Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Entity Analytics] Show Asset Criticality in Risk Input Left Flyout #174638

Merged
merged 21 commits into from
Jan 17, 2024
Merged

[Entity Analytics] Show Asset Criticality in Risk Input Left Flyout #174638

merged 21 commits into from
Jan 17, 2024

Conversation

hop-dev
Copy link
Contributor

@hop-dev hop-dev commented Jan 10, 2024
edited
Loading

Summary

Show the asset criticality as part of the risk inputs under a new contexts section:
Screenshot 2024-01-10 at 16 45 29

If there is no criticality assigned here is what it looks like:
Screenshot 2024-01-10 at 12 05 28

this is based off the criticality_level on the risk score document not the current asset criticality of the entity.

Test steps

Assign asset criticality to a host or user and raise alerts + a risk score for them, view the host details flyout and then expand risk inputs, the asset criticality at the time of the score should be shown.

@hop-dev
Copy link
Contributor Author

hop-dev commented Jan 10, 2024

/ci

@hop-dev
Copy link
Contributor Author

hop-dev commented Jan 11, 2024

/ci

@hop-dev hop-dev self-assigned this Jan 11, 2024
@hop-dev hop-dev requested a review from r4zr32d3k1l January 11, 2024 15:41
@hop-dev hop-dev marked this pull request as ready for review January 11, 2024 21:10
@hop-dev hop-dev requested review from a team as code owners January 11, 2024 21:10
@hop-dev hop-dev requested a review from rylnd January 11, 2024 21:10
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

@hop-dev
Copy link
Contributor Author

hop-dev commented Jan 12, 2024

/ci

tiansivive
tiansivive approved these changes Jan 15, 2024
View reviewed changes
Copy link
Contributor

@tiansivive tiansivive left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a minor question

@hop-dev hop-dev changed the title [Entity Analytics] Show Asset Criticality in Risk Iinput Left Flyout [Entity Analytics] Show Asset Criticality in Risk Input Left Flyout Jan 15, 2024
machadoum
machadoum reviewed Jan 16, 2024
View reviewed changes
Copy link
Member

@machadoum machadoum left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM!

Very good proposal 👏 👏 👏
It looks better without the extra tabs. Thank you!

I left some minor comments about the ContextsTable component. Could you please take a look?

@hop-dev hop-dev requested a review from tiansivive January 17, 2024 09:30
@hop-dev hop-dev requested a review from machadoum January 17, 2024 11:24
MadameSheema
MadameSheema reviewed Jan 17, 2024
View reviewed changes
x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/new_entity_flyout.cy.ts Outdated
@@ -67,6 +67,14 @@ describe(
expandRiskInputsFlyoutPanel();
cy.get(RISK_INPUT_PANEL_HEADER).should('exist');
});

it('should show asset criticality in the risk input panel', () => {
waitForAlerts();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: You can move the waitForAlerts() of all the tests to the beforeEach() hook.

MadameSheema
MadameSheema reviewed Jan 17, 2024
View reviewed changes
x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/new_entity_flyout.cy.ts Outdated
waitForAlerts();
expandFirstAlertUserFlyout();
expandRiskInputsFlyoutPanel();
cy.get(ASSET_CRITICALITY_BADGE).should('exist');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: Below assertion is implicitly checking for the existence of the element, so this can be removed.

MadameSheema
MadameSheema reviewed Jan 17, 2024
View reviewed changes
x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/new_entity_flyout.cy.ts Outdated
waitForAlerts();
expandFirstAlertHostFlyout();
expandRiskInputsFlyoutPanel();
cy.get(ASSET_CRITICALITY_BADGE).should('exist');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: Below assertion is implicitly checking for the existence of the element, so this can be removed.

MadameSheema
MadameSheema approved these changes Jan 17, 2024
View reviewed changes
Copy link
Member

@MadameSheema MadameSheema left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-engineering-productivity changes LGTM!

@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] Jest Tests #16 / SolutionFilter when no owner set renders options correctly
  • [job] [logs] Jest Tests #16 / SolutionFilter when no owner set should call onChange with [all solutions] when the last solution option selected is deselected
  • [job] [logs] Jest Tests #16 / SolutionFilter when no owner set should call onChange with selected solution id when no option selected yet
  • [job] [logs] Jest Tests #16 / SolutionFilter when the owner is a single solution renders options correctly
  • [job] [logs] Jest Tests #16 / SolutionFilter when the owner is a single solution should call onChange with [owner] when the last solution option selected is deselected
  • [job] [logs] Jest Tests #16 / SolutionFilter when the owner is a single solution should call onChange with selected solution id when no option selected yet

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 4872 4874 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 11.4MB 11.4MB +2.0KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @hop-dev

@hop-dev hop-dev merged commit a54e953 into elastic:main Jan 17, 2024
38 checks passed
@hop-dev hop-dev deleted the 8332-risk-inputs branch January 17, 2024 16:09
@kibanamachine kibanamachine added v8.13.0 backport:skip This commit does not require backporting labels Jan 17, 2024
@tiansivive tiansivive mentioned this pull request Jan 18, 2024
Merged
@r4zr32d3k1l
Copy link

r4zr32d3k1l commented Jan 19, 2024
edited
Loading

Hey, great work! I see no obstacles in deploying this to production. However, for upcoming releases, I believe we can elevate it further by aligning these features more cohesively with other flyout designs. To achieve this, we should prioritize the asset criticality at the top of the flyout. Here's an example https://www.figma.com/file/IKQr6HbQPAdFws9i7Ikcx9/Entity-Analytics?type=design&node-id=473%3A25619&mode=design&t=juSE0rxLlaPUKbSk-1, Cheers!

CoenWarmer pushed a commit to CoenWarmer/kibana that referenced this pull request Feb 15, 2024
@hop-dev @CoenWarmer
[Entity Analytics] Show Asset Criticality in Risk Input Left Flyout (e…
fa10460 
…lastic#174638)

## Summary

Show the asset criticality as part of the risk inputs under a new
contexts section:
<img width="1517" alt="Screenshot 2024-01-10 at 16 45 29"
src="https://github.com/elastic/kibana/assets/3315046/4ab7fd16-2849-4d9c-8f1c-f9cd9b677e8f">

If there is no criticality assigned here is what it looks like:
<img width="1098" alt="Screenshot 2024-01-10 at 12 05 28"
src="https://github.com/elastic/kibana/assets/3315046/817e4397-1a3f-4e65-be27-dbadb364e693">

this is based off the criticality_level on the risk score document not
the current asset criticality of the entity.

## Test steps

Assign asset criticality to a host or user and raise alerts + a risk
score for them, view the host details flyout and then expand risk
inputs, the asset criticality at the time of the score should be shown.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MadameSheema MadameSheema MadameSheema approved these changes

@r4zr32d3k1l r4zr32d3k1l Awaiting requested review from r4zr32d3k1l

@rylnd rylnd Awaiting requested review from rylnd rylnd is a code owner automatically assigned from elastic/security-entity-analytics

@tiansivive tiansivive Awaiting requested review from tiansivive

@machadoum machadoum Awaiting requested review from machadoum

Assignees

@hop-dev hop-dev

Labels
backport:skip This commit does not require backporting release_note:enhancement Team:Entity Analytics Security Entity Analytics Team v8.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@hop-dev @elasticmachine @kibana-ci @r4zr32d3k1l @machadoum @tiansivive @MadameSheema @kibanamachine