Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RAM][Security Solution][Alerts] Support the ability to trigger a rule action per alert generated (#153611) #155384

Merged
merged 34 commits into from
Apr 26, 2023

Conversation

e40pud
Copy link
Contributor

@e40pud e40pud commented Apr 20, 2023

Summary

These changes enable triggering of "per-alert" actions.

Closes #153611

Checklist

Delete any items that are not applicable to this PR.

@e40pud e40pud added release_note:enhancement ci:cloud-deploy Create or update a Cloud deployment labels Apr 20, 2023
@e40pud e40pud requested review from XavierM and ymao1 April 20, 2023 12:05
@e40pud e40pud self-assigned this Apr 20, 2023
@e40pud
Copy link
Contributor Author

e40pud commented Apr 21, 2023

@elasticmachine merge upstream

@e40pud
Copy link
Contributor Author

e40pud commented Apr 21, 2023

@elasticmachine merge upstream

@e40pud
Copy link
Contributor Author

e40pud commented Apr 21, 2023

@elasticmachine merge upstream

@e40pud
Copy link
Contributor Author

e40pud commented Apr 22, 2023

@elasticmachine merge upstream

@e40pud e40pud marked this pull request as ready for review April 23, 2023 09:17
@e40pud e40pud requested review from a team as code owners April 23, 2023 09:17
@e40pud e40pud requested a review from Zacqary April 23, 2023 09:26
@XavierM XavierM removed the request for review from Zacqary April 25, 2023 18:42
@e40pud e40pud enabled auto-merge (squash) April 25, 2023 18:42
@e40pud e40pud disabled auto-merge April 25, 2023 18:54
@e40pud e40pud enabled auto-merge (squash) April 25, 2023 19:02
Copy link
Member

@pmuellr pmuellr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alerting framework changes LGTM

@e40pud
Copy link
Contributor Author

e40pud commented Apr 25, 2023

@elasticmachine merge upstream

@XavierM
Copy link
Contributor

XavierM commented Apr 25, 2023

@yara fix the language of the filter under conditional action to not confuse our user about it really works

#155804

@yara
Copy link

yara commented Apr 25, 2023

Hi @XavierM, I think I am not involved into the project and you are tagging the wrong person here :)

@XavierM
Copy link
Contributor

XavierM commented Apr 26, 2023

@elasticmachine merge upstream

@ymao1
Copy link
Contributor

ymao1 commented Apr 26, 2023

@elasticmachine merge upstream

@dplumlee
Copy link
Contributor

@elasticmachine merge upstream

@kibana-ci
Copy link
Collaborator

kibana-ci commented Apr 26, 2023

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.1MB 9.1MB +638.0B
triggersActionsUi 1.4MB 1.4MB +91.0B
total +729.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
triggersActionsUi 86.9KB 87.0KB +95.0B
Unknown metric groups

ESLint disabled line counts

id before after diff
enterpriseSearch 17 19 +2
securitySolution 399 402 +3
total +5

Total ESLint disabled count

id before after diff
enterpriseSearch 18 20 +2
securitySolution 479 482 +3
total +5

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @e40pud

@e40pud e40pud merged commit bd443ea into elastic:main Apr 26, 2023
@kibanamachine kibanamachine added v8.8.0 backport:skip This commit does not require backporting labels Apr 26, 2023
XavierM added a commit that referenced this pull request Apr 26, 2023
## Summary

- Fixes:
#155384 (comment)
- Fixes language around conditional filter to not confuse our user like
it was before

<img width="756" alt="image"
src="https://user-images.githubusercontent.com/189600/234410455-a577d5a7-afc7-489d-b37d-96a6487c2e31.png">


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
jloleysens added a commit to jloleysens/kibana that referenced this pull request Apr 26, 2023
* main: (1294 commits)
  [SecuritySolution] Refactor security packages (elastic#155365)
  [Discover] Show "Temporary" badge for ad-hoc data views in Alerts flyout (elastic#155717)
  [RAM] Conditional actions feedback on pr review (elastic#155804)
  [Files] Adds bulk delete method (elastic#155628)
  [Lens] Use proper way to generate absolute short URL (elastic#155512)
  [Guided onboarding] Use Kibana features to grant access (elastic#155065)
  [Index Management] Fix duped mock (elastic#155844)
  [Lens] Enhance visualization modifier popup with layer palette (elastic#155280)
  Fix flaky combobox tests on role management screen (elastic#155711)
  [Infrastructure UI] Create InventoryViewsService and InventoryViewsClient (elastic#155126)
  [Fleet] always create agent upload write indices (elastic#155729)
  [Fleet] [Cloud Security Posture] Add CloudFormation agent install method (elastic#155045)
  Add tech preview label for search applications (elastic#155649)
  [ML] AIOps: Stabilize flaky functional tests. (elastic#155710)
  [ES UI Shared] Migrate JsonEditor to monaco (elastic#155610)
  [Security Solution] Fixes security_solution storybooks always rendering in a flyout (elastic#155814)
  [Synthetics] Make error popover disappear `onMouseLeave` of metric item card (elastic#155800)
  Remove Exploratory View components from Observability (elastic#155629)
  [Discover] Remove redundant "Filter was added" toast (elastic#155645)
  [RAM][Security Solution][Alerts] Support the ability to trigger a rule action per alert generated (elastic#153611) (elastic#155384)
  ...
e40pud added a commit that referenced this pull request Apr 26, 2023
…t variables (#155829)

## Summary

Closes [#155812](#155812)

In #155384, detection rules were
switched to support per-alert actions. When passing the context
variable, it was suggested that we should be calling formatAlert to
format the alert for notifications, however doing that causes some test
failures because formatAlert is fairly heavyweight and bunch of tests
were timing out.

Thanks to @marshallmain we have this much faster `expandDottedObject`
that solves the issue with the very slow `formatAlert`.
e40pud added a commit to e40pud/kibana that referenced this pull request Apr 27, 2023
…t variables (elastic#155829)

## Summary

Closes [elastic#155812](elastic#155812)

In elastic#155384, detection rules were
switched to support per-alert actions. When passing the context
variable, it was suggested that we should be calling formatAlert to
format the alert for notifications, however doing that causes some test
failures because formatAlert is fairly heavyweight and bunch of tests
were timing out.

Thanks to @marshallmain we have this much faster `expandDottedObject`
that solves the issue with the very slow `formatAlert`.

(cherry picked from commit 8f59720)
e40pud added a commit that referenced this pull request Apr 27, 2023
…context variables (#155829) (#156009)

# Backport

This will backport the following commits from `main` to `8.8`:
- [[Security Solution][Alerts] Format alerts for per-alert action
context variables
(#155829)](#155829)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Ievgen
Sorokopud","email":"ievgen.sorokopud@elastic.co"},"sourceCommit":{"committedDate":"2023-04-26T16:16:41Z","message":"[Security
Solution][Alerts] Format alerts for per-alert action context variables
(#155829)\n\n## Summary\r\n\r\nCloses
[#155812](https://github.com/elastic/kibana/issues/155812)\r\n\r\nIn
#155384, detection rules
were\r\nswitched to support per-alert actions. When passing the
context\r\nvariable, it was suggested that we should be calling
formatAlert to\r\nformat the alert for notifications, however doing that
causes some test\r\nfailures because formatAlert is fairly heavyweight
and bunch of tests\r\nwere timing out.\r\n\r\nThanks to @marshallmain we
have this much faster `expandDottedObject`\r\nthat solves the issue with
the very slow
`formatAlert`.","sha":"8f597207a222f02b1c7664bc555a9f6e744bc4aa","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:skip","v8.8.0"],"number":155829,"url":"https://github.com/elastic/kibana/pull/155829","mergeCommit":{"message":"[Security
Solution][Alerts] Format alerts for per-alert action context variables
(#155829)\n\n## Summary\r\n\r\nCloses
[#155812](https://github.com/elastic/kibana/issues/155812)\r\n\r\nIn
#155384, detection rules
were\r\nswitched to support per-alert actions. When passing the
context\r\nvariable, it was suggested that we should be calling
formatAlert to\r\nformat the alert for notifications, however doing that
causes some test\r\nfailures because formatAlert is fairly heavyweight
and bunch of tests\r\nwere timing out.\r\n\r\nThanks to @marshallmain we
have this much faster `expandDottedObject`\r\nthat solves the issue with
the very slow
`formatAlert`.","sha":"8f597207a222f02b1c7664bc555a9f6e744bc4aa"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/155829","number":155829,"mergeCommit":{"message":"[Security
Solution][Alerts] Format alerts for per-alert action context variables
(#155829)\n\n## Summary\r\n\r\nCloses
[#155812](https://github.com/elastic/kibana/issues/155812)\r\n\r\nIn
#155384, detection rules
were\r\nswitched to support per-alert actions. When passing the
context\r\nvariable, it was suggested that we should be calling
formatAlert to\r\nformat the alert for notifications, however doing that
causes some test\r\nfailures because formatAlert is fairly heavyweight
and bunch of tests\r\nwere timing out.\r\n\r\nThanks to @marshallmain we
have this much faster `expandDottedObject`\r\nthat solves the issue with
the very slow
`formatAlert`.","sha":"8f597207a222f02b1c7664bc555a9f6e744bc4aa"}}]}]
BACKPORT-->

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@e40pud e40pud deleted the security/feature/per-alert-actions branch October 10, 2023 12:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting ci:cloud-deploy Create or update a Cloud deployment release_note:enhancement v8.8.0
Projects
No open projects
Development

Successfully merging this pull request may close these issues.

[RAM][Security Solution][Alerts] Support the ability to trigger a rule action per alert generated