[Security Solution] Options to select index patterns (elastic#77192)

* init commit

* lots of cleanup

* starting on tests... problems

* Ready for review

* remove sample data

* remove comment and fix type

* pr changes

* fix type

* scratchy

* sourcerer in timeline

* sourcerer in timeline

* wip

* moving to redux

* working on types

* fixed

* more adjustments, tests fixed

* FF off

* pr ready

* renaming

* url state working, hoc not working

* url state working for timeline and default scope

* script to build fields for beat doc

* refactor sourcerer

* refactor host to useSourcerer

* refactor network to useSourcerer

* refactor overview  to useSourcerer

* refactor detections to useSourcerer

* wip for timelines to remove all useSource

* wip indexes timeline

* do component tests

* start container tests

* start container tests

* update selection widget of index patterns + remove last useWithSource

* add indexeNames in network kpi

* fix type errors

* fix type

* missing merge master

* get existing index from config file

* fixing broken tests

* add saving button to avoid to many queries to be aborted

* reducer timeline tests broke

* need to rewind

* much better

* timeline saving index names + clean up url state to only manage default

* more test fixing

* more test changes

* remove all the useWithSource + deprecated the graphql until we delete it in a new PR + delete all the beat doc

* default timeline to all index when creation + filter index patterns to make sure you do not add one who we do not know

* fix types

* test for stateful timeline render

* we should not have change that

* no chnages + snapshot

* fix test + bugs from review

* fix uncommon processes indexNames

* review III

* change design for main page of the sourcerer from design

* bug fixes when opening old timeline + implementation of new design

* fix circular deps

* remove unused attributes for event details

* design cleanup

* fix api integration test with the new search strategy

* add reset + manage accordion state

* fix bugs + types issues

* cleanup

* update docs

* review -> remove tooltip when popover is open

* cypress fixing

* fix for ml_condition_links and url_state cypress tests

* add cy wait for race condition in pagination tests

* missing plumbing kpi host

Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
Co-authored-by: Patryk Kopycinski <contact@patrykkopycinski.com>

Author: 3 people

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.indexpatternsservice.getidswithtitle.md

@@ -0,0 +1,16 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) &gt; [IndexPatternsService](./kibana-plugin-plugins-data-public.indexpatternsservice.md) &gt; [getIdsWithTitle](./kibana-plugin-plugins-data-public.indexpatternsservice.getidswithtitle.md)
+
+## IndexPatternsService.getIdsWithTitle property
+
+Get list of index pattern ids with titles
+
+<b>Signature:</b>
+
+```typescript
+getIdsWithTitle: (refresh?: boolean) => Promise<Array<{
+        id: string;
+        title: string;
+    }>>;
+```

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.indexpatternsservice.md

@@ -29,6 +29,7 @@ export declare class IndexPatternsService
 |  [getFieldsForIndexPattern](./kibana-plugin-plugins-data-public.indexpatternsservice.getfieldsforindexpattern.md) |  | <code>(indexPattern: IndexPattern &#124; IndexPatternSpec, options?: GetFieldsOptions) =&gt; Promise&lt;any&gt;</code> | Get field list by providing an index patttern (or spec) |
 |  [getFieldsForWildcard](./kibana-plugin-plugins-data-public.indexpatternsservice.getfieldsforwildcard.md) |  | <code>(options?: GetFieldsOptions) =&gt; Promise&lt;any&gt;</code> | Get field list by providing { pattern } |
 |  [getIds](./kibana-plugin-plugins-data-public.indexpatternsservice.getids.md) |  | <code>(refresh?: boolean) =&gt; Promise&lt;string[]&gt;</code> | Get list of index pattern ids |
+|  [getIdsWithTitle](./kibana-plugin-plugins-data-public.indexpatternsservice.getidswithtitle.md) |  | <code>(refresh?: boolean) =&gt; Promise&lt;Array&lt;{</code><br/><code>        id: string;</code><br/><code>        title: string;</code><br/><code>    }&gt;&gt;</code> | Get list of index pattern ids with titles |
 |  [getTitles](./kibana-plugin-plugins-data-public.indexpatternsservice.gettitles.md) |  | <code>(refresh?: boolean) =&gt; Promise&lt;string[]&gt;</code> | Get list of index pattern titles |
 |  [refreshFields](./kibana-plugin-plugins-data-public.indexpatternsservice.refreshfields.md) |  | <code>(indexPattern: IndexPattern) =&gt; Promise&lt;void&gt;</code> | Refresh field list for a given index pattern |
 |  [savedObjectToSpec](./kibana-plugin-plugins-data-public.indexpatternsservice.savedobjecttospec.md) |  | <code>(savedObject: SavedObject&lt;IndexPatternAttributes&gt;) =&gt; IndexPatternSpec</code> | Converts index pattern saved object to index pattern spec |

src/plugins/data/common/index_patterns/index_patterns/index_patterns.ts

@@ -138,6 +138,25 @@ export class IndexPatternsService {
     return this.savedObjectsCache.map((obj) => obj?.attributes?.title);
   };
 
+  /**
+   * Get list of index pattern ids with titles
+   * @param refresh Force refresh of index pattern list
+   */
+  getIdsWithTitle = async (
+    refresh: boolean = false
+  ): Promise<Array<{ id: string; title: string }>> => {
+    if (!this.savedObjectsCache || refresh) {
+      await this.refreshSavedObjectsCache();
+    }
+    if (!this.savedObjectsCache) {
+      return [];
+    }
+    return this.savedObjectsCache.map((obj) => ({
+      id: obj?.id,
+      title: obj?.attributes?.title,
+    }));
+  };
+
   /**
    * Clear index pattern list cache
    * @param id optionally clear a single id

src/plugins/data/public/public.api.md

@@ -1387,6 +1387,10 @@ export class IndexPatternsService {
     // Warning: (ae-forgotten-export) The symbol "GetFieldsOptions" needs to be exported by the entry point index.d.ts
     getFieldsForWildcard: (options?: GetFieldsOptions) => Promise<any>;
     getIds: (refresh?: boolean) => Promise<string[]>;
+    getIdsWithTitle: (refresh?: boolean) => Promise<Array<{
+        id: string;
+        title: string;
+    }>>;
     getTitles: (refresh?: boolean) => Promise<string[]>;
     // (undocumented)
     migrate(indexPattern: IndexPattern, newTitle: string): Promise<this>;

x-pack/plugins/security_solution/common/constants.ts

@@ -11,7 +11,6 @@ export const APP_ICON = 'securityAnalyticsApp';
 export const APP_ICON_SOLUTION = 'logoSecurity';
 export const APP_PATH = `/app/security`;
 export const ADD_DATA_PATH = `/app/home#/tutorial_directory/security`;
-export const ADD_INDEX_PATH = `/app/management/kibana/indexPatterns/create`;
 export const DEFAULT_BYTES_FORMAT = 'format:bytes:defaultPattern';
 export const DEFAULT_DATE_FORMAT = 'dateFormat';
 export const DEFAULT_DATE_FORMAT_TZ = 'dateFormat:tz';
@@ -58,6 +57,8 @@ export const APP_TIMELINES_PATH = `${APP_PATH}/timelines`;
 export const APP_CASES_PATH = `${APP_PATH}/cases`;
 export const APP_MANAGEMENT_PATH = `${APP_PATH}/administration`;
 
+export const DETECTIONS_SUB_PLUGIN_ID = `${APP_ID}:${SecurityPageName.detections}`;
+
 /** The comma-delimited list of Elasticsearch indices from which the SIEM app collects events */
 export const DEFAULT_INDEX_PATTERN = [
   'apm-*-transaction*',

x-pack/plugins/security_solution/common/search_strategy/common/index.ts

@@ -71,7 +71,7 @@ export interface PaginationInputPaginated {
 
 export interface DocValueFields {
   field: string;
-  format: string;
+  format?: string | null;
 }
 
 export interface Explanation {

x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts

@@ -0,0 +1,81 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { IIndexPattern } from 'src/plugins/data/public';
+import {
+  IEsSearchRequest,
+  IEsSearchResponse,
+  IFieldSubType,
+} from '../../../../../../src/plugins/data/common';
+import { DocValueFields, Maybe } from '../common';
+
+export type BeatFieldsFactoryQueryType = 'beatFields';
+
+interface FieldInfo {
+  category: string;
+  description?: string;
+  example?: string | number;
+  format?: string;
+  name: string;
+  type?: string;
+}
+
+export interface IndexField {
+  /** Where the field belong */
+  category: string;
+  /** Example of field's value */
+  example?: Maybe<string | number>;
+  /** whether the field's belong to an alias index */
+  indexes: Array<Maybe<string>>;
+  /** The name of the field */
+  name: string;
+  /** The type of the field's values as recognized by Kibana */
+  type: string;
+  /** Whether the field's values can be efficiently searched for */
+  searchable: boolean;
+  /** Whether the field's values can be aggregated */
+  aggregatable: boolean;
+  /** Description of the field */
+  description?: Maybe<string>;
+  format?: Maybe<string>;
+  /** the elastic type as mapped in the index */
+  esTypes?: string[];
+  subType?: IFieldSubType;
+  readFromDocValues: boolean;
+}
+
+export type BeatFields = Record<string, FieldInfo>;
+
+export interface IndexFieldsStrategyRequest extends IEsSearchRequest {
+  indices: string[];
+  onlyCheckIfIndicesExist: boolean;
+}
+
+export interface IndexFieldsStrategyResponse extends IEsSearchResponse {
+  indexFields: IndexField[];
+  indicesExist: string[];
+}
+
+export interface BrowserField {
+  aggregatable: boolean;
+  category: string;
+  description: string | null;
+  example: string | number | null;
+  fields: Readonly<Record<string, Partial<BrowserField>>>;
+  format: string;
+  indexes: string[];
+  name: string;
+  searchable: boolean;
+  type: string;
+}
+
+export type BrowserFields = Readonly<Record<string, Partial<BrowserField>>>;
+
+export const EMPTY_BROWSER_FIELDS = {};
+export const EMPTY_DOCVALUE_FIELD: DocValueFields[] = [];
+export const EMPTY_INDEX_PATTERN: IIndexPattern = {
+  fields: [],
+  title: '',
+};

x-pack/plugins/security_solution/common/search_strategy/timeline/events/details/index.ts

@@ -22,7 +22,6 @@ export interface TimelineEventsDetailsStrategyResponse extends IEsSearchResponse
 
 export interface TimelineEventsDetailsRequestOptions
   extends Partial<TimelineRequestOptionsPaginated> {
-  defaultIndex: string[];
   indexName: string;
   eventId: string;
 }

x-pack/plugins/security_solution/common/types/timeline/index.ts

@@ -239,6 +239,7 @@ export const SavedTimelineRuntimeType = runtimeTypes.partial({
   excludedRowRendererIds: unionWithNullType(runtimeTypes.array(RowRendererIdRuntimeType)),
   favorite: unionWithNullType(runtimeTypes.array(SavedFavoriteRuntimeType)),
   filters: unionWithNullType(runtimeTypes.array(SavedFilterRuntimeType)),
+  indexNames: unionWithNullType(runtimeTypes.array(runtimeTypes.string)),
   kqlMode: unionWithNullType(runtimeTypes.string),
   kqlQuery: unionWithNullType(SavedFilterQueryQueryRuntimeType),
   title: unionWithNullType(runtimeTypes.string),
@@ -398,3 +399,5 @@ export const importTimelineResultSchema = runtimeTypes.exact(
 );
 
 export type ImportTimelineResultSchema = runtimeTypes.TypeOf<typeof importTimelineResultSchema>;
+
+export type TimelineEventsType = 'all' | 'raw' | 'alert' | 'signal' | 'custom';