From b7197e306c2d7c78b61da31a57cc911769c7289d Mon Sep 17 00:00:00 2001 From: Kfir Peled <61654899+kfirpeled@users.noreply.github.com> Date: Tue, 17 Dec 2024 18:39:33 +0000 Subject: [PATCH] =?UTF-8?q?Revert=20"[8.x]=20[Cloud=20Security]=20Bug=20fi?= =?UTF-8?q?x=20-=20show=20origin=20event's=20with=20primar=E2=80=A6"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit bed0eaa8eaf18e3507e615c14b59de0ffaaa5e28. --- .../common/schema/graph/v1.ts | 4 +- .../graph_investigation.tsx | 45 +-- .../src/hooks/use_fetch_graph_data.test.tsx | 8 +- .../graph/src/hooks/use_fetch_graph_data.ts | 6 +- .../server/routes/graph/route.ts | 4 +- .../server/routes/graph/v1.ts | 53 ++-- .../left/components/graph_visualization.tsx | 23 +- .../left/tabs/visualize_tab.tsx | 4 +- .../graph_preview_container.test.tsx | 117 +------- .../components/graph_preview_container.tsx | 5 +- .../visualizations_section.test.tsx | 1 - .../components/visualizations_section.tsx | 4 +- .../shared/hooks/use_graph_preview.test.tsx | 259 ++++++------------ .../shared/hooks/use_graph_preview.ts | 16 +- .../apis/cloud_security_posture/graph.ts | 2 +- .../test/cloud_security_posture_api/config.ts | 10 +- .../routes/graph.ts | 63 +---- .../security/cloud_security_posture/graph.ts | 4 +- 18 files changed, 145 insertions(+), 483 deletions(-) diff --git a/x-pack/packages/kbn-cloud-security-posture/common/schema/graph/v1.ts b/x-pack/packages/kbn-cloud-security-posture/common/schema/graph/v1.ts index 5b1a48cf940b7..076c685aca5b9 100644 --- a/x-pack/packages/kbn-cloud-security-posture/common/schema/graph/v1.ts +++ b/x-pack/packages/kbn-cloud-security-posture/common/schema/graph/v1.ts @@ -12,9 +12,7 @@ export const graphRequestSchema = schema.object({ nodesLimit: schema.maybe(schema.number()), showUnknownTarget: schema.maybe(schema.boolean()), query: schema.object({ - originEventIds: schema.arrayOf( - schema.object({ id: schema.string(), isAlert: schema.boolean() }) - ), + eventIds: schema.arrayOf(schema.string()), // TODO: use zod for range validation instead of config schema start: schema.oneOf([schema.number(), schema.string()]), end: schema.oneOf([schema.number(), schema.string()]), diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph_investigation/graph_investigation.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph_investigation/graph_investigation.tsx index bd57082ba4cb9..081b4ec28c6a5 100644 --- a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph_investigation/graph_investigation.tsx +++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph_investigation/graph_investigation.tsx @@ -126,46 +126,21 @@ const useGraphPopovers = ( }; interface GraphInvestigationProps { - /** - * The initial state to use for the graph investigation view. - */ - initialState: { - /** - * The data view to use for the graph investigation view. - */ - dataView: DataView; - - /** - * The origin events for the graph investigation view. - */ - originEventIds: Array<{ - /** - * The ID of the origin event. - */ - id: string; - - /** - * A flag indicating whether the origin event is an alert or not. - */ - isAlert: boolean; - }>; - - /** - * The initial timerange for the graph investigation view. - */ - timeRange: TimeRange; - }; + dataView: DataView; + eventIds: string[]; + timestamp: string | null; } /** * Graph investigation view allows the user to expand nodes and view related entities. */ export const GraphInvestigation: React.FC = memo( - ({ - initialState: { dataView, originEventIds, timeRange: initialTimeRange }, - }: GraphInvestigationProps) => { + ({ dataView, eventIds, timestamp = new Date().toISOString() }: GraphInvestigationProps) => { const [searchFilters, setSearchFilters] = useState(() => []); - const [timeRange, setTimeRange] = useState(initialTimeRange); + const [timeRange, setTimeRange] = useState({ + from: `${timestamp}||-30m`, + to: `${timestamp}||+30m`, + }); const { services: { uiSettings }, @@ -178,7 +153,7 @@ export const GraphInvestigation: React.FC = memo( [...searchFilters], getEsQueryConfig(uiSettings as Parameters[0]) ), - [dataView, searchFilters, uiSettings] + [searchFilters, dataView, uiSettings] ); const { nodeExpandPopover, openPopoverCallback } = useGraphPopovers( @@ -191,7 +166,7 @@ export const GraphInvestigation: React.FC = memo( const { data, refresh, isFetching } = useFetchGraphData({ req: { query: { - originEventIds, + eventIds, esQuery: query, start: timeRange.from, end: timeRange.to, diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/hooks/use_fetch_graph_data.test.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/hooks/use_fetch_graph_data.test.tsx index da5eaee9bfbf9..e494ff0957ecb 100644 --- a/x-pack/packages/kbn-cloud-security-posture/graph/src/hooks/use_fetch_graph_data.test.tsx +++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/hooks/use_fetch_graph_data.test.tsx @@ -33,7 +33,7 @@ describe('useFetchGraphData', () => { return useFetchGraphData({ req: { query: { - originEventIds: [], + eventIds: [], start: '2021-09-01T00:00:00.000Z', end: '2021-09-01T23:59:59.999Z', }, @@ -52,7 +52,7 @@ describe('useFetchGraphData', () => { return useFetchGraphData({ req: { query: { - originEventIds: [], + eventIds: [], start: '2021-09-01T00:00:00.000Z', end: '2021-09-01T23:59:59.999Z', }, @@ -75,7 +75,7 @@ describe('useFetchGraphData', () => { return useFetchGraphData({ req: { query: { - originEventIds: [], + eventIds: [], start: '2021-09-01T00:00:00.000Z', end: '2021-09-01T23:59:59.999Z', }, @@ -98,7 +98,7 @@ describe('useFetchGraphData', () => { return useFetchGraphData({ req: { query: { - originEventIds: [], + eventIds: [], start: '2021-09-01T00:00:00.000Z', end: '2021-09-01T23:59:59.999Z', }, diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/hooks/use_fetch_graph_data.ts b/x-pack/packages/kbn-cloud-security-posture/graph/src/hooks/use_fetch_graph_data.ts index 477492a3bbb7b..74cca4693e801 100644 --- a/x-pack/packages/kbn-cloud-security-posture/graph/src/hooks/use_fetch_graph_data.ts +++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/hooks/use_fetch_graph_data.ts @@ -81,13 +81,13 @@ export const useFetchGraphData = ({ options, }: UseFetchGraphDataParams): UseFetchGraphDataResult => { const queryClient = useQueryClient(); - const { esQuery, originEventIds, start, end } = req.query; + const { esQuery, eventIds, start, end } = req.query; const { services: { http }, } = useKibana(); const QUERY_KEY = useMemo( - () => ['useFetchGraphData', originEventIds, start, end, esQuery], - [end, esQuery, originEventIds, start] + () => ['useFetchGraphData', eventIds, start, end, esQuery], + [end, esQuery, eventIds, start] ); const { isLoading, isError, data, isFetching } = useQuery( diff --git a/x-pack/plugins/cloud_security_posture/server/routes/graph/route.ts b/x-pack/plugins/cloud_security_posture/server/routes/graph/route.ts index f655747815850..f9544b656f927 100644 --- a/x-pack/plugins/cloud_security_posture/server/routes/graph/route.ts +++ b/x-pack/plugins/cloud_security_posture/server/routes/graph/route.ts @@ -43,7 +43,7 @@ export const defineGraphRoute = (router: CspRouter) => const cspContext = await context.csp; const { nodesLimit, showUnknownTarget = false } = request.body; - const { originEventIds, start, end, esQuery } = request.body.query as GraphRequest['query']; + const { eventIds, start, end, esQuery } = request.body.query as GraphRequest['query']; const spaceId = (await cspContext.spaces?.spacesService?.getActiveSpace(request))?.id; try { @@ -53,7 +53,7 @@ export const defineGraphRoute = (router: CspRouter) => esClient: cspContext.esClient, }, query: { - originEventIds, + eventIds, spaceId, start, end, diff --git a/x-pack/plugins/cloud_security_posture/server/routes/graph/v1.ts b/x-pack/plugins/cloud_security_posture/server/routes/graph/v1.ts index d506bb856e766..b14a2ba3e06a9 100644 --- a/x-pack/plugins/cloud_security_posture/server/routes/graph/v1.ts +++ b/x-pack/plugins/cloud_security_posture/server/routes/graph/v1.ts @@ -33,8 +33,7 @@ interface GraphEdge { action: string; targetIds: string[] | string; eventOutcome: string; - isOrigin: boolean; - isOriginAlert: boolean; + isAlert: boolean; } interface LabelEdges { @@ -47,15 +46,10 @@ interface GraphContextServices { esClient: IScopedClusterClient; } -interface OriginEventId { - id: string; - isAlert: boolean; -} - interface GetGraphParams { services: GraphContextServices; query: { - originEventIds: OriginEventId[]; + eventIds: string[]; spaceId?: string; start: string | number; end: string | number; @@ -67,13 +61,11 @@ interface GetGraphParams { export const getGraph = async ({ services: { esClient, logger }, - query: { originEventIds, spaceId = 'default', start, end, esQuery }, + query: { eventIds, spaceId = 'default', start, end, esQuery }, showUnknownTarget, nodesLimit, }: GetGraphParams): Promise> => { - logger.trace( - `Fetching graph for [originEventIds: ${originEventIds.join(', ')}] in [spaceId: ${spaceId}]` - ); + logger.trace(`Fetching graph for [eventIds: ${eventIds.join(', ')}] in [spaceId: ${spaceId}]`); const results = await fetchGraph({ esClient, @@ -81,7 +73,7 @@ export const getGraph = async ({ logger, start, end, - originEventIds, + eventIds, esQuery, }); @@ -140,7 +132,7 @@ const fetchGraph = async ({ logger, start, end, - originEventIds, + eventIds, showUnknownTarget, esQuery, }: { @@ -148,21 +140,15 @@ const fetchGraph = async ({ logger: Logger; start: string | number; end: string | number; - originEventIds: OriginEventId[]; + eventIds: string[]; showUnknownTarget: boolean; esQuery?: EsQuery; }): Promise> => { - const originAlertIds = originEventIds.filter((originEventId) => originEventId.isAlert); const query = `from logs-* | WHERE event.action IS NOT NULL AND actor.entity.id IS NOT NULL -| EVAL isOrigin = ${ - originEventIds.length > 0 - ? `event.id in (${originEventIds.map((_id, idx) => `?og_id${idx}`).join(', ')})` - : 'false' - } -| EVAL isOriginAlert = isOrigin AND ${ - originAlertIds.length > 0 - ? `event.id in (${originAlertIds.map((_id, idx) => `?og_alrt_id${idx}`).join(', ')})` +| EVAL isAlert = ${ + eventIds.length > 0 + ? `event.id in (${eventIds.map((_id, idx) => `?al_id${idx}`).join(', ')})` : 'false' } | STATS badge = COUNT(*), @@ -173,26 +159,19 @@ const fetchGraph = async ({ action = event.action, targetIds = target.entity.id, eventOutcome = event.outcome, - isOrigin, - isOriginAlert + isAlert | LIMIT 1000 -| SORT isOrigin DESC`; +| SORT isAlert DESC`; logger.trace(`Executing query [${query}]`); - const eventIds = originEventIds.map((originEventId) => originEventId.id); return await esClient.asCurrentUser.helpers .esql({ columnar: false, filter: buildDslFilter(eventIds, showUnknownTarget, start, end, esQuery), query, // @ts-ignore - types are not up to date - params: [ - ...originEventIds.map((originEventId, idx) => ({ [`og_id${idx}`]: originEventId.id })), - ...originEventIds - .filter((originEventId) => originEventId.isAlert) - .map((originEventId, idx) => ({ [`og_alrt_id${idx}`]: originEventId.id })), - ], + params: [...eventIds.map((id, idx) => ({ [`al_id${idx}`]: id }))], }) .toRecords(); }; @@ -259,7 +238,7 @@ const createNodes = (records: GraphEdge[], context: Omit { const dataView = useGetScopedSourcererDataView({ sourcererScope: SourcererScopeName.default, }); - const { getFieldsData, dataAsNestedObject, dataFormattedForFieldBrowser } = - useDocumentDetailsContext(); - const { - eventIds, - timestamp = new Date().toISOString(), - isAlert, - } = useGraphPreview({ + const { getFieldsData, dataAsNestedObject } = useDocumentDetailsContext(); + const { eventIds, timestamp } = useGraphPreview({ getFieldsData, ecsData: dataAsNestedObject, - dataFormattedForFieldBrowser, }); - const originEventIds = eventIds.map((id) => ({ id, isAlert })); - return (
{ > {dataView && ( }> - + )}
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx index 1a8e5906e247e..89e00e06e3a49 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx @@ -88,8 +88,7 @@ const graphVisualizationButton: EuiButtonGroupOptionProps = { * Visualize view displayed in the document details expandable flyout left section */ export const VisualizeTab = memo(() => { - const { scopeId, getFieldsData, dataAsNestedObject, dataFormattedForFieldBrowser } = - useDocumentDetailsContext(); + const { scopeId, getFieldsData, dataAsNestedObject } = useDocumentDetailsContext(); const { openPreviewPanel } = useExpandableFlyoutApi(); const panels = useExpandableFlyoutState(); const [activeVisualizationId, setActiveVisualizationId] = useState( @@ -124,7 +123,6 @@ export const VisualizeTab = memo(() => { const { hasGraphRepresentation } = useGraphPreview({ getFieldsData, ecsData: dataAsNestedObject, - dataFormattedForFieldBrowser, }); const isGraphFeatureEnabled = useIsExperimentalFeatureEnabled( diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.test.tsx index 9965c5300e71f..c805f2a3c67a7 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.test.tsx @@ -86,7 +86,6 @@ describe('', () => { timestamp, eventIds: [], hasGraphRepresentation: true, - isAlert: true, }); const { getByTestId, queryByTestId, findByTestId } = renderGraphPreview(); @@ -112,109 +111,7 @@ describe('', () => { expect(mockUseFetchGraphData.mock.calls[0][0]).toEqual({ req: { query: { - originEventIds: [], - start: `${timestamp}||-30m`, - end: `${timestamp}||+30m`, - }, - }, - options: { - enabled: true, - refetchOnWindowFocus: false, - }, - }); - }); - - it('should render component for alert', async () => { - mockUseFetchGraphData.mockReturnValue({ - isLoading: false, - isError: false, - data: { nodes: DEFAULT_NODES, edges: [] }, - }); - - const timestamp = new Date().toISOString(); - - (useGraphPreview as jest.Mock).mockReturnValue({ - timestamp, - eventIds: ['eventId'], - isAlert: true, - hasGraphRepresentation: true, - }); - - const { getByTestId, queryByTestId, findByTestId } = renderGraphPreview(); - - // Using findByTestId to wait for the component to be rendered because it is a lazy loaded component - expect(await findByTestId(GRAPH_PREVIEW_TEST_ID)).toBeInTheDocument(); - expect( - getByTestId(EXPANDABLE_PANEL_HEADER_TITLE_LINK_TEST_ID(GRAPH_PREVIEW_TEST_ID)) - ).toBeInTheDocument(); - expect( - queryByTestId(EXPANDABLE_PANEL_TOGGLE_ICON_TEST_ID(GRAPH_PREVIEW_TEST_ID)) - ).not.toBeInTheDocument(); - expect( - getByTestId(EXPANDABLE_PANEL_HEADER_TITLE_ICON_TEST_ID(GRAPH_PREVIEW_TEST_ID)) - ).toBeInTheDocument(); - expect( - getByTestId(EXPANDABLE_PANEL_CONTENT_TEST_ID(GRAPH_PREVIEW_TEST_ID)) - ).toBeInTheDocument(); - expect( - queryByTestId(EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID(GRAPH_PREVIEW_TEST_ID)) - ).not.toBeInTheDocument(); - expect(mockUseFetchGraphData).toHaveBeenCalled(); - expect(mockUseFetchGraphData.mock.calls[0][0]).toEqual({ - req: { - query: { - originEventIds: [{ id: 'eventId', isAlert: true }], - start: `${timestamp}||-30m`, - end: `${timestamp}||+30m`, - }, - }, - options: { - enabled: true, - refetchOnWindowFocus: false, - }, - }); - }); - - it('should render component for event', async () => { - mockUseFetchGraphData.mockReturnValue({ - isLoading: false, - isError: false, - data: { nodes: DEFAULT_NODES, edges: [] }, - }); - - const timestamp = new Date().toISOString(); - - (useGraphPreview as jest.Mock).mockReturnValue({ - timestamp, - eventIds: ['eventId'], - isAlert: false, - hasGraphRepresentation: true, - }); - - const { getByTestId, queryByTestId, findByTestId } = renderGraphPreview(); - - // Using findByTestId to wait for the component to be rendered because it is a lazy loaded component - expect(await findByTestId(GRAPH_PREVIEW_TEST_ID)).toBeInTheDocument(); - expect( - getByTestId(EXPANDABLE_PANEL_HEADER_TITLE_LINK_TEST_ID(GRAPH_PREVIEW_TEST_ID)) - ).toBeInTheDocument(); - expect( - queryByTestId(EXPANDABLE_PANEL_TOGGLE_ICON_TEST_ID(GRAPH_PREVIEW_TEST_ID)) - ).not.toBeInTheDocument(); - expect( - getByTestId(EXPANDABLE_PANEL_HEADER_TITLE_ICON_TEST_ID(GRAPH_PREVIEW_TEST_ID)) - ).toBeInTheDocument(); - expect( - getByTestId(EXPANDABLE_PANEL_CONTENT_TEST_ID(GRAPH_PREVIEW_TEST_ID)) - ).toBeInTheDocument(); - expect( - queryByTestId(EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID(GRAPH_PREVIEW_TEST_ID)) - ).not.toBeInTheDocument(); - expect(mockUseFetchGraphData).toHaveBeenCalled(); - expect(mockUseFetchGraphData.mock.calls[0][0]).toEqual({ - req: { - query: { - originEventIds: [{ id: 'eventId', isAlert: false }], + eventIds: [], start: `${timestamp}||-30m`, end: `${timestamp}||+30m`, }, @@ -239,7 +136,6 @@ describe('', () => { timestamp, eventIds: [], hasGraphRepresentation: true, - isAlert: true, }); const { getByTestId, queryByTestId, findByTestId } = renderGraphPreview({ @@ -268,7 +164,7 @@ describe('', () => { expect(mockUseFetchGraphData.mock.calls[0][0]).toEqual({ req: { query: { - originEventIds: [], + eventIds: [], start: `${timestamp}||-30m`, end: `${timestamp}||+30m`, }, @@ -293,7 +189,6 @@ describe('', () => { timestamp, eventIds: [], hasGraphRepresentation: true, - isAlert: true, }); const { getByTestId, queryByTestId, findByTestId } = renderGraphPreview({ @@ -322,7 +217,7 @@ describe('', () => { expect(mockUseFetchGraphData.mock.calls[0][0]).toEqual({ req: { query: { - originEventIds: [], + eventIds: [], start: `${timestamp}||-30m`, end: `${timestamp}||+30m`, }, @@ -348,7 +243,6 @@ describe('', () => { timestamp, eventIds: [], hasGraphRepresentation: true, - isAlert: true, }); const { getByTestId, queryByTestId, findByTestId } = renderGraphPreview(); @@ -374,7 +268,7 @@ describe('', () => { expect(mockUseFetchGraphData.mock.calls[0][0]).toEqual({ req: { query: { - originEventIds: [], + eventIds: [], start: `${timestamp}||-30m`, end: `${timestamp}||+30m`, }, @@ -399,7 +293,6 @@ describe('', () => { timestamp, eventIds: [], hasGraphRepresentation: false, - isAlert: true, }); const { getByTestId, queryByTestId, findByTestId } = renderGraphPreview(); @@ -427,7 +320,7 @@ describe('', () => { expect(mockUseFetchGraphData.mock.calls[0][0]).toEqual({ req: { query: { - originEventIds: [], + eventIds: [], start: `${timestamp}||-30m`, end: `${timestamp}||+30m`, }, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.tsx index b4626f93e823d..90a0218778549 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.tsx @@ -31,7 +31,6 @@ export const GraphPreviewContainer: React.FC = () => { scopeId, isPreview, isPreviewMode, - dataFormattedForFieldBrowser, } = useDocumentDetailsContext(); const [visualizationInFlyoutEnabled] = useUiSetting$( @@ -50,18 +49,16 @@ export const GraphPreviewContainer: React.FC = () => { eventIds, timestamp = new Date().toISOString(), hasGraphRepresentation, - isAlert, } = useGraphPreview({ getFieldsData, ecsData: dataAsNestedObject, - dataFormattedForFieldBrowser, }); // TODO: default start and end might not capture the original event const { isLoading, isError, data } = useFetchGraphData({ req: { query: { - originEventIds: eventIds.map((id) => ({ id, isAlert })), + eventIds, start: `${timestamp}||-30m`, end: `${timestamp}||+30m`, }, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx index dc3b1f00e0d50..6fb4d5d30b897 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx @@ -106,7 +106,6 @@ describe('', () => { }); mockUseGraphPreview.mockReturnValue({ hasGraphRepresentation: true, - eventIds: [], }); mockUseFetchGraphData.mockReturnValue({ isLoading: false, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.tsx index 467171cd49f2a..23bea1f8fecdd 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.tsx @@ -28,8 +28,7 @@ const KEY = 'visualizations'; */ export const VisualizationsSection = memo(() => { const expanded = useExpandSection({ title: KEY, defaultValue: false }); - const { dataAsNestedObject, getFieldsData, dataFormattedForFieldBrowser } = - useDocumentDetailsContext(); + const { dataAsNestedObject, getFieldsData } = useDocumentDetailsContext(); const [visualizationInFlyoutEnabled] = useUiSetting$( ENABLE_VISUALIZATIONS_IN_FLYOUT_SETTING @@ -43,7 +42,6 @@ export const VisualizationsSection = memo(() => { const { hasGraphRepresentation } = useGraphPreview({ getFieldsData, ecsData: dataAsNestedObject, - dataFormattedForFieldBrowser, }); const shouldShowGraphPreview = diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_graph_preview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_graph_preview.test.tsx index cf1ee82078395..453f897d4e188 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_graph_preview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_graph_preview.test.tsx @@ -5,18 +5,15 @@ * 2.0. */ -import type { TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common'; +import type { RenderHookResult } from '@testing-library/react'; import { renderHook } from '@testing-library/react'; -import type { UseGraphPreviewParams } from './use_graph_preview'; +import type { UseGraphPreviewParams, UseGraphPreviewResult } from './use_graph_preview'; import { useGraphPreview } from './use_graph_preview'; import type { GetFieldsData } from './use_get_fields_data'; import { mockFieldData } from '../mocks/mock_get_fields_data'; -import { mockDataFormattedForFieldBrowser } from '../mocks/mock_data_formatted_for_field_browser'; -const alertMockGetFieldsData: GetFieldsData = (field: string) => { - if (field === 'kibana.alert.uuid') { - return 'alertId'; - } else if (field === 'kibana.alert.original_event.id') { +const mockGetFieldsData: GetFieldsData = (field: string) => { + if (field === 'kibana.alert.original_event.id') { return 'eventId'; } else if (field === 'actor.entity.id') { return 'actorId'; @@ -27,36 +24,18 @@ const alertMockGetFieldsData: GetFieldsData = (field: string) => { return mockFieldData[field]; }; -const alertMockDataFormattedForFieldBrowser = mockDataFormattedForFieldBrowser; - -const eventMockGetFieldsData: GetFieldsData = (field: string) => { - if (field === 'kibana.alert.uuid') { - return; - } else if (field === 'kibana.alert.original_event.id') { - return; - } else if (field === 'event.id') { - return 'eventId'; - } else if (field === 'actor.entity.id') { - return 'actorId'; - } else if (field === 'target.entity.id') { - return 'targetId'; - } - - return mockFieldData[field]; -}; - -const eventMockDataFormattedForFieldBrowser: TimelineEventsDetailsItem[] = []; - describe('useGraphPreview', () => { + let hookResult: RenderHookResult; + it(`should return false when missing actor`, () => { const getFieldsData: GetFieldsData = (field: string) => { if (field === 'actor.entity.id') { return; } - return alertMockGetFieldsData(field); + return mockGetFieldsData(field); }; - const hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { + hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { initialProps: { getFieldsData, ecsData: { @@ -65,41 +44,37 @@ describe('useGraphPreview', () => { action: ['action'], }, }, - dataFormattedForFieldBrowser: alertMockDataFormattedForFieldBrowser, }, }); - expect(hookResult.result.current).toStrictEqual({ - hasGraphRepresentation: false, - timestamp: mockFieldData['@timestamp'][0], - eventIds: ['eventId'], - actorIds: [], - action: ['action'], - targetIds: ['targetId'], - isAlert: true, - }); + const { hasGraphRepresentation, timestamp, eventIds, actorIds, action, targetIds } = + hookResult.result.current; + expect(hasGraphRepresentation).toEqual(false); + expect(timestamp).toEqual(mockFieldData['@timestamp'][0]); + expect(eventIds).toEqual(['eventId']); + expect(actorIds).toEqual([]); + expect(targetIds).toEqual(['targetId']); + expect(action).toEqual(['action']); }); it(`should return false when missing event.action`, () => { - const hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { + hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { initialProps: { - getFieldsData: alertMockGetFieldsData, + getFieldsData: mockGetFieldsData, ecsData: { _id: 'id', }, - dataFormattedForFieldBrowser: alertMockDataFormattedForFieldBrowser, }, }); - expect(hookResult.result.current).toStrictEqual({ - hasGraphRepresentation: false, - timestamp: mockFieldData['@timestamp'][0], - eventIds: ['eventId'], - actorIds: ['actorId'], - action: undefined, - targetIds: ['targetId'], - isAlert: true, - }); + const { hasGraphRepresentation, timestamp, eventIds, actorIds, action, targetIds } = + hookResult.result.current; + expect(hasGraphRepresentation).toEqual(false); + expect(timestamp).toEqual(mockFieldData['@timestamp'][0]); + expect(eventIds).toEqual(['eventId']); + expect(actorIds).toEqual(['actorId']); + expect(targetIds).toEqual(['targetId']); + expect(action).toEqual(undefined); }); it(`should return false when missing target`, () => { @@ -107,28 +82,26 @@ describe('useGraphPreview', () => { if (field === 'target.entity.id') { return; } - return alertMockGetFieldsData(field); + return mockGetFieldsData(field); }; - const hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { + hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { initialProps: { getFieldsData, ecsData: { _id: 'id', }, - dataFormattedForFieldBrowser: alertMockDataFormattedForFieldBrowser, }, }); - expect(hookResult.result.current).toStrictEqual({ - hasGraphRepresentation: false, - timestamp: mockFieldData['@timestamp'][0], - eventIds: ['eventId'], - actorIds: ['actorId'], - action: undefined, - targetIds: [], - isAlert: true, - }); + const { hasGraphRepresentation, timestamp, eventIds, actorIds, action, targetIds } = + hookResult.result.current; + expect(hasGraphRepresentation).toEqual(false); + expect(timestamp).toEqual(mockFieldData['@timestamp'][0]); + expect(eventIds).toEqual(['eventId']); + expect(actorIds).toEqual(['actorId']); + expect(targetIds).toEqual([]); + expect(action).toEqual(undefined); }); it(`should return false when missing original_event.id`, () => { @@ -137,10 +110,10 @@ describe('useGraphPreview', () => { return; } - return alertMockGetFieldsData(field); + return mockGetFieldsData(field); }; - const hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { + hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { initialProps: { getFieldsData, ecsData: { @@ -149,19 +122,17 @@ describe('useGraphPreview', () => { action: ['action'], }, }, - dataFormattedForFieldBrowser: alertMockDataFormattedForFieldBrowser, }, }); - expect(hookResult.result.current).toStrictEqual({ - hasGraphRepresentation: false, - timestamp: mockFieldData['@timestamp'][0], - eventIds: [], - actorIds: ['actorId'], - action: ['action'], - targetIds: ['targetId'], - isAlert: true, - }); + const { hasGraphRepresentation, timestamp, eventIds, actorIds, action, targetIds } = + hookResult.result.current; + expect(hasGraphRepresentation).toEqual(false); + expect(timestamp).toEqual(mockFieldData['@timestamp'][0]); + expect(eventIds).toEqual([]); + expect(actorIds).toEqual(['actorId']); + expect(targetIds).toEqual(['targetId']); + expect(action).toEqual(['action']); }); it(`should return false when timestamp is missing`, () => { @@ -170,10 +141,10 @@ describe('useGraphPreview', () => { return; } - return alertMockGetFieldsData(field); + return mockGetFieldsData(field); }; - const hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { + hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { initialProps: { getFieldsData, ecsData: { @@ -182,117 +153,45 @@ describe('useGraphPreview', () => { action: ['action'], }, }, - dataFormattedForFieldBrowser: alertMockDataFormattedForFieldBrowser, }, }); - expect(hookResult.result.current).toStrictEqual({ - hasGraphRepresentation: false, - timestamp: null, - eventIds: ['eventId'], - actorIds: ['actorId'], - action: ['action'], - targetIds: ['targetId'], - isAlert: true, - }); + const { hasGraphRepresentation, timestamp, eventIds, actorIds, action, targetIds } = + hookResult.result.current; + expect(hasGraphRepresentation).toEqual(false); + expect(timestamp).toEqual(null); + expect(eventIds).toEqual(['eventId']); + expect(actorIds).toEqual(['actorId']); + expect(targetIds).toEqual(['targetId']); + expect(action).toEqual(['action']); }); - it(`should return true when event has graph graph preview`, () => { - const hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { + it(`should return true when alert is has graph preview`, () => { + hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { initialProps: { - getFieldsData: eventMockGetFieldsData, + getFieldsData: mockGetFieldsData, ecsData: { _id: 'id', event: { action: ['action'], }, }, - dataFormattedForFieldBrowser: eventMockDataFormattedForFieldBrowser, }, }); - expect(hookResult.result.current).toStrictEqual({ - hasGraphRepresentation: true, - timestamp: mockFieldData['@timestamp'][0], - eventIds: ['eventId'], - actorIds: ['actorId'], - action: ['action'], - targetIds: ['targetId'], - isAlert: false, - }); + const { hasGraphRepresentation, timestamp, eventIds, actorIds, action, targetIds } = + hookResult.result.current; + expect(hasGraphRepresentation).toEqual(true); + expect(timestamp).toEqual(mockFieldData['@timestamp'][0]); + expect(eventIds).toEqual(['eventId']); + expect(actorIds).toEqual(['actorId']); + expect(targetIds).toEqual(['targetId']); + expect(action).toEqual(['action']); }); - it(`should return true when event has graph preview with multiple values`, () => { + it(`should return true when alert is has graph preview with multiple values`, () => { const getFieldsData: GetFieldsData = (field: string) => { - if (field === 'kibana.alert.uuid') { - return; - } else if (field === 'kibana.alert.original_event.id') { - return; - } else if (field === 'event.id') { - return ['id1', 'id2']; - } else if (field === 'actor.entity.id') { - return ['actorId1', 'actorId2']; - } else if (field === 'target.entity.id') { - return ['targetId1', 'targetId2']; - } - - return mockFieldData[field]; - }; - - const hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { - initialProps: { - getFieldsData, - ecsData: { - _id: 'id', - event: { - action: ['action1', 'action2'], - }, - }, - dataFormattedForFieldBrowser: eventMockDataFormattedForFieldBrowser, - }, - }); - - expect(hookResult.result.current).toStrictEqual({ - hasGraphRepresentation: true, - timestamp: mockFieldData['@timestamp'][0], - eventIds: ['id1', 'id2'], - actorIds: ['actorId1', 'actorId2'], - action: ['action1', 'action2'], - targetIds: ['targetId1', 'targetId2'], - isAlert: false, - }); - }); - - it(`should return true when alert has graph preview`, () => { - const hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { - initialProps: { - getFieldsData: alertMockGetFieldsData, - ecsData: { - _id: 'id', - event: { - action: ['action'], - }, - }, - dataFormattedForFieldBrowser: alertMockDataFormattedForFieldBrowser, - }, - }); - - expect(hookResult.result.current).toStrictEqual({ - hasGraphRepresentation: true, - timestamp: mockFieldData['@timestamp'][0], - eventIds: ['eventId'], - actorIds: ['actorId'], - action: ['action'], - targetIds: ['targetId'], - isAlert: true, - }); - }); - - it(`should return true when alert has graph preview with multiple values`, () => { - const getFieldsData: GetFieldsData = (field: string) => { - if (field === 'kibana.alert.uuid') { - return 'alertId'; - } else if (field === 'kibana.alert.original_event.id') { + if (field === 'kibana.alert.original_event.id') { return ['id1', 'id2']; } else if (field === 'actor.entity.id') { return ['actorId1', 'actorId2']; @@ -303,7 +202,7 @@ describe('useGraphPreview', () => { return mockFieldData[field]; }; - const hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { + hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), { initialProps: { getFieldsData, ecsData: { @@ -312,18 +211,16 @@ describe('useGraphPreview', () => { action: ['action1', 'action2'], }, }, - dataFormattedForFieldBrowser: alertMockDataFormattedForFieldBrowser, }, }); - expect(hookResult.result.current).toStrictEqual({ - hasGraphRepresentation: true, - timestamp: mockFieldData['@timestamp'][0], - eventIds: ['id1', 'id2'], - actorIds: ['actorId1', 'actorId2'], - action: ['action1', 'action2'], - targetIds: ['targetId1', 'targetId2'], - isAlert: true, - }); + const { hasGraphRepresentation, timestamp, eventIds, actorIds, action, targetIds } = + hookResult.result.current; + expect(hasGraphRepresentation).toEqual(true); + expect(timestamp).toEqual(mockFieldData['@timestamp'][0]); + expect(eventIds).toEqual(['id1', 'id2']); + expect(actorIds).toEqual(['actorId1', 'actorId2']); + expect(action).toEqual(['action1', 'action2']); + expect(targetIds).toEqual(['targetId1', 'targetId2']); }); }); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_graph_preview.ts b/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_graph_preview.ts index 8f05b87844fb2..48233afab02df 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_graph_preview.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_graph_preview.ts @@ -5,12 +5,10 @@ * 2.0. */ -import type { TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common'; import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; import { get } from 'lodash/fp'; import type { GetFieldsData } from './use_get_fields_data'; import { getField, getFieldArray } from '../utils'; -import { useBasicDataFromDetailsData } from './use_basic_data_from_details_data'; export interface UseGraphPreviewParams { /** @@ -22,11 +20,6 @@ export interface UseGraphPreviewParams { * An object with top level fields from the ECS object */ ecsData: Ecs; - - /** - * An array of field objects with category and value - */ - dataFormattedForFieldBrowser: TimelineEventsDetailsItem[]; } /** * Interface for the result of the useGraphPreview hook @@ -61,11 +54,6 @@ export interface UseGraphPreviewResult { * Boolean indicating if the event is has a graph representation (contains event ids, actor ids and action) */ hasGraphRepresentation: boolean; - - /** - * Boolean indicating if the event is an alert or not - */ - isAlert: boolean; } /** @@ -74,7 +62,6 @@ export interface UseGraphPreviewResult { export const useGraphPreview = ({ getFieldsData, ecsData, - dataFormattedForFieldBrowser, }: UseGraphPreviewParams): UseGraphPreviewResult => { const timestamp = getField(getFieldsData('@timestamp')); const originalEventId = getFieldsData('kibana.alert.original_event.id'); @@ -90,7 +77,6 @@ export const useGraphPreview = ({ actorIds.length > 0 && eventIds.length > 0 && targetIds.length > 0; - const { isAlert } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser); - return { timestamp, eventIds, actorIds, action, targetIds, hasGraphRepresentation, isAlert }; + return { timestamp, eventIds, actorIds, action, targetIds, hasGraphRepresentation }; }; diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/graph.ts b/x-pack/test/api_integration/apis/cloud_security_posture/graph.ts index 4823c500a3588..4ff483bff343d 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/graph.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/graph.ts @@ -40,7 +40,7 @@ export default function (providerContext: FtrProviderContext) { it('should return 404 when feature flag is not toggled', async () => { await postGraph(supertest, { query: { - originEventIds: [], + eventIds: [], start: 'now-1d/d', end: 'now/d', }, diff --git a/x-pack/test/cloud_security_posture_api/config.ts b/x-pack/test/cloud_security_posture_api/config.ts index 212abc50fc9ae..4e0ecd1f26e43 100644 --- a/x-pack/test/cloud_security_posture_api/config.ts +++ b/x-pack/test/cloud_security_posture_api/config.ts @@ -5,7 +5,7 @@ * 2.0. */ import { resolve } from 'path'; -import { getKibanaCliLoggers, type FtrConfigProviderContext } from '@kbn/test'; +import type { FtrConfigProviderContext } from '@kbn/test'; import { CLOUD_SECURITY_PLUGIN_VERSION } from '@kbn/cloud-security-posture-plugin/common/constants'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { @@ -21,14 +21,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...xPackAPITestsConfig.get('kbnTestServer'), serverArgs: [ ...xPackAPITestsConfig.get('kbnTestServer.serverArgs'), - `--logging.loggers=${JSON.stringify([ - ...getKibanaCliLoggers(xPackAPITestsConfig.get('kbnTestServer.serverArgs')), - { - name: 'plugins.cloudSecurityPosture', - level: 'all', - appenders: ['default'], - }, - ])}`, /** * Package version is fixed (not latest) so FTR won't suddenly break when package is changed. * diff --git a/x-pack/test/cloud_security_posture_api/routes/graph.ts b/x-pack/test/cloud_security_posture_api/routes/graph.ts index e2be81a7d40e5..08adf73839ea2 100644 --- a/x-pack/test/cloud_security_posture_api/routes/graph.ts +++ b/x-pack/test/cloud_security_posture_api/routes/graph.ts @@ -48,7 +48,7 @@ export default function (providerContext: FtrProviderContext) { supertestWithoutAuth, { query: { - originEventIds: [], + eventIds: [], start: 'now-1d/d', end: 'now/d', }, @@ -88,7 +88,7 @@ export default function (providerContext: FtrProviderContext) { it('should return 400 when missing `esQuery` field is not of type bool', async () => { await postGraph(supertest, { query: { - originEventIds: [], + eventIds: [], start: 'now-1d/d', end: 'now/d', esQuery: { @@ -102,7 +102,7 @@ export default function (providerContext: FtrProviderContext) { it('should return 400 with unsupported `esQuery`', async () => { await postGraph(supertest, { query: { - originEventIds: [], + eventIds: [], start: 'now-1d/d', end: 'now/d', esQuery: { @@ -122,7 +122,7 @@ export default function (providerContext: FtrProviderContext) { it('should return an empty graph / should return 200 when missing `esQuery` field', async () => { const response = await postGraph(supertest, { query: { - originEventIds: [], + eventIds: [], start: 'now-1d/d', end: 'now/d', }, @@ -136,7 +136,7 @@ export default function (providerContext: FtrProviderContext) { it('should return a graph with nodes and edges by actor', async () => { const response = await postGraph(supertest, { query: { - originEventIds: [], + eventIds: [], start: '2024-09-01T00:00:00Z', end: '2024-09-02T00:00:00Z', esQuery: { @@ -177,7 +177,7 @@ export default function (providerContext: FtrProviderContext) { it('should return a graph with nodes and edges by alert', async () => { const response = await postGraph(supertest, { query: { - originEventIds: [{ id: 'kabcd1234efgh5678', isAlert: true }], + eventIds: ['kabcd1234efgh5678'], start: '2024-09-01T00:00:00Z', end: '2024-09-02T00:00:00Z', }, @@ -204,40 +204,10 @@ export default function (providerContext: FtrProviderContext) { }); }); - it('should return a graph with nodes and edges by origin event', async () => { - const response = await postGraph(supertest, { - query: { - originEventIds: [{ id: 'kabcd1234efgh5678', isAlert: false }], - start: '2024-09-01T00:00:00Z', - end: '2024-09-02T00:00:00Z', - }, - }).expect(result(200)); - - expect(response.body).to.have.property('nodes').length(3); - expect(response.body).to.have.property('edges').length(2); - expect(response.body).not.to.have.property('messages'); - - response.body.nodes.forEach((node: any) => { - expect(node).to.have.property('color'); - expect(node.color).equal( - 'primary', - `node color mismatched [node: ${node.id}] [actual: ${node.color}]` - ); - }); - - response.body.edges.forEach((edge: any) => { - expect(edge).to.have.property('color'); - expect(edge.color).equal( - 'primary', - `edge color mismatched [edge: ${edge.id}] [actual: ${edge.color}]` - ); - }); - }); - it('color of alert of failed event should be danger', async () => { const response = await postGraph(supertest, { query: { - originEventIds: [{ id: 'failed-event', isAlert: true }], + eventIds: ['failed-event'], start: '2024-09-01T00:00:00Z', end: '2024-09-02T00:00:00Z', }, @@ -267,7 +237,7 @@ export default function (providerContext: FtrProviderContext) { it('color of event of failed event should be warning', async () => { const response = await postGraph(supertest, { query: { - originEventIds: [], + eventIds: [], start: '2024-09-01T00:00:00Z', end: '2024-09-02T00:00:00Z', esQuery: { @@ -309,7 +279,7 @@ export default function (providerContext: FtrProviderContext) { it('2 grouped events, 1 failed, 1 success', async () => { const response = await postGraph(supertest, { query: { - originEventIds: [], + eventIds: [], start: '2024-09-01T00:00:00Z', end: '2024-09-02T00:00:00Z', esQuery: { @@ -357,10 +327,7 @@ export default function (providerContext: FtrProviderContext) { it('should support more than 1 eventIds', async () => { const response = await postGraph(supertest, { query: { - originEventIds: [ - { id: 'kabcd1234efgh5678', isAlert: true }, - { id: 'failed-event', isAlert: true }, - ], + eventIds: ['kabcd1234efgh5678', 'failed-event'], start: '2024-09-01T00:00:00Z', end: '2024-09-02T00:00:00Z', }, @@ -390,7 +357,7 @@ export default function (providerContext: FtrProviderContext) { it('should return a graph with nodes and edges by alert and actor', async () => { const response = await postGraph(supertest, { query: { - originEventIds: [{ id: 'kabcd1234efgh5678', isAlert: true }], + eventIds: ['kabcd1234efgh5678'], start: '2024-09-01T00:00:00Z', end: '2024-09-02T00:00:00Z', esQuery: { @@ -435,7 +402,7 @@ export default function (providerContext: FtrProviderContext) { it('should filter unknown targets', async () => { const response = await postGraph(supertest, { query: { - originEventIds: [], + eventIds: [], start: '2024-09-01T00:00:00Z', end: '2024-09-02T00:00:00Z', esQuery: { @@ -461,7 +428,7 @@ export default function (providerContext: FtrProviderContext) { const response = await postGraph(supertest, { showUnknownTarget: true, query: { - originEventIds: [], + eventIds: [], start: '2024-09-01T00:00:00Z', end: '2024-09-02T00:00:00Z', esQuery: { @@ -487,7 +454,7 @@ export default function (providerContext: FtrProviderContext) { const response = await postGraph(supertest, { nodesLimit: 1, query: { - originEventIds: [], + eventIds: [], start: '2024-09-01T00:00:00Z', end: '2024-09-02T00:00:00Z', esQuery: { @@ -513,7 +480,7 @@ export default function (providerContext: FtrProviderContext) { it('should support date math', async () => { const response = await postGraph(supertest, { query: { - originEventIds: [{ id: 'kabcd1234efgh5678', isAlert: true }], + eventIds: ['kabcd1234efgh5678'], start: '2024-09-01T12:30:00.000Z||-30m', end: '2024-09-01T12:30:00.000Z||+30m', }, diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/graph.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/graph.ts index 2cbe40e945492..aaccdd0e9a41c 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/graph.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/graph.ts @@ -49,7 +49,7 @@ export default function ({ getService }: FtrProviderContext) { it('should return an empty graph', async () => { const response = await postGraph(supertestViewer, { query: { - originEventIds: [], + eventIds: [], start: 'now-1d/d', end: 'now/d', }, @@ -63,7 +63,7 @@ export default function ({ getService }: FtrProviderContext) { it('should return a graph with nodes and edges by actor', async () => { const response = await postGraph(supertestViewer, { query: { - originEventIds: [], + eventIds: [], start: '2024-09-01T00:00:00Z', end: '2024-09-02T00:00:00Z', esQuery: {