[SIEM] Default the Timeline events filter to show All events (#58953)

andrew-goldstein · andrew-goldstein · commit c7febd7c7358 · 2020-03-02T09:44:28.000-07:00
## [SIEM] Default the Timeline events filter to show All events The Timeline events filter introduced in `7.6` to support the [detection engine](https://www.elastic.co/guide/en/siem/guide/current/detection-engine-overview.html) defaulted to filtering by `Raw events`, and thus required manually selecting `All events` or `Signal events` from the dropdown to view signals. The new default is `All events`, per the screenshots below: ### Before ![event-filter-before](https://user-images.githubusercontent.com/4459398/75593223-ecc61500-5a41-11ea-8d7d-8db5eccb1eb4.png) ### After ![event-filter-after](https://user-images.githubusercontent.com/4459398/75593238-f5b6e680-5a41-11ea-9e12-2fc1232f58d1.png)
diff --git a/x-pack/legacy/plugins/siem/public/components/open_timeline/helpers.test.ts b/x-pack/legacy/plugins/siem/public/components/open_timeline/helpers.test.ts
@@ -236,7 +236,7 @@ describe('helpers', () => {
         description: '',
         deletedEventIds: [],
         eventIdToNoteIds: {},
-        eventType: 'raw',
+        eventType: 'all',
         filters: [],
         highlightedDropAndProviderId: '',
         historyIds: [],
@@ -330,7 +330,7 @@ describe('helpers', () => {
         description: '',
         deletedEventIds: [],
         eventIdToNoteIds: {},
-        eventType: 'raw',
+        eventType: 'all',
         filters: [],
         highlightedDropAndProviderId: '',
         historyIds: [],
@@ -417,7 +417,7 @@ describe('helpers', () => {
         description: '',
         deletedEventIds: [],
         eventIdToNoteIds: {},
-        eventType: 'raw',
+        eventType: 'all',
         filters: [],
         highlightedDropAndProviderId: '',
         historyIds: [],
@@ -539,7 +539,7 @@ describe('helpers', () => {
         description: '',
         deletedEventIds: [],
         eventIdToNoteIds: {},
-        eventType: 'raw',
+        eventType: 'all',
         filters: [
           {
             $state: {
diff --git a/x-pack/legacy/plugins/siem/public/components/timeline/search_or_filter/pick_events.tsx b/x-pack/legacy/plugins/siem/public/components/timeline/search_or_filter/pick_events.tsx
@@ -77,6 +77,7 @@ const PickEventTypeComponents: React.FC<PickEventTypeProps> = ({
   return (
     <PickEventContainer>
       <EuiSuperSelect
+        data-test-subj="pick-event-type"
         fullWidth={false}
         valueOfSelected={eventType}
         onChange={onChangeEventType}
diff --git a/x-pack/legacy/plugins/siem/public/components/timeline/timeline.test.tsx b/x-pack/legacy/plugins/siem/public/components/timeline/timeline.test.tsx
@@ -208,6 +208,49 @@ describe('Timeline', () => {
 
       expect(wrapper.find('[data-test-subj="table-pagination"]').exists()).toEqual(false);
     });
+
+    test('it defaults to showing `All events`', () => {
+      const wrapper = mount(
+        <TestProviders>
+          <MockedProvider mocks={mocks}>
+            <TimelineComponent
+              browserFields={mockBrowserFields}
+              columns={defaultHeaders}
+              id="foo"
+              dataProviders={mockDataProviders}
+              end={endDate}
+              filters={[]}
+              flyoutHeight={testFlyoutHeight}
+              flyoutHeaderHeight={flyoutHeaderHeight}
+              indexPattern={indexPattern}
+              indexToAdd={[]}
+              isLive={false}
+              itemsPerPage={5}
+              itemsPerPageOptions={[5, 10, 20]}
+              kqlMode="search"
+              kqlQueryExpression=""
+              loadingIndexName={false}
+              onChangeDataProviderKqlQuery={jest.fn()}
+              onChangeDroppableAndProvider={jest.fn()}
+              onChangeItemsPerPage={jest.fn()}
+              onDataProviderEdited={jest.fn()}
+              onDataProviderRemoved={jest.fn()}
+              onToggleDataProviderEnabled={jest.fn()}
+              onToggleDataProviderExcluded={jest.fn()}
+              show={true}
+              showCallOutUnauthorizedMsg={false}
+              start={startDate}
+              sort={sort}
+              toggleColumn={jest.fn()}
+            />
+          </MockedProvider>
+        </TestProviders>
+      );
+
+      expect(wrapper.find('[data-test-subj="pick-event-type"] button').text()).toEqual(
+        'All events'
+      );
+    });
   });
 
   describe('event wire up', () => {
diff --git a/x-pack/legacy/plugins/siem/public/store/timeline/defaults.ts b/x-pack/legacy/plugins/siem/public/store/timeline/defaults.ts
@@ -14,7 +14,7 @@ export const timelineDefaults: SubsetTimelineModel & Pick<TimelineModel, 'filter
   dataProviders: [],
   deletedEventIds: [],
   description: '',
-  eventType: 'raw',
+  eventType: 'all',
   eventIdToNoteIds: {},
   highlightedDropAndProviderId: '',
   historyIds: [],
