fix: for behavior alerts we should display rule.description

elastic · Feb 15, 2022 · 91700fa · 91700fa
1 parent 25ddedf
commit 91700fa
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 24 deletions.
diff --git a/...gins/security_solution/public/common/components/event_details/alert_summary_view.test.tsx b/...gins/security_solution/public/common/components/event_details/alert_summary_view.test.tsx
@@ -174,32 +174,41 @@ describe('AlertSummaryView', () => {
     });
   });
   test('Behavior event code renders additional summary rows', () => {
+    const actualRuleDescription = 'The actual rule description';
     const renderProps = {
       ...props,
-      data: mockAlertDetailsData.map((item) => {
-        if (item.category === 'event' && item.field === 'event.code') {
-          return {
-            ...item,
-            values: ['behavior'],
-            originalValue: ['behavior'],
-          };
-        }
-        if (item.category === 'event' && item.field === 'event.category') {
-          return {
-            ...item,
-            values: ['malware', 'process', 'file'],
-            originalValue: ['malware', 'process', 'file'],
-          };
-        }
-        return item;
-      }) as TimelineEventsDetailsItem[],
+      data: [
+        ...mockAlertDetailsData.map((item) => {
+          if (item.category === 'event' && item.field === 'event.code') {
+            return {
+              ...item,
+              values: ['behavior'],
+              originalValue: ['behavior'],
+            };
+          }
+          if (item.category === 'event' && item.field === 'event.category') {
+            return {
+              ...item,
+              values: ['malware', 'process', 'file'],
+              originalValue: ['malware', 'process', 'file'],
+            };
+          }
+          return item;
+        }),
+        {
+          category: 'rule',
+          field: 'rule.description',
+          values: [actualRuleDescription],
+          originalValue: [actualRuleDescription],
+        },
+      ] as TimelineEventsDetailsItem[],
     };
     const { getByText } = render(
       <TestProvidersComponent>
         <AlertSummaryView {...renderProps} />
       </TestProvidersComponent>
     );
-    ['host.name', 'user.name', 'process.name'].forEach((fieldId) => {
+    ['host.name', 'user.name', 'process.name', actualRuleDescription].forEach((fieldId) => {
       expect(getByText(fieldId));
     });
   });

diff --git a/...ugins/security_solution/public/common/components/event_details/get_alert_summary_rows.tsx b/...ugins/security_solution/public/common/components/event_details/get_alert_summary_rows.tsx
@@ -6,11 +6,7 @@
  */
 
 import { find, isEmpty, uniqBy } from 'lodash/fp';
-import {
-  ALERT_RULE_NAMESPACE,
-  ALERT_RULE_TYPE,
-  ALERT_RULE_DESCRIPTION,
-} from '@kbn/rule-data-utils';
+import { ALERT_RULE_NAMESPACE, ALERT_RULE_TYPE } from '@kbn/rule-data-utils';
 
 import * as i18n from './translations';
 import { BrowserFields } from '../../../../common/search_strategy/index_fields';
@@ -107,7 +103,7 @@ function getFieldsByEventCode(
   switch (eventCode) {
     case EventCode.BEHAVIOR:
       return [
-        { id: ALERT_RULE_DESCRIPTION, label: ALERTS_HEADERS_RULE_DESCRIPTION },
+        { id: 'rule.description', label: ALERTS_HEADERS_RULE_DESCRIPTION },
         // Resolve more fields based on the source event
         ...getFieldsByCategory({ ...eventCategories, primaryEventCategory: undefined }),
       ];