-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Enable entity previews in document details flyout #186850
Conversation
bd42b91
to
7d80e51
Compare
/ci |
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
The flow looks great! Let's verify with @paulewing later today to make sure that's exactly what he wants. I see little value in keeping the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey Christine, this feature is awesome! Thank you! 👏 👏 👏
I have some minor concerns. Here are they:
- The icon
|<
suggests that something will open when clicked. Could you verify with a designer if we can remove this icon inside the preview panel?
- The inspect icon is disabled inside the preview panel
- On my local env the header is missing some fields which show up on your video. Did I do something wrong?
- 'Fist seen' and 'last seen' are empty inside the preview panel.
Screen.Recording.2024-06-25.at.10.49.32.-.2.mov
x-pack/plugins/security_solution/public/flyout/entity_details/host_preview/index.tsx
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/flyout/entity_details/host_preview/index.tsx
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/flyout/entity_details/user_preview/footer.tsx
Outdated
Show resolved
Hide resolved
Hey @machadoum many thanks for the prompt review!
Good point. This is one of the things I want to bring up with design and PM, but unfortunately they are both out until Thursday, so depending on their input, I will update the icons. Update: talked to Paul and I'm removing the icon
Fixed
both are showing up on my local... first/last seen come from the observed host/user data. so I suspect the kibana/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx Line 70 in 0d802cb
kibana/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.tsx Lines 41 to 44 in 0d802cb
I expanded the scope to pickup both alert and logs, which should help... if you encounter this again, could you share the data with me? |
64d0695
to
ba2afa4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
awesome work! I left a small comment.
Also during testing opening a preview panel (like host and user) when another preview is already open doesn't work. The new panel doesn't replace the currently opened one. I'm guessing this is expected and should be fixed with this other PR?
packages/kbn-expandable-flyout/src/components/preview_section.tsx
Outdated
Show resolved
Hide resolved
ef2ec99
to
1e54c1f
Compare
1e54c1f
to
b738a45
Compare
/ci |
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Module Count
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Thank you! 🔥 🔥 🔥 🚀
Summary
This PR enables entity flyout in the alert flyout where host/user name is displayed. The entity flyout is rendered as a preview on top of the summary (right) panel. At the bottom of preview, there is a footer that let users open entity flyout as usual, which allows for expand/collapse functionality.
How to test:
entityAlertPreviewEnabled
Screen.Recording.2024-06-24.at.8.22.19.PM.mov
Checklist