"use strict"; var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault"); Object.defineProperty(exports, "__esModule", { value: true }); exports.PrevalenceDetails = exports.PREVALENCE_TAB_ID = void 0; var _datemath = _interopRequireDefault(require("@elastic/datemath")); var _react = _interopRequireWildcard(require("react")); var _eui = require("@elastic/eui"); var _i18nReact = require("@kbn/i18n-react"); var _formatted_number = require("../../../common/components/formatted_number"); var _use_license = require("../../../common/hooks/use_license"); var _investigate_in_timeline_button = require("../../../common/components/event_details/table/investigate_in_timeline_button"); var _use_prevalence = require("../../shared/hooks/use_prevalence"); var _translations = require("../../shared/translations"); var _translations2 = require("./translations"); var _test_ids = require("./test_ids"); var _context = require("../context"); var _use_action_cell_data_provider = require("../../../common/components/event_details/table/use_action_cell_data_provider"); var _empty_value = require("../../../common/components/empty_value"); var _types = require("../../../../common/types"); function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); } function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; } /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ const PREVALENCE_TAB_ID = 'prevalence-details'; exports.PREVALENCE_TAB_ID = PREVALENCE_TAB_ID; const DEFAULT_FROM = 'now-30d'; const DEFAULT_TO = 'now'; const columns = [{ field: 'field', name: _translations2.PREVALENCE_TABLE_FIELD_COLUMN_TITLE, 'data-test-subj': _test_ids.PREVALENCE_DETAILS_TABLE_FIELD_CELL_TEST_ID, render: field => /*#__PURE__*/_react.default.createElement(_eui.EuiText, { size: "xs" }, field), width: '20%' }, { field: 'values', name: _translations2.PREVALENCE_TABLE_VALUE_COLUMN_TITLE, 'data-test-subj': _test_ids.PREVALENCE_DETAILS_TABLE_VALUE_CELL_TEST_ID, render: values => /*#__PURE__*/_react.default.createElement(_eui.EuiFlexGroup, { direction: "column", gutterSize: "none" }, values.map(value => /*#__PURE__*/_react.default.createElement(_eui.EuiFlexItem, { key: value }, /*#__PURE__*/_react.default.createElement(_eui.EuiText, { size: "xs" }, value)))), width: '20%' }, { name: /*#__PURE__*/_react.default.createElement(_eui.EuiToolTip, { content: _translations2.PREVALENCE_TABLE_ALERT_COUNT_COLUMN_TITLE_TOOLTIP }, /*#__PURE__*/_react.default.createElement(_eui.EuiFlexGroup, { direction: "column", gutterSize: "none" }, /*#__PURE__*/_react.default.createElement(_eui.EuiFlexItem, null, _translations2.PREVALENCE_TABLE_ALERT_COUNT_COLUMN_TITLE), /*#__PURE__*/_react.default.createElement(_eui.EuiFlexItem, null, _translations2.PREVALENCE_TABLE_COUNT_COLUMN_TITLE))), 'data-test-subj': _test_ids.PREVALENCE_DETAILS_TABLE_ALERT_COUNT_CELL_TEST_ID, render: data => { const dataProviders = data.values.map(value => (0, _use_action_cell_data_provider.getDataProvider)(data.field, `timeline-indicator-${data.field}-${value}`, value)); return data.alertCount > 0 ? /*#__PURE__*/_react.default.createElement(_investigate_in_timeline_button.InvestigateInTimelineButton, { asEmptyButton: true, dataProviders: dataProviders, filters: [], timeRange: { kind: 'absolute', from: data.from, to: data.to } }, /*#__PURE__*/_react.default.createElement(_formatted_number.FormattedCount, { count: data.alertCount })) : (0, _empty_value.getEmptyTagValue)(); }, width: '10%' }, { name: /*#__PURE__*/_react.default.createElement(_eui.EuiToolTip, { content: _translations2.PREVALENCE_TABLE_DOC_COUNT_COLUMN_TITLE_TOOLTIP }, /*#__PURE__*/_react.default.createElement(_eui.EuiFlexGroup, { direction: "column", gutterSize: "none" }, /*#__PURE__*/_react.default.createElement(_eui.EuiFlexItem, null, _translations2.PREVALENCE_TABLE_DOC_COUNT_COLUMN_TITLE), /*#__PURE__*/_react.default.createElement(_eui.EuiFlexItem, null, _translations2.PREVALENCE_TABLE_COUNT_COLUMN_TITLE))), 'data-test-subj': _test_ids.PREVALENCE_DETAILS_TABLE_DOC_COUNT_CELL_TEST_ID, render: data => { const dataProviders = data.values.map(value => ({ ...(0, _use_action_cell_data_provider.getDataProvider)(data.field, `timeline-indicator-${data.field}-${value}`, value), and: [(0, _use_action_cell_data_provider.getDataProviderAnd)('event.kind', `timeline-indicator-event.kind-not-signal`, 'signal', _types.IS_OPERATOR, true)] })); return data.docCount > 0 ? /*#__PURE__*/_react.default.createElement(_investigate_in_timeline_button.InvestigateInTimelineButton, { asEmptyButton: true, dataProviders: dataProviders, filters: [], timeRange: { kind: 'absolute', from: data.from, to: data.to }, keepDataView: true // changing dataview from only detections to include non-alerts docs }, /*#__PURE__*/_react.default.createElement(_formatted_number.FormattedCount, { count: data.docCount })) : (0, _empty_value.getEmptyTagValue)(); }, width: '10%' }, { field: 'hostPrevalence', name: /*#__PURE__*/_react.default.createElement(_eui.EuiToolTip, { content: _translations2.HOST_PREVALENCE_COLUMN_TITLE_TOOLTIP }, /*#__PURE__*/_react.default.createElement(_eui.EuiFlexGroup, { direction: "column", gutterSize: "none" }, /*#__PURE__*/_react.default.createElement(_eui.EuiFlexItem, null, _translations2.HOST_TITLE), /*#__PURE__*/_react.default.createElement(_eui.EuiFlexItem, null, _translations2.PREVALENCE_TABLE_PREVALENCE_COLUMN_TITLE))), 'data-test-subj': _test_ids.PREVALENCE_DETAILS_TABLE_HOST_PREVALENCE_CELL_TEST_ID, render: hostPrevalence => /*#__PURE__*/_react.default.createElement(_eui.EuiText, { size: "xs" }, `${Math.round(hostPrevalence * 100)}%`), width: '10%' }, { field: 'userPrevalence', name: /*#__PURE__*/_react.default.createElement(_eui.EuiToolTip, { content: _translations2.USER_PREVALENCE_COLUMN_TITLE_TOOLTIP }, /*#__PURE__*/_react.default.createElement(_eui.EuiFlexGroup, { direction: "column", gutterSize: "none" }, /*#__PURE__*/_react.default.createElement(_eui.EuiFlexItem, null, _translations2.USER_TITLE), /*#__PURE__*/_react.default.createElement(_eui.EuiFlexItem, null, _translations2.PREVALENCE_TABLE_PREVALENCE_COLUMN_TITLE))), 'data-test-subj': _test_ids.PREVALENCE_DETAILS_TABLE_USER_PREVALENCE_CELL_TEST_ID, render: userPrevalence => /*#__PURE__*/_react.default.createElement(_eui.EuiText, { size: "xs" }, `${Math.round(userPrevalence * 100)}%`), width: '10%' }]; /** * Prevalence table displayed in the document details expandable flyout left section under the Insights tab */ const PrevalenceDetails = () => { const { browserFields, dataFormattedForFieldBrowser, eventId, investigationFields } = (0, _context.useLeftPanelContext)(); const isPlatinumPlus = (0, _use_license.useLicense)().isPlatinumPlus(); // these two are used by the usePrevalence hook to fetch the data const [start, setStart] = (0, _react.useState)(DEFAULT_FROM); const [end, setEnd] = (0, _react.useState)(DEFAULT_TO); // these two are used to pass to timeline const [absoluteStart, setAbsoluteStart] = (0, _react.useState)((_datemath.default.parse(DEFAULT_FROM) || new Date()).toISOString()); const [absoluteEnd, setAbsoluteEnd] = (0, _react.useState)((_datemath.default.parse(DEFAULT_TO) || new Date()).toISOString()); // TODO update the logic to use a single set of start/end dates // currently as we're using this InvestigateInTimelineButton component we need to pass the timeRange // as an AbsoluteTimeRange, which requires from/to values const onTimeChange = ({ start: s, end: e, isInvalid }) => { if (isInvalid) return; setStart(s); setEnd(e); const from = _datemath.default.parse(s); if (from && from.isValid()) { setAbsoluteStart(from.toISOString()); } const to = _datemath.default.parse(e); if (to && to.isValid()) { setAbsoluteEnd(to.toISOString()); } }; const { loading, error, data } = (0, _use_prevalence.usePrevalence)({ dataFormattedForFieldBrowser, investigationFields, interval: { from: start, to: end } }); // add timeRange to pass it down to timeline const items = (0, _react.useMemo)(() => data.map(item => ({ ...item, from: absoluteStart, to: absoluteEnd })), [data, absoluteStart, absoluteEnd]); if (loading) { return /*#__PURE__*/_react.default.createElement(_eui.EuiFlexGroup, { justifyContent: "spaceAround", "data-test-subj": _test_ids.PREVALENCE_DETAILS_LOADING_TEST_ID }, /*#__PURE__*/_react.default.createElement(_eui.EuiFlexItem, { grow: false }, /*#__PURE__*/_react.default.createElement(_eui.EuiLoadingSpinner, { size: "m" }))); } if (!eventId || !dataFormattedForFieldBrowser || !browserFields || error) { return /*#__PURE__*/_react.default.createElement(_eui.EuiEmptyPrompt, { iconType: "error", color: "danger", title: /*#__PURE__*/_react.default.createElement("h2", null, (0, _translations.ERROR_TITLE)(_translations2.PREVALENCE_ERROR_MESSAGE)), body: /*#__PURE__*/_react.default.createElement("p", null, (0, _translations.ERROR_MESSAGE)(_translations2.PREVALENCE_ERROR_MESSAGE)), "data-test-subj": _test_ids.PREVALENCE_DETAILS_TABLE_ERROR_TEST_ID }); } const upsell = /*#__PURE__*/_react.default.createElement(_react.default.Fragment, null, /*#__PURE__*/_react.default.createElement(_eui.EuiCallOut, { "data-test-subj": `${_test_ids.PREVALENCE_DETAILS_TABLE_TEST_ID}UpSell` }, /*#__PURE__*/_react.default.createElement(_i18nReact.FormattedMessage, { id: "xpack.securitySolution.flyout.documentDetails.prevalenceTableAlertUpsell", defaultMessage: "Preview of a {subscription} feature showing host and user prevalence.", values: { subscription: /*#__PURE__*/_react.default.createElement(_eui.EuiLink, { href: "https://www.elastic.co/pricing/", target: "_blank" }, /*#__PURE__*/_react.default.createElement(_i18nReact.FormattedMessage, { id: "xpack.securitySolution.flyout.documentDetails.prevalenceTableAlertUpsellLink", defaultMessage: "Platinum" })) } })), /*#__PURE__*/_react.default.createElement(_eui.EuiSpacer, { size: "s" })); return /*#__PURE__*/_react.default.createElement(_react.default.Fragment, null, !isPlatinumPlus && upsell, /*#__PURE__*/_react.default.createElement(_eui.EuiPanel, null, /*#__PURE__*/_react.default.createElement(_eui.EuiSuperDatePicker, { start: start, end: end, onTimeChange: onTimeChange, "data-test-subj": _test_ids.PREVALENCE_DETAILS_DATE_PICKER_TEST_ID }), /*#__PURE__*/_react.default.createElement(_eui.EuiSpacer, { size: "m" }), data.length > 0 ? /*#__PURE__*/_react.default.createElement(_eui.EuiInMemoryTable, { items: items, columns: columns, "data-test-subj": _test_ids.PREVALENCE_DETAILS_TABLE_TEST_ID }) : /*#__PURE__*/_react.default.createElement("div", { "data-test-subj": `${_test_ids.PREVALENCE_DETAILS_TABLE_NO_DATA_TEST_ID}Error` }, _translations2.PREVALENCE_NO_DATA_MESSAGE))); }; exports.PrevalenceDetails = PrevalenceDetails; PrevalenceDetails.displayName = 'PrevalenceDetails';