[Security Solution] [Endpoint] Event filters uses the new card design

[dasansol92]

Summary

WIP

For maintainers

• This was checked for breaking API changes and was labeled appropriately

[dasansol92]

As this component just displays the show/hide comments button if there is a comment, I'm thinking if we can just render it always and just let the condition for the description (if trustedApp then display description else null). Toughs?

[paul-tavares]

did you forget to set data-test-subj here?

[paul-tavares]

Left some questions, but overall looks awesome

[paul-tavares]

in order to avoid having to carry AnyArtifact checks, I would suggest adding an optional prop to this component called hideDescription instead. and maybe a second named hideComments. By default, both would be shown and then different implementation can hide them. So in Event filters, we would hide the description and in Trusted apps we would hide comments.

Note that if you go down that path, also review the props for the Collapsible card, since it inherits props from here and I don't think these new props would apply there.

[dasansol92]

Yeah, like it!

[paul-tavares]

🤔 feels like this should just be a useMemo instead of callback

[dasansol92]

absolutely

[paul-tavares]

did you forget to set data-test-subj here?

[paul-tavares]

probably don't need the comments prefix here and below.

[paul-tavares]

is this safe? what happens in dark theme? wondering if there is a way to grab the euiColorLIghtestShade that is theme agonistic?

[dasansol92]

I think I can use the useTheme hook but not sure at all. Will try it

[paul-tavares]

is this what they use in Exceptions? or are they using one of the Date formatters we define here: x-pack/plugins/security_solution/public/common/components/formatted_date/index.tsx (look at the <PreferenceFormattedDate /> or (my favorite) <FormattedRelativePreferenceDate />

[dasansol92]

Yes, this is a copy paste from the exception. I will take a look at the others, thanks

[dasansol92]

@elasticmachine merge upstream

[elasticmachine]

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

[paul-tavares]

🔥 🔥
LGTM. Awesome to see Event Filters cards match that of Trusted apps.

🚢

[paul-tavares]

++1 on the name change

[paul-tavares]

I'm assuming it does not matter at this point, maybe because we are not looking for this data, but we might want to make this id and the created_at values static so that they are always the same for testing

[paul-tavares]

@elasticmachine merge upstream

[kevinlog]

checked it out and ran it, looks great!

I tried adding, editing, and deleting and all of it works!

[kibanamachine]

💛 Build succeeded, but was flaky

• continuous-integration/kibana-ci/pull-request
• Commit: 00d1632
• Storybooks Preview
• Documentation Changes
• Flaky suites:
  • xpack-kibana-ciGroup11

---

Test Failures

Kibana Pipeline / general / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/aliases·ts.detection engine api security and spaces enabled Tests involving aliases of source indexes and the signals index should keep the original alias value such as "host_alias" from a source index when the value is indexed

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 1 times on tracked branches: https://github.com/elastic/kibana/issues/114581

[00:00:00]     │
[00:00:00]       └-: detection engine api security and spaces enabled
[00:00:00]         └-> "before all" hook in "detection engine api security and spaces enabled"
[00:00:00]         └-: 
[00:00:00]           └-> "before all" hook in ""
[00:00:00]           └-: Tests involving aliases of source indexes and the signals index
[00:00:00]             └-> "before all" hook for "should keep the original alias value such as "host_alias" from a source index when the value is indexed"
[00:00:00]             └-> "before all" hook for "should keep the original alias value such as "host_alias" from a source index when the value is indexed"
[00:00:00]               │ info [x-pack/test/functional/es_archives/security_solution/alias] Loading "mappings.json"
[00:00:00]               │ info [x-pack/test/functional/es_archives/security_solution/alias] Loading "data.json"
[00:00:00]               │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [host_alias] creating index, cause [api], templates [], shards [1]/[1]
[00:00:00]               │ info [x-pack/test/functional/es_archives/security_solution/alias] Created index "host_alias"
[00:00:00]               │ debg [x-pack/test/functional/es_archives/security_solution/alias] "host_alias" settings {"index":{"refresh_interval":"1s","number_of_replicas":"1","number_of_shards":"1"}}
[00:00:00]               │ info [x-pack/test/functional/es_archives/security_solution/alias] Indexed 4 docs into "host_alias"
[00:00:00]             └-> should keep the original alias value such as "host_alias" from a source index when the value is indexed
[00:00:00]               └-> "before each" hook: global before each for "should keep the original alias value such as "host_alias" from a source index when the value is indexed"
[00:00:00]               └-> "before each" hook for "should keep the original alias value such as "host_alias" from a source index when the value is indexed"
[00:00:00]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.siem-signals-default-migration-cleanup]
[00:00:00]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.siem-signals-default]
[00:00:00]                 │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:00]                 │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:00]                 │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:04]               │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/6DuR4icDRgibEQpQ3jN5fA] update_mapping [_doc]
[00:00:04]               │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:00:04]               │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:00:07]               │ proc [kibana] [2021-10-13T08:38:36.976+00:00][INFO ][plugins.eventLog] event logged: {"@timestamp":"2021-10-13T08:38:36.975Z","event":{"provider":"alerting","action":"execute-start","kind":"alert","category":["siem"],"start":"2021-10-13T08:38:36.975Z"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"f31933a0-2c00-11ec-a1f3-abd14cfeac1c","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-13T08:38:34.191Z","schedule_delay":2784000000},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"8.0.0"},"rule":{"id":"f31933a0-2c00-11ec-a1f3-abd14cfeac1c","license":"basic","category":"siem.signals","ruleset":"siem"},"message":"alert execution start: \"f31933a0-2c00-11ec-a1f3-abd14cfeac1c\"","ecs":{"version":"1.8.0"}}
[00:00:09]               │ proc [kibana] [2021-10-13T08:38:39.248+00:00][INFO ][plugins.securitySolution] [+] Finished indexing 4  signals searched between date ranges [
[00:00:09]               │ proc [kibana]   {
[00:00:09]               │ proc [kibana]     "to": "2021-10-13T08:38:38.262Z",
[00:00:09]               │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:00:09]               │ proc [kibana]     "maxSignals": 100
[00:00:09]               │ proc [kibana]   }
[00:00:09]               │ proc [kibana] ] name: "Signal Testing Query" id: "f31933a0-2c00-11ec-a1f3-abd14cfeac1c" rule id: "rule-1" signals index: ".siem-signals-default"
[00:00:09]               │ proc [kibana] [2021-10-13T08:38:39.267+00:00][INFO ][plugins.eventLog] event logged: {"@timestamp":"2021-10-13T08:38:36.975Z","event":{"provider":"alerting","action":"execute","kind":"alert","category":["siem"],"start":"2021-10-13T08:38:36.975Z","outcome":"success","end":"2021-10-13T08:38:39.266Z","duration":2291000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"f31933a0-2c00-11ec-a1f3-abd14cfeac1c","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-13T08:38:34.191Z","schedule_delay":2784000000},"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"8.0.0"},"rule":{"id":"f31933a0-2c00-11ec-a1f3-abd14cfeac1c","license":"basic","category":"siem.signals","ruleset":"siem","name":"Signal Testing Query"},"message":"alert executed: siem.signals:f31933a0-2c00-11ec-a1f3-abd14cfeac1c: 'Signal Testing Query'","ecs":{"version":"1.8.0"}}
[00:00:09]               └- ✖ fail: detection engine api security and spaces enabled  Tests involving aliases of source indexes and the signals index should keep the original alias value such as "host_alias" from a source index when the value is indexed
[00:00:09]               │       Error: expected [ 'host name 2',
[00:00:09]               │   'host name 3',
[00:00:09]               │   'host name 4',
[00:00:09]               │   'host name 1' ] to sort of equal [ 'host name 1',
[00:00:09]               │   'host name 2',
[00:00:09]               │   'host name 3',
[00:00:09]               │   'host name 4' ]
[00:00:09]               │       + expected - actual
[00:00:09]               │ 
[00:00:09]               │        [
[00:00:09]               │       +  "host name 1"
[00:00:09]               │          "host name 2"
[00:00:09]               │          "host name 3"
[00:00:09]               │          "host name 4"
[00:00:09]               │       -  "host name 1"
[00:00:09]               │        ]
[00:00:09]               │       
[00:00:09]               │       at Assertion.assert (/dev/shm/workspace/parallel/20/kibana/node_modules/@kbn/expect/expect.js:100:11)
[00:00:09]               │       at Assertion.eql (/dev/shm/workspace/parallel/20/kibana/node_modules/@kbn/expect/expect.js:244:8)
[00:00:09]               │       at Context.<anonymous> (test/detection_engine_api_integration/security_and_spaces/tests/aliases.ts:57:23)
[00:00:09]               │       at runMicrotasks (<anonymous>)
[00:00:09]               │       at processTicksAndRejections (internal/process/task_queues.js:95:5)
[00:00:09]               │       at Object.apply (/dev/shm/workspace/parallel/20/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16)
[00:00:09]               │ 
[00:00:09]               │ 

Stack Trace

Error: expected [ 'host name 2',
  'host name 3',
  'host name 4',
  'host name 1' ] to sort of equal [ 'host name 1',
  'host name 2',
  'host name 3',
  'host name 4' ]
    at Assertion.assert (/dev/shm/workspace/parallel/20/kibana/node_modules/@kbn/expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/parallel/20/kibana/node_modules/@kbn/expect/expect.js:244:8)
    at Context.<anonymous> (test/detection_engine_api_integration/security_and_spaces/tests/aliases.ts:57:23)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at Object.apply (/dev/shm/workspace/parallel/20/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16) {
  actual: '[\n  "host name 2"\n  "host name 3"\n  "host name 4"\n  "host name 1"\n]',
  expected: '[\n  "host name 1"\n  "host name 2"\n  "host name 3"\n  "host name 4"\n]',
  showDiff: true
}

---

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
securitySolution	2749	2751	+2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	4.6MB	4.6MB	+2.8KB

History

• 💚 Build #159524 succeeded 912dac3
• 💔 Build #158819 failed 79d0255
• 💔 Build #158813 failed 1c8e2f2
• 💔 Build #158529 failed b725008
• 💔 Build #158560 failed 4eabfd6

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[kibanamachine]

💚 Backport successful

Status	Branch	Result
✅	7.x

This backport PR will be merged automatically after passing CI.