Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Endpoint] Show integration type on Response Console header #186855

Merged
merged 22 commits into from
Jun 28, 2024
Merged

[Security Solution][Endpoint] Show integration type on Response Console header #186855

merged 22 commits into from
Jun 28, 2024

Conversation

paul-tavares
Copy link
Contributor

@paul-tavares paul-tavares commented Jun 24, 2024
edited
Loading

Summary

  • Adds information about the integration associated with an agent type, which informs the user which EDR vendor is being used to execute the response action. The following views were updated:
    • Response console
    • Alert Isolation flyout panel headers

Note

The host isolation flyout that is displayed from the Endpoint list page was not updated to show this information about the integration. Thats because from the Endpoint list, a user only sees hosts that are running the Elastic Defend integration, thus there is not need to show the indicator.

Screen captures

Response console:

image

Response Console: long host name

image

Tooltip:

image

From Alerts: Isolate host flyout panel:

image

From Alerts: Release host flyout panel:

image

Checklist

@paul-tavares paul-tavares added release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.15.0 labels Jun 24, 2024
@paul-tavares paul-tavares self-assigned this Jun 24, 2024
@paul-tavares
Copy link
Contributor Author

/ci

@paul-tavares
Copy link
Contributor Author

/ci

paul-tavares
paul-tavares commented Jun 26, 2024
View reviewed changes
...public/management/components/endpoint_responder/components/header_info/header_agent_info.tsx
@@ -55,6 +70,12 @@ export const HeaderAgentInfo = memo<HeaderAgentInfoProps>(
</EuiFlexItem>
</EuiFlexGroup>
</EuiFlexItem>

{agentType && (
Copy link
Contributor Author

@paul-tavares paul-tavares Jun 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI - I don't see a test file for this component and I have marked this one ++ the other two siblings (<AgentInfo> and the sentinelone version of it) for refactor. I think they can be unified into one single component now that we have a single way to show statuses for them. I will add a test file then.

I did, however, added a test to AgentInfo component that validate that the integration info. is present on the rendered view

(see team issue 9783)

@paul-tavares paul-tavares marked this pull request as ready for review June 26, 2024 19:56
@paul-tavares paul-tavares requested a review from a team as a code owner June 26, 2024 19:56
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@paul-tavares paul-tavares requested review from ashokaditya and removed request for parkiino June 26, 2024 19:56
@paul-tavares
Merge remote-tracking branch 'upstream/main' into task/olm-9412-add-a…
57cae2c 
…gent-type-to-console-header

# Conflicts:
#	x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.tsx
#	x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/sentinel_one/header_sentinel_one_info.tsx
ashokaditya
ashokaditya approved these changes Jun 27, 2024
View reviewed changes
Copy link
Member

@ashokaditya ashokaditya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've some suggestions for improvement but this looks great. Thanks for the changes. 🚀

.../public/common/components/endpoint/agents/agent_type_vendor_logo/images/crowdstrike_logo.svg Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can optimize the file size of this svg using https://svgomg.net/. Copy paste the markup and then use the optimized markup version.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ohhhh. Good tip. Will do

.../public/common/components/endpoint/agents/agent_type_vendor_logo/images/sentinelone_logo.svg Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same for this one. We can save about .5 kb altogether

x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.tsx
<EuiSpacer size="s" />
<AgentTypeIntegration
agentType={agentType}
layout="horizontal"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I personally think the vertical layout looks best everywhere. Alternatively, I think just using the ? icon to the right of the logo should be enough and no need to use Integration along with it. 🤔

Screenshot 2024-06-27 at 14 50 23

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For me, the vertical layout did not display correctly in the Flyout header (from alerts). I highlighted this to @elasticusnick on the team's working issue.

Can you add these comments there so that we can discuss with him? its issue 9412

...n/public/common/components/endpoint/agents/agent_type_vendor_logo/agent_type_vendor_logo.tsx Show resolved Hide resolved
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 5535 5541 +6

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.4MB 13.4MB +10.6KB
Unknown metric groups

async chunk count

id before after diff
securitySolution 98 100 +2

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @paul-tavares

tomsonpl
tomsonpl approved these changes Jun 28, 2024
View reviewed changes
Copy link
Contributor

@tomsonpl tomsonpl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 lgtm

@paul-tavares paul-tavares merged commit 41817d0 into elastic:main Jun 28, 2024
37 checks passed
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Jun 28, 2024
@paul-tavares paul-tavares deleted the task/olm-9412-add-agent-type-to-console-header branch June 28, 2024 13:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashokaditya ashokaditya ashokaditya approved these changes

@tomsonpl tomsonpl tomsonpl approved these changes

Assignees

@paul-tavares paul-tavares

Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@paul-tavares @elasticmachine @kibana-ci @ashokaditya @tomsonpl @kibanamachine