[SIEM] Eliminate Superfluous Untitled Timelines (#64341)

x-pack/plugins/siem/common/constants.ts

@@ -91,6 +91,8 @@ export const DETECTION_ENGINE_RULES_STATUS_URL = `${DETECTION_ENGINE_RULES_URL}/
 export const DETECTION_ENGINE_PREPACKAGED_RULES_STATUS_URL = `${DETECTION_ENGINE_RULES_URL}/prepackaged/_status`;
 
 export const TIMELINE_URL = '/api/timeline';
+export const TIMELINE_DRAFT_CLEAN_URL = `${TIMELINE_URL}/_draft/clean`;
+export const TIMELINE_DRAFT_URL = `${TIMELINE_URL}/_draft`;
 export const TIMELINE_EXPORT_URL = `${TIMELINE_URL}/_export`;
 export const TIMELINE_IMPORT_URL = `${TIMELINE_URL}/_import`;
 

x-pack/plugins/siem/common/types/timeline/index.ts

@@ -136,11 +136,13 @@ const SavedSortRuntimeType = runtimeTypes.partial({
 
 export enum TimelineType {
   default = 'default',
+  draft = 'draft',
   template = 'template',
 }
 
 export const TimelineTypeLiteralRt = runtimeTypes.union([
   runtimeTypes.literal(TimelineType.template),
+  runtimeTypes.literal(TimelineType.draft),
   runtimeTypes.literal(TimelineType.default),
 ]);
 

x-pack/plugins/siem/cypress/integration/timeline_toggle_column.spec.ts

@@ -27,10 +27,10 @@ import { HOSTS_PAGE } from '../urls/navigation';
 describe('toggle column in timeline', () => {
   before(() => {
     loginAndWaitForPage(HOSTS_PAGE);
+    openTimeline();
   });
 
   beforeEach(() => {
-    openTimeline();
     populateTimeline();
   });
 

x-pack/plugins/siem/cypress/integration/url_state.spec.ts

@@ -30,7 +30,7 @@ import { openAllHosts } from '../tasks/hosts/main';
 
 import { waitForIpsTableToBeLoaded } from '../tasks/network/flows';
 import { clearSearchBar, kqlSearch, navigateFromHeaderTo } from '../tasks/siem_header';
-import { openTimeline } from '../tasks/siem_main';
+import { openTimeline, openTimelineIfClosed } from '../tasks/siem_main';
 import {
   addDescriptionToTimeline,
   addNameToTimeline,
@@ -174,10 +174,11 @@ describe('url state', () => {
     kqlSearch('source.ip: "10.142.0.9" {enter}');
     navigateFromHeaderTo(HOSTS);
 
-    cy.get(NETWORK).should(
-      'have.attr',
-      'href',
-      "#/link-to/network?query=(language:kuery,query:'source.ip:%20%2210.142.0.9%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1564691609186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1564691609186)))"
+    cy.get(NETWORK).should($div =>
+      // @ts-ignore
+      expect($div[0].attributes.href.value).to.include(
+        "#/link-to/network?query=(language:kuery,query:'source.ip:%20%2210.142.0.9%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1564691609186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1564691609186)))"
+      )
     );
   });
 
@@ -187,16 +188,20 @@ describe('url state', () => {
     openAllHosts();
     waitForAllHostsToBeLoaded();
 
-    cy.get(HOSTS).should(
-      'have.attr',
-      'href',
-      "#/link-to/hosts?query=(language:kuery,query:'host.name:%20%22siem-kibana%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1577914409186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1577914409186)))"
+    cy.get(HOSTS).should($div =>
+      // @ts-ignore
+      expect($div[0].attributes.href.value).to.include(
+        "#/link-to/hosts?query=(language:kuery,query:'host.name:%20%22siem-kibana%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1577914409186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1577914409186)))"
+      )
     );
-    cy.get(NETWORK).should(
-      'have.attr',
-      'href',
-      "#/link-to/network?query=(language:kuery,query:'host.name:%20%22siem-kibana%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1577914409186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1577914409186)))"
+
+    cy.get(NETWORK).should($div =>
+      // @ts-ignore
+      expect($div[0].attributes.href.value).to.include(
+        "#/link-to/network?query=(language:kuery,query:'host.name:%20%22siem-kibana%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1577914409186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1577914409186)))"
+      )
     );
+
     cy.get(HOSTS_NAMES)
       .first()
       .invoke('text')
@@ -206,24 +211,29 @@ describe('url state', () => {
     clearSearchBar();
     kqlSearch('agent.type: "auditbeat" {enter}');
 
-    cy.get(ANOMALIES_TAB).should(
-      'have.attr',
-      'href',
-      "#/hosts/siem-kibana/anomalies?query=(language:kuery,query:'agent.type:%20%22auditbeat%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1577914409186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1577914409186)))"
+    cy.get(ANOMALIES_TAB).should($div =>
+      // @ts-ignore
+      expect($div[0].attributes.href.value).to.include(
+        "#/hosts/siem-kibana/anomalies?query=(language:kuery,query:'agent.type:%20%22auditbeat%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1577914409186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1577914409186)))"
+      )
     );
+
     cy.get(BREADCRUMBS)
       .eq(1)
-      .should(
-        'have.attr',
-        'href',
-        "#/link-to/hosts?query=(language:kuery,query:'agent.type:%20%22auditbeat%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1577914409186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1577914409186)))"
+      .should($div =>
+        // @ts-ignore
+        expect($div[0].attributes.href.value).to.include(
+          "#/link-to/hosts?query=(language:kuery,query:'agent.type:%20%22auditbeat%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1577914409186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1577914409186)))"
+        )
       );
+
     cy.get(BREADCRUMBS)
       .eq(2)
-      .should(
-        'have.attr',
-        'href',
-        "#/link-to/hosts/siem-kibana?query=(language:kuery,query:'agent.type:%20%22auditbeat%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1577914409186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1577914409186)))"
+      .should($div =>
+        // @ts-ignore
+        expect($div[0].attributes.href.value).to.include(
+          "#/link-to/hosts/siem-kibana?query=(language:kuery,query:'agent.type:%20%22auditbeat%22%20')&timerange=(global:(linkTo:!(timeline),timerange:(from:1564689809186,kind:absolute,to:1577914409186)),timeline:(linkTo:!(global),timerange:(from:1564689809186,kind:absolute,to:1577914409186)))"
+        )
       );
   });
 
@@ -236,7 +246,7 @@ describe('url state', () => {
 
   it('sets and reads the url state for timeline by id', () => {
     loginAndWaitForPage(HOSTS_PAGE);
-    openTimeline();
+    openTimelineIfClosed();
     executeTimelineKQL('host.name: *');
 
     cy.get(SERVER_SIDE_EVENT_COUNT)

x-pack/plugins/siem/cypress/tasks/create_new_case.ts

@@ -32,6 +32,7 @@ export const createNewCase = (newCase: TestCase) => {
   cy.get(INSERT_TIMELINE_BTN).click({ force: true });
   cy.get(TIMELINE_SEARCHBOX).type(`${newCase.timeline.title}{enter}`);
   cy.get(TIMELINE).should('be.visible');
+  cy.wait(300);
   cy.get(TIMELINE)
     .eq(1)
     .click({ force: true });

x-pack/plugins/siem/public/components/events_viewer/index.tsx

@@ -16,6 +16,7 @@ import {
   SubsetTimelineModel,
   TimelineModel,
 } from '../../store/timeline/model';
+import { getNewTimeline } from '../../store/timeline/helpers';
 import { OnChangeItemsPerPage } from '../timeline/events';
 import { Filter } from '../../../../../../src/plugins/data/public';
 import { useUiSetting } from '../../lib/kibana';
@@ -44,7 +45,7 @@ const defaultTimelineTypeContext = {
 };
 
 const StatefulEventsViewerComponent: React.FC<Props> = ({
-  createTimeline,
+  addTimeline,
   columns,
   dataProviders,
   deletedEventIds,
@@ -75,8 +76,18 @@ const StatefulEventsViewerComponent: React.FC<Props> = ({
   );
 
   useEffect(() => {
-    if (createTimeline != null) {
-      createTimeline({ id, columns, sort, itemsPerPage, showCheckboxes, showRowRenderers });
+    if (addTimeline != null) {
+      addTimeline({
+        id,
+        timeline: getNewTimeline({
+          id,
+          columns,
+          sort,
+          itemsPerPage,
+          showCheckboxes,
+          showRowRenderers,
+        }),
+      });
     }
     return () => {
       deleteEventQuery({ id, inputId: 'global' });
@@ -180,7 +191,7 @@ const makeMapStateToProps = () => {
 };
 
 const mapDispatchToProps = {
-  createTimeline: timelineActions.createTimeline,
+  addTimeline: timelineActions.addTimeline,
   deleteEventQuery: inputsActions.deleteOneQuery,
   updateItemsPerPage: timelineActions.updateItemsPerPage,
   removeColumn: timelineActions.removeColumn,

x-pack/plugins/siem/public/components/open_timeline/edit_timeline_batch_actions.tsx

@@ -20,7 +20,7 @@ const getExportedIds = (selectedTimelines: OpenTimelineResult[]) => {
   );
 };
 
-export const useEditTimelinBatchActions = ({
+export const useEditTimelineBatchActions = ({
   deleteTimelines,
   selectedItems,
   tableRef,

x-pack/plugins/siem/public/components/open_timeline/helpers.test.ts

@@ -300,7 +300,7 @@ describe('helpers', () => {
           sortDirection: 'desc',
         },
         title: '',
-        timelineType: TimelineType.default,
+        timelineType: TimelineType.draft,
         templateTimelineId: null,
         templateTimelineVersion: null,
         version: '1',
@@ -397,13 +397,14 @@ describe('helpers', () => {
           sortDirection: 'desc',
         },
         title: '',
-        timelineType: TimelineType.default,
+        timelineType: TimelineType.draft,
         templateTimelineId: null,
         templateTimelineVersion: null,
         version: '1',
         width: 1100,
       });
     });
+
     test('should merge columns when event.action is deleted without two extra column names of user.name', () => {
       const timeline = {
         savedObjectId: 'savedObject-1',
@@ -416,38 +417,80 @@ describe('helpers', () => {
         savedObjectId: 'savedObject-1',
         columns: [
           {
+            aggregatable: undefined,
+            category: undefined,
             columnHeaderType: 'not-filtered',
+            description: undefined,
+            example: undefined,
             id: '@timestamp',
+            placeholder: undefined,
+            type: undefined,
             width: 190,
           },
           {
+            aggregatable: undefined,
+            category: undefined,
             columnHeaderType: 'not-filtered',
+            description: undefined,
+            example: undefined,
             id: 'message',
+            placeholder: undefined,
+            type: undefined,
             width: 180,
           },
           {
+            aggregatable: undefined,
+            category: undefined,
             columnHeaderType: 'not-filtered',
+            description: undefined,
+            example: undefined,
             id: 'event.category',
+            placeholder: undefined,
+            type: undefined,
             width: 180,
           },
           {
+            aggregatable: undefined,
+            category: undefined,
             columnHeaderType: 'not-filtered',
+            description: undefined,
+            example: undefined,
             id: 'host.name',
+            placeholder: undefined,
+            type: undefined,
             width: 180,
           },
           {
+            aggregatable: undefined,
+            category: undefined,
             columnHeaderType: 'not-filtered',
+            description: undefined,
+            example: undefined,
             id: 'source.ip',
+            placeholder: undefined,
+            type: undefined,
             width: 180,
           },
           {
+            aggregatable: undefined,
+            category: undefined,
             columnHeaderType: 'not-filtered',
+            description: undefined,
+            example: undefined,
             id: 'destination.ip',
+            placeholder: undefined,
+            type: undefined,
             width: 180,
           },
           {
+            aggregatable: undefined,
+            category: undefined,
             columnHeaderType: 'not-filtered',
+            description: undefined,
+            example: undefined,
             id: 'user.name',
+            placeholder: undefined,
+            type: undefined,
             width: 180,
           },
         ],
@@ -474,7 +517,7 @@ describe('helpers', () => {
         },
         loadingEventIds: [],
         title: '',
-        timelineType: TimelineType.default,
+        timelineType: TimelineType.draft,
         templateTimelineId: null,
         templateTimelineVersion: null,
         noteIds: [],
@@ -642,7 +685,7 @@ describe('helpers', () => {
         },
         loadingEventIds: [],
         title: '',
-        timelineType: TimelineType.default,
+        timelineType: TimelineType.draft,
         templateTimelineId: null,
         templateTimelineVersion: null,
         noteIds: [],

x-pack/plugins/siem/public/components/open_timeline/helpers.ts

@@ -251,6 +251,10 @@ export const queryTimelineById = <TCache>({
   }
 };
 
+export const epicUpdateTimeline = ({ id, timeline }: UpdateTimeline) => [
+  dispatchAddTimeline({ id, timeline }),
+];
+
 export const dispatchUpdateTimeline = (dispatch: Dispatch): DispatchUpdateTimeline => ({
   duplicate,
   id,