[Endpoint] Alert Details Overview #58412
Conversation
dplumlee
added
WIP
|
Pinging @elastic/endpoint-response (Team:Endpoint Response) |
dplumlee
force-pushed
the
alert-details-overview
branch
from
b35df0f
to
83994e6
Compare
|
Pinging @elastic/endpoint-app-team (Feature:Endpoint) |
| @@ -87,6 +87,7 @@ export interface EndpointAppLocation { | |||
| export type AlertListData = AlertResultList; | |||
| export type AlertListState = Immutable<AlertResultList> & { | |||
| readonly location?: Immutable<EndpointAppLocation>; | |||
| readonly alert_details?: Immutable<AlertData>; | |||
There was a problem hiding this comment.
You should rebase with master. AlertListState has changed a bit.
| @@ -0,0 +1,338 @@ | |||
| /* | |||
There was a problem hiding this comment.
We need to i18n this whole file
| </EuiText> | ||
| <EuiSpacer /> | ||
| <EuiText> | ||
| Endpoint Status: <EuiHealth color="success">Online</EuiHealth> |
| id="alertDetailsSourceProcessTokenAccordion" | ||
| buttonContent="Source Process Token" | ||
| paddingSize="l" | ||
| initialIsOpen={true} |
There was a problem hiding this comment.
We should only expand the first one by default
| <EuiDescriptionList | ||
| type="column" | ||
| listItems={hostDetailsColumns} | ||
| style={{ maxWidth: '400px' }} |
There was a problem hiding this comment.
Could we use https://styled-components.com/ instead of inline styles?
There was a problem hiding this comment.
this is actually just copied over from the eui example, ill probably end up removing it, but for future styles, yes
| <EuiSpacer /> | ||
|
|
||
| {/* Start of Alert Details overview component TODO: delete this comment eventually */} | ||
| <EuiAccordion |
There was a problem hiding this comment.
I think we should pull these out into their own components because we'll have to reuse them in the near future when we add more alert types. The new components could take isOpen as a prop and pass that down to initialIsOpen.
dplumlee
force-pushed
the
alert-details-overview
branch
from
83994e6
to
d38a4ac
Compare
There was a problem hiding this comment.
I did not run it locally, but code is looking good 👍
I saw a few TODO in description: "" - I assume you are still working on that since this is marked as wip.
Also - this is more of an unknown for me: I noticed several of your components share the same id for i18n.translate(). Wondering if that is a problem for localization since the keys are being duplicated across multiple components
| variant: string; | ||
| }; | ||
| }; | ||
| host: HostFields; |
There was a problem hiding this comment.
ping @nnamdifrankie - Just FYI. Does not change the type, just breaks out into smaller interfaces for reuse purposes 😃
| if (action.type === 'userChangedUrl' && isOnAlertPage(state) && hasSelectedAlert(state)) { | ||
| const uiParams = uiQueryParams(state); | ||
| const response: AlertData = await coreStart.http.get( | ||
| `/api/endpoint/alerts/${uiParams.selected_alert}` |
There was a problem hiding this comment.
at some point - need to add error handling
There was a problem hiding this comment.
Yes, i have a task for it in the github issue
| @@ -26,6 +26,7 @@ export const mockAlertResultList: (options?: { | |||
| const alerts = []; | |||
| for (let index = 0; index < actualCountToReturn; index++) { | |||
| alerts.push({ | |||
| // TODO: Update this data to the new type | |||
There was a problem hiding this comment.
can you reference an Issue that is tracking this TODO (if its not going to be included in this PR)?
There was a problem hiding this comment.
It will be included in this PR
| <EuiSpacer /> | ||
| <EuiText> | ||
| <p> | ||
| Endgame MalwareScore detected the opening of a document with a blah blah blah on{' '} |
There was a problem hiding this comment.
🤣
I'm assuming you will remove this before commit to master
|
|
||
| return ( | ||
| <> | ||
| <section className="details-overview-summary"> |
There was a problem hiding this comment.
you still working on this one? i18n needed below
| @@ -137,7 +143,7 @@ export const AlertIndex = memo(() => { | |||
| return ( | |||
| <Link | |||
There was a problem hiding this comment.
Should be using a connected EuiLink. I think @parkiino 's PR will include a common one in our components/ dir, so you can use that when its merged in.
| @@ -213,28 +211,44 @@ export const AlertIndex = memo(() => { | |||
| </h2> | |||
| </EuiTitle> | |||
| </EuiFlyoutHeader> | |||
| <EuiFlyoutBody /> | |||
| <EuiFlyoutBody> | |||
| {selectedAlertData ? <AlertDetailsOverview /> : <EuiLoadingSpinner size="xl" />} | |||
There was a problem hiding this comment.
@parkiino - we probably should use this same loading component in Management Host details ⬆️ to stay consistent.
| aria-label="Alert List" | ||
| rowCount={total} | ||
| columns={columns} | ||
| columnVisibility={useMemo( |
There was a problem hiding this comment.
for consistency - consider moving this useMemo to the top of the of this component
dplumlee
added
release_note:skip
dplumlee
force-pushed
the
alert-details-overview
branch
2 times, most recently
from
28a89f5
to
d0880d5
Compare
|
@elasticmachine merge upstream |
| const middleware = alertMiddlewareFactory(coreStart); | ||
| store = createStore(alertListReducer, applyMiddleware(middleware)); | ||
|
|
||
| selectorIsTrue = async selector => { |
There was a problem hiding this comment.
FYI: I was going to create something similar as well - some of my Policy middleware tests started to fail in Release branch and kibana-operation turn them off. The only think I was thinking about doing that differs from this approach was that I was going to reject the Promise after some x times.
There was a problem hiding this comment.
i do agree the test is kind of brittle, i think the goal is to remove it when qualters creates a functional test for the flyout/resolver in his next pr
There was a problem hiding this comment.
@paul-tavares we originally had it reject after 10 times, but since no additional actions are ever dispatched (no user exists after all) that limit was never hit. At the moment jest just times out after 4.5 seconds
| data-testid="alertTypeCellLink" | ||
| to={urlFromQueryParams({ ...queryParams, selected_alert: 'TODO' })} | ||
| onClick={() => |
There was a problem hiding this comment.
does it require an href? we're getting all the functionality we need from just the onclick since its just changing the search query in the url
There was a problem hiding this comment.
I think the href is needed if you would like to enable users to open the link in a separate tab/window or be able to copy the link
There was a problem hiding this comment.
ok, we've opened a ticket for it to address
| <p> | ||
| <FormattedMessage | ||
| id="xpack.endpoint.application.endpoint.alertDetails.overview.summary" | ||
| defaultMessage="Endgame MalwareScore detected the opening of a document on {hostname} on {date}" |
There was a problem hiding this comment.
probably remove "Endgame?"
…u want to use redux saga
dplumlee
force-pushed
the
alert-details-overview
branch
from
900c43b
to
5500167
Compare
| title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.fileSize', { | ||
| defaultMessage: 'File Size', | ||
| }), | ||
| description: alertData.file.size, |
| title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.alertType', { | ||
| defaultMessage: 'Alert Type', | ||
| }), | ||
| description: alertData.event.category, |
There was a problem hiding this comment.
Added task to do this here: https://github.com/elastic/endpoint-app-team/issues/92
| title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.eventType', { | ||
| defaultMessage: 'Event Type', | ||
| }), | ||
| description: alertData.event.kind, |
| title: i18n.translate('xpack.endpoint.application.endpoint.alertDetails.hostIP', { | ||
| defaultMessage: 'Host IP', | ||
| }), | ||
| description: alertData.host.ip.join(','), |
| * you may not use this file except in compliance with the Elastic License. | ||
| */ | ||
|
|
||
| export { GeneralAccordion } from './general_accordion'; |
| <EuiText>Alert Status: Open</EuiText> | ||
| <EuiSpacer /> | ||
| </section> | ||
| <EuiTabbedContent tabs={tabs} initialSelectedTab={tabs[0]} /> |
There was a problem hiding this comment.
consider syncing the tab selection with the URL (maybe make it a future improvement?)
https://elastic.github.io/eui/#/navigation/tabs
There was a problem hiding this comment.
Added task for it here: https://github.com/elastic/endpoint-app-team/issues/92
| <FileAccordion alertData={alertDetailsData} /> | ||
| <EuiSpacer /> | ||
| <SourceProcessAccordion alertData={alertDetailsData} /> | ||
| <EuiSpacer /> |
| data-testid="alertTypeCellLink" | ||
| to={urlFromQueryParams({ ...queryParams, selected_alert: 'TODO' })} | ||
| onClick={() => |
| return ( | ||
| <div className={className} data-test-subj="alertResolver" data-testid="alertResolver"> | ||
| <Provider store={store}> | ||
| <Resolver selectedEvent={(alertDetailsData as unknown) as LegacyEndpointEvent} /> |
There was a problem hiding this comment.
why not use the predicate that you removed https://github.com/elastic/kibana/pull/58412/files#diff-e42c64f81c4fa55ac260536744187224L99
| </Provider> | ||
| </div> | ||
| ); | ||
| React.memo(({ className }: { className?: string }) => { |
There was a problem hiding this comment.
consider taking in a LegacyEndpointEvent. The component that renders this could get selectedAlertDetailsData and then check if its a LegacyEndpointEvent via a predicate function and then pass it down. that way there is no unsafe casting
dplumlee
force-pushed
the
alert-details-overview
branch
from
6d946f8
to
93f7cf0
Compare
| data: { | ||
| buffer: string; | ||
| decompressed_size: number; | ||
| encoding: string; |
There was a problem hiding this comment.
These fields are not going to be used by the UI, right? Anything the UI won't use should be optional or even removed from the types.
There was a problem hiding this comment.
but we can do that in subsequent PRs
There was a problem hiding this comment.
adding this to this ticket elastic/endpoint-app-team#189
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
|
@peluja1012 I'm clearly behind in pushing 'test considerations' on the PRs we have, now that *that is the desired process. However, I think the test idea are in another castle. I am curious whats our process is tho? ...This was closed out without fulfilling all of the tasks (which is ok by me) or they just need to be updated, lol. If not, can we plan to always put a prominent link to the new 'remaining work' ticket or PR that's been insta-opened? And there aren't any browser tests for a UI focused pr, @dplumlee do you want to work with me to get up to speed on the Functional Test Runner jazz so we can bang out some tests for this new component? |
* master: (26 commits) [Endpoint] Alert Details Overview (elastic#58412) Service map language icons (elastic#58633) [SIEM] [Case] Comments to case view (elastic#58315) Remove appBasePath from docs + add mock for AppMountParameters (elastic#58775) [kbn/optimizer] fix ui/* url rewrites in dist (elastic#58627) Dashboard a11y tests (elastic#58122) Downgrade "setting up plugin" log to debug (elastic#58776) [CI] Pipeline refactoring (elastic#56447) [Advanced Settings] Fix a11y of unsaved indicator (elastic#58511) put params into short url instead of behind it (elastic#58846) show timepicker in timelion and tsvb (elastic#58857) improve graph missing workspace error message (elastic#58876) [Maps] direct Discover "visualize" to open Maps application (elastic#58549) Disallow duplicate percentiles (elastic#57444) (elastic#58299) removing references to visTypes uiExports (elastic#58337) [SIEM] Default the Timeline events filter to show All events (elastic#58953) [Remote clusters] Add indexManagement as required plugin (elastic#58915) [DOCS] Rework of main get started page (elastic#58260) [Endpoint] [Tests] fixes elastic#57946 flaky endpoint policy list test (elastic#58348) [Endpoint] add resolver middleware (elastic#58288) ...
|
I spoke with Pedro and we're going to review the tasks list. And I see a note that Kevin Q has a pr that will cover the Functional browser tests so seeing that its all good now. |
…s/kibana into alerting/fix-flaky-instance-test * 'alerting/fix-flaky-instance-test' of github.com:gmmorris/kibana: [Endpoint] Alert Details Overview (elastic#58412) Service map language icons (elastic#58633) [SIEM] [Case] Comments to case view (elastic#58315) Remove appBasePath from docs + add mock for AppMountParameters (elastic#58775) [kbn/optimizer] fix ui/* url rewrites in dist (elastic#58627)
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
kibanamachine
added
the
backport missing
kibanamachine
removed
the
backport missing
Summary
Adds to the alert details flyout with expanded alert details in an accordion style layout
Checklist
Delete any items that are not applicable to this PR.
For maintainers