Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.14] [Security Solution] [Attack discovery] Fixes zero connectors and zero alerts empty states (#182904) #182999

Merged
merged 1 commit into from
May 8, 2024
Merged

[8.14] [Security Solution] [Attack discovery] Fixes zero connectors and zero alerts empty states (#182904) #182999

merged 1 commit into from
May 8, 2024

Conversation

andrew-goldstein
Copy link
Contributor

Backport

This will backport the following commits from main to 8.14:

Questions ?

Please refer to the Backport tool documentation

@andrew-goldstein
[Security Solution] [Attack discovery] Fixes zero connectors and zero…
875b0ae 
… alerts empty states (elastic#182904)

## [Security Solution] [Attack discovery] Fixes zero connectors and zero alerts empty states

### Summary

This PR fixes usability issues in _Attack discovery_ by displaying an [Empty prompt](https://eui.elastic.co/#/display/empty-prompt) for the "zero connectors" and "zero alerts" states.

- When there are zero connectors configured, the empty prompt in the following screenshot is displayed:

![no_connectors_empty_prompt](https://github.com/elastic/kibana/assets/4459398/caf794ef-6659-4037-b252-860c08929b93)

- When there are zero open alerts in the last 24 hours to send to the LLM, the empty prompt in the following screenshot is displayed:

![no_alerts_to_analyze](https://github.com/elastic/kibana/assets/4459398/6df1f3a7-e94d-4271-935d-bd0eddaf6e83)

The fix for the "no alerts" state required returning an additional stat, the number of alerts sent as context to the LLM:

```
alertsContextCount
```

The `alertsContextCount` stat is now included in telemetry.

### Desk testing

The `Test setup` section describes how to reproduce the states necessary to desk test this PR in an existing environment.

The `Steps to verify` section updates the test environment from zero to one connector. The connector will then be used to test the zero alerts state.

#### Test setup

Testing this fix requires no alerts, and no connectors. This section describes how to reset an existing environment (both the deployment and the browser) to test these states.

1. Navigate to Security > Alerts

2. If there are alerts in the last 24 hours, create and login to a new space, because zero alerts are required.

3. Navigate to Stack Management > Connectors

4. Delete any `OpenAI` or `Bedrock` connectors (tagged with `Generative AI for Security`)

5. Remove any pre-configured connectors from `kibana.dev.yml`

6. Clear local storage (to remove any trace of previously selected connectors)

7. Close all browser tabs with a current session to Kibana (to clear session storage)

8. Restart Kibana server

#### Steps to verify

1. Navigate to Security > Alerts

**Expected result**

- There are zero open alerts in the last 24 hours

2. Navigate to Security > Attack discovery

**Expected result**

- The following empty prompt is displayed:

![no_connectors_empty_prompt](https://github.com/elastic/kibana/assets/4459398/caf794ef-6659-4037-b252-860c08929b93)

3. Click `OpenAI`

**Expected result**

- The OpenAI connector modal is displayed

4. Enter the new connector details, and then click `Save`

**Expected results**

- A toast is displayed, confirming the new connector was successfully created
- The newly-created connector is selected in the connector selector
- The `Up to 20 alerts will be analyzed` empty state in the following screenshot is displayed:

![up_to_n_alerts_will_be_analyzed](https://github.com/elastic/kibana/assets/4459398/cb611bb8-6eb1-4ba2-9c0e-5563dcf0d0ca)

5. Click `Generate`

**Expected result**

- The `No alerts to analyze` empty state (for zero alerts sent as context to the LLM) is displayed:

![no_alerts_to_analyze](https://github.com/elastic/kibana/assets/4459398/6df1f3a7-e94d-4271-935d-bd0eddaf6e83)

6. Generate some alerts

7. Navigate to Security > Alerts

**Expected result**

- Alerts in the last 24 hours are now available (as shown by the Alerts page)

8. Once again, navigate to Security > Attack discovery

**Expected result**

- The `Up to 20 alerts will be analyzed` empty state is displayed

9. Once again, click `Generate`

**Expected results**

- The `Attack discovery in progress` loading callout is displayed
- Attack discoveries are created for the alerts (when applicable)

(cherry picked from commit 6f4d423)
@andrew-goldstein andrew-goldstein enabled auto-merge (squash) May 8, 2024 21:49
@andrew-goldstein andrew-goldstein mentioned this pull request May 8, 2024
Merged
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 5455 5460 +5

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 15.2MB 15.2MB +10.6KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 82.5KB 82.6KB +114.0B

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@andrew-goldstein andrew-goldstein merged commit c7f1657 into elastic:8.14 May 8, 2024
38 checks passed
@andrew-goldstein andrew-goldstein deleted the backport/8.14/pr-182904 branch May 8, 2024 23:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stephmilovic stephmilovic stephmilovic approved these changes

Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@andrew-goldstein @kibana-ci @stephmilovic