diff --git a/x-pack/legacy/plugins/siem/public/components/page/add_filter_to_global_search_bar/helpers.ts b/x-pack/legacy/plugins/siem/public/components/page/add_filter_to_global_search_bar/helpers.ts index bd0859bac2d136..6fb53d67c1a6d8 100644 --- a/x-pack/legacy/plugins/siem/public/components/page/add_filter_to_global_search_bar/helpers.ts +++ b/x-pack/legacy/plugins/siem/public/components/page/add_filter_to_global_search_bar/helpers.ts @@ -4,8 +4,14 @@ * you may not use this file except in compliance with the Elastic License. */ -export const createFilter = (key: string, value: string | null | undefined) => - value != null +import { esFilters } from '../../../../../../../../src/plugins/data/public'; + +export const createFilter = ( + key: string, + value: string[] | string | null | undefined +): esFilters.Filter => { + const queryValue = value != null ? (Array.isArray(value) ? value[0] : value) : null; + return queryValue != null ? { meta: { alias: null, @@ -13,21 +19,21 @@ export const createFilter = (key: string, value: string | null | undefined) => disabled: false, type: 'phrase', key, - value, + value: queryValue, params: { - query: value, + query: queryValue, }, }, query: { match: { [key]: { - query: value, + query: queryValue, type: 'phrase', }, }, }, } - : { + : ({ exists: { field: key, }, @@ -39,4 +45,5 @@ export const createFilter = (key: string, value: string | null | undefined) => type: 'exists', value: 'exists', }, - }; + } as esFilters.Filter); +}; diff --git a/x-pack/legacy/plugins/siem/public/components/timeline/body/renderers/formatted_field_helpers.tsx b/x-pack/legacy/plugins/siem/public/components/timeline/body/renderers/formatted_field_helpers.tsx index dc21cf03d04458..b48cc546fe78cf 100644 --- a/x-pack/legacy/plugins/siem/public/components/timeline/body/renderers/formatted_field_helpers.tsx +++ b/x-pack/legacy/plugins/siem/public/components/timeline/body/renderers/formatted_field_helpers.tsx @@ -52,6 +52,13 @@ export const renderRuleName = ({ ); }; +const canYouAddEndpointLogo = (moduleName: string, endpointUrl: string | null | undefined) => + moduleName.trim().toLocaleLowerCase() === 'endgame' && + endpointUrl != null && + !isEmpty(endpointUrl) && + !isUrlInvalid(endpointUrl) && + endpointUrl.includes('/alerts/'); + export const renderEventModule = ({ contextId, eventId, @@ -90,26 +97,23 @@ export const renderEventModule = ({ {content} - {endpointRefUrl != null && - !isEmpty(endpointRefUrl) && - !isUrlInvalid(endpointRefUrl) && - endpointRefUrl.includes('/alerts/') && ( - - -

{i18n.LINK_ELASTIC_ENDPOINT_SECURITY}

-

{endpointRefUrl}

- - } - > - - - - - - )} + {endpointRefUrl != null && canYouAddEndpointLogo(moduleName, endpointRefUrl) && ( + + +

{i18n.LINK_ELASTIC_ENDPOINT_SECURITY}

+

{endpointRefUrl}

+ + } + > + + + + + + )} ) : ( getEmptyTagValue()