[SIEM] [CASES] Build lego blocks case details view (#60864) (#61016)

elastic · Mar 24, 2020 · daa8a3f · daa8a3f
1 parent 1cfecfc
commit daa8a3f
Show file tree

Hide file tree

Showing 78 changed files with 2,875 additions and 438 deletions.
diff --git a/x-pack/legacy/plugins/siem/public/components/link_to/redirect_to_case.tsx b/x-pack/legacy/plugins/siem/public/components/link_to/redirect_to_case.tsx
@@ -31,6 +31,7 @@ export const RedirectToConfigureCasesPage = () => (
 const baseCaseUrl = `#/link-to/${SiemPageName.case}`;
 
 export const getCaseUrl = () => baseCaseUrl;
-export const getCaseDetailsUrl = (detailName: string) => `${baseCaseUrl}/${detailName}`;
-export const getCreateCaseUrl = () => `${baseCaseUrl}/create`;
-export const getConfigureCasesUrl = () => `${baseCaseUrl}/configure`;
+export const getCaseDetailsUrl = (detailName: string, search: string) =>
+  `${baseCaseUrl}/${detailName}${search}`;
+export const getCreateCaseUrl = (search: string) => `${baseCaseUrl}/create${search}`;
+export const getConfigureCasesUrl = (search: string) => `${baseCaseUrl}/configure${search}`;
diff --git a/x-pack/legacy/plugins/siem/public/components/links/index.tsx b/x-pack/legacy/plugins/siem/public/components/links/index.tsx
@@ -23,8 +23,10 @@ import {
 import { FlowTarget, FlowTargetSourceDest } from '../../graphql/types';
 import { useUiSetting$ } from '../../lib/kibana';
 import { IP_REPUTATION_LINKS_SETTING } from '../../../common/constants';
+import { navTabs } from '../../pages/home/home_navigations';
 import * as i18n from '../page/network/ip_overview/translations';
 import { isUrlInvalid } from '../../pages/detection_engine/rules/components/step_about_rule/helpers';
+import { useGetUrlSearch } from '../navigation/use_get_url_search';
 import { ExternalLinkIcon } from '../external_link_icon';
 
 export const DEFAULT_NUMBER_OF_LINK = 5;
@@ -89,20 +91,24 @@ export const IPDetailsLink = React.memo(IPDetailsLinkComponent);
 const CaseDetailsLinkComponent: React.FC<{ children?: React.ReactNode; detailName: string }> = ({
   children,
   detailName,
-}) => (
-  <EuiLink
-    href={getCaseDetailsUrl(encodeURIComponent(detailName))}
-    data-test-subj="case-details-link"
-  >
-    {children ? children : detailName}
-  </EuiLink>
-);
+}) => {
+  const urlSearch = useGetUrlSearch(navTabs.case);
+  return (
+    <EuiLink
+      href={getCaseDetailsUrl(encodeURIComponent(detailName), urlSearch)}
+      data-test-subj="case-details-link"
+    >
+      {children ? children : detailName}
+    </EuiLink>
+  );
+};
 export const CaseDetailsLink = React.memo(CaseDetailsLinkComponent);
 CaseDetailsLink.displayName = 'CaseDetailsLink';
 
-export const CreateCaseLink = React.memo<{ children: React.ReactNode }>(({ children }) => (
-  <EuiLink href={getCreateCaseUrl()}>{children}</EuiLink>
-));
+export const CreateCaseLink = React.memo<{ children: React.ReactNode }>(({ children }) => {
+  const urlSearch = useGetUrlSearch(navTabs.case);
+  return <EuiLink href={getCreateCaseUrl(urlSearch)}>{children}</EuiLink>;
+});
 
 CreateCaseLink.displayName = 'CreateCaseLink';
 

diff --git a/x-pack/legacy/plugins/siem/public/components/url_state/index.test.tsx b/x-pack/legacy/plugins/siem/public/components/url_state/index.test.tsx
@@ -158,7 +158,7 @@ describe('UrlStateContainer', () => {
               hash: '',
               pathname: examplePath,
               search: [CONSTANTS.timelinePage].includes(page)
-                ? '?timerange=(global:(linkTo:!(timeline),timerange:(from:1558048243696,fromStr:now-24h,kind:relative,to:1558134643697,toStr:now)),timeline:(linkTo:!(global),timerange:(from:1558048243696,fromStr:now-24h,kind:relative,to:1558134643697,toStr:now)))'
+                ? `?query=(language:kuery,query:'host.name:%22siem-es%22')&timerange=(global:(linkTo:!(timeline),timerange:(from:1558048243696,fromStr:now-24h,kind:relative,to:1558134643697,toStr:now)),timeline:(linkTo:!(global),timerange:(from:1558048243696,fromStr:now-24h,kind:relative,to:1558134643697,toStr:now)))`
                 : `?query=(language:kuery,query:'host.name:%22siem-es%22')&timerange=(global:(linkTo:!(timeline),timerange:(from:1558048243696,fromStr:now-24h,kind:relative,to:1558134643697,toStr:now)),timeline:(linkTo:!(global),timerange:(from:1558048243696,fromStr:now-24h,kind:relative,to:1558134643697,toStr:now)))`,
               state: '',
             });

diff --git a/x-pack/legacy/plugins/siem/public/components/url_state/types.ts b/x-pack/legacy/plugins/siem/public/components/url_state/types.ts
@@ -60,8 +60,20 @@ export const URL_STATE_KEYS: Record<UrlStateType, KeyUrlState[]> = {
     CONSTANTS.timerange,
     CONSTANTS.timeline,
   ],
-  timeline: [CONSTANTS.timeline, CONSTANTS.timerange],
-  case: [],
+  timeline: [
+    CONSTANTS.appQuery,
+    CONSTANTS.filters,
+    CONSTANTS.savedQuery,
+    CONSTANTS.timeline,
+    CONSTANTS.timerange,
+  ],
+  case: [
+    CONSTANTS.appQuery,
+    CONSTANTS.filters,
+    CONSTANTS.savedQuery,
+    CONSTANTS.timeline,
+    CONSTANTS.timerange,
+  ],
 };
 
 export type LocationTypes =

diff --git a/x-pack/legacy/plugins/siem/public/containers/case/api.ts b/x-pack/legacy/plugins/siem/public/containers/case/api.ts
@@ -13,26 +13,36 @@ import {
   CommentRequest,
   CommentResponse,
   User,
+  CaseUserActionsResponse,
+  CaseExternalServiceRequest,
+  ServiceConnectorCaseParams,
+  ServiceConnectorCaseResponse,
+  ActionTypeExecutorResult,
 } from '../../../../../../plugins/case/common/api';
 import { KibanaServices } from '../../lib/kibana';
 import {
+  ActionLicense,
   AllCases,
   BulkUpdateStatus,
   Case,
   CasesStatus,
   Comment,
   FetchCasesProps,
   SortFieldCase,
+  CaseUserActions,
 } from './types';
 import { CASES_URL } from './constants';
 import {
   convertToCamelCase,
   convertAllCasesToCamel,
+  convertArrayToCamelCase,
   decodeCaseResponse,
   decodeCasesResponse,
   decodeCasesFindResponse,
   decodeCasesStatusResponse,
   decodeCommentResponse,
+  decodeCaseUserActionsResponse,
+  decodeServiceConnectorCaseResponse,
 } from './utils';
 
 export const getCase = async (caseId: string, includeComments: boolean = true): Promise<Case> => {
@@ -71,6 +81,20 @@ export const getReporters = async (signal: AbortSignal): Promise<User[]> => {
   return response ?? [];
 };
 
+export const getCaseUserActions = async (
+  caseId: string,
+  signal: AbortSignal
+): Promise<CaseUserActions[]> => {
+  const response = await KibanaServices.get().http.fetch<CaseUserActionsResponse>(
+    `${CASES_URL}/${caseId}/user_actions`,
+    {
+      method: 'GET',
+      signal,
+    }
+  );
+  return convertArrayToCamelCase(decodeCaseUserActionsResponse(response)) as CaseUserActions[];
+};
+
 export const getCases = async ({
   filterOptions = {
     search: '',
@@ -161,3 +185,43 @@ export const deleteCases = async (caseIds: string[]): Promise<boolean> => {
   });
   return response === 'true' ? true : false;
 };
+
+export const pushCase = async (
+  caseId: string,
+  push: CaseExternalServiceRequest,
+  signal: AbortSignal
+): Promise<Case> => {
+  const response = await KibanaServices.get().http.fetch<CaseResponse>(
+    `${CASES_URL}/${caseId}/_push`,
+    {
+      method: 'POST',
+      body: JSON.stringify(push),
+      signal,
+    }
+  );
+  return convertToCamelCase<CaseResponse, Case>(decodeCaseResponse(response));
+};
+
+export const pushToService = async (
+  connectorId: string,
+  casePushParams: ServiceConnectorCaseParams,
+  signal: AbortSignal
+): Promise<ServiceConnectorCaseResponse> => {
+  const response = await KibanaServices.get().http.fetch<ActionTypeExecutorResult>(
+    `/api/action/${connectorId}/_execute`,
+    {
+      method: 'POST',
+      body: JSON.stringify({ params: casePushParams }),
+      signal,
+    }
+  );
+  return decodeServiceConnectorCaseResponse(response.data);
+};
+
+export const getActionLicense = async (signal: AbortSignal): Promise<ActionLicense[]> => {
+  const response = await KibanaServices.get().http.fetch<ActionLicense[]>(`/api/action/types`, {
+    method: 'GET',
+    signal,
+  });
+  return response;
+};
diff --git a/x-pack/legacy/plugins/siem/public/containers/case/configure/types.ts b/x-pack/legacy/plugins/siem/public/containers/case/configure/types.ts
@@ -26,6 +26,7 @@ export interface CaseConfigure {
   createdAt: string;
   createdBy: ElasticUser;
   connectorId: string;
+  connectorName: string;
   closureType: ClosureType;
   updatedAt: string;
   updatedBy: ElasticUser;

diff --git a/x-pack/legacy/plugins/siem/public/containers/case/configure/use_configure.tsx b/x-pack/legacy/plugins/siem/public/containers/case/configure/use_configure.tsx
@@ -13,6 +13,7 @@ import { ClosureType } from './types';
 
 interface PersistCaseConfigure {
   connectorId: string;
+  connectorName: string;
   closureType: ClosureType;
 }
 
@@ -24,12 +25,12 @@ export interface ReturnUseCaseConfigure {
 }
 
 interface UseCaseConfigure {
-  setConnectorId: (newConnectorId: string) => void;
-  setClosureType: (newClosureType: ClosureType) => void;
+  setConnector: (newConnectorId: string, newConnectorName?: string) => void;
+  setClosureType?: (newClosureType: ClosureType) => void;
 }
 
 export const useCaseConfigure = ({
-  setConnectorId,
+  setConnector,
   setClosureType,
 }: UseCaseConfigure): ReturnUseCaseConfigure => {
   const [, dispatchToaster] = useStateToaster();
@@ -48,8 +49,10 @@ export const useCaseConfigure = ({
         if (!didCancel) {
           setLoading(false);
           if (res != null) {
-            setConnectorId(res.connectorId);
-            setClosureType(res.closureType);
+            setConnector(res.connectorId, res.connectorName);
+            if (setClosureType != null) {
+              setClosureType(res.closureType);
+            }
             setVersion(res.version);
           }
         }
@@ -74,7 +77,7 @@ export const useCaseConfigure = ({
   }, []);
 
   const persistCaseConfigure = useCallback(
-    async ({ connectorId, closureType }: PersistCaseConfigure) => {
+    async ({ connectorId, connectorName, closureType }: PersistCaseConfigure) => {
       let didCancel = false;
       const abortCtrl = new AbortController();
       const saveCaseConfiguration = async () => {
@@ -83,7 +86,11 @@ export const useCaseConfigure = ({
           const res =
             version.length === 0
               ? await postCaseConfigure(
-                  { connector_id: connectorId, closure_type: closureType },
+                  {
+                    connector_id: connectorId,
+                    connector_name: connectorName,
+                    closure_type: closureType,
+                  },
                   abortCtrl.signal
                 )
               : await patchCaseConfigure(
@@ -92,8 +99,10 @@ export const useCaseConfigure = ({
                 );
           if (!didCancel) {
             setPersistLoading(false);
-            setConnectorId(res.connectorId);
-            setClosureType(res.closureType);
+            setConnector(res.connectorId);
+            if (setClosureType) {
+              setClosureType(res.closureType);
+            }
             setVersion(res.version);
           }
         } catch (error) {

diff --git a/x-pack/legacy/plugins/siem/public/containers/case/translations.ts b/x-pack/legacy/plugins/siem/public/containers/case/translations.ts
@@ -16,3 +16,10 @@ export const TAG_FETCH_FAILURE = i18n.translate(
     defaultMessage: 'Failed to fetch Tags',
   }
 );
+
+export const SUCCESS_SEND_TO_EXTERNAL_SERVICE = i18n.translate(
+  'xpack.siem.containers.case.pushToExterService',
+  {
+    defaultMessage: 'Successfully sent to ServiceNow',
+  }
+);
diff --git a/x-pack/legacy/plugins/siem/public/containers/case/types.ts b/x-pack/legacy/plugins/siem/public/containers/case/types.ts
@@ -4,30 +4,53 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { User } from '../../../../../../plugins/case/common/api';
+import { User, UserActionField, UserAction } from '../../../../../../plugins/case/common/api';
 
 export interface Comment {
   id: string;
   createdAt: string;
   createdBy: ElasticUser;
   comment: string;
+  pushedAt: string | null;
+  pushedBy: string | null;
   updatedAt: string | null;
   updatedBy: ElasticUser | null;
   version: string;
 }
+export interface CaseUserActions {
+  actionId: string;
+  actionField: UserActionField;
+  action: UserAction;
+  actionAt: string;
+  actionBy: ElasticUser;
+  caseId: string;
+  commentId: string | null;
+  newValue: string | null;
+  oldValue: string | null;
+}
 
+export interface CaseExternalService {
+  pushedAt: string;
+  pushedBy: string;
+  connectorId: string;
+  connectorName: string;
+  externalId: string;
+  externalTitle: string;
+  externalUrl: string;
+}
 export interface Case {
   id: string;
   closedAt: string | null;
   closedBy: ElasticUser | null;
   comments: Comment[];
-  commentIds: string[];
   createdAt: string;
   createdBy: ElasticUser;
   description: string;
+  externalService: CaseExternalService | null;
   status: string;
   tags: string[];
   title: string;
+  totalComment: number;
   updatedAt: string | null;
   updatedBy: ElasticUser | null;
   version: string;
@@ -84,3 +107,10 @@ export interface BulkUpdateStatus {
   id: string;
   version: string;
 }
+export interface ActionLicense {
+  id: string;
+  name: string;
+  enabled: boolean;
+  enabledInConfig: boolean;
+  enabledInLicense: boolean;
+}