Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability for numeric values to open timeline and implement changes from design / product review #131827

Closed
4 of 6 tasks
jamster10 opened this issue May 9, 2022 · 1 comment · Fixed by #131828
Closed
4 of 6 tasks

Add ability for numeric values to open timeline and implement changes from design / product review #131827

jamster10 opened this issue May 9, 2022 · 1 comment · Fixed by #131828
Assignees
@jamster10
Labels
backport:skip This commit does not require backporting enhancement New value added to drive a business result release_note:feature Makes this part of the condensed release notes SecuritySolution:QAAssist Part of QA testing process for release Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team v8.3.0

Comments

@jamster10
Copy link
Contributor

jamster10 commented May 9, 2022
edited
Loading

Based on conversation with @merilmathew , & @paulewing further changes to Detections Response dashboard are to be made:

Figma: https://www.figma.com/file/yGGkXDuUQzoR7faSVu6F9p/OOTB-Dashboard-for-analysts?node-id=520%3A94622

Bugs fixed in this ticket:

  • header font size of alerts chart needs to be uniform with other headers

Enhancements:

  • Change alert colour scheme to match current alert colours
  • Add ability for clicking on numbers to link to a timeline
  • Investigate and potentially implement pagination for vulnerable host/user tables and remove buttons
  • Remove feature flag?

Background Conversations:

QA:

Information about the view:

For 8.3 We are only building the sections noted in this document by the thumbs up (with green circle) further work is slated potentially for 8.4.

Please refer to that document for more information about this project, but find some things noted below:

  • Toggle Query (toggling seeing a specific table or chart has some UI problems noted here: [Security Solution] Query toggle, responsive design issues #131405. There are some hacky fixes in place to help mitigate this, but the cases and alerts chart have more problems around it.

  • Open/Acknowledged/Closed hyperlinks in alerts chart are not clickable as the app does not have the ability to route to those specific sections in Alerts page. (we can for open, but not closed or acknowledged, so we have opted to make none of them clickable

  • Same as above with hyperlinks in cases chart

  • Alert / Alert counts for each table have been requested to link to timelines. For eg:

image

clicking 7 would link to a timeline filtered by alerts by host.name: "Win 8"

  • The button View all other host alerts to potentially be removed in favour of pagination showing remaining hosts. akin to this table:

image

Permissions
If a user does not have case permissions, no case chart or tables will be seen.
If a user does not have alerts permissions, no alert chart or tables will be seen.
If a user has not pertinent permissions, they will see a no permissioned view.
@jamster10 jamster10 added enhancement New value added to drive a business result backport:skip This commit does not require backporting Team:Threat Hunting Security Solution Threat Hunting Team release_note:feature Makes this part of the condensed release notes Team:Threat Hunting:Explore SecuritySolution:QAAssist Part of QA testing process for release v8.3.0 labels May 9, 2022
@jamster10 jamster10 self-assigned this May 9, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@jamster10 jamster10 linked a pull request May 9, 2022 that will close this issue
[Security Solution] [Detection & Response] 131827 Update Detections Response view with pagination and opening numbers in timeline #131828
Merged
12 tasks
@jamster10 jamster10 mentioned this issue May 17, 2022
Merged
12 tasks
@jamster10 jamster10 mentioned this issue May 25, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jamster10 jamster10

Labels
backport:skip This commit does not require backporting enhancement New value added to drive a business result release_note:feature Makes this part of the condensed release notes SecuritySolution:QAAssist Part of QA testing process for release Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team v8.3.0
Projects
None yet
Milestone
No milestone
2 participants
@elasticmachine @jamster10