Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution ] Add One Discover hover actions to above entity Flyouts #196667

Open
Tracked by #186783
logeekal opened this issue Oct 17, 2024 · 0 comments
Open
Tracked by #186783

[Security Solution ] Add One Discover hover actions to above entity Flyouts #196667

logeekal opened this issue Oct 17, 2024 · 0 comments
Assignees
@logeekal
Labels
Feature:Discover in Security Team:Threat Hunting:Investigations Security Solution Investigations Team

Comments

@logeekal
Copy link
Contributor

logeekal commented Oct 17, 2024
edited
Loading

Acceptance Criteria ✅

Filter In/ Out

Filter In should modify One Discover's ESQL query or KQL Filters.

TopN

TopN should work as it does in Security today.

Copy to Clipboard

Copy to Clipboard should be adapted from One Discover ( when flyout is open in One Discover ) and should work accordinly while it should behave differently when flyout is open in Security.
@logeekal logeekal mentioned this issue Oct 17, 2024
Open
2 tasks
@logeekal logeekal mentioned this issue Oct 17, 2024
Closed
@logeekal logeekal mentioned this issue Nov 12, 2024
Merged
1 task
logeekal added a commit that referenced this issue Nov 29, 2024
@logeekal @kibanamachine
[Security Solution] Add Host/User flyout in One Discover. (#199279)
c80f91e 
## Summary

Handles #191998

Follow up work:
  - elastic/security-team#11112
  - #196667


This PR add below entity flyouts for below entities in One Discover:
- host.name
- user.name
- source.ip
- destination.ip


In this PR we re-use the security solution code by making use of below
model based on `discover-shared` plugin.

```mermaid
flowchart TD
  discoverShared["Discover Shared"]
  securitySolution["Security Solution"]
  discover["Discover"]


  securitySolution -- "registers Features" --> discoverShared
  discover -- "consume Features" --> discoverShared

```

## How to Test

>[!Note]
>This PR adds `security-root-profile` in One discover which is currently
in `experimental mode`. All changes below can only be tested when
profile is activated. Profile can activated by adding below lines in
`config/kibana.dev.yml`
> ```yaml
>  discover.experimental.enabledProfiles:
>     - security-root-profile
> ```
>

1. As mentioned above, adding above experimental flag in
`kibana.dev.yml`.
2. Spin up Security Serverless project and add some alert Data.
3. Navigate to Discover and add columns `host.name` and `user.name` in
table. Now `host` and `user` flyouts should be available on clicking
`host.name`, `user.name`, `source.ip` & `destination.ip`.
4. Flyout should work without any error.
5. Below things are not working and will be tackled in followup PR :
    - Security Hover actions
    - Actions such as `Add to Timeline` or `Add to Case` 



### Checklist

Delete any items that are not applicable to this PR.


- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this issue Dec 12, 2024
@logeekal @kibanamachine @CAWilson94
[Security Solution] Add Host/User flyout in One Discover. (elastic#19…
a16b11d 
…9279)

## Summary

Handles elastic#191998

Follow up work:
  - elastic/security-team#11112
  - elastic#196667


This PR add below entity flyouts for below entities in One Discover:
- host.name
- user.name
- source.ip
- destination.ip


In this PR we re-use the security solution code by making use of below
model based on `discover-shared` plugin.

```mermaid
flowchart TD
  discoverShared["Discover Shared"]
  securitySolution["Security Solution"]
  discover["Discover"]


  securitySolution -- "registers Features" --> discoverShared
  discover -- "consume Features" --> discoverShared

```

## How to Test

>[!Note]
>This PR adds `security-root-profile` in One discover which is currently
in `experimental mode`. All changes below can only be tested when
profile is activated. Profile can activated by adding below lines in
`config/kibana.dev.yml`
> ```yaml
>  discover.experimental.enabledProfiles:
>     - security-root-profile
> ```
>

1. As mentioned above, adding above experimental flag in
`kibana.dev.yml`.
2. Spin up Security Serverless project and add some alert Data.
3. Navigate to Discover and add columns `host.name` and `user.name` in
table. Now `host` and `user` flyouts should be available on clicking
`host.name`, `user.name`, `source.ip` & `destination.ip`.
4. Flyout should work without any error.
5. Below things are not working and will be tackled in followup PR :
    - Security Hover actions
    - Actions such as `Add to Timeline` or `Add to Case` 



### Checklist

Delete any items that are not applicable to this PR.


- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@logeekal logeekal

Labels
Feature:Discover in Security Team:Threat Hunting:Investigations Security Solution Investigations Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@logeekal