Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RAC][Alert Triage] Alert Details #94042

Open
spong opened this issue Mar 9, 2021 · 5 comments
Open

[RAC][Alert Triage] Alert Details #94042

spong opened this issue Mar 9, 2021 · 5 comments
Labels
enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature Team:Detections and Resp Security Detection Response Team Team:Observability Team label for Observability Team (for things that are handled across all of observability) Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team Theme: rac label obsolete

Comments

@spong
Copy link
Member

spong commented Mar 9, 2021
edited
Loading

Description

This issue is for the generification of the Alert Details component used within the Alert Triage workflow on the main Security Detections page and Rule Details page. The Alert Details component is displays

Icon on Alerts Table

Summary

Table

JSON View

Note: Current bug with syntax highlighting

Re-usable implementation with custom renderer as leveraged within Observability

Note: This mock leverages both the custom renderer and a Previous/Next Alert functionality for quick switching between remaining alerts within the Alerts table (captured as Interface Outputs below).

Interface

Inputs
  • Source alert
  • .alerts index
  • Summary renderer (for custom rendering)
  • Configuration
    • Selected view
    • Filter for table view
Outputs
  • Next alert selection
  • Previous alert selection
  • Add column to alerts table
  • Page-level KQL query, filters, and daterange (filters + histogram scrub from hover actions)

API Requirements

  • Generic query API for fetching documents from the .alerts index for Top-N feature.

Destination Plugin/Package 🏠

  • Perhaps generic shared component package or dedicated timeline plugin/package.

Existing Source

Exists as EventDetailsPanelComponent within the Security Solution, and to be integrated alongside the Alerts Table #93873.
@spong spong added enhancement New value added to drive a business result Team:Observability Team label for Observability Team (for things that are handled across all of observability) Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team:Detections and Resp Security Detection Response Team Team:Threat Hunting Security Solution Threat Hunting Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Detection Alerts Security Solution Detection Alerts Feature Theme: rac label obsolete labels Mar 9, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@katrin-freihofner
Copy link
Contributor

Here is an update of the details flyout for Observability
Observability Alerting - User journeys@2x

Wireframes

@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature Team:Detections and Resp Security Detection Response Team Team:Observability Team label for Observability Team (for things that are handled across all of observability) Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team Theme: rac label obsolete
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kobelb @spong @elasticmachine @katrin-freihofner