -6,10 +6,12 @@ */ import { EuiLink, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; -import React, { useCallback } from 'react'; +import React, { useCallback, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { FlyoutFooter } from '@kbn/security-solution-common'; +import { getField } from '../shared/utils'; +import { EventKind } from '../shared/constants/event_kinds'; import { DocumentDetailsRightPanelKey } from '../shared/constants/panel_keys'; import { useDocumentDetailsContext } from '../shared/context'; import { PREVIEW_FOOTER_TEST_ID, PREVIEW_FOOTER_LINK_TEST_ID } from './test_ids'; @@ -19,10 +21,15 @@ import { useKibana } from '../../../common/lib/kibana'; * Footer at the bottom of preview panel with a link to open document details flyout */ export const PreviewPanelFooter = () => { - const { eventId, indexName, scopeId } = useDocumentDetailsContext(); + const { eventId, indexName, scopeId, getFieldsData } = useDocumentDetailsContext(); const { openFlyout } = useExpandableFlyoutApi(); const { telemetry } = useKibana().services; + const isAlert = useMemo( + () => getField(getFieldsData('event.kind')) === EventKind.signal, + [getFieldsData] + ); + const openDocumentFlyout = useCallback(() => { openFlyout({ right: { @@ -49,9 +56,12 @@ export const PreviewPanelFooter = () => { target="_blank" data-test-subj={PREVIEW_FOOTER_LINK_TEST_ID} > - {i18n.translate('xpack.securitySolution.flyout.preview.openFlyoutLabel', { - defaultMessage: 'Show full alert details', - })} + <> + {i18n.translate('xpack.securitySolution.flyout.preview.openFlyoutLabel', { + values: { isAlert }, + defaultMessage: 'Show full {isAlert, select, true{alert} other{event}} details', + })} + diff --git a/x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.test.tsx b/x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.test.tsx index 65ca0e1e9531d..5a7eb919d683a 100644 --- a/x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.test.tsx +++ b/x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.test.tsx @@ -130,6 +130,7 @@ describe('', () => { '@timestamp': 1726589803115, event: { id: 'event id', + kind: 'signal', }, }} /> @@ -141,6 +142,7 @@ describe('', () => { documentId: 'test _id', indexName: '_index', scopeId: 'test', + isAlert: true, }); }); }); diff --git a/x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.tsx b/x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.tsx index 07a1ee9464cc1..77bb59769b8d5 100644 --- a/x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.tsx +++ b/x-pack/plugins/security_solution/public/resolver/view/panels/node_events_of_type.tsx @@ -30,15 +30,18 @@ import { useFormattedDate } from './use_formatted_date'; import { expandDottedObject } from '../../../../common/utils/expand_dotted'; import type { State } from '../../../common/store/types'; import { userRequestedAdditionalRelatedEvents } from '../../store/data/action'; +import { EventKind } from '../../../flyout/document_details/shared/constants/event_kinds'; export type NodeEventOnClick = ({ documentId, indexName, scopeId, + isAlert, }: { documentId: string | undefined; indexName: string | undefined; scopeId: string; + isAlert: boolean; }) => () => void; /** @@ -128,6 +131,7 @@ export const NodeEventsListItem = memo(function ({ const expandedEvent = expandDottedObject(event); const timestamp = eventModel.eventTimestamp(expandedEvent); const eventID = eventModel.eventID(expandedEvent); + const isAlert = eventModel.eventKind(expandedEvent)[0] === EventKind.signal; const documentId = eventModel.documentID(expandedEvent); const indexName = eventModel.indexName(expandedEvent); const winlogRecordID = eventModel.winlogRecordID(expandedEvent); @@ -172,7 +176,7 @@ export const NodeEventsListItem = memo(function ({ {nodeEventOnClick ? ( diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index ff644d2f55e1b..23dc62847c503 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -38752,7 +38752,6 @@ "xpack.securitySolution.flyout.entityDetails.valuesColumnTitle": "Valeurs", "xpack.securitySolution.flyout.host.preview.viewDetailsLabel": "Ouvrir le menu volant des détails de l'hôte", "xpack.securitySolution.flyout.left.insights.buttonGroupLegendLabel": "Options des informations exploitables", - "xpack.securitySolution.flyout.left.insights.correlations.alertPreviewTitle": "Aperçu des détails de l'alerte", "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsNoDataDescription": "Aucune alerte associée par ancêtre.", "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsTitle": "{count} {count, plural, one {alerte associée} other {alertes associées}} par ancêtre", "xpack.securitySolution.flyout.left.insights.correlations.nameColumnLabel": "Nom", @@ -38828,7 +38827,6 @@ "xpack.securitySolution.flyout.left.visualize.sessionViewButtonLabel": "Vue de session", "xpack.securitySolution.flyout.left.visualize.tabLabel": "Visualize", "xpack.securitySolution.flyout.preview.alertReason.panelTitle": "Raison d'alerte", - "xpack.securitySolution.flyout.preview.openFlyoutLabel": "Afficher tous les détails de l'alerte", "xpack.securitySolution.flyout.preview.rule.aboutLabel": "À propos", "xpack.securitySolution.flyout.preview.rule.actionsLabel": "Actions", "xpack.securitySolution.flyout.preview.rule.definitionLabel": "Définition", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 088d1e09474bd..977e0fc0a6e8a 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -38495,7 +38495,6 @@ "xpack.securitySolution.flyout.entityDetails.valuesColumnTitle": "値", "xpack.securitySolution.flyout.host.preview.viewDetailsLabel": "ホスト詳細フライアウトを開く", "xpack.securitySolution.flyout.left.insights.buttonGroupLegendLabel": "インサイトオプション", - "xpack.securitySolution.flyout.left.insights.correlations.alertPreviewTitle": "アラート詳細を表示", "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsNoDataDescription": "上位項目に関連するアラートはありません。", "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsTitle": "上位項目に関連する{count}件の{count, plural, other {アラート}}", "xpack.securitySolution.flyout.left.insights.correlations.nameColumnLabel": "名前", @@ -38571,7 +38570,6 @@ "xpack.securitySolution.flyout.left.visualize.sessionViewButtonLabel": "セッションビュー", "xpack.securitySolution.flyout.left.visualize.tabLabel": "可視化", "xpack.securitySolution.flyout.preview.alertReason.panelTitle": "アラートの理由", - "xpack.securitySolution.flyout.preview.openFlyoutLabel": "完全なアラート詳細を表示", "xpack.securitySolution.flyout.preview.rule.aboutLabel": "概要", "xpack.securitySolution.flyout.preview.rule.actionsLabel": "アクション", "xpack.securitySolution.flyout.preview.rule.definitionLabel": "定義", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 0f1ad4f33a1f6..82d10d12a4fc1 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -38541,7 +38541,6 @@ "xpack.securitySolution.flyout.entityDetails.valuesColumnTitle": "值", "xpack.securitySolution.flyout.host.preview.viewDetailsLabel": "打开主机详情浮出控件", "xpack.securitySolution.flyout.left.insights.buttonGroupLegendLabel": "洞见选项", - "xpack.securitySolution.flyout.left.insights.correlations.alertPreviewTitle": "预览告警详情", "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsNoDataDescription": "无告警与体系相关。", "xpack.securitySolution.flyout.left.insights.correlations.ancestryAlertsTitle": "{count} 个{count, plural, other {告警}}与体系相关", "xpack.securitySolution.flyout.left.insights.correlations.nameColumnLabel": "名称", @@ -38617,7 +38616,6 @@ "xpack.securitySolution.flyout.left.visualize.sessionViewButtonLabel": "会话视图", "xpack.securitySolution.flyout.left.visualize.tabLabel": "Visualize", "xpack.securitySolution.flyout.preview.alertReason.panelTitle": "告警原因", - "xpack.securitySolution.flyout.preview.openFlyoutLabel": "显示完整告警详情", "xpack.securitySolution.flyout.preview.rule.aboutLabel": "关于", "xpack.securitySolution.flyout.preview.rule.actionsLabel": "操作", "xpack.securitySolution.flyout.preview.rule.definitionLabel": "定义",