diff --git a/x-pack/legacy/plugins/siem/public/components/page/add_to_kql/__snapshots__/index.test.tsx.snap b/x-pack/legacy/plugins/siem/public/components/page/add_to_kql/__snapshots__/index.test.tsx.snap index 91f29aaf2a7fa2..a3d7e80d35d89f 100644 --- a/x-pack/legacy/plugins/siem/public/components/page/add_to_kql/__snapshots__/index.test.tsx.snap +++ b/x-pack/legacy/plugins/siem/public/components/page/add_to_kql/__snapshots__/index.test.tsx.snap @@ -14,7 +14,7 @@ exports[`AddToKql Component Rendering 1`] = ` > { filterQuery: { kuery: { kind: 'kuery', - expression: 'host.name: siem-kibana', + expression: 'host.name: "siem-kibana"', }, serializedQuery: - '{"bool":{"should":[{"match":{"host.name":"siem-kibana"}}],"minimum_should_match":1}}', + '{"bool":{"should":[{"match_phrase":{"host.name":"siem-kibana"}}],"minimum_should_match":1}}', }, filterQueryDraft: { kind: 'kuery', - expression: 'host.name: siem-kibana', + expression: 'host.name: "siem-kibana"', }, }); }); @@ -173,14 +173,14 @@ describe('AddToKql Component', () => { filterQuery: { kuery: { kind: 'kuery', - expression: 'host.name: siem-kibana', + expression: 'host.name: "siem-kibana"', }, serializedQuery: - '{"bool":{"should":[{"match":{"host.name":"siem-kibana"}}],"minimum_should_match":1}}', + '{"bool":{"should":[{"match_phrase":{"host.name":"siem-kibana"}}],"minimum_should_match":1}}', }, filterQueryDraft: { kind: 'kuery', - expression: 'host.name: siem-kibana', + expression: 'host.name: "siem-kibana"', }, }); }); diff --git a/x-pack/legacy/plugins/siem/public/components/page/hosts/hosts_table/columns.tsx b/x-pack/legacy/plugins/siem/public/components/page/hosts/hosts_table/columns.tsx index 1b72601a8cef2e..3391091b801c49 100644 --- a/x-pack/legacy/plugins/siem/public/components/page/hosts/hosts_table/columns.tsx +++ b/x-pack/legacy/plugins/siem/public/components/page/hosts/hosts_table/columns.tsx @@ -57,7 +57,7 @@ export const getHostsColumns = ( ) : ( @@ -106,7 +106,7 @@ export const getHostsColumns = ( return ( @@ -128,7 +128,7 @@ export const getHostsColumns = ( return ( diff --git a/x-pack/legacy/plugins/siem/public/components/page/network/domains_table/columns.tsx b/x-pack/legacy/plugins/siem/public/components/page/network/domains_table/columns.tsx index c0342eca08b47b..24820b637d388e 100644 --- a/x-pack/legacy/plugins/siem/public/components/page/network/domains_table/columns.tsx +++ b/x-pack/legacy/plugins/siem/public/components/page/network/domains_table/columns.tsx @@ -106,7 +106,7 @@ export const getDomainsColumns = ( key={escapeDataProviderId( `${tableId}-table-${flowTarget}-${flowDirection}-direction-${direction}` )} - expression={`network.direction: "${escapeQueryValue(direction)}"`} + expression={`network.direction: ${escapeQueryValue(direction)}`} type={type} componentFilterType={'network'} > diff --git a/x-pack/legacy/plugins/siem/public/lib/keury/index.test.ts b/x-pack/legacy/plugins/siem/public/lib/keury/index.test.ts index 889ff480cd8dde..4e2b11b24e5a98 100644 --- a/x-pack/legacy/plugins/siem/public/lib/keury/index.test.ts +++ b/x-pack/legacy/plugins/siem/public/lib/keury/index.test.ts @@ -22,7 +22,7 @@ describe('Kuery escape', () => { it('should escape special characters', () => { const value = `This \\ has (a lot of) characters, don't you *think*? "Yes."`; - const expected = `This \\\\ has \\(a lot of\\) \\ characters, don't you \\*think\\*? \\"Yes.\\"`; + const expected = `This \\ has (a lot of) characters, don't you *think*? \\"Yes.\\"`; expect(escapeKuery(value)).to.be(expected); }); @@ -51,8 +51,8 @@ describe('Kuery escape', () => { }); it('should escape both keywords and special characters', () => { - const value = 'Hello, world, and to meet you!'; - const expected = 'Hello, world, \\and \\ to meet you!'; + const value = 'Hello, "world", and to meet you!'; + const expected = 'Hello, \\"world\\", \\and to meet you!'; expect(escapeKuery(value)).to.be(expected); }); diff --git a/x-pack/legacy/plugins/siem/public/lib/keury/index.ts b/x-pack/legacy/plugins/siem/public/lib/keury/index.ts index c8c4319eeb1344..9cbe17ee6eb37e 100644 --- a/x-pack/legacy/plugins/siem/public/lib/keury/index.ts +++ b/x-pack/legacy/plugins/siem/public/lib/keury/index.ts @@ -28,7 +28,7 @@ export const escapeQueryValue = (val: number | string = ''): string | number => if (isEmpty(val)) { return '""'; } - return val.split(' ').length > 1 ? `"${escapeKuery(val)}"` : escapeKuery(val); + return `"${escapeKuery(val)}"`; } return val; @@ -52,7 +52,7 @@ const escapeWhitespace = (val: string) => .replace(/\n/g, '\\n'); // See the SpecialCharacter rule in kuery.peg -const escapeSpecialCharacters = (val: string) => val.replace(/[\\():<>"*]/g, '\\$&'); // $& means the whole matched string +const escapeSpecialCharacters = (val: string) => val.replace(/["]/g, '\\$&'); // $& means the whole matched string // See the Keyword rule in kuery.peg const escapeAndOr = (val: string) => val.replace(/(\s+)(and|or)(\s+)/gi, '$1\\$2$3'); diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/details/utils.ts b/x-pack/legacy/plugins/siem/public/pages/hosts/details/utils.ts index cd4239f00cac7f..f1c393dec04c70 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/details/utils.ts +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/details/utils.ts @@ -75,7 +75,7 @@ export const getFilterQuery = ( : '' : convertKueryToElasticSearchQuery( `${filterQueryExpression} ${ - hostName ? `and host.name: "${escapeQueryValue(hostName)}"` : '' + hostName ? `and host.name: ${escapeQueryValue(hostName)}` : '' }`, indexPattern ); diff --git a/x-pack/legacy/plugins/siem/public/pages/hosts/helpers.ts b/x-pack/legacy/plugins/siem/public/pages/hosts/helpers.ts index 35dd9b865d56c5..03d84c032c024c 100644 --- a/x-pack/legacy/plugins/siem/public/pages/hosts/helpers.ts +++ b/x-pack/legacy/plugins/siem/public/pages/hosts/helpers.ts @@ -16,9 +16,9 @@ export const getHostDetailsEventsKqlQueryExpression = ({ }): string => { if (filterQueryExpression.length) { return `${filterQueryExpression}${ - hostName.length ? ` and host.name: "${escapeQueryValue(hostName)}"` : '' + hostName.length ? ` and host.name: ${escapeQueryValue(hostName)}` : '' }`; } else { - return hostName.length ? `host.name: "${escapeQueryValue(hostName)}"` : ''; + return hostName.length ? `host.name: ${escapeQueryValue(hostName)}` : ''; } };