From 7a8d813a9ccb3dcb3aa8c7524f2e07f8d0ce5781 Mon Sep 17 00:00:00 2001 From: Pablo Machado Date: Thu, 24 Oct 2024 16:04:13 +0200 Subject: [PATCH] [SecuritySolution] Fix entities list initial sorting (#197465) ## Summary The entity list initial sorting wasn't working because it referenced an old field. --- .../components/entity_store/entities_list.tsx | 2 +- .../entity_store/routes/entities/list.ts | 2 +- .../security_solution/entity_store/data.json | 32 ++- .../entity_store/mappings.json | 187 ++++++++++-------- 4 files changed, 121 insertions(+), 102 deletions(-) diff --git a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.tsx b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.tsx index 67276e53795ca..aa03e41c553cb 100644 --- a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.tsx +++ b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.tsx @@ -34,7 +34,7 @@ export const EntitiesList: React.FC = () => { const [limit, setLimit] = useState(10); const { toggleStatus } = useQueryToggle(ENTITIES_LIST_TABLE_ID); const [sorting, setSorting] = useState({ - field: 'entity.last_seen_timestamp', + field: '@timestamp', direction: Direction.desc, }); diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts index c702eaf2ab676..3eefcb7de5752 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts @@ -53,7 +53,7 @@ export const listEntitiesRoute = (router: EntityAnalyticsRoutesDeps['router'], l const { page = 1, per_page: perPage = 10, - sort_field: sortField = 'entity.last_seen_timestamp', + sort_field: sortField = '@timestamp', sort_order: sortOrder = 'desc', entities_types: entityTypes, filterQuery, diff --git a/x-pack/test/functional/es_archives/security_solution/entity_store/data.json b/x-pack/test/functional/es_archives/security_solution/entity_store/data.json index 529aa6020dce7..4f55a18acfd36 100644 --- a/x-pack/test/functional/es_archives/security_solution/entity_store/data.json +++ b/x-pack/test/functional/es_archives/security_solution/entity_store/data.json @@ -4,6 +4,7 @@ "id": "a4cf452c1e0375c3d4412cb550ad1783358468a3b3b777da4829d72c7d6fb74f", "index": ".entities.v1.latest.security_user_default", "source": { + "@timestamp": "2024-09-11T11:24:15.588Z", "event": { "ingested": "2024-09-11T11:26:49.706875Z" }, @@ -17,16 +18,10 @@ "hash": [] }, "entity": { - "last_seen_timestamp": "2024-09-11T11:24:15.588Z", - "schema_version": "v1", - "definition_version": "1.0.0", - "display_name": "hinamatsumoto", - "identity_fields": [ - "user.name" - ], - "id": "LBQAgKHGmpup0Kg9nlKmeQ==", - "type": "node", - "definition_id": "security_user_default" + "name": "hinamatsumoto", + "id": "hinamatsumoto", + "type": "user", + "source": ".ds-logs-endpoint.alerts-default-2024.10.23-000001" } } } @@ -38,6 +33,7 @@ "id": "a2cf452c1e0375c3d4412cb550bd1783358468a3b3b777da4829d72c7d6fb71f", "index": ".entities.v1.latest.security_host_default", "source": { + "@timestamp": "2024-09-11T11:24:15.591Z", "event": { "ingested": "2024-09-11T11:26:49.641707Z" }, @@ -67,17 +63,11 @@ ] }, "entity": { - "last_seen_timestamp": "2024-09-11T11:24:15.591Z", - "schema_version": "v1", - "definition_version": "1.0.0", - "display_name": "ali-ubuntu-server", - "identity_fields": [ - "host.name" - ], - "id": "ZXKm6GEcUJY6NHkMgPPmGQ==", - "type": "node", - "definition_id": "security_host_default" + "name": "ali-ubuntu-server", + "id": "ali-ubuntu-server", + "type": "host", + "source": ".ds-logs-endpoint.events.process-default-2024.10.23-000001" } } } -} +} \ No newline at end of file diff --git a/x-pack/test/functional/es_archives/security_solution/entity_store/mappings.json b/x-pack/test/functional/es_archives/security_solution/entity_store/mappings.json index 641f825896ffd..364ced91dc0b6 100644 --- a/x-pack/test/functional/es_archives/security_solution/entity_store/mappings.json +++ b/x-pack/test/functional/es_archives/security_solution/entity_store/mappings.json @@ -33,17 +33,27 @@ } ], "properties": { + "@timestamp": { + "type": "date" + }, + "asset": { + "properties": { + "criticality": { + "type": "keyword" + } + } + }, "entity": { "properties": { - "definition_id": { + "definitionId": { "type": "keyword", "ignore_above": 1024 }, - "definition_version": { + "definitionVersion": { "type": "keyword", "ignore_above": 1024 }, - "display_name": { + "displayName": { "type": "text", "fields": { "keyword": { @@ -52,20 +62,34 @@ } } }, + "firstSeenTimestamp": { + "type": "date" + }, "id": { "type": "keyword", "ignore_above": 1024 }, - "identity_fields": { + "identityFields": { "type": "keyword" }, - "last_seen_timestamp": { + "lastSeenTimestamp": { "type": "date" }, - "schema_version": { + "name": { + "type": "text", + "fields": { + "text": { + "type": "keyword" + } + } + }, + "schemaVersion": { "type": "keyword", "ignore_above": 1024 }, + "source": { + "type": "keyword" + }, "type": { "type": "keyword", "ignore_above": 1024 @@ -82,58 +106,41 @@ "host": { "properties": { "architecture": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" + }, + "domain": { + "type": "keyword" }, "hostname": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" }, "id": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" }, "ip": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "ip" }, "mac": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" }, "name": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" + "type": "keyword" + }, + "risk": { + "properties": { + "calculated_level": { + "type": "keyword" + }, + "calculated_score": { + "type": "float" + }, + "calculated_score_norm": { + "type": "float" } } + }, + "type": { + "type": "keyword" } } }, @@ -191,17 +198,27 @@ } ], "properties": { + "@timestamp": { + "type": "date" + }, + "asset": { + "properties": { + "criticality": { + "type": "keyword" + } + } + }, "entity": { "properties": { - "definition_id": { + "definitionId": { "type": "keyword", "ignore_above": 1024 }, - "definition_version": { + "definitionVersion": { "type": "keyword", "ignore_above": 1024 }, - "display_name": { + "displayName": { "type": "text", "fields": { "keyword": { @@ -210,20 +227,34 @@ } } }, + "firstSeenTimestamp": { + "type": "date" + }, "id": { "type": "keyword", "ignore_above": 1024 }, - "identity_fields": { + "identityFields": { "type": "keyword" }, - "last_seen_timestamp": { + "lastSeenTimestamp": { "type": "date" }, - "schema_version": { + "name": { + "type": "text", + "fields": { + "text": { + "type": "keyword" + } + } + }, + "schemaVersion": { "type": "keyword", "ignore_above": 1024 }, + "source": { + "type": "keyword" + }, "type": { "type": "keyword", "ignore_above": 1024 @@ -247,40 +278,38 @@ "user": { "properties": { "domain": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" }, "email": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" + }, + "full_name": { + "type": "keyword" + }, + "hash": { + "type": "keyword" }, "id": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" - } - } + "type": "keyword" }, "name": { - "type": "keyword", - "ignore_above": 1024, - "fields": { - "text": { - "type": "text" + "type": "keyword" + }, + "risk": { + "properties": { + "calculated_level": { + "type": "keyword" + }, + "calculated_score": { + "type": "float" + }, + "calculated_score_norm": { + "type": "float" } } + }, + "roles": { + "type": "keyword" } } } @@ -294,4 +323,4 @@ } } } -} +} \ No newline at end of file