Merge branch 'main' into implement/v2-test-group-api

.github/CODEOWNERS

@@ -415,6 +415,7 @@
 /x-pack/plugins/security_solution/cypress/integration/urls @elastic/security-threat-hunting-investigations
 
 /x-pack/plugins/security_solution/public/common/components/alerts_viewer @elastic/security-threat-hunting-investigations
+/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_action @elastic/security-threat-hunting-investigations
 /x-pack/plugins/security_solution/public/common/components/event_details @elastic/security-threat-hunting-investigations
 /x-pack/plugins/security_solution/public/common/components/events_viewer @elastic/security-threat-hunting-investigations
 /x-pack/plugins/security_solution/public/common/components/markdown_editor @elastic/security-threat-hunting-investigations

x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_investigate_in_timeline.tsx

@@ -14,7 +14,7 @@ import { ALERT_RULE_EXCEPTIONS_LIST } from '@kbn/rule-data-utils';
 import {
   ExceptionListIdentifiers,
   ExceptionListItemSchema,
-  ReadExceptionListSchema,
+  ExceptionListTypeEnum,
 } from '@kbn/securitysolution-io-ts-list-types';
 import { useApi } from '@kbn/securitysolution-list-hooks';
 
@@ -51,48 +51,48 @@ export const useInvestigateInTimeline = ({
 
   const getExceptions = useCallback(
     async (ecsData: Ecs): Promise<ExceptionListItemSchema[]> => {
-      const exceptionsLists: ReadExceptionListSchema[] = (
-        getField(ecsData, ALERT_RULE_EXCEPTIONS_LIST) ?? []
-      )
-        .map((list: string) => JSON.parse(list))
-        .filter((list: ExceptionListIdentifiers) => list.type === 'detection');
+      const exceptionsLists = (getField(ecsData, ALERT_RULE_EXCEPTIONS_LIST) ?? []).reduce(
+        (acc: ExceptionListIdentifiers[], next: string) => {
+          const parsedList = JSON.parse(next);
+          if (parsedList.type === 'detection') {
+            const formattedList = {
+              id: parsedList.id,
+              listId: parsedList.list_id,
+              type: ExceptionListTypeEnum.DETECTION,
+              namespaceType: parsedList.namespace_type,
+            };
+            acc.push(formattedList);
+          }
+          return acc;
+        },
+        []
+      );
 
       const allExceptions: ExceptionListItemSchema[] = [];
 
       if (exceptionsLists.length > 0) {
-        for (const list of exceptionsLists) {
-          if (list.id && list.list_id && list.namespace_type) {
-            await getExceptionListsItems({
-              lists: [
-                {
-                  id: list.id,
-                  listId: list.list_id,
-                  type: 'detection',
-                  namespaceType: list.namespace_type,
-                },
-              ],
-              filterOptions: [],
-              pagination: {
-                page: 0,
-                perPage: 10000,
-                total: 10000,
-              },
-              showDetectionsListsOnly: true,
-              showEndpointListsOnly: false,
-              onSuccess: ({ exceptions }) => {
-                allExceptions.push(...exceptions);
-              },
-              onError: (err: string[]) => {
-                addError(err, {
-                  title: i18n.translate(
-                    'xpack.securitySolution.detectionEngine.alerts.fetchExceptionsFailure',
-                    { defaultMessage: 'Error fetching exceptions.' }
-                  ),
-                });
-              },
+        await getExceptionListsItems({
+          lists: exceptionsLists,
+          filterOptions: [],
+          pagination: {
+            page: 0,
+            perPage: 10000,
+            total: 10000,
+          },
+          showDetectionsListsOnly: true,
+          showEndpointListsOnly: false,
+          onSuccess: ({ exceptions }) => {
+            allExceptions.push(...exceptions);
+          },
+          onError: (err: string[]) => {
+            addError(err, {
+              title: i18n.translate(
+                'xpack.securitySolution.detectionEngine.alerts.fetchExceptionsFailure',
+                { defaultMessage: 'Error fetching exceptions.' }
+              ),
             });
-          }
-        }
+          },
+        });
       }
       return allExceptions;
     },

x-pack/plugins/session_view/public/components/detail_panel_alert_group_item/index.tsx

@@ -66,6 +66,7 @@ export const DetailPanelAlertGroupItem = ({
           data-test-subj={ALERT_GROUP_ITEM_COUNT_TEST_ID}
           className="eui-alignCenter"
           size="m"
+          css={styles.alertCountArrowPad}
         >
           {alertsCount}
         </EuiNotificationBadge>

x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/index.tsx

@@ -59,7 +59,7 @@ export const DetailPanelAlertListItem = ({
   const forceState = !isInvestigated ? 'open' : undefined;
 
   return minimal ? (
-    <div data-test-subj={ALERT_LIST_ITEM_TEST_ID}>
+    <div data-test-subj={ALERT_LIST_ITEM_TEST_ID} css={styles.firstAlertPad}>
       <EuiSpacer size="xs" />
       <EuiFlexGroup alignItems="center">
         <EuiFlexItem>

x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/styles.ts

@@ -79,6 +79,10 @@ export const useStyles = (minimal = false, isInvestigated = false) => {
       minWidth: 0,
     };
 
+    const alertCountArrowPad: CSSObject = {
+      marginRight: size.xs,
+    };
+
     const processPanel: CSSObject = {
       border: `${borderThickness} solid ${colors.lightShade}`,
       fontFamily: font.familyCode,
@@ -103,6 +107,12 @@ export const useStyles = (minimal = false, isInvestigated = false) => {
       float: 'right',
     };
 
+    const firstAlertPad: CSSObject = {
+      '&:first-child': {
+        paddingTop: size.base,
+      },
+    };
+
     const minimalHR: CSSObject = {
       marginBottom: 0,
     };
@@ -114,9 +124,11 @@ export const useStyles = (minimal = false, isInvestigated = false) => {
       alertTitle,
       alertIcon,
       alertAccordionButton,
+      alertCountArrowPad,
       processPanel,
       investigatedLabel,
       minimalContextMenu,
+      firstAlertPad,
       minimalHR,
     };
   }, [euiTheme, isInvestigated, minimal]);

x-pack/plugins/session_view/public/components/detail_panel_description_list/styles.ts

@@ -20,14 +20,14 @@ export const useStyles = () => {
     const tabListTitle = {
       width: '40%',
       display: 'flex',
-      alignItems: 'center',
+      alignItems: 'baseline',
       marginTop: '0px',
     };
 
     const tabListDescription = {
       width: '60%',
       display: 'flex',
-      alignItems: 'center',
+      alignItems: 'baseline',
       marginTop: '0px',
     };
 

x-pack/plugins/session_view/public/components/detail_panel_list_item/styles.ts

@@ -20,11 +20,11 @@ export const useStyles = ({ display }: StylesDeps) => {
     const item: CSSObject = {
       display,
       alignContent: 'center',
-      padding: `0px ${euiTheme.size.s} `,
+      padding: `${euiTheme.size.xs} ${euiTheme.size.s} `,
       width: '100%',
       fontWeight: 'inherit',
-      height: euiTheme.size.xl,
-      lineHeight: euiTheme.size.l,
+      height: 'max-content',
+      minHeight: euiTheme.size.l,
       letterSpacing: '0px',
       textAlign: 'left',
 
@@ -43,7 +43,7 @@ export const useStyles = ({ display }: StylesDeps) => {
       '&:hover': {
         background: transparentize(euiTheme.colors.primary, 0.1),
       },
-      height: '100%',
+      height: 'fit-content',
     };
 
     return {

x-pack/test/cases_api_integration/security_and_spaces/tests/trial/index.ts

@@ -11,8 +11,6 @@ import { createSpacesAndUsers, deleteSpacesAndUsers } from '../../../common/lib/
 // eslint-disable-next-line import/no-default-export
 export default ({ loadTestFile, getService }: FtrProviderContext): void => {
   describe('cases security and spaces enabled: trial', function () {
-    this.tags('ciGroup25');
-
     before(async () => {
       await createSpacesAndUsers(getService);
     });
@@ -21,15 +19,23 @@ export default ({ loadTestFile, getService }: FtrProviderContext): void => {
       await deleteSpacesAndUsers(getService);
     });
 
-    // Trial
-    loadTestFile(require.resolve('./cases/push_case'));
-    loadTestFile(require.resolve('./cases/user_actions/get_all_user_actions'));
-    loadTestFile(require.resolve('./configure'));
+    describe('', function () {
+      this.tags('ciGroup13');
+
+      // Trial
+      loadTestFile(require.resolve('./cases/push_case'));
+      loadTestFile(require.resolve('./cases/user_actions/get_all_user_actions'));
+      loadTestFile(require.resolve('./configure'));
+    });
 
-    // Common
-    loadTestFile(require.resolve('../common'));
+    describe('', function () {
+      this.tags('ciGroup25');
 
-    // NOTE: These need to be at the end because they could delete the .kibana index and inadvertently remove the users and spaces
-    loadTestFile(require.resolve('../common/migrations'));
+      // Common
+      loadTestFile(require.resolve('../common'));
+
+      // NOTE: These need to be at the end because they could delete the .kibana index and inadvertently remove the users and spaces
+      loadTestFile(require.resolve('../common/migrations'));
+    });
   });
 };

x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts

@@ -14,7 +14,6 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
       this.tags('ciGroup11');
 
       loadTestFile(require.resolve('./aliases'));
-      loadTestFile(require.resolve('./create_endpoint_exceptions'));
       loadTestFile(require.resolve('./add_actions'));
       loadTestFile(require.resolve('./update_actions'));
       loadTestFile(require.resolve('./add_prepackaged_rules'));
@@ -54,6 +53,12 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
       loadTestFile(require.resolve('./migrations'));
     });
 
+    describe('', function () {
+      this.tags('ciGroup26');
+
+      loadTestFile(require.resolve('./create_endpoint_exceptions'));
+    });
+
     describe('', function () {
       this.tags('ciGroup14');