Skip to content

Commit

Permalink
[Security Solution][Detection Engine] fixes showing all the fields fo…
Browse files Browse the repository at this point in the history
…r all indices when trying to edit filters in a rule (elastic#194678)

## Summary

 - addresses elastic#179468
 - fixes issue when rule configured with Data view
 
**Steps to reproduce:**

1. Create a minimal new index and corresponding data view
    ```JSON
    PUT fields_index
    PUT fields_index/_mapping
    {
      "properties": {
        "@timestamp": {
          "type": "date"
        },
        "field-1": {
          "type": "keyword"
        },
        "field-2": {
          "type": "keyword"
        },
        "field-3": {
          "type": "keyword"
        }
      }
    }
    
    POST fields_index/_doc
    {
     "@timestamp": "2024-10-01T09:26:30.425Z",
     "field-1": "test-0"
    }
    ```
2. Create a security rule with that data view
3. Edit the rule and try to add a filter
4. Fields for all indices show up instead of the fields from the rule
index
5. Switching to indices and back to data view on rule form fixes issue

<details>
<summary>video with the bug</summary>



https://github.com/user-attachments/assets/fc83356d-d727-4662-856e-a4f0b386b71f


</details>

### Additional benefit of fixing the issue.

Previously, there would be 2 additional field_caps requests, querying
ALL indices in ES, when rule edit page loads and rule configured with
data view.

```
http://localhost:5601/kbn/internal/data_views/fields?pattern=&meta_fields=_source&meta_fields=_id&meta_fields=_index&meta_fields=_score&meta_fields=_ignored&allow_no_index=true&apiVersion=1
```
Notice, there is `pattern=` query value, which results in querying all
existing indices
Now, these requests eliminated.


#### Before
<img width="2551" alt="Screenshot 2024-10-02 at 18 21 04"
src="https://github.com/user-attachments/assets/aa2b6acb-897d-488f-9ddd-409379c6b54a">


#### After

<img width="2557" alt="Screenshot 2024-10-02 at 18 22 41"
src="https://github.com/user-attachments/assets/baeeecda-bf16-4d37-ae07-3cdc136d18b4">
  • Loading branch information
vitaliidm authored Oct 9, 2024
1 parent 4b695fd commit 5a71d84
Showing 1 changed file with 2 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* 2.0.
*/

import { cloneDeep } from 'lodash';
import { cloneDeep, isEmpty } from 'lodash';
import React, { memo, useMemo, useCallback, useState, useEffect } from 'react';
import deepEqual from 'fast-deep-equal';

Expand Down Expand Up @@ -125,7 +125,7 @@ export const QueryBar = memo<QueryBarComponentProps>(
let dv: DataView;
if (isDataView(indexPattern)) {
setDataView(indexPattern);
} else if (!isEsql) {
} else if (!isEsql && !isEmpty(indexPattern.title)) {
const createDataView = async () => {
dv = await data.dataViews.create({ id: indexPattern.title, title: indexPattern.title });
setDataView(dv);
Expand Down

0 comments on commit 5a71d84

Please sign in to comment.