Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce hook to rediect to alerts page from within security solution and implement in Detection Response dashboard #152714

Merged
merged 12 commits into from Mar 21, 2023
Merged

Introduce hook to rediect to alerts page from within security solution and implement in Detection Response dashboard #152714

merged 12 commits into from Mar 21, 2023

Conversation

jamster10
Copy link
Contributor

@jamster10 jamster10 commented Mar 6, 2023
edited

Summary

Built upon @logeekal 's work, this PR adds the ability to navigate to the Alerts page with filters from anywhere within the application and thus requires the feature flag alertsPageFiltersEnabled

  1. Hook for navigation:
    useNavigateToAlertsPageWithFilters returns a function that takes FilterItemObj | FilterItemObj[] and navigates the user to the Alert page.

  2. Update Detection & Response :
    The dashboard has been updated to implement the above feature for all widgets with alert data: [SecuritySolution] Link to alerts page with certain filters applied #149022 - Also affecting the Host and User explore pages (alerts by Severity)

NOTE: Alerts by Severity is only affected with chartEmbeddablesEnabled DISABLED
Recording 2023-03-08 at 21 38 55

  1. Update DonutChart to take ownership of its onElementClick. It now takes a prop onDonutPartitionClicked that provides the name of the donut segment clicked.

Checklist

Delete any items that are not applicable to this PR.

@jamster10 jamster10 force-pushed the 149022-redirect-to-alerts-page-from-dashboards branch from dff3815 to f42eb8b Compare March 6, 2023 19:28
logeekal
logeekal reviewed Mar 8, 2023
View reviewed changes
...lution/public/overview/components/detection_response/user_alerts_table/user_alerts_table.tsx
fieldName: 'kibana.alert.severity',
},
]
: []),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jamster10

[] array is not a valid value for a page filter type, so in this case if we want to select alerts of all severities then we should be adding severity page filter with selected options as empty array ([]) so that system knows that no value needs to be selected.

Suggested change
: []),
: [
{
title: 'Severity',
selectedOptions: [],
fieldName: 'kibana.alert.severity',
}
]),

Copy link
Contributor Author

@jamster10 jamster10 Mar 9, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @logeekal , I don't think this is problematic :P
The whole block starts with the spread operator:

...

...(severity
          ? [
              {
                title: 'Severity',
                selectedOptions: [severity],
                fieldName: 'kibana.alert.severity',
              },
            ]
          : [])

So the existence of severity determines which array gets spread. if the empty array gets spread ( ...[]) this results in nothing being added to the outer array as there is nothing to iterate over.

Quick article on it

@jamster10 jamster10 self-assigned this Mar 9, 2023
@jamster10 jamster10 added release_note:enhancement Team:Threat Hunting Security Solution Threat Hunting Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Explore v8.8.0 labels Mar 9, 2023
@jamster10 jamster10 linked an issue Mar 9, 2023 that may be closed by this pull request
[SecuritySolution] Link to alerts page with certain filters applied #149022
Open
@jamster10 jamster10 marked this pull request as ready for review March 9, 2023 18:45
@jamster10 jamster10 requested review from a team as code owners March 9, 2023 18:45
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@jamster10 jamster10 changed the title initial working redirect to alerts state Introduce hook to rediect to alerts page from within security solution and implement in Detection Response dashboard Mar 10, 2023
@michaelolo24
Copy link
Contributor

I'm also noticing behavior that after clicking through to open the alerts page within a given filter (i.e open) and then returning to the detections and response dashboard to do it again with a different filter (i.e. acknowledged) the filters flicker from the new one acknowledged back to what was previously set open. Fyi @logeekal, I'm thinking this might be an issue with how the filters are saved on that page rather than the implementation here

@jamster10
Copy link
Contributor Author

I'm also noticing behavior that after clicking through to open the alerts page within a given filter ...

Thanks for catching that, I should have noted it in the Summary. We traced it down to here:

src/plugins/controls/public/control_group/control_group_renderer.tsx

it uses a hook called useLifecycle
Notice in its onMount section is where a passed prop us usedgetCreationOptions . So the getCreationOptions` function gets called only once, on mount, and never again. Which is problematic if its parent rerenders.

Anyway, Jatin refactored

x-pack/plugins/security_solution/public/common/components/filter_group/index.tsx

with a solution, so main has it working correctly. I did need to update my branch though 🤦

Kristof-Pierre Cummings and others added 5 commits March 16, 2023 12:38
@jamster10 jamster10 enabled auto-merge (squash) March 16, 2023 23:11
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] Security Solution Tests #3 / timeline flyout button the (+) button popover menu owns focus

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 3783 3784 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 15.8MB 15.8MB +8.1KB
Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 433 436 +3

Total ESLint disabled count

id before after diff
securitySolution 513 516 +3

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @jamster10

michaelolo24
michaelolo24 approved these changes Mar 21, 2023
View reviewed changes
Copy link
Contributor

@michaelolo24 michaelolo24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making the changes, LGTM!

semd
semd approved these changes Mar 21, 2023
View reviewed changes
Copy link
Contributor

@semd semd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jamster10 jamster10 merged commit 6fa0592 into elastic:main Mar 21, 2023
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Mar 21, 2023
nkhristinin pushed a commit that referenced this pull request Mar 22, 2023
@jamster10 @nkhristinin
Introduce hook to rediect to alerts page from within security solutio…
3b6f31e 
…n and implement in Detection Response dashboard (#152714)

## Summary

Built upon @logeekal 's work, this PR adds the ability to navigate to
the Alerts page with filters from anywhere within the application and
thus requires the feature flag `alertsPageFiltersEnabled`




1. Hook for navigation:
`useNavigateToAlertsPageWithFilters` returns a function that takes
`FilterItemObj | FilterItemObj[]` and navigates the user to the Alert
page.

2. Update Detection & Response :
The dashboard has been updated to implement the above feature for all
widgets with alert data: #149022
- Also affecting the Host and User explore pages (alerts by Severity)

NOTE: Alerts by Severity is only affected with `chartEmbeddablesEnabled`
DISABLED
![Recording 2023-03-08 at 21 38
55](https://user-images.githubusercontent.com/28942857/223910641-6e86ba76-1d63-4f61-8815-537a9df8cb02.gif)



3. Update `DonutChart` to take ownership of its `onElementClick`. It now
takes a prop `onDonutPartitionClicked` that provides the name of the
donut segment clicked.





### Checklist

Delete any items that are not applicable to this PR.

- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: Kristof-Pierre Cummings <kristofpierre.cummings@elastic.co>
tsullivan pushed a commit to tsullivan/kibana that referenced this pull request Mar 22, 2023
@jamster10 @tsullivan
Introduce hook to rediect to alerts page from within security solutio…
776ca55 
…n and implement in Detection Response dashboard (elastic#152714)

## Summary

Built upon @logeekal 's work, this PR adds the ability to navigate to
the Alerts page with filters from anywhere within the application and
thus requires the feature flag `alertsPageFiltersEnabled`




1. Hook for navigation:
`useNavigateToAlertsPageWithFilters` returns a function that takes
`FilterItemObj | FilterItemObj[]` and navigates the user to the Alert
page.

2. Update Detection & Response :
The dashboard has been updated to implement the above feature for all
widgets with alert data: elastic#149022
- Also affecting the Host and User explore pages (alerts by Severity)

NOTE: Alerts by Severity is only affected with `chartEmbeddablesEnabled`
DISABLED
![Recording 2023-03-08 at 21 38
55](https://user-images.githubusercontent.com/28942857/223910641-6e86ba76-1d63-4f61-8815-537a9df8cb02.gif)



3. Update `DonutChart` to take ownership of its `onElementClick`. It now
takes a prop `onDonutPartitionClicked` that provides the name of the
donut segment clicked.





### Checklist

Delete any items that are not applicable to this PR.

- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: Kristof-Pierre Cummings <kristofpierre.cummings@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@logeekal logeekal logeekal left review comments

@michaelolo24 michaelolo24 michaelolo24 approved these changes

@semd semd semd approved these changes

Assignees

@jamster10 jamster10

Labels
backport:skip This commit does not require backporting release_note:enhancement Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team v8.8.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[SecuritySolution] Link to alerts page with certain filters applied
7 participants
@jamster10 @elasticmachine @michaelolo24 @kibana-ci @logeekal @semd @kibanamachine