Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detection & Response] Open alerts by Rule #129021

Merged
merged 18 commits into from
Apr 14, 2022
Merged

[Security Solution][Detection & Response] Open alerts by Rule #129021

merged 18 commits into from
Apr 14, 2022

Conversation

semd
Copy link
Contributor

@semd semd commented Mar 31, 2022
edited
Loading

Summary

#128478

Implementation of the "Open alerts by Rule" table:

  • The last alert time is the timestamp of the last alert that the Rule has ingested.
  • The table sort priority is "Severity" (critical, high, medium, low) and "Alert count" as second-level sorting.
  • Showing the top 4 rules.

Implementation:

  • Aggregation query and wire it to the globalTime queries
  • Print the table with the top 4 rules
  • Show rule row links to navigate to rule detail and alerts page filtered by rule
  • Use toggle query for the section
  • Use inspect query button
  • Button to navigate to open alerts
rule_alerts_table_demo.mov

To test locally enable:

xpack.securitySolution.enableExperimental: ['detectionResponseEnabled']
on your kibana.dev.yml.

Checklist

Delete any items that are not applicable to this PR.

@semd semd added backport:skip This commit does not require backporting Team:Threat Hunting Security Solution Threat Hunting Team release_note:feature Makes this part of the condensed release notes Team:Threat Hunting:Explore v8.3.0 labels Mar 31, 2022
@semd semd self-assigned this Mar 31, 2022
@semd semd marked this pull request as ready for review April 5, 2022 09:39
@semd semd requested a review from a team as a code owner April 5, 2022 09:39
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@YulNaumenko YulNaumenko self-requested a review April 5, 2022 17:30
oatkiller
oatkiller reviewed Apr 6, 2022
View reviewed changes
...lution/public/overview/components/detection_response/rule_alerts_table/rule_alerts_table.tsx Outdated
<EuiSpacer size="m" />
<EuiButton
onClick={() => {
navigateTo({ deepLinkId: SecurityPageName.alerts });
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this is navigating, could it be an a?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean? This is this button:

view_alerts_button

@semd
Copy link
Contributor Author

semd commented Apr 11, 2022

@elasticmachine merge upstream

angorayc
angorayc reviewed Apr 11, 2022
View reviewed changes
x-pack/plugins/security_solution/public/overview/components/detection_response/util.tsx
updatedAt: number;
isUpdating: boolean;
}
export const LastUpdatedAt: React.FC<LastUpdatedAtProps> = ({ isUpdating, updatedAt }) => (
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good stuff, we can all use this for subtitle 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😊 yes

@semd
Copy link
Contributor Author

semd commented Apr 13, 2022

@elasticmachine merge upstream

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 2766 2771 +5

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 4.8MB 4.8MB +5.1KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 248.2KB 248.0KB -231.0B
Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 446 447 +1

Total ESLint disabled count

id before after diff
securitySolution 515 516 +1

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @semd

YulNaumenko
YulNaumenko approved these changes Apr 13, 2022
View reviewed changes
Copy link
Contributor

@YulNaumenko YulNaumenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@semd semd merged commit 2887930 into elastic:main Apr 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oatkiller oatkiller oatkiller left review comments

@angorayc angorayc angorayc approved these changes

@jamster10 jamster10 jamster10 approved these changes

@YulNaumenko YulNaumenko YulNaumenko approved these changes

Assignees

@semd semd

Labels
backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team v8.3.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@semd @elasticmachine @kibana-ci @oatkiller @angorayc @jamster10 @YulNaumenko @kibanamachine