-
Notifications
You must be signed in to change notification settings - Fork 8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SecuritySolution][Endpoint][Response Actions] Scan
response actions history and errors
#186284
[SecuritySolution][Endpoint][Response Actions] Scan
response actions history and errors
#186284
Conversation
Also shows general action failed message that was not showing up after adding logic to show errors for actions that were not sent to fleet. refs elastic/pull/155254
/ci |
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
const command = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[_command]; | ||
|
||
if (errors?.length) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This logic was breaking the failed status on history. I'll add tests for it.
c967201
to
63db37d
Compare
Both errors and output codes should be visible when action failed instead of one or the other.
a5b7255
to
e5df51c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some feedback that I would like to hear from you on. I may also suggest some more unit tests to validate all of the code path conditions, but will hold off until I hear from you on the feedback provided
...ic/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx
Outdated
Show resolved
Hide resolved
return ( | ||
<> | ||
{OUTPUT_MESSAGES.hasFailed(command)} | ||
<> | ||
{/* if has outputs and was not successful, show error code message for each agent */} | ||
{outputs && | ||
agents.map( | ||
(agentId) => | ||
outputs[agentId] && | ||
hasKnownErrorCode(outputs[agentId]) && ( | ||
<div key={outputs[agentId].content.code}> | ||
<EuiSpacer size="s" /> | ||
<EndpointActionFailureMessage | ||
action={action} | ||
isConsoleOutput={false} | ||
data-test-subj={getTestId('failureMessage')} | ||
/> | ||
</div> | ||
) | ||
)} | ||
{/* if there are errors, show them as well*/} | ||
{!!errors?.length && | ||
errors.map((error) => ( | ||
<div key={error}> | ||
<EuiSpacer size="s" /> | ||
<EuiFlexItem>{error}</EuiFlexItem> | ||
</div> | ||
))} | ||
</> | ||
</> | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why make this so complicated?
IMO, this here should just be:
if (!wasSuccessful) {
return (
<div>
<EuiSpacer size="s" />
<EndpointActionFailureMessage
action={action}
isConsoleOutput={false}
data-test-subj={getTestId('failureMessage')}
/>
</div>
}
All logic to display the error should be encapsulated into the <EndpointActionFailureMessage>
component.
Also,
Since we are now going to use the EndpointActionFailureMessage>
component here in the History log, its the first time that the component might have errors from Multiple agents, so please enhance it so that it correctly display it for multiple agents. Example:
<div>
Host __HOST_NAME__: ___HOST_ERROR___
</div>
<div>
Host __HOST_NAME__: ___HOST_ERROR___
</div>
(or just implement a better UI for it - but essentially: each error should be listed under the respective agent host name that reported it)
The Prefix or host "label" should only be shown when the action was sent to multiple agents - else just show the error.
Also - careful in showing the action.errors: []
array in addition to the errors from each host. The errors
array is (if I remember correctly) just a list of errors that each agent returned, so you likely will be showing duplicate information.
Just to recap:
- the
<EndpointActionFailureMessage>
component should be responsible for formatting all errors from the agents that the action was sent to - When the action was sent to multiple agents, each error should be listed under a label showing the host name
Let me know if this makes sense and your thoughts on it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the suggestion. Yeah that makes sense.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done b4bb1af
...ic/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx
Outdated
Show resolved
Hide resolved
...ic/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx
Outdated
Show resolved
Hide resolved
review changes
23e772b
to
b4bb1af
Compare
...ic/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx
Outdated
Show resolved
Hide resolved
|
||
// Determine if each endpoint returned a response code and if so, | ||
// see if we have a localized message for it | ||
if (action.outputs) { | ||
// if there are multiple agents, we need to show the outputs/error message for each agent | ||
if (action.outputs || (action.errors && action.errors.length)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you add tests for this component that validates the different conditions implemented.
(I actually thought we had tests for it, but maybe it was only the component that first implemented it 🤔 )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (!allAgentErrors.length) { | ||
return null; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should return a default error here - I see you removed the prior implementation. Maybe add it back and change the message to Unknown error
??
Reasoning: if we reached this point in the component (got passed line 38, then the action is at error, so we should display something in the UI or else the user will not really see anything (also - we devs would have a hard time debugging issues like this if it was to come in via an SDH).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh yeah I missed that. We agreed on the reasoning earlier. I'll add it back.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for all the changes
import { EndpointActionGenerator } from '../../../../common/endpoint/data_generators/endpoint_action_generator'; | ||
import { EndpointActionFailureMessage } from './endpoint_action_failure_message'; | ||
|
||
describe('EndpointActionFailureMessage', () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you 👍
…om:ashokaditya/kibana into task/dw-scan-response-actions-history-9213
...management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm again 👍
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Module Count
Async chunks
History
To update your PR or re-run it, just comment with: cc @ashokaditya |
Summary
Adds missing tests for showing
scan
response action history. Also improves on showing failure messages for actions that were created and sent to Endpoint. As a failed action may have output error codes and a list of error messages this change is going to show both or either depending on the data. Additionally, the changes in the PR handles error messages for multiple agents.History Log
Console
Mutli agent response history page with errors
Screenclip (older than screenshots)
Checklist