[Security Solution] Add Host/User flyout in One Discover.

[logeekal]

Summary

Handles #191998

Follow up work:

• https://github.com/elastic/security-team/issues/11112
• [Security Solution ] Add One Discover hover actions to above entity Flyouts #196667

This PR add below entity flyouts for below entities in One Discover:

• host.name
• user.name
• source.ip
• destination.ip

In this PR we re-use the security solution code by making use of below model based on discover-shared plugin.

flowchart TD
  discoverShared["Discover Shared"]
  securitySolution["Security Solution"]
  discover["Discover"]


  securitySolution -- "registers Features" --> discoverShared
  discover -- "consume Features" --> discoverShared

Loading

How to Test

Note

This PR adds security-root-profile in One discover which is currently in experimental mode. All changes below can only be tested when profile is activated. Profile can activated by adding below lines in config/kibana.dev.yml

 discover.experimental.enabledProfiles:
    - security-root-profile

1. As mentioned above, adding above experimental flag in kibana.dev.yml.
2. Spin up Security Serverless project and add some alert Data.
3. Navigate to Discover and add columns host.name and user.name in table. Now host and user flyouts should be available on clicking host.name, user.name, source.ip & destination.ip.
4. Flyout should work without any error.
5. Below things are not working and will be tackled in followup PR :
   • Security Hover actions
   • Actions such as Add to Timeline or Add to Case

Checklist

Delete any items that are not applicable to this PR.

• Unit or functional tests were updated or added to match the most common scenarios

[logeekal]

/ci

[logeekal]

/ci

[logeekal]

/ci

[logeekal]

@elastic/kibana-data-discovery

Changed this to FunctionComponent because previous type does not accept memoized components. FunctionComponent is more inclusive.

Please let me know if you would keep this a function instead.

[davismcphee]

I don't really see an issue with this, although we do already memoize cell renderers here, so it's likely not necessary to memoize again:

kibana/packages/kbn-unified-data-table/src/utils/get_render_cell_value.tsx

Line 166 in 7538565

: memo(UnifiedDataTableRenderCellValue);

If we make this change, it might even make sense to go all the way and just accept ComponentType, but not really a strong opinion.

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

[jloleysens]

kibana.jsonc LGTM

[semd]

LGTM! Thanks Jatin for doing this and taking the time to discuss and address each comment.
Great work! 💯

[davismcphee]

@logeekal It looks like discoverShared might have been partially removed from Discover and now there are some related type errors. Other than that this LGTM from the Data Discovery side and will be good to go once fixed.

[davismcphee]

Thanks for fixing the types, and this now LGTM on the Data Discovery side 👍 Congrats on merging the first Security extension point implementations @logeekal!

[logeekal]

Thanks for fixing the types, and this now LGTM on the Data Discovery side 👍 Congrats on merging the first Security extension point implementations @logeekal

Thanks. Finally :D . But this is also experimental 🤣

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 5c42105

Failed CI Steps

• Jest Tests #18

Test Failures

• [job] [logs] Jest Tests #18 / useActionStatus should post cancel and invoke callback on cancel upgrade - plural
• [job] [logs] Jest Tests #18 / useActionStatus should report error on cancel upgrade failure

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
discover	981	983	+2
securitySolution	6277	6283	+6
total			+8

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
discover	100	161	+61
discoverShared	15	23	+8
securitySolution	119	123	+4
total			+73

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
discover	811.3KB	812.2KB	+874.0B
securitySolution	13.4MB	14.6MB	⚠️ +1.2MB
total			⚠️ +1.2MB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id	before	after	diff
discover	24	29	+5
discoverShared	3	2	-1
securitySolution	33	34	+1
total			+5

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
securitySolution	86.6KB	87.8KB	+1.2KB

Unknown metric groups

API count

id	before	after	diff
discover	148	209	+61
discoverShared	16	26	+10
securitySolution	187	191	+4
total			+75

async chunk count

id	before	after	diff
securitySolution	101	102	+1

History

• 💔 Build #253101 failed cbbb094
• 💔 Build #253095 failed 7af2969
• 💔 Build #253062 failed 4ef1600
• 💚 Build #250861 succeeded 9198449
• 💔 Build #250816 failed c4bece2

[kibanamachine]

Starting backport for target branches: 8.17, 8.x

https://github.com/elastic/kibana/actions/runs/12085265704

[kibanamachine]

💔 All backports failed

Status	Branch	Result
❌	8.17	Backport failed because of merge conflicts
❌	8.x	Backport failed because of merge conflicts You might need to backport the following PRs to 8.x: - [Fleet] Change uninstall tokens space when changing agent policies spaces (#199536)

Manual backport

To create the backport manually run:

node scripts/backport --pr 199279

Questions ?

Please refer to the Backport tool documentation