[SIEM] [Case] Initial UI #57283

stephmilovic · 2020-02-10T23:39:48Z

Summary

This is the initial UI for Case Workflows. Please note this is a work in progress and is UI development done before receiving the designs. Therefore, unit tests were not written as it is mostly all temporary. The only page that I've started matching up with the designs is the Case View. I need to PR so that @cnasikas and @XavierM can start to help turn this unruly beast into our MVP. This is highly incomplete. Here is what we're looking at...

All Cases View

There is some basic table functionality programmed here. Sorting on the Opened/Updated/State fields, pagination, etc. I'm not happy with how the table flashes between loads right now, that will be addressed.

@cnasikas helped out by implementing filtering by tags

I started to implement search. However, it's pretty buggy with saved objects. I'm just using the SO find with search: 'plain string'. Not specifying fields. However, it's just not picking up some searches. check out these inconsistencies. Sometimes it searches title, sometimes it does not.

Create new case

I've got a view to create a new case. Nothing too fancy here yet. I need to get our existing tags to autosuggest.

Case view

This is the one view I started matching up to Michael's design. If I add tests to this PR, it will be around this area. Here are the things that are working on this page:

Here are the things that do not yet work, most drop down options and email alerts:

Running the branch

Attention: Additional configuration is required to run this PR!! We are still using the legacy platform for Saved Object mappings, so a bit of weirdness needs to happen:

x-pack/legacy/plugins/siem/index.ts - Add this value to the uiExports object beneath the mappings key:

      // TODO: Remove once while Saved Object Mappings API is programmed for the NP See: https://github.com/elastic/kibana/issues/50309
      savedObjectSchemas: {
        'case-workflow': {
          indexPattern: '.case-testing-ground',
          isNamespaceAgnostic: false,
        },
        'case-workflow-comment': {
          indexPattern: '.case-testing-ground',
          isNamespaceAgnostic: false,
        },
      },

config/kibana.dev.yml - Add the following lines to your dev.yml:

# Case feature flag
xpack.case.enabled: true

x-pack/legacy/plugins/siem/public/pages/home/home_navigations.tsx change line 58 to

disabled: false

x-pack/legacy/plugins/siem/public/pages/case/components/case_view/index.tsx

x-pack/legacy/plugins/siem/public/pages/case/components/shared_imports.ts

x-pack/legacy/plugins/siem/public/pages/case/components/tag_list/index.tsx

x-pack/legacy/plugins/siem/public/pages/case/components/user_list/index.tsx

x-pack/legacy/plugins/siem/public/pages/case/create_case.tsx

x-pack/legacy/plugins/siem/public/pages/case/index.tsx

...ins/siem/public/pages/detection_engine/rules/all/rules_table_filters/tags_filter_popover.tsx

x-pack/legacy/plugins/siem/public/pages/home/index.tsx

x-pack/plugins/case/server/routes/api/__tests__/get_case.test.ts

x-pack/plugins/case/server/routes/api/__tests__/get_comment.test.ts

XavierM · 2020-02-13T16:34:00Z

x-pack/plugins/case/server/services/tags/read_tags.ts

+    }
+  }, []);
+
+export const convertTagsToSet = (tagObjects: Array<SavedObject<CaseAttributes>>): Set<string> => {


nit ->

export const convertTagsToSet = (tagObjects: object[]): Set<string> => tagObjects.reduce<Set<string>>((accum, tagObj) => { if (isTags(tagObj)) { tagObj.attributes.tags.forEach(accum.add, accum); } return accum; }, new Set());

x-pack/plugins/case/server/services/tags/read_tags.ts

XavierM

LGTM 🚀 💪 🚀 💪 🚀
Thank you for going over the code with me and keep me up to date with your code. This is really a nice jump to our case.

… case-siem-ui-v2

kibanamachine · 2020-02-13T22:00:05Z

💛 Build succeeded, but was flaky

continuous-integration/kibana-ci/pull-request
Commit: 807b2ce
Flaky suites:
- xpack-kibana-ciGroup2

Test Failures

Kibana Pipeline / kibana-xpack-agent / Chrome X-Pack UI Functional Tests.x-pack/test/functional/apps/advanced_settings/feature_controls/advanced_settings_security·ts.Advanced Settings security feature controls no advanced_settings privileges does not allow navigation to advanced settings; redirects to management home

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 9 times on tracked branches: https://github.com/elastic/kibana/issues/57377

[00:00:00]       │
[00:00:00]         └-: Advanced Settings
[00:00:00]           └-> "before all" hook
[00:00:00]           └-: security feature controls
[00:00:00]             └-> "before all" hook
[00:00:00]             └-> "before all" hook
[00:00:00]               │ info [empty_kibana] Loading "mappings.json"
[00:00:00]               │ info [empty_kibana] Loading "data.json.gz"
[00:00:00]               │ info [o.e.c.m.MetaDataDeleteIndexService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] [.kibana_1/M7LDR6JcRviH7T9ZkSS7rw] deleting index
[00:00:00]               │ info [empty_kibana] Deleted existing index [".kibana_1"]
[00:00:00]               │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] [.kibana] creating index, cause [api], templates [], shards [1]/[1], mappings [_doc]
[00:00:00]               │ info [empty_kibana] Created index ".kibana"
[00:00:00]               │ debg [empty_kibana] ".kibana" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:00:00]               │ info [empty_kibana] Indexed 2 docs into ".kibana"
[00:00:49]               │ info [o.e.c.m.MetaDataMappingService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] [.kibana/Qe_xLyndRySKyhJHUerTPw] update_mapping [_doc]
[00:00:52]               │ info Creating index .kibana_2.
[00:00:52]               │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] [.kibana_2] creating index, cause [api], templates [], shards [1]/[1], mappings [_doc]
[00:00:52]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] updating number_of_replicas to [0] for indices [.kibana_2]
[00:00:52]               │ info Reindexing .kibana to .kibana_1
[00:00:52]               │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] [.kibana_1] creating index, cause [api], templates [], shards [1]/[1], mappings [_doc]
[00:00:52]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] updating number_of_replicas to [0] for indices [.kibana_1]
[00:00:52]               │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] [.tasks] creating index, cause [auto(task api)], templates [], shards [1]/[1], mappings [_doc]
[00:00:52]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] updating number_of_replicas to [0] for indices [.tasks]
[00:00:52]               │ info [o.e.t.LoggingTaskListener] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] 850 finished with response BulkByScrollResponse[took=51.3ms,timed_out=false,sliceId=null,updated=0,created=4,deleted=0,batches=1,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[],search_failures=[]]
[00:00:52]               │ info [o.e.c.m.MetaDataDeleteIndexService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] [.kibana/Qe_xLyndRySKyhJHUerTPw] deleting index
[00:00:52]               │ info Migrating .kibana_1 saved objects to .kibana_2
[00:00:52]               │ debg Migrating saved objects config:6.0.0-alpha1, space:default, maps-telemetry:maps-telemetry, config:8.0.0-SNAPSHOT
[00:00:52]               │ info [o.e.c.m.MetaDataMappingService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] [.kibana_2/CYIX42sjSpmzqlX9S9Rz7Q] update_mapping [_doc]
[00:00:53]               │ info [o.e.c.m.MetaDataMappingService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] [.kibana_2/CYIX42sjSpmzqlX9S9Rz7Q] update_mapping [_doc]
[00:00:53]               │ info Pointing alias .kibana to .kibana_2.
[00:00:53]               │ info Finished in 850ms.
[00:00:53]               │ debg applying update to kibana config: {"accessibility:disableAnimations":true,"dateFormat:tz":"UTC"}
[00:00:53]               │ info [o.e.c.m.MetaDataMappingService] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] [.kibana_2/CYIX42sjSpmzqlX9S9Rz7Q] update_mapping [_doc]
[00:02:36]             └-: no advanced_settings privileges
[00:02:36]               └-> "before all" hook
[00:02:36]               └-> "before all" hook
[00:02:36]                 │ debg creating role no_advanced_settings_privileges_role
[00:02:36]                 │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] added role [no_advanced_settings_privileges_role]
[00:02:36]                 │ debg created role no_advanced_settings_privileges_role
[00:02:36]                 │ debg creating user no_advanced_settings_privileges_user
[00:02:36]                 │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-tests-xl-1581625420020495446] added user [no_advanced_settings_privileges_user]
[00:02:36]                 │ debg created user no_advanced_settings_privileges_user
[00:02:36]                 │ debg navigating to login url: http://localhost:6131/login
[00:02:36]                 │ debg Navigate to: http://localhost:6131/login
[00:02:36]                 │ proc [kibana]   log   [21:02:11.004] [info][authentication][plugins][security] Authentication attempt failed: [security_exception] unable to authenticate user [global_advanced_settings_read_user] for REST request [/_security/_authenticate], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } }
[00:02:36]                 │ debg ... sleep(700) start
[00:02:36]                 │ERROR browser[SEVERE] http://localhost:6131/ - Failed to load resource: the server responded with a status of 401 (Unauthorized)
[00:02:37]                 │ debg ... sleep(700) end
[00:02:37]                 │ debg returned from get, calling refresh
[00:02:37]                 │ debg browser[INFO] http://localhost:6131/login?next=%2F 350 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:02:37]                 │
[00:02:37]                 │ debg browser[INFO] http://localhost:6131/bundles/app/login/bootstrap.js 8:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:02:37]                 │ debg currentUrl = http://localhost:6131/login?next=%2F
[00:02:37]                 │          appUrl = http://localhost:6131/login
[00:02:37]                 │ debg Find.findByCssSelector('[data-test-subj="kibanaChrome"]') with timeout=60000
[00:02:42]                 │ debg browser[INFO] http://localhost:6131/built_assets/dlls/vendors_3.bundle.dll.js 582:139970 "INFO: 2020-02-13T21:02:16Z
[00:02:42]                 │        Adding connection to http://localhost:6131/elasticsearch
[00:02:42]                 │
[00:02:42]                 │      "
[00:02:43]                 │ debg ... sleep(501) start
[00:02:43]                 │ debg ... sleep(501) end
[00:02:43]                 │ debg in navigateTo url = http://localhost:6131/login?next=%2F#/
[00:02:43]                 │ debg TestSubjects.exists(statusPageContainer)
[00:02:43]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="statusPageContainer"]') with timeout=2500
[00:02:46]                 │ debg --- retry.tryForTime error: [data-test-subj="statusPageContainer"] is not displayed
[00:02:46]                 │ debg TestSubjects.setValue(loginUsername, no_advanced_settings_privileges_user)
[00:02:46]                 │ debg TestSubjects.click(loginUsername)
[00:02:46]                 │ debg Find.clickByCssSelector('[data-test-subj="loginUsername"]') with timeout=10000
[00:02:46]                 │ debg Find.findByCssSelector('[data-test-subj="loginUsername"]') with timeout=10000
[00:02:47]                 │ debg TestSubjects.setValue(loginPassword, no_advanced_settings_privileges_user-password)
[00:02:47]                 │ debg TestSubjects.click(loginPassword)
[00:02:47]                 │ debg Find.clickByCssSelector('[data-test-subj="loginPassword"]') with timeout=10000
[00:02:47]                 │ debg Find.findByCssSelector('[data-test-subj="loginPassword"]') with timeout=10000
[00:02:47]                 │ debg TestSubjects.click(loginSubmit)
[00:02:47]                 │ debg Find.clickByCssSelector('[data-test-subj="loginSubmit"]') with timeout=10000
[00:02:47]                 │ debg Find.findByCssSelector('[data-test-subj="loginSubmit"]') with timeout=10000
[00:02:47]                 │ debg Waiting up to 20000ms for logout button visible...
[00:02:47]                 │ debg TestSubjects.exists(userMenuButton)
[00:02:47]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="userMenuButton"]') with timeout=2500
[00:02:50]                 │ debg browser[INFO] http://localhost:6131/app/kibana#/ 350 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:02:50]                 │
[00:02:50]                 │ debg browser[INFO] http://localhost:6131/bundles/app/kibana/bootstrap.js 8:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:02:50]                 │ debg --- retry.tryForTime error: [data-test-subj="userMenuButton"] is not displayed
[00:02:51]                 │ debg TestSubjects.exists(userMenuButton)
[00:02:51]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="userMenuButton"]') with timeout=2500
[00:02:53]                 │ debg browser[INFO] http://localhost:6131/built_assets/dlls/vendors_3.bundle.dll.js 582:139970 "INFO: 2020-02-13T21:02:25Z
[00:02:53]                 │        Adding connection to http://localhost:6131/elasticsearch
[00:02:53]                 │
[00:02:53]                 │      "
[00:02:53]                 │ debg TestSubjects.exists(userMenu)
[00:02:53]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="userMenu"]') with timeout=2500
[00:02:55]                 │ debg --- retry.tryForTime error: [data-test-subj="userMenu"] is not displayed
[00:02:56]                 │ debg TestSubjects.click(userMenuButton)
[00:02:56]                 │ debg Find.clickByCssSelector('[data-test-subj="userMenuButton"]') with timeout=10000
[00:02:56]                 │ debg Find.findByCssSelector('[data-test-subj="userMenuButton"]') with timeout=10000
[00:02:56]                 │ debg Waiting up to 20000ms for user menu opened...
[00:02:56]                 │ debg TestSubjects.exists(userMenu)
[00:02:56]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="userMenu"]') with timeout=2500
[00:02:56]                 │ debg TestSubjects.exists(userMenu > logoutLink)
[00:02:56]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="userMenu"] [data-test-subj="logoutLink"]') with timeout=2500
[00:02:56]               └-> shows Management navlink
[00:02:56]                 └-> "before each" hook: global before each
[00:02:56]                 │ debg TestSubjects.find(navDrawer)
[00:02:56]                 │ debg Find.findByCssSelector('[data-test-subj="navDrawer"]') with timeout=10000
[00:02:56]                 └- ✓ pass  (27ms) "Advanced Settings security feature controls no advanced_settings privileges shows Management navlink"
[00:02:56]               └-> does not allow navigation to advanced settings; redirects to management home
[00:02:56]                 └-> "before each" hook: global before each
[00:02:56]                 │ debg navigateToActualUrl http://localhost:6131/app/kibana#management/kibana/settings
[00:02:56]                 │ debg browser[INFO] http://localhost:6131/app/kibana?_t=1581627750892#management/kibana/settings 350 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:02:56]                 │
[00:02:56]                 │ debg browser[INFO] http://localhost:6131/bundles/app/kibana/bootstrap.js 8:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:02:56]                 │ debg TestSubjects.exists(managementHome)
[00:02:56]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="managementHome"]') with timeout=10000
[00:02:59]                 │ debg --- retry.tryForTime error: [data-test-subj="managementHome"] is not displayed
[00:03:03]                 │ debg browser[INFO] http://localhost:6131/built_assets/dlls/vendors_3.bundle.dll.js 582:139970 "INFO: 2020-02-13T21:02:35Z
[00:03:03]                 │        Adding connection to http://localhost:6131/elasticsearch
[00:03:03]                 │
[00:03:03]                 │      "
[00:03:03]                 │ debg browser[INFO] http://localhost:6131/app/kibana#/management 350 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:03:03]                 │
[00:03:03]                 │ debg browser[INFO] http://localhost:6131/bundles/app/kibana/bootstrap.js 8:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:03:03]                 │ debg --- retry.tryForTime failed again with the same message...
[00:03:06]                 │ debg --- retry.tryForTime failed again with the same message...
[00:03:07]                 │ info Taking screenshot "/dev/shm/workspace/kibana/x-pack/test/functional/screenshots/failure/Advanced Settings security feature controls no advanced_settings privileges does not allow navigation to advanced settings_ redirects to management home.png"
[00:03:08]                 │ debg browser[INFO] http://localhost:6131/built_assets/dlls/vendors_3.bundle.dll.js 582:139970 "INFO: 2020-02-13T21:02:42Z
[00:03:08]                 │        Adding connection to http://localhost:6131/elasticsearch
[00:03:08]                 │
[00:03:08]                 │      "
[00:03:08]                 │ info Current URL is: http://localhost:6131/app/kibana#/management
[00:03:08]                 │ info Saving page source to: /dev/shm/workspace/kibana/x-pack/test/functional/failure_debug/html/Advanced Settings security feature controls no advanced_settings privileges does not allow navigation to advanced settings_ redirects to management home.html
[00:03:08]                 └- ✖ fail: "Advanced Settings security feature controls no advanced_settings privileges does not allow navigation to advanced settings; redirects to management home"
[00:03:08]                 │

Stack Trace

Error: expected testSubject(managementHome) to exist
    at TestSubjects.existOrFail (/dev/shm/workspace/kibana/test/functional/services/test_subjects.ts:60:15)

History

💔 Build #26636 failed 2f09c06
💛 Build #26609 was flaky 2e558d2
💚 Build #26596 succeeded e595f8a
💚 Build #26521 succeeded bb7ec0b
💔 Build #26476 failed 4de5297

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

* master: (22 commits) skip flaky suite (elastic#50018) skip settings tests (elastic#57608) skip failing suite (elastic#44631) [SIEM] [Case] Initial UI (elastic#57283) handle viewing sample dashboards on default dist (elastic#57510) Fix detection of "system requests" in plugins (elastic#57149) [ML] New Platform server shim: update job service schema (elastic#57614) skip flaky suite (elastic#44631) [APM] Update monospace font family variable (elastic#57555) skip flaky test (elastic#57377) Skip save query tests (elastic#57589) [Maps] allow simultaneous opening of multiple tooltips (elastic#57226) [Uptime] Fix/host connected components (elastic#56969) [logs][metrics][docs] Update screenshots for 7.6 (elastic#57254) [ML] New Platform server shim: update job service routes to use new platform router (elastic#57403) [Maps] Fix document source top hits split by scripted field (elastic#57481) Use log4j pattern syntax (elastic#57433) [ML] Categorization field example endpoint tests (elastic#57471) [Lens] Filter out pinned filters from saved object of Lens (elastic#57197) Lens client side shim cleanup (elastic#56976) ...

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

stephmilovic and others added 30 commits January 9, 2020 13:47

initial case ui in siem

8fdb146

get cases

52e388b

cases table

6ccb205

Merge branch 'master' into case-siem-ui

0f693d7

merge master

d644cc2

add sorting

39e1cf7

table working better

6da1905

sorting by date created

17edc5b

trying to get routing working

fe70b50

merge master

1de7a1c

routing fixed

519c424

fixing

43da477

using saved object api, switching

f31c254

using hooks, need to fix perPage

11d5721

fixed per page

fdb0f1b

server down so removing server changes =P

d6160de

remove case graphql

18e621e

merge master

ed8a741

more refactor

834770a

search bar implementation

3898076

merge in master

3d66bbb

reorg dirs

b3e3ba1

basic table

0e6cce1

pretty up table

90926e3

ready for hw

a9fdcc6

Merge branch 'master' into case-siem-ui-v2

4b5647c

[SIEM][CASE] Add package.json to fix lodash dependencies issues

3a3ceb9

[SIEM][CASE] Add case base url to constants

636e3c2

[SIEM][CASE] Create PaginationOptions interface

992765d

[SIEM][CASE] Create Case interface

48bf037