-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Defend Workflows] Common response actions tab in alert Flyout #155362
Merged
Merged
Changes from 65 commits
Commits
Show all changes
68 commits
Select commit
Hold shift + click to select a range
cad6b3e
init commit with common tab
tomsonpl f619fae
[CI] Auto-commit changed files from 'node scripts/lint_ts_projects --…
kibanamachine 460149a
remove unused translations
tomsonpl e64ee6d
Merge remote-tracking branch 'origin/response-actions-common-tab' int…
tomsonpl ca47f2d
fix tests
tomsonpl 7e1abb9
fix tests
tomsonpl 0023975
fix tests
tomsonpl 1837cf2
add empty prompt to result
tomsonpl c77bbda
eslint fix
tomsonpl 61f72b8
Merge branch 'main' into response-actions-common-tab
tomsonpl 40ba3d0
hide common tab behind a feature flag
tomsonpl 00039a4
i18n
tomsonpl 7fa7096
i18n
tomsonpl 5991b3d
add export
tomsonpl 9e1b4f0
fix test
tomsonpl 14304af
[CI] Auto-commit changed files from 'node scripts/precommit_hook.js -…
kibanamachine 452bb38
small adjustments
tomsonpl e772a54
Merge remote-tracking branch 'origin/response-actions-common-tab' int…
tomsonpl 9bf6bc0
Merge branch 'main' into response-actions-common-tab
tomsonpl fa62c61
Merge branch 'main' into response-actions-common-tab
tomsonpl f7d7c28
fix not showing error
tomsonpl 262cec6
add translation
tomsonpl cf07c5a
Merge branch 'main' into response-actions-common-tab
tomsonpl e17b89a
Merge branch 'main' into response-actions-common-tab
tomsonpl 7827b43
remove endpoint results tab, show osquery or combined instead
tomsonpl d8a3934
Merge remote-tracking branch 'origin/response-actions-common-tab' int…
tomsonpl 493f2eb
move response actions results away
tomsonpl 8ab4d21
fix interface and get proper wasSuccesful etc values
tomsonpl 670a3a6
Merge branch 'main' into response-actions-common-tab
tomsonpl f4ef4c1
fix e2e
tomsonpl 6dd2606
Merge remote-tracking branch 'origin/response-actions-common-tab' int…
tomsonpl 68eacfa
Merge branch 'main' into response-actions-common-tab
tomsonpl 9c3705a
rbac permission denied
tomsonpl ed178fa
Merge remote-tracking branch 'origin/response-actions-common-tab' int…
tomsonpl 3fdaaec
fix i18n
tomsonpl 61f8c57
adjust with_automated toggle to other toggles regarding isflyout beha…
tomsonpl d43e991
apply comments
tomsonpl 31d3e9d
fix import
tomsonpl 487ec34
fix i18n
tomsonpl d6ac239
Merge branch 'main' into response-actions-common-tab
tomsonpl 279d7ab
move status calculation to response and check for isLive to refetch data
tomsonpl 66fb27c
Merge remote-tracking branch 'origin/response-actions-common-tab' int…
tomsonpl b6d4fa1
Update x-pack/plugins/security_solution/common/experimental_features.ts
tomsonpl 6b3f72d
fix tests
tomsonpl 96a6ff5
Merge remote-tracking branch 'origin/response-actions-common-tab' int…
tomsonpl 37ed2eb
add comments
tomsonpl c172de5
remove agents and agent_ids
tomsonpl 9fa4cfd
Merge branch 'main' into response-actions-common-tab
tomsonpl c3a6da7
add hostname to action
tomsonpl ce01f16
fix types
tomsonpl 73f8457
fix test
tomsonpl 18259d9
fix tests
tomsonpl 39939f6
remove skip
tomsonpl 9b31959
move osquery things outside of security_solution
tomsonpl ef32196
change search strategy types
tomsonpl f346611
revert flag
tomsonpl ab5a6fc
fix test
tomsonpl 9aebc25
add eui spacer
tomsonpl 315b522
Merge branch 'main' of github.com:elastic/kibana into response-action…
patrykkopycinski 66bcee6
remove unused translations
tomsonpl 798396e
remove todo
tomsonpl e25e8d4
Merge branch 'main' into response-actions-common-tab
tomsonpl 1f37906
move hosts to endpointdata.data, change skip to enabled, some const r…
tomsonpl ae58edf
Merge remote-tracking branch 'origin/response-actions-common-tab' int…
tomsonpl b7af36e
fix flag
tomsonpl ac2be61
remove sortfield
tomsonpl fa070de
apply comments, handle multiple hosts in ui
tomsonpl 49d7c4f
add internal state to automated filter, change url based on flyout
tomsonpl File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| export interface LogsOsqueryAction { | ||
| '@timestamp': string; | ||
| action_id: string; | ||
| alert_ids: string[]; | ||
| expiration: string; | ||
| input_type: 'osquery'; | ||
| queries: Array<{ | ||
| action_id: string; | ||
| id: string; | ||
| query: string; | ||
| agents: string[]; | ||
| ecs_mapping?: unknown; | ||
| version?: string; | ||
| platform?: string; | ||
| saved_query_id?: string; | ||
| expiration?: string; | ||
| }>; | ||
| type: 'INPUT_ACTION'; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
32 changes: 32 additions & 0 deletions
32
x-pack/plugins/osquery/public/routes/components/empty_prompt.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import React from 'react'; | ||
| import { EuiCode, EuiEmptyPrompt } from '@elastic/eui'; | ||
| import { FormattedMessage } from '@kbn/i18n-react'; | ||
| import { PERMISSION_DENIED } from '../../shared_components/osquery_action/translations'; | ||
|
|
||
| const EmptyPromptComponent = () => ( | ||
| <EuiEmptyPrompt | ||
| iconType="logoOsquery" | ||
| title={<h2>{PERMISSION_DENIED}</h2>} | ||
| titleSize="xs" | ||
| body={ | ||
| <FormattedMessage | ||
| id="xpack.osquery.results.permissionDenied" | ||
| defaultMessage="To access these results, ask your administrator for {osquery} Kibana | ||
| privileges." | ||
| // eslint-disable-next-line react-perf/jsx-no-new-object-as-prop | ||
| values={{ | ||
| osquery: <EuiCode>osquery</EuiCode>, | ||
| }} | ||
| /> | ||
| } | ||
| /> | ||
| ); | ||
|
|
||
| export const EmptyPrompt = React.memo(EmptyPromptComponent); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
26 changes: 26 additions & 0 deletions
26
x-pack/plugins/osquery/public/shared_components/lazy_osquery_result.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import React, { lazy, Suspense } from 'react'; | ||
| import type { OsqueryActionResultProps } from './osquery_results/types'; | ||
| import type { StartServices } from '../types'; | ||
|
|
||
| interface BigServices extends StartServices { | ||
| kibanaVersion: string; | ||
| storage: unknown; | ||
| } | ||
|
|
||
| const OsqueryResult = lazy(() => import('./osquery_results/osquery_result_wrapper')); | ||
|
|
||
| export const getLazyOsqueryResult = | ||
| // eslint-disable-next-line react/display-name | ||
| (services: BigServices) => (props: OsqueryActionResultProps) => | ||
| ( | ||
| <Suspense fallback={null}> | ||
| <OsqueryResult services={services} {...props} /> | ||
| </Suspense> | ||
| ); | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
90 changes: 90 additions & 0 deletions
90
x-pack/plugins/osquery/public/shared_components/osquery_results/osquery_result_wrapper.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| import { EuiComment, EuiErrorBoundary, EuiSpacer } from '@elastic/eui'; | ||
| import React, { useState, useEffect } from 'react'; | ||
| import { FormattedRelative } from '@kbn/i18n-react'; | ||
|
|
||
| import type { CoreStart } from '@kbn/core-lifecycle-browser'; | ||
| import { KibanaContextProvider, KibanaThemeProvider } from '@kbn/kibana-react-plugin/public'; | ||
| import { QueryClientProvider } from '@tanstack/react-query'; | ||
| import { EmptyPrompt } from '../../routes/components/empty_prompt'; | ||
| import { useKibana } from '../../common/lib/kibana'; | ||
| import type { StartPlugins } from '../../types'; | ||
| import { queryClient } from '../../query_client'; | ||
| import { AlertAttachmentContext } from '../../common/contexts'; | ||
| import { PackQueriesStatusTable } from '../../live_queries/form/pack_queries_status_table'; | ||
| import { ATTACHED_QUERY } from '../../agents/translations'; | ||
| import { useLiveQueryDetails } from '../../actions/use_live_query_details'; | ||
| import type { OsqueryActionResultProps } from './types'; | ||
|
|
||
| const OsqueryResultComponent = React.memo<OsqueryActionResultProps>( | ||
| ({ actionId, ruleName, startDate, ecsData }) => { | ||
| const { read } = useKibana().services.application.capabilities.osquery; | ||
|
|
||
| const [isLive, setIsLive] = useState(false); | ||
| const { data } = useLiveQueryDetails({ | ||
| actionId, | ||
| isLive, | ||
| skip: !read, | ||
| }); | ||
|
|
||
| useEffect(() => { | ||
| setIsLive(() => !(data?.status === 'completed')); | ||
| }, [data?.status]); | ||
|
|
||
| return ( | ||
| <AlertAttachmentContext.Provider value={ecsData}> | ||
| <EuiSpacer size="s" /> | ||
| <EuiComment | ||
| username={ruleName && ruleName[0]} | ||
| timestamp={<FormattedRelative value={startDate} />} | ||
| event={ATTACHED_QUERY} | ||
| data-test-subj={'osquery-results-comment'} | ||
| > | ||
| {!read ? ( | ||
| <EmptyPrompt /> | ||
| ) : ( | ||
| <PackQueriesStatusTable | ||
| actionId={actionId} | ||
| data={data?.queries} | ||
| startDate={data?.['@timestamp']} | ||
| expirationDate={data?.expiration} | ||
| agentIds={data?.agents} | ||
| /> | ||
| )} | ||
| </EuiComment> | ||
| <EuiSpacer size="s" /> | ||
| </AlertAttachmentContext.Provider> | ||
| ); | ||
| } | ||
| ); | ||
|
|
||
| export const OsqueryActionResult = React.memo(OsqueryResultComponent); | ||
| type OsqueryActionResultsWrapperProps = { | ||
| services: CoreStart & StartPlugins; | ||
| } & OsqueryActionResultProps; | ||
|
|
||
| const OsqueryActionResultWrapperComponent: React.FC<OsqueryActionResultsWrapperProps> = ({ | ||
| services, | ||
| ...restProps | ||
| }) => ( | ||
| <KibanaThemeProvider theme$={services.theme.theme$}> | ||
| <KibanaContextProvider services={services}> | ||
| <EuiErrorBoundary> | ||
| <QueryClientProvider client={queryClient}> | ||
| <OsqueryActionResult {...restProps} /> | ||
| </QueryClientProvider> | ||
| </EuiErrorBoundary> | ||
| </KibanaContextProvider> | ||
| </KibanaThemeProvider> | ||
| ); | ||
|
|
||
| const OsqueryActionResultWrapper = React.memo(OsqueryActionResultWrapperComponent); | ||
|
|
||
| // eslint-disable-next-line import/no-default-export | ||
| export { OsqueryActionResultWrapper as default }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: