Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Endpoint][Host Isolation] Isolation status badge from alert details #102274

Merged
merged 7 commits into from
Jun 18, 2021
Merged

[Security Solution][Endpoint][Host Isolation] Isolation status badge from alert details #102274

merged 7 commits into from
Jun 18, 2021

Conversation

parkiino
Copy link
Contributor

@parkiino parkiino commented Jun 15, 2021
edited
Loading

Summary

  • Adds an agent status row to the alert details flyout summary tab
  • Row values include the agent status and the isolation status using the common isolation status component

Screenshot

image

@parkiino parkiino added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Feature:Endpoint Elastic Endpoint feature Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v7.14.0 labels Jun 15, 2021
@parkiino parkiino requested a review from a team as a code owner June 15, 2021 21:53
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

@elasticmachine
Copy link
Contributor

Pinging @elastic/esecurity-onboarding-and-lifecycle-mgt (Feature:Endpoint)

paul-tavares
paul-tavares reviewed Jun 16, 2021
View reviewed changes
Copy link
Contributor

@paul-tavares paul-tavares left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor comments/questions

x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.tsx Outdated
}, [data]);

const agentStatusRow = {
title: 'Agent status',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be i18n?

...ins/security_solution/public/timelines/components/timeline/body/renderers/agent_statuses.tsx Outdated
tooltipContent={isolationFieldName}
value={`${isIsolated}`}
>
<EndpointHostIsolationStatus isIsolated={true} />
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't show pending statuses from this view?

@spalger
Copy link
Contributor

spalger commented Jun 16, 2021

jenkins, test this

(restarting due to jenkins upgrade)

paul-tavares
paul-tavares approved these changes Jun 17, 2021
View reviewed changes
Copy link
Contributor

@paul-tavares paul-tavares left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From our conversation - I left a few comments. I'm ok with you merging.

..._solution/public/detections/containers/detection_engine/alerts/use_host_isolation_status.tsx Outdated
}

/*
* Retrieves the current isolation status of a host */
* Retrieves the current isolation status of a host and the agent/host status */
export const useHostIsolationStatus = ({
agentId,
}: {
agentId: string;
}): HostIsolationStatusResponse => {
const [isIsolated, setIsIsolated] = useState<Maybe<boolean>>();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be:

const [isIsolated, setIsIsolated] = useState<boolean>(false);

...ins/security_solution/public/timelines/components/timeline/body/renderers/agent_statuses.tsx Outdated
tooltipContent={isolationFieldName}
value={`${isIsolated}`}
>
<EndpointHostIsolationStatus isIsolated={isIsolated as boolean} />
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With above suggestion, you can avoid this cast.

@parkiino parkiino merged commit 55b35fd into elastic:master Jun 18, 2021
@parkiino parkiino deleted the task/isolation-status-alert branch June 18, 2021 21:25
@parkiino parkiino mentioned this pull request Jun 21, 2021
Merged
parkiino added a commit to parkiino/kibana that referenced this pull request Jun 21, 2021
@parkiino
[Security Solution][Endpoint][Host Isolation] Isolation status badge …
a6c898a 
…from alert details (elastic#102274)
parkiino added a commit that referenced this pull request Jun 21, 2021
@parkiino
[Security Solution][Endpoint][Host Isolation] Isolation status badge …
bd9feb9 
…from alert details (#102274) (#102686)
jloleysens added a commit to jloleysens/kibana that referenced this pull request Jun 21, 2021
@jloleysens
Merge branch 'master' of github.com:elastic/kibana into reporting/new…
72e3121 
…-png-pdf-report-type

* 'master' of github.com:elastic/kibana: (447 commits)
  skip flaky suite (elastic#102366)
  [Security Solution][Endpoint][Host Isolation] Isolation status badge from alert details (elastic#102274)
  Add email connector info for Elastic Cloud (elastic#91363)
  [Workplace Search] remove or replace xs props for text on source connect view (elastic#102663)
  Do not double register dashboard url generator (elastic#102599)
  [TSVB] Replaces EuiCodeEditor 👉 Monaco editor  (elastic#100684)
  [Discover] Update kibana.json adding owner and description (elastic#102292)
  [Exploratory View] Mobile experience (elastic#99565)
  chore(NA): moving @kbn/ui-shared-deps into bazel (elastic#101669)
  [TSVB] Index pattern select field disappear in Annotation tab (elastic#102314)
  [Security Solution][Endpoint][Host Isolation] Fixes bug where host isolation/unisolation works from alert details (elastic#102581)
  TSVB visualizations with no timefield do not render after upgrading from 7.12.1 to 7.13.0 (elastic#102494)
  [Logs UI] Add `event.original` fallback to message reconstruction rules (elastic#102236)
  [ML] Remove blank job definition as it is unused and out-of-sync with Elasticsearch (elastic#102506)
  [Lens] Fix wrong error detection on transition to Top values operation (elastic#102384)
  [ML] Anomaly detection job custom_settings improvements (elastic#102099)
  [Cases] Route: Get all alerts attach to a case (elastic#101878)
  Fixes wrong list exception type when creating endpoint event filters list (elastic#102522)
  remove search bar that's not working yet (elastic#102550)
  Migrated Ingest Node Pipeline Functional Tests to use test_user (elastic#102409)
  ...

# Conflicts:
#	x-pack/plugins/reporting/public/share_context_menu/register_pdf_png_reporting.tsx
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 2186 2188 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 6.9MB 6.9MB +5.0KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paul-tavares paul-tavares paul-tavares approved these changes

Assignees
No one assigned
Labels
Feature:Endpoint Elastic Endpoint feature release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v7.14.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@parkiino @elasticmachine @spalger @kibanamachine @paul-tavares