[Security Solution][Bug] Alerts type discrepancy and ui improvements #150504
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
christineweng
added
release_note:skip
christineweng
changed the title
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
[CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'
christineweng
force-pushed
the
BUG-alert-charts
branch
from
ed9a804
to
2101500
Compare
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
jamster10
approved these changes
Feb 8, 2023
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Feb 8, 2023
…lastic#150504) This PR addresses the following: #### Bug fix elastic#150278 described a discrepancy between total alert count in alert by type chart and everywhere else on alerts page. This is due to `event.type` being a multi-select, if an alert has 3 event types (i.e. creation, info, denied), it is counted 3 times on alert by type graph. This logic is now updated to categorize an alert once - if `denied` event type exists, such event count => `Prevention` - total alert count - prevention count => `Detection`. #### UI improvements - Top alerts chart no longer shows `Other` when number of grouping is less than 10 per elastic#150242 (comment)  - Changed `EmptyDonutChart`'s background based on dark/light mode Before -> After  - Loading spinner for donut chart was not showing, it is now fixed  --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit 2846b8c)
kibanamachine
added a commit
that referenced
this pull request
Feb 9, 2023
…ments (#150504) (#150649) # Backport This will backport the following commits from `main` to `8.7`: - [[Security Solution][Bug] Alerts type discrepancy and ui improvements (#150504)](#150504) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"christineweng","email":"18648970+christineweng@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-02-08T22:40:49Z","message":"[Security Solution][Bug] Alerts type discrepancy and ui improvements (#150504)\n\nThis PR addresses the following:\r\n\r\n#### Bug fix\r\nhttps://github.com//issues/150278 described a discrepancy\r\nbetween total alert count in alert by type chart and everywhere else on\r\nalerts page. This is due to `event.type` being a multi-select, if an\r\nalert has 3 event types (i.e. creation, info, denied), it is counted 3\r\ntimes on alert by type graph. This logic is now updated to categorize an\r\nalert once\r\n- if `denied` event type exists, such event count => `Prevention`\r\n- total alert count - prevention count => `Detection`.\r\n\r\n#### UI improvements\r\n- Top alerts chart no longer shows `Other` when number of grouping is\r\nless than 10 per\r\nhttps://github.com//pull/150242#issuecomment-1419628829\r\n\r\n\r\n- Changed `EmptyDonutChart`'s background based on dark/light mode \r\nBefore -> After\r\n\r\n\r\n- Loading spinner for donut chart was not showing, it is now fixed\r\n\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"2846b8c27cf7da5a9e5c8152177376fdb8d2cffe","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat Hunting","Team: SecuritySolution","Team:Threat Hunting:Investigations","v8.7.0","v8.8.0"],"number":150504,"url":"#150504 Solution][Bug] Alerts type discrepancy and ui improvements (#150504)\n\nThis PR addresses the following:\r\n\r\n#### Bug fix\r\nhttps://github.com//issues/150278 described a discrepancy\r\nbetween total alert count in alert by type chart and everywhere else on\r\nalerts page. This is due to `event.type` being a multi-select, if an\r\nalert has 3 event types (i.e. creation, info, denied), it is counted 3\r\ntimes on alert by type graph. This logic is now updated to categorize an\r\nalert once\r\n- if `denied` event type exists, such event count => `Prevention`\r\n- total alert count - prevention count => `Detection`.\r\n\r\n#### UI improvements\r\n- Top alerts chart no longer shows `Other` when number of grouping is\r\nless than 10 per\r\nhttps://github.com//pull/150242#issuecomment-1419628829\r\n\r\n\r\n- Changed `EmptyDonutChart`'s background based on dark/light mode \r\nBefore -> After\r\n\r\n\r\n- Loading spinner for donut chart was not showing, it is now fixed\r\n\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"2846b8c27cf7da5a9e5c8152177376fdb8d2cffe"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"#150504 Solution][Bug] Alerts type discrepancy and ui improvements (#150504)\n\nThis PR addresses the following:\r\n\r\n#### Bug fix\r\nhttps://github.com//issues/150278 described a discrepancy\r\nbetween total alert count in alert by type chart and everywhere else on\r\nalerts page. This is due to `event.type` being a multi-select, if an\r\nalert has 3 event types (i.e. creation, info, denied), it is counted 3\r\ntimes on alert by type graph. This logic is now updated to categorize an\r\nalert once\r\n- if `denied` event type exists, such event count => `Prevention`\r\n- total alert count - prevention count => `Detection`.\r\n\r\n#### UI improvements\r\n- Top alerts chart no longer shows `Other` when number of grouping is\r\nless than 10 per\r\nhttps://github.com//pull/150242#issuecomment-1419628829\r\n\r\n\r\n- Changed `EmptyDonutChart`'s background based on dark/light mode \r\nBefore -> After\r\n\r\n\r\n- Loading spinner for donut chart was not showing, it is now fixed\r\n\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"2846b8c27cf7da5a9e5c8152177376fdb8d2cffe"}}]}] BACKPORT--> Co-authored-by: christineweng <18648970+christineweng@users.noreply.github.com>
\r\n-){kind=link}
\r\n-){kind=link}
\r\n\r\n---------\r\n\r\nCo-authored-by){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR addresses the following:
Bug fix
#150278 described a discrepancy between total alert count in alert by type chart and everywhere else on alerts page. This is due to
event.typebeing a multi-select, if an alert has 3 event types (i.e. creation, info, denied), it is counted 3 times on alert by type graph. This logic is now updated to categorize an alert oncedeniedevent type exists, such event count =>PreventionDetection.Before
After
UI improvements
Otherwhen number of grouping is less than 10 per [Security Solution] Alert page charts new layout and chart collapse #150242 (comment)EmptyDonutChart's background based on dark/light modeBefore -> After