From 7f9403a0bb809a6eda83a37abd667d774d12944b Mon Sep 17 00:00:00 2001
From: David Whittaker <dwhittaker@netflix.com>
Date: Wed, 6 Aug 2025 16:01:54 -0700
Subject: [PATCH 1/4] feat(case): allows filtering for security events only

---
 src/dispatch/database/service.py              | 15 +++++++-
 .../dispatch/src/case/TableFilterDialog.vue   | 37 ++++++++++++++++++-
 .../static/dispatch/src/case/store.js         |  1 +
 .../static/dispatch/src/router/utils.js       | 13 +++++++
 .../static/dispatch/src/search/utils.js       | 18 ++++++++-
 5 files changed, 81 insertions(+), 3 deletions(-)

diff --git a/src/dispatch/database/service.py b/src/dispatch/database/service.py
index 459473730011..5a8329be2acb 100644
--- a/src/dispatch/database/service.py
+++ b/src/dispatch/database/service.py
@@ -591,6 +591,7 @@ def common_parameters(
     sort_by: list[str] = Query([], alias="sortBy[]"),
     descending: list[bool] = Query([], alias="descending[]"),
     role: UserRoles = Depends(get_current_role),
+    security_event_only: bool = Query(None, alias="security_event_only"),
 ):
     return {
         "db_session": db_session,
@@ -602,11 +603,15 @@ def common_parameters(
         "descending": descending,
         "current_user": current_user,
         "role": role,
+        "security_event_only": security_event_only,
     }
 
 
 CommonParameters = Annotated[
-    dict[str, int | CurrentUser | DbSession | QueryStr | Json | list[str] | list[bool] | UserRoles],
+    dict[
+        str,
+        int | CurrentUser | DbSession | QueryStr | Json | list[str] | list[bool] | UserRoles | bool,
+    ],
     Depends(common_parameters),
 ]
 
@@ -676,6 +681,7 @@ def search_filter_sort_paginate(
     descending: list[bool] = None,
     current_user: DispatchUser = None,
     role: UserRoles = UserRoles.member,
+    security_event_only: bool = None,
 ):
     """Common functionality for searching, filtering, sorting, and pagination."""
     model_cls = get_class_by_tablename(model)
@@ -712,6 +718,13 @@ def search_filter_sort_paginate(
             else:
                 query = apply_filters(query, filter_spec, model_cls)
 
+        # Handle security_event_only filter for Case model
+        if model == "Case" and security_event_only:
+            # Use NOT EXISTS to find cases that do NOT have signal instances
+            from sqlalchemy import exists
+
+            query = query.filter(~exists().where(SignalInstance.case_id == Case.id))
+
         # Apply tag_all filters using intersect only when necessary
         for filter in tag_all_filters:
             query = query.intersect(filter)
diff --git a/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue b/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue
index 4dac0dc74590..eb74550c0bca 100644
--- a/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue
+++ b/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue
@@ -79,6 +79,18 @@
               />
             </v-card>
           </v-list-item>
+          <v-list-item>
+            <v-card class="mx-auto">
+              <v-card-title>Security Events</v-card-title>
+              <v-card-subtitle>Filter cases based on signal instances</v-card-subtitle>
+              <v-checkbox
+                class="ml-10 mr-5"
+                v-model="local_security_event_only"
+                label="Show only Security Event cases"
+                hint="Show only cases that have signal instances attached"
+              />
+            </v-card>
+          </v-list-item>
         </v-list>
         <v-card-actions>
           <v-spacer />
@@ -92,7 +104,7 @@
 </template>
 
 <script setup>
-import { ref, computed } from "vue"
+import { ref, computed, watch } from "vue"
 import { useStore } from "vuex"
 import { sum } from "lodash"
 
@@ -132,6 +144,7 @@ const local_tag = ref([])
 const local_tag_type = ref([])
 const local_participant = ref(null)
 const local_participant_is_assignee = ref(false)
+const local_security_event_only = ref(false)
 
 const case_priority = computed(
   () => store.state.case_management.table.options.filters.case_priority
@@ -143,6 +156,26 @@ const project = computed(() => store.state.case_management.table.options.filters
 const status = computed(() => store.state.case_management.table.options.filters.status)
 const tag = computed(() => store.state.case_management.table.options.filters.tag)
 const tag_type = computed(() => store.state.case_management.table.options.filters.tag_type)
+const security_event_only = computed(
+  () => store.state.case_management.table.options.filters.security_event_only
+)
+const case_type = computed(() => store.state.case_management.table.options.filters.case_type)
+
+// Initialize local variables when dialog opens
+watch(display, (newValue) => {
+  if (newValue) {
+    local_case_priority.value = case_priority.value || []
+    local_case_severity.value = case_severity.value || []
+    local_selected_case_types.value = case_type.value || []
+    local_project.value = project.value || []
+    local_status.value = status.value || []
+    local_tag.value = tag.value || []
+    local_tag_type.value = tag_type.value || []
+    local_participant.value = null
+    local_participant_is_assignee.value = false
+    local_security_event_only.value = security_event_only.value || false
+  }
+})
 
 const numFilters = computed(() => {
   return sum([
@@ -154,6 +187,7 @@ const numFilters = computed(() => {
     tag.value?.length || 0,
     tag_type.value?.length || 0,
     local_participant.value == null ? 0 : 1,
+    local_security_event_only.value ? 1 : 0,
   ])
 })
 
@@ -181,6 +215,7 @@ const applyFilters = () => {
     tag_type: local_tag_type.value,
     participant: filtered_participant,
     assignee: filtered_assignee,
+    security_event_only: local_security_event_only.value,
   }
 
   // Commit the mutation to update the filters in the Vuex store
diff --git a/src/dispatch/static/dispatch/src/case/store.js b/src/dispatch/static/dispatch/src/case/store.js
index 010b6136f425..a2222f9f9fde 100644
--- a/src/dispatch/static/dispatch/src/case/store.js
+++ b/src/dispatch/static/dispatch/src/case/store.js
@@ -134,6 +134,7 @@ const state = {
           end: null,
         },
         participant: null,
+        security_event_only: false,
       },
       q: "",
       page: 1,
diff --git a/src/dispatch/static/dispatch/src/router/utils.js b/src/dispatch/static/dispatch/src/router/utils.js
index 1cb4f21e4fc6..4ba0524bba0c 100644
--- a/src/dispatch/static/dispatch/src/router/utils.js
+++ b/src/dispatch/static/dispatch/src/router/utils.js
@@ -13,6 +13,13 @@ export default {
         flatFilters = { ...flatFilters, ...{ [startKey]: value.start, [endKey]: value.end } }
         return
       }
+
+      // handle boolean values (like security_event_only)
+      if (typeof value === "boolean") {
+        flatFilters[key] = value
+        return
+      }
+
       each(value, function (item) {
         if (["commander", "participant", "assignee"].includes(key)) {
           if (has(flatFilters, key)) {
@@ -71,6 +78,12 @@ export default {
         }
         return
       }
+
+      // handle boolean values (like security_event_only)
+      if (typeof value === "boolean" || value === "true" || value === "false") {
+        filters[key] = value === "true" || value === true
+        return
+      }
       if (["status"].includes(key)) {
         if (typeof value === "string" || value instanceof String) {
           if (has(filters, key)) {
diff --git a/src/dispatch/static/dispatch/src/search/utils.js b/src/dispatch/static/dispatch/src/search/utils.js
index 993c43e6fcba..2579eb5bc76e 100644
--- a/src/dispatch/static/dispatch/src/search/utils.js
+++ b/src/dispatch/static/dispatch/src/search/utils.js
@@ -29,6 +29,15 @@ export default {
   createParametersFromTableOptions(options, model, rawFilters) {
     let [sortBy, descending] = this.createSortExpression(options.sortBy, options.descending)
     let expression = this.createFilterExpression(options.filters, model)
+
+    // Extract boolean filters (like security_event_only) and pass them as separate parameters
+    let booleanFilters = {}
+    forEach(options.filters, function (value, key) {
+      if (typeof value === "boolean") {
+        booleanFilters[key] = value
+      }
+    })
+
     delete options.filters
     delete options.sortBy
 
@@ -37,12 +46,13 @@ export default {
         expression = { and: [...rawFilters] }
         return {
           ...options,
+          ...booleanFilters,
           sortBy: sortBy,
           descending: descending,
           filter: JSON.stringify(expression),
         }
       } else {
-        return { ...options, sortBy: sortBy, descending: descending }
+        return { ...options, ...booleanFilters, sortBy: sortBy, descending: descending }
       }
     }
 
@@ -54,6 +64,7 @@ export default {
 
     return {
       ...options,
+      ...booleanFilters,
       sortBy: sortBy,
       descending: descending,
       filter: JSON.stringify(expression),
@@ -131,6 +142,11 @@ export default {
             ],
           })
         }
+      } else if (typeof value === "boolean") {
+        // Handle boolean values (like security_event_only)
+        // For boolean filters, we'll pass them as raw filters to be handled by the backend
+        // This is a special case that bypasses the normal filter expression creation
+        return
       } else {
         each(value, function (value) {
           // filter null/undefined values but allow false

From 7d12f7ff2121efc6e976b5b8bf0167deb5c54c5d Mon Sep 17 00:00:00 2001
From: David Whittaker <dwhittaker@netflix.com>
Date: Fri, 29 Aug 2025 17:51:34 -0700
Subject: [PATCH 2/4] cleaning up wording

---
 src/dispatch/static/dispatch/src/case/TableFilterDialog.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue b/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue
index f871a831c90d..fc6530723d3a 100644
--- a/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue
+++ b/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue
@@ -83,7 +83,7 @@
           <v-list-item>
             <v-card class="mx-auto">
               <v-card-title>Security Events</v-card-title>
-              <v-card-subtitle>Filter cases based on signal instances</v-card-subtitle>
+              <v-card-subtitle>Show only cases with a dedicated channel</v-card-subtitle>
               <v-checkbox
                 class="ml-10 mr-5"
                 v-model="local_security_event_only"

From 9de043d8ec650157f8942cd32b88b38a9e0e0251 Mon Sep 17 00:00:00 2001
From: David Whittaker <dwhittaker@netflix.com>
Date: Fri, 29 Aug 2025 17:56:23 -0700
Subject: [PATCH 3/4] moving import to top of file

---
 src/dispatch/database/service.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/dispatch/database/service.py b/src/dispatch/database/service.py
index 5a8329be2acb..32e34f85b739 100644
--- a/src/dispatch/database/service.py
+++ b/src/dispatch/database/service.py
@@ -10,7 +10,7 @@
 from pydantic import Json
 from six import string_types
 from sortedcontainers import SortedSet
-from sqlalchemy import Table, and_, desc, func, not_, or_, orm
+from sqlalchemy import Table, and_, desc, func, not_, or_, orm, exists
 from sqlalchemy.exc import InvalidRequestError, ProgrammingError
 from sqlalchemy.orm import mapperlib, Query as SQLAlchemyQuery
 from sqlalchemy_filters import apply_pagination, apply_sort
@@ -721,8 +721,6 @@ def search_filter_sort_paginate(
         # Handle security_event_only filter for Case model
         if model == "Case" and security_event_only:
             # Use NOT EXISTS to find cases that do NOT have signal instances
-            from sqlalchemy import exists
-
             query = query.filter(~exists().where(SignalInstance.case_id == Case.id))
 
         # Apply tag_all filters using intersect only when necessary

From ecad1778a6e9846858e5a34878fe819551b57714 Mon Sep 17 00:00:00 2001
From: David Whittaker <dwhittaker@netflix.com>
Date: Fri, 29 Aug 2025 18:01:19 -0700
Subject: [PATCH 4/4] fixing hint text

---
 src/dispatch/static/dispatch/src/case/TableFilterDialog.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue b/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue
index fc6530723d3a..19bdd1fa42e9 100644
--- a/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue
+++ b/src/dispatch/static/dispatch/src/case/TableFilterDialog.vue
@@ -88,7 +88,7 @@
                 class="ml-10 mr-5"
                 v-model="local_security_event_only"
                 label="Show only Security Event cases"
-                hint="Show only cases that have signal instances attached"
+                hint="Show only cases that have a dedicated channel"
               />
             </v-card>
           </v-list-item>