[Security Solution] [Endpoint] Allow filtering activity log with date range

[ashokaditya]

Summary

Allow users to fetch activity logs where actions and responses have a timestamp >= start date, <= end date or with a date range where start and end dates are included.

Changes:
Frontend

• Added date range filter within the activity log flyout tab
• The date range picker sticks to the bottom of the flyout header
• Asks for data whenever a start date, end date or both is selected
• Ignores data fetch when end date is older than start date, i.e, if the date towards the end of the range is not greater than that in the start of the range. We call this invalid date ranges. Also doesn't make API request if paging is disabled.
• Pagination is reset when dates are selected and progresses on scroll.
• Pagination is not reset if date ranges are invalid.
• Activity log shows nothing (not empty state) if date filters result in an empty list of actions and responses.
• The date ranges are stored in the redux store under activityLog.paging

Backend

• assumes that either start_date or end_date are present in the request query.
• If start_date or end_date are present in the request query then elasticsearch query uses { range: { '@timestamp': { gte: startDate } } } and { range: { '@timestamp': { lte: endDate } } } respectively to query with those params.
• The response returns the queried startDate, endDate or both, that is used to update the redux store in the frontend.

Clip

Checklist

Delete any items that are not applicable to this PR.

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Unit or functional tests were updated or added to match the most common scenarios
• Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
• This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
• This was checked for cross-browser compatibility

Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.

When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:

Risk	Probability	Severity	Mitigation/Notes
Multiple Spaces—unexpected behavior in non-default Kibana Space.	Low	High	Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces.
Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks.	High	Low	Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure.
Code should gracefully handle cases when feature X or plugin Y are disabled.	Medium	High	Unit tests will verify that any feature flag or plugin combination still results in our service operational.
See more potential risk examples

[kevinlog]

@ashokaditya - looks great! Since this is a new feature that isn't budgeted in the test plan, we'll delay it to 7.15. I just removed the 7.14 label.

[elasticmachine]

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

[dasansol92]

That looks awesome!! A few comments added but it looks like a very good job so far! 🔥

[dasansol92]

Are you using all the translations there? Otherwise you should import just the needed ones

[ashokaditya]

it's just the two translations, but they are deep nested within the export object.

[ashokaditya]

@elasticmachine merge upstream

[ashokaditya]

@elasticmachine merge upstream

[dasansol92]

Few more comments added after the changes but in any case, this is looking 🔥

[ashokaditya]

@elasticmachine merge upstream

[dasansol92]

One last thing. I checked it locally and seems the date range inside the input is a little bit covered by the clear button.

Apart from that, when the search doesn't return any result the Nothing more to show text is outside the windows view and I've to scroll a bit to see that, so for a user perspective seems there is something wrong till it scroll down a bit:

[ashokaditya]

One last thing. I checked it locally and seems the date range inside the input is a little bit covered by the clear button.

Can't do much about that except create a ticket in the Eui repo for it. It's how the date picker works.

Apart from that, when the search doesn't return any result the Nothing more to show text is outside the windows view and I've to scroll a bit to see that, so for a user perspective seems there is something wrong till it scroll down a bit:

I see your point but I think this is okay. I'll make a tiny fix anyway so that we show this message right below the dates. Although I think it is okay as it is, and follows the same pattern when there's a small list of actions/responses then users have to scroll down to see that there's nothing more to see. I guess we can improve the UX or make it consistent later.

[ashokaditya]

@elasticmachine merge upstream

[dasansol92]

One last thing. I checked it locally and seems the date range inside the input is a little bit covered by the clear button.

Can't do much about that except create a ticket in the Eui repo for it. It's how the date picker works.

• I think this is because the inputs are too small, can we increase the input width?

Apart from that, when the search doesn't return any result the Nothing more to show text is outside the windows view and I've to scroll a bit to see that, so for a user perspective seems there is something wrong till it scroll down a bit:

I see your point but I think this is okay. I'll make a tiny fix anyway so that we show this message right below the dates. Although I think it is okay as it is, and follows the same pattern when there's a small list of actions/responses then users have to scroll down to see that there's nothing more to see. I guess we can improve the UX or make it consistent later.

• Yeah, I think that make sense when there are few results and you have to scroll a bit, but when there is no results it feels weird having a full blank page and when you scroll then the message appears.

[ashokaditya]

One last thing. I checked it locally and seems the date range inside the input is a little bit covered by the clear button.

Can't do much about that except create a ticket in the Eui repo for it. It's how the date picker works.

• I think this is because the inputs are too small, can we increase the input width?

set fullWidth={true} for the date range component will allow it to take the full width of the container. Let's do that.

[ashokaditya]

done @dasansol92

large screen

small screen

[dasansol92]

This looks awesome! Shiiiip this! 🔥 🚢 🥳
PD: About full width input, I found this mockups in figma with a full width input -> https://www.figma.com/file/BeTJy7bpHRPtHiNJtWU7Pj/OLM-7.12%2B?node-id=4835%3A558081

[ashokaditya]

This looks awesome! Shiiiip this! 🔥 🚢 🥳
PD: About full width input, I found this mockups in figma with a full width input -> https://www.figma.com/file/BeTJy7bpHRPtHiNJtWU7Pj/OLM-7.12%2B?node-id=4835%3A558081

Nice. I somehow missed that mock. 😅 I was looking at the earlier version where there's also a search bar.

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: 7ff3230
• Storybooks Preview

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
securitySolution	2205	2206	+1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	6.3MB	6.3MB	+6.0KB

History

• 💔 Build #137523 failed 3b52416
• 💚 Build #137217 succeeded 9af99dc
• 💔 Build #137206 failed 169d267
• 💔 Build #137182 failed 6f8e62d
• 💚 Build #137140 succeeded d9a27dd

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @ashokaditya

[kibanamachine]

💚 Backport successful

Status	Branch	Result
✅	7.x

This backport PR will be merged automatically after passing CI.