[Security Solution][Alert table] Fix alert table refresh with bulk action

[christineweng]

Summary

Currently components outside of alert table do not refresh after changing status with bulk action. This PR adds global query refresh in bulk actions

• [Security Solution] [Bug] [Serverless] Empty drop down shown for the alerts when all the alerts are marked as 'Closed' when grouped by rule name #183025

No grouping

Screen.Recording.2024-05-16.at.2.32.14.PM.mov

Grouping

Screen.Recording.2024-05-16.at.2.33.09.PM.mov

[christineweng]

/ci

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

[PhilippeOberti]

desk tested and the fix works perfectly! I left a couple of small comments on the code

[logeekal]

@christineweng, Left one comment. Let me know what you think. If needed, we can discuss it offline as well.

[logeekal]

Do you think, instead of passing a new prop to trigger actions table, we can make use of onUpdate prop?

We can may be trigger customRefetch everytime the table is updated? But I think there might be cases which it will get into infinite render loop.

Alternatively, I would ask you to take a look at below file. It creates bulk actions and passes to the Alert Table. May be here we can call global query refetch directly. This might keep refetch responsibilities well separated and we will probably avoid unintended re-renders.

kibana/x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/use_bulk_actions.tsx

Lines 59 to 65 in b0f8ee7

	export const getBulkActionHook =
	(tableId: TableId): AlertsTableConfigurationRegistry['useBulkActions'] =>
	(query, refresh) => {
	const { from, to } = useGlobalTime();
	const filters = useMemo(() => {
	return getFiltersForDSLQuery(query);

Let me know what you think.

[christineweng]

@logeekal thank you for pointing me to this file! i have moved the logic to this hook and under alert actions. it should refresh the global queries only when alert status changes

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 70db853

Failed CI Steps

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	15.2MB	15.2MB	+162.0B

History

• 💚 Build #210580 succeeded 6e1d61e

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @christineweng

[logeekal]

Okay so Code looks good and Desk Testing works great. Thank you very much for making these changes.

Consider adding at least one cypress tests, may be for KPIs visualization which will make sure that this issue does not occur again.

[christineweng]

Consider adding at least one cypress tests, may be for KPIs visualization which will make sure that this issue does not occur again.

Good call. I realized we don't have a lot of cypress coverage for the KPI charts.. created a ticket for it