Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Alert flyout overview #105602

Merged
merged 11 commits into from
Jul 20, 2021
Merged

[Security Solution] Alert flyout overview #105602

merged 11 commits into from
Jul 20, 2021

Conversation

angorayc
Copy link
Contributor

@angorayc angorayc commented Jul 14, 2021
edited
Loading

Summary

https://github.com/elastic/security-team/issues/1271
https://github.com/elastic/security-team/issues/1394

  • Change the flyout title from Alert details to rule name

  • Change the tab name from summary to overview

  • If event.category is network, show extra fields: process.name, destination.address, destination.port

Screenshot 2021-07-19 at 17 29 12

  • If event.category is process, show extra fields: process.name, process.parent.name, process.args

Screenshot 2021-07-19 at 17 34 22

@angorayc angorayc added release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting Security Solution Threat Hunting Team v7.15.0 v8.0.0 labels Jul 14, 2021
@angorayc angorayc marked this pull request as ready for review July 16, 2021 11:20
@angorayc angorayc requested a review from a team as a code owner July 16, 2021 11:21
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

michaelolo24
michaelolo24 reviewed Jul 16, 2021
View reviewed changes
x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/index.tsx Outdated
const ruleName = useMemo(() => {
const findRuleName = find({ category: 'signal', field: 'signal.rule.name' }, detailsData)
?.values;
return findRuleName ? findRuleName[0] : '';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could findRuleName be an empty array? Would it be better to check findRuleName?.length. Also (nit), it might be helpful to rename this to currentRuleName or something similar

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, I'll apply that check to other fields as well.

michaelolo24
michaelolo24 reviewed Jul 16, 2021
View reviewed changes
.../security_solution/public/timelines/components/side_panel/event_details/expandable_event.tsx Outdated
{!loading ? (
<h4>{isAlert && !isEmpty(ruleName) ? ruleName : i18n.EVENT_DETAILS}</h4>
) : (
<></>
Copy link
Contributor

@michaelolo24 michaelolo24 Jul 16, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you know why this was here? Does EuiTitle require some kind of child no matter what? Could we just do

{!loading && (
	<h4>{isAlert && !isEmpty(ruleName) ? ruleName : i18n.EVENT_DETAILS}</h4>
)}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, EuiTitle needs to have a child in it anyway. My intention was use the empty span as a place holder to avoid the title height jumping on loaded, but seems that It works the same as

{!loading && (
          <EuiTitle size="s">
            <h4>{isAlert && !isEmpty(ruleName) ? ruleName : i18n.EVENT_DETAILS}</h4>
          </EuiTitle>
        )}

so I'll just remove the place holder and hide the entire title.

@angorayc angorayc enabled auto-merge (squash) July 20, 2021 11:35
@angorayc angorayc added the auto-backport Deprecated - use backport:version if exact versions are needed label Jul 20, 2021
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 6.3MB 6.3MB -232.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@angorayc angorayc merged commit 85f726c into elastic:master Jul 20, 2021
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Jul 20, 2021
@angorayc @kibanamachine
[Security Solution] Alert flyout overview (elastic#105602)
22c5d20 
* init flyout overview

* styling

* remove reason block

* rm unused i18n key

* show data by event category

* rename styled component

* update snapshot

* update overview tab on alert flyout

* styling

* fix up

* update snapshot and remove unused i18n
@kibanamachine kibanamachine mentioned this pull request Jul 20, 2021
Merged
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Jul 20, 2021
@kibanamachine @angorayc
[Security Solution] Alert flyout overview (#105602) (#106230)
9e2ca44 
* init flyout overview

* styling

* remove reason block

* rm unused i18n key

* show data by event category

* rename styled component

* update snapshot

* update overview tab on alert flyout

* styling

* fix up

* update snapshot and remove unused i18n

Co-authored-by: Angela Chuang <6295984+angorayc@users.noreply.github.com>
@rylnd rylnd mentioned this pull request Aug 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelolo24 michaelolo24 michaelolo24 approved these changes

Assignees
No one assigned
Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting Security Solution Threat Hunting Team v7.15.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@angorayc @elasticmachine @kibanamachine @michaelolo24