From 37a25e8c7369d6c040cfac0fe535b75b2bd10865 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 10:22:07 -0700 Subject: [PATCH] Fix data source picker for threat alerts card (#1206) (#1207) * Fix data source picker for threat alerts card * remove unused import * fix get alerts loop --------- (cherry picked from commit b2eb62c96e4a4be0b6c8a5450e810d2437fd737f) Signed-off-by: Joanne Wang Signed-off-by: github-actions[bot] Co-authored-by: github-actions[bot] --- .../DataSourceThreatAlertsCard.tsx | 11 +++--- public/services/AlertsService.ts | 3 +- public/services/DetectorService.ts | 6 ++-- public/store/AlertsStore.ts | 36 ++++++++++++++++++- types/Alert.ts | 4 +-- 5 files changed, 48 insertions(+), 12 deletions(-) diff --git a/public/components/DataSourceThreatAlertsCard/DataSourceThreatAlertsCard.tsx b/public/components/DataSourceThreatAlertsCard/DataSourceThreatAlertsCard.tsx index 5c672d61..c582f5e6 100644 --- a/public/components/DataSourceThreatAlertsCard/DataSourceThreatAlertsCard.tsx +++ b/public/components/DataSourceThreatAlertsCard/DataSourceThreatAlertsCard.tsx @@ -60,7 +60,7 @@ export const DataSourceThreatAlertsCard: React.FC = ( const getAlerts = async () => { try { - const detectorsRes = await detectorService.getDetectors(); + const detectorsRes = await detectorService.getDetectors(dataSource); if (detectorsRes.ok) { const detectors: any = {}; const detectorIds = detectorsRes.response.hits.hits.map((hit: any) => { @@ -69,16 +69,15 @@ export const DataSourceThreatAlertsCard: React.FC = ( }); let alerts: any[] = []; - const abortController = new AbortController(); for (let id of detectorIds) { - const alertsRes = await DataStore.alerts.getAlertsByDetector( + const alertsRes = await DataStore.alerts.getAlertsForThreatAlertsCard( id, detectors[id].name, - abortController.signal, undefined, undefined, - 25 + 25, + dataSource ); alerts = alerts.concat(alertsRes); } @@ -103,7 +102,7 @@ export const DataSourceThreatAlertsCard: React.FC = ( const onDataSourceSelected = useCallback( (options: any[]) => { - if (dataSource?.id !== undefined && dataSource?.id !== options[0]?.id) { + if (dataSource?.id === undefined || dataSource?.id !== options[0]?.id) { setDataSource(options[0]); } }, diff --git a/public/services/AlertsService.ts b/public/services/AlertsService.ts index 278c8924..06a43742 100644 --- a/public/services/AlertsService.ts +++ b/public/services/AlertsService.ts @@ -30,12 +30,13 @@ export default class AlertsService { startIndex, startTime, endTime, + dataSource, } = getAlertsParams; const baseQuery = { sortOrder: sortOrder || 'desc', size: size || 10000, startIndex: startIndex || 0, - dataSourceId: dataSourceInfo.activeDataSource.id, + dataSourceId: dataSource?.id || dataSourceInfo.activeDataSource.id, startTime, endTime, }; diff --git a/public/services/DetectorService.ts b/public/services/DetectorService.ts index e2bae4f9..6f35019c 100644 --- a/public/services/DetectorService.ts +++ b/public/services/DetectorService.ts @@ -30,8 +30,10 @@ export default class DetectorsService implements IDetectorService { return response; }; - getDetectors = async (): Promise> => { + getDetectors = async (dataSource?: any): Promise> => { const url = `..${API.SEARCH_DETECTORS}`; + const dataSourceId = dataSource?.id || dataSourceInfo.activeDataSource.id; + const res = (await this.httpClient.post(url, { body: JSON.stringify({ query: { @@ -39,7 +41,7 @@ export default class DetectorsService implements IDetectorService { }, }), query: { - dataSourceId: dataSourceInfo.activeDataSource.id, + dataSourceId: dataSourceId, }, })) as ServerResponse; diff --git a/public/store/AlertsStore.ts b/public/store/AlertsStore.ts index ada260dd..13e8440a 100644 --- a/public/store/AlertsStore.ts +++ b/public/store/AlertsStore.ts @@ -20,7 +20,8 @@ export class AlertsStore { signal: AbortSignal, duration?: Duration, onPartialAlertsFetched?: (alerts: AlertResponse[]) => void, - alertCount?: number + alertCount?: number, + dataSource?: any ) { let allAlerts: any[] = []; const maxAlertsReturned = alertCount ?? 10000; @@ -38,6 +39,7 @@ export class AlertsStore { size: maxAlertsReturned, startTime: duration?.startTime, endTime: duration?.endTime, + dataSource, }); if (signal.aborted) { @@ -64,6 +66,38 @@ export class AlertsStore { return allAlerts; } + // Just grab 25 alerts for the analytics all threat alerts card once + public async getAlertsForThreatAlertsCard( + detectorId: string, + detectorName: string, + duration?: Duration, + onPartialAlertsFetched?: (alerts: AlertResponse[]) => void, + alertCount?: number, + dataSource?: any + ) { + let allAlerts: any[] = []; + const maxAlertsReturned = alertCount ?? 25; + let startIndex = 0; + + const getAlertsRes = await this.service.getAlerts({ + detector_id: detectorId, + startIndex, + size: maxAlertsReturned, + startTime: duration?.startTime, + endTime: duration?.endTime, + dataSource, + }); + + if (getAlertsRes.ok) { + const alerts = this.extendAlerts(getAlertsRes.response.alerts, detectorId, detectorName); + onPartialAlertsFetched?.(alerts); + allAlerts = allAlerts.concat(alerts); + } else { + errorNotificationToast(this.notifications, 'retrieve', 'alerts', getAlertsRes.error); + } + return allAlerts; + } + public async getThreatIntelAlerts( signal: AbortSignal, duration: Duration, diff --git a/types/Alert.ts b/types/Alert.ts index 2d3b56ef..5e600c57 100644 --- a/types/Alert.ts +++ b/types/Alert.ts @@ -53,6 +53,7 @@ export type GetAlertsParams = { startIndex?: number; startTime?: number; endTime?: number; + dataSource?: any; } & ( | { detector_id: string; @@ -105,11 +106,10 @@ export interface CorrelationAlertItem { acknowledged_time: string | null; } -export interface CorrelationAlertTableItem extends CorrelationAlertItem{ +export interface CorrelationAlertTableItem extends CorrelationAlertItem { correlation_rule_categories: string[]; } - export interface AlertResponse extends AlertItem { version: number; schema_version: number;