Remove redundant CTI fields from client request

These are currently hardcoded on the backend of the events/all query (via TIMELINE_EVENTS_FIELDS); declaring them on both ends is arguably confusing, and we're going with YAGNI for now.
elastic · Apr 12, 2021 · adc2993 · adc2993
1 parent d703fb4
commit adc2993
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 5 deletions.
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
@@ -15,7 +15,6 @@ import { Filter, esQuery } from '../../../../../../../src/plugins/data/public';
 import { TimelineIdLiteral } from '../../../../common/types/timeline';
 import { useAppToasts } from '../../../common/hooks/use_app_toasts';
 import { StatefulEventsViewer } from '../../../common/components/events_viewer';
-import { REQUIRED_INDICATOR_MATCH_FIELDS } from '../../../../common/cti/constants';
 import { HeaderSection } from '../../../common/components/header_section';
 import { combineQueries } from '../../../timelines/components/timeline/helpers';
 import { useKibana } from '../../../common/lib/kibana';
@@ -309,10 +308,7 @@ export const AlertsTableComponent: React.FC<AlertsTableComponentProps> = ({
       id: timelineId,
       loadingText: i18n.LOADING_ALERTS,
       selectAll: false,
-      // TODO in the future, our alerts timeline fields should be derived from the
-      // fields required by enabled row renderers and other functionality; for now we unconditionally
-      // add the superset of fields.
-      queryFields: [...requiredFieldsForActions, ...REQUIRED_INDICATOR_MATCH_FIELDS],
+      queryFields: requiredFieldsForActions,
       title: '',
     });
     // eslint-disable-next-line react-hooks/exhaustive-deps

diff --git a/...plugins/security_solution/server/search_strategy/timeline/factory/events/all/constants.ts b/...plugins/security_solution/server/search_strategy/timeline/factory/events/all/constants.ts
@@ -232,5 +232,8 @@ export const TIMELINE_EVENTS_FIELDS = [
   'zeek.ssl.established',
   'zeek.ssl.resumed',
   'zeek.ssl.version',
+  // TODO in the future, our alerts timeline fields should be derived from the
+  // fields required by enabled row renderers and other functionality; for now we unconditionally
+  // add the superset of fields.
   ...REQUIRED_INDICATOR_MATCH_FIELDS,
 ];