diff --git a/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts.ts b/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts.ts index 7f52db599135a..3b8a07b7ffeb7 100644 --- a/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts.ts +++ b/x-pack/plugins/security_solution/public/common/mock/mock_detection_alerts.ts @@ -10,7 +10,7 @@ import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; export const getDetectionAlertMock = (overrides: Partial = {}): Ecs => ({ ...{ _id: '1', - timestamp: '2018-11-05T19:03:25.937Z', + '@timestamp': '2018-11-05T19:03:25.937Z', host: { name: ['apache'], ip: ['192.168.0.1'], diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx index 5ad96cfc322d6..c56edd19100b3 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.test.tsx @@ -1014,9 +1014,9 @@ describe('alert actions', () => { }); test('it uses ecs.Data.timestamp if one is provided', () => { - const ecsDataMock: Ecs = { + const ecsDataMock = { ...mockEcsDataWithAlert, - timestamp: '2020-03-20T17:59:46.349Z', + '@timestamp': '2020-03-20T17:59:46.349Z', }; const result = determineToAndFrom({ ecs: ecsDataMock }); @@ -1025,7 +1025,8 @@ describe('alert actions', () => { }); test('it uses current time timestamp if ecsData.timestamp is not provided', () => { - const { timestamp, ...ecsDataMock } = mockEcsDataWithAlert; + // @ts-ignore // TODO remove when EcsSecurityExtension has been cleaned https://github.com/elastic/kibana/issues/156879 + const { '@timestamp': timestamp, ...ecsDataMock } = mockEcsDataWithAlert; const result = determineToAndFrom({ ecs: ecsDataMock }); expect(result.from).toEqual('2020-03-01T17:54:46.349Z'); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx index 194e986ff68c2..33174b9b2266b 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx @@ -27,6 +27,7 @@ import { ALERT_SUPPRESSION_END, ALERT_SUPPRESSION_DOCS_COUNT, ALERT_SUPPRESSION_TERMS, + TIMESTAMP, } from '@kbn/rule-data-utils'; import { lastValueFrom } from 'rxjs'; @@ -155,10 +156,13 @@ export const determineToAndFrom = ({ ecs }: { ecs: Ecs[] | Ecs }) => { const elapsedTimeRule = moment.duration( moment().diff(dateMath.parse(ruleFrom != null ? ruleFrom[0] : 'now-1d')) ); - const from = moment(ecsData.timestamp ?? new Date()) - .subtract(elapsedTimeRule) - .toISOString(); - const to = moment(ecsData.timestamp ?? new Date()).toISOString(); + + const alertTimestampEcsValue = getField(ecsData, TIMESTAMP); + const alertTimestamp = Array.isArray(alertTimestampEcsValue) + ? alertTimestampEcsValue[0] + : alertTimestampEcsValue; + const to = moment(alertTimestamp ?? new Date()).toISOString(); + const from = moment(to).subtract(elapsedTimeRule).toISOString(); return { to, from }; };