Fix data source picker for threat alerts card (#1206) (#1207)

* Fix data source picker for threat alerts card * remove unused import * fix get alerts loop --------- (cherry picked from commit b2eb62c) Signed-off-by: Joanne Wang <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
opensearch-project · Oct 29, 2024 · 37a25e8 · 37a25e8
1 parent 5c1fc94
commit 37a25e8
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 12 deletions.
diff --git a/public/components/DataSourceThreatAlertsCard/DataSourceThreatAlertsCard.tsx b/public/components/DataSourceThreatAlertsCard/DataSourceThreatAlertsCard.tsx
@@ -60,7 +60,7 @@ export const DataSourceThreatAlertsCard: React.FC<DataSourceAlertsCardProps> = (
 
   const getAlerts = async () => {
     try {
-      const detectorsRes = await detectorService.getDetectors();
+      const detectorsRes = await detectorService.getDetectors(dataSource);
       if (detectorsRes.ok) {
         const detectors: any = {};
         const detectorIds = detectorsRes.response.hits.hits.map((hit: any) => {
@@ -69,16 +69,15 @@ export const DataSourceThreatAlertsCard: React.FC<DataSourceAlertsCardProps> = (
         });
 
         let alerts: any[] = [];
-        const abortController = new AbortController();
 
         for (let id of detectorIds) {
-          const alertsRes = await DataStore.alerts.getAlertsByDetector(
+          const alertsRes = await DataStore.alerts.getAlertsForThreatAlertsCard(
             id,
             detectors[id].name,
-            abortController.signal,
             undefined,
             undefined,
-            25
+            25,
+            dataSource
           );
           alerts = alerts.concat(alertsRes);
         }
@@ -103,7 +102,7 @@ export const DataSourceThreatAlertsCard: React.FC<DataSourceAlertsCardProps> = (
 
   const onDataSourceSelected = useCallback(
     (options: any[]) => {
-      if (dataSource?.id !== undefined && dataSource?.id !== options[0]?.id) {
+      if (dataSource?.id === undefined || dataSource?.id !== options[0]?.id) {
         setDataSource(options[0]);
       }
     },

diff --git a/public/services/AlertsService.ts b/public/services/AlertsService.ts
@@ -30,12 +30,13 @@ export default class AlertsService {
       startIndex,
       startTime,
       endTime,
+      dataSource,
     } = getAlertsParams;
     const baseQuery = {
       sortOrder: sortOrder || 'desc',
       size: size || 10000,
       startIndex: startIndex || 0,
-      dataSourceId: dataSourceInfo.activeDataSource.id,
+      dataSourceId: dataSource?.id || dataSourceInfo.activeDataSource.id,
       startTime,
       endTime,
     };

diff --git a/public/services/DetectorService.ts b/public/services/DetectorService.ts
@@ -30,16 +30,18 @@ export default class DetectorsService implements IDetectorService {
     return response;
   };
 
-  getDetectors = async (): Promise<ServerResponse<SearchDetectorsResponse>> => {
+  getDetectors = async (dataSource?: any): Promise<ServerResponse<SearchDetectorsResponse>> => {
     const url = `..${API.SEARCH_DETECTORS}`;
+    const dataSourceId = dataSource?.id || dataSourceInfo.activeDataSource.id;
+
     const res = (await this.httpClient.post(url, {
       body: JSON.stringify({
         query: {
           match_all: {},
         },
       }),
       query: {
-        dataSourceId: dataSourceInfo.activeDataSource.id,
+        dataSourceId: dataSourceId,
       },
     })) as ServerResponse<SearchDetectorsResponse>;
 

diff --git a/public/store/AlertsStore.ts b/public/store/AlertsStore.ts
@@ -20,7 +20,8 @@ export class AlertsStore {
     signal: AbortSignal,
     duration?: Duration,
     onPartialAlertsFetched?: (alerts: AlertResponse[]) => void,
-    alertCount?: number
+    alertCount?: number,
+    dataSource?: any
   ) {
     let allAlerts: any[] = [];
     const maxAlertsReturned = alertCount ?? 10000;
@@ -38,6 +39,7 @@ export class AlertsStore {
         size: maxAlertsReturned,
         startTime: duration?.startTime,
         endTime: duration?.endTime,
+        dataSource,
       });
 
       if (signal.aborted) {
@@ -64,6 +66,38 @@ export class AlertsStore {
     return allAlerts;
   }
 
+  // Just grab 25 alerts for the analytics all threat alerts card once
+  public async getAlertsForThreatAlertsCard(
+    detectorId: string,
+    detectorName: string,
+    duration?: Duration,
+    onPartialAlertsFetched?: (alerts: AlertResponse[]) => void,
+    alertCount?: number,
+    dataSource?: any
+  ) {
+    let allAlerts: any[] = [];
+    const maxAlertsReturned = alertCount ?? 25;
+    let startIndex = 0;
+
+    const getAlertsRes = await this.service.getAlerts({
+      detector_id: detectorId,
+      startIndex,
+      size: maxAlertsReturned,
+      startTime: duration?.startTime,
+      endTime: duration?.endTime,
+      dataSource,
+    });
+
+    if (getAlertsRes.ok) {
+      const alerts = this.extendAlerts(getAlertsRes.response.alerts, detectorId, detectorName);
+      onPartialAlertsFetched?.(alerts);
+      allAlerts = allAlerts.concat(alerts);
+    } else {
+      errorNotificationToast(this.notifications, 'retrieve', 'alerts', getAlertsRes.error);
+    }
+    return allAlerts;
+  }
+
   public async getThreatIntelAlerts(
     signal: AbortSignal,
     duration: Duration,

diff --git a/types/Alert.ts b/types/Alert.ts
@@ -53,6 +53,7 @@ export type GetAlertsParams = {
   startIndex?: number;
   startTime?: number;
   endTime?: number;
+  dataSource?: any;
 } & (
   | {
       detector_id: string;
@@ -105,11 +106,10 @@ export interface CorrelationAlertItem {
   acknowledged_time: string | null;
 }
 
-export interface CorrelationAlertTableItem extends CorrelationAlertItem{
+export interface CorrelationAlertTableItem extends CorrelationAlertItem {
   correlation_rule_categories: string[];
 }
 
-
 export interface AlertResponse extends AlertItem {
   version: number;
   schema_version: number;