-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Detections] Integrates installed integrations into interface #132847
Conversation
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
approving snapshot update
💚 Build SucceededMetrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: cc @spong |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Checked out, tested locally, and reviewed the changes. LGTM 👍
Found a few minor bugs.
On the Rule Management page package name is used instead of package title when the package has only 1 integration:
On the Rule Management page links use installed version instead of the target version:
Rule Details page doesn't have these issues.
The fact that it works differently on the 2 pages makes me think that we need to:
- Use the exact same logic for processing related integrations and installed integrations everywhere.
- Ideally use the exact same components to render them. Let's revisit the popover thing and use the same UI as on the Details page to render integrations in the popover.
Let's fix the rest of the minor bugs and clean up the implementation a little bit before the release.
🚀
x-pack/plugins/security_solution/public/common/components/integrations_popover/helpers.tsx
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/common/components/integrations_popover/index.tsx
Show resolved
Hide resolved
..._solution/public/detections/containers/detection_engine/rules/use_installed_integrations.tsx
Show resolved
Hide resolved
Per your review comment @banderror :
This is resolved in #133050 -- I had used the wrong variable so simple fix here. Note though, if there is no-match in
So I updated the logic in #133050 to use the With regards to consolidating components/logic, I spoke with product/design today and they're on board with the following changes:
These have all been addressed in #133050 🙂 Thanks for the review/feedback here @banderror! |
…s Feedback & Fixes (#133050) ## Summary Addressing the following feedback from #132847: - [X] On the Rule Management page package name is used instead of package title when the package has only 1 integration: - [X] move integrations_popover to `related_integrations` directory - [X] update useInstalledIntegrations to always return array of installedIntegration - [X] move useInstalledIntegrations to `related_integrations` directory - [X] Slight update to copy in Rules Table popover - [X] Ok to use Rule Details UI within Rules Table popover content - [X] Sort integrations alphabetically - [X] Update left padding on version mis-match tooltip - [X] #133291 - [X] #133269 - [X] Add Kibana Advanced Setting for disabling integrations badge on Rules Table <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/171750790-ffa2e3ef-dd7a-499c-9b08-89bafc06dd50.png" /> </p> - [ ] Adds tests - [x] `useInstalledIntegrations` hook - [X] relatedIntegrations utils - [x] IntegrationDescription - [ ] Add loaders where necessary since there can now be API delay - May hold off on loaders as transition from no installed integrations -> installed integrations isn't too bad as-is ##### Updated integrations popover content on Rules Table to match Rule Details design <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172263941-3e948b41-7ef7-4281-8354-57e77ddeb433.png" /> </p> In discussions with @banderror reviewing the different integration states (uninstalled, installed, enabled, and agents enrolled), we are now capturing the distinction between `Installed` and `Enabled` so that we don't confuse users when a package is installed but the integration isn't enabled/configured. I also added tooltips for clarifying each state and what action the user should perform to ensure compatibility. In collab with @yiyangliu9286 @jethr0null (comments below) -- we've consolidated to a single `Installed: enabled` badge, and updated `Uninstalled` to `Not installed` as well. ##### Tooltips <details><summary>Not installed</summary> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172264210-00064485-2df9-408e-953b-9294f16dedf2.png" /> </p> </details> <details><summary>Installed</summary> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172263672-67b641cd-5895-464a-8897-f26bd0a61073.png" /> </p> </details> <details><summary>Installed: enabled</summary> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172263783-563ea48d-c96c-4519-87b4-7076582f5da2.png" /> </p> </details> ### Checklist Delete any items that are not applicable to this PR. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - Collaborating with docs teams on this dedicated docs issue: elastic/security-docs#2015 - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
…s Feedback & Fixes (elastic#133050) ## Summary Addressing the following feedback from elastic#132847: - [X] On the Rule Management page package name is used instead of package title when the package has only 1 integration: - [X] move integrations_popover to `related_integrations` directory - [X] update useInstalledIntegrations to always return array of installedIntegration - [X] move useInstalledIntegrations to `related_integrations` directory - [X] Slight update to copy in Rules Table popover - [X] Ok to use Rule Details UI within Rules Table popover content - [X] Sort integrations alphabetically - [X] Update left padding on version mis-match tooltip - [X] elastic#133291 - [X] elastic#133269 - [X] Add Kibana Advanced Setting for disabling integrations badge on Rules Table <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/171750790-ffa2e3ef-dd7a-499c-9b08-89bafc06dd50.png" /> </p> - [ ] Adds tests - [x] `useInstalledIntegrations` hook - [X] relatedIntegrations utils - [x] IntegrationDescription - [ ] Add loaders where necessary since there can now be API delay - May hold off on loaders as transition from no installed integrations -> installed integrations isn't too bad as-is ##### Updated integrations popover content on Rules Table to match Rule Details design <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172263941-3e948b41-7ef7-4281-8354-57e77ddeb433.png" /> </p> In discussions with @banderror reviewing the different integration states (uninstalled, installed, enabled, and agents enrolled), we are now capturing the distinction between `Installed` and `Enabled` so that we don't confuse users when a package is installed but the integration isn't enabled/configured. I also added tooltips for clarifying each state and what action the user should perform to ensure compatibility. In collab with @yiyangliu9286 @jethr0null (comments below) -- we've consolidated to a single `Installed: enabled` badge, and updated `Uninstalled` to `Not installed` as well. ##### Tooltips <details><summary>Not installed</summary> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172264210-00064485-2df9-408e-953b-9294f16dedf2.png" /> </p> </details> <details><summary>Installed</summary> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172263672-67b641cd-5895-464a-8897-f26bd0a61073.png" /> </p> </details> <details><summary>Installed: enabled</summary> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172263783-563ea48d-c96c-4519-87b4-7076582f5da2.png" /> </p> </details> ### Checklist Delete any items that are not applicable to this PR. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - Collaborating with docs teams on this dedicated docs issue: elastic/security-docs#2015 - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) (cherry picked from commit 7bfcb52) # Conflicts: # x-pack/plugins/security_solution/public/common/components/integrations_popover/helpers.tsx # x-pack/plugins/security_solution/public/common/components/integrations_popover/index.tsx # x-pack/plugins/security_solution/public/detections/components/rules/description_step/required_integrations_description.tsx # x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/use_installed_integrations.tsx
… Fields Feedback & Fixes (#133050) (#134148) * [Security Solution][Detections] Related Integrations & Required Fields Feedback & Fixes (#133050) ## Summary Addressing the following feedback from #132847: - [X] On the Rule Management page package name is used instead of package title when the package has only 1 integration: - [X] move integrations_popover to `related_integrations` directory - [X] update useInstalledIntegrations to always return array of installedIntegration - [X] move useInstalledIntegrations to `related_integrations` directory - [X] Slight update to copy in Rules Table popover - [X] Ok to use Rule Details UI within Rules Table popover content - [X] Sort integrations alphabetically - [X] Update left padding on version mis-match tooltip - [X] #133291 - [X] #133269 - [X] Add Kibana Advanced Setting for disabling integrations badge on Rules Table <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/171750790-ffa2e3ef-dd7a-499c-9b08-89bafc06dd50.png" /> </p> - [ ] Adds tests - [x] `useInstalledIntegrations` hook - [X] relatedIntegrations utils - [x] IntegrationDescription - [ ] Add loaders where necessary since there can now be API delay - May hold off on loaders as transition from no installed integrations -> installed integrations isn't too bad as-is ##### Updated integrations popover content on Rules Table to match Rule Details design <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172263941-3e948b41-7ef7-4281-8354-57e77ddeb433.png" /> </p> In discussions with @banderror reviewing the different integration states (uninstalled, installed, enabled, and agents enrolled), we are now capturing the distinction between `Installed` and `Enabled` so that we don't confuse users when a package is installed but the integration isn't enabled/configured. I also added tooltips for clarifying each state and what action the user should perform to ensure compatibility. In collab with @yiyangliu9286 @jethr0null (comments below) -- we've consolidated to a single `Installed: enabled` badge, and updated `Uninstalled` to `Not installed` as well. ##### Tooltips <details><summary>Not installed</summary> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172264210-00064485-2df9-408e-953b-9294f16dedf2.png" /> </p> </details> <details><summary>Installed</summary> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172263672-67b641cd-5895-464a-8897-f26bd0a61073.png" /> </p> </details> <details><summary>Installed: enabled</summary> <p align="center"> <img width="500" src="https://user-images.githubusercontent.com/2946766/172263783-563ea48d-c96c-4519-87b4-7076582f5da2.png" /> </p> </details> ### Checklist Delete any items that are not applicable to this PR. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - Collaborating with docs teams on this dedicated docs issue: elastic/security-docs#2015 - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [X] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) (cherry picked from commit 7bfcb52) # Conflicts: # x-pack/plugins/security_solution/public/common/components/integrations_popover/helpers.tsx # x-pack/plugins/security_solution/public/common/components/integrations_popover/index.tsx # x-pack/plugins/security_solution/public/detections/components/rules/description_step/required_integrations_description.tsx # x-pack/plugins/security_solution/public/detections/components/rules/related_integrations/use_installed_integrations.tsx * Fixes type from missing backport
Summary
Wires up the new Installed Integrations API added in #132667 to the new Related Integrations UI added in #131475.
Additional changes include (though not all necessary for this specific PR):
package
on Rules TablePlease see #131475 for screenshots and additional details.
Steps to test
In this initial implementation these new fields are only visible with Prebuilt Rules, and so there is limited API support and currently no UI for editing them. If a Prebuilt Rule is duplicated, these fields are emptied (set to
''
or[]
). When a Rule is exported these fields are included (as empty values), and it is possible to edit thendjson
and re-import and then see these fields for the Custom Rule (but still not editable in the UI). This is expected behavior, and is actually a nice and easy way to test.Here is a sample export you can paste into a
test.ndjson
file and import to test this feature. You can modify thepackage
/version
fields to test corner cases like if a package is installed but it's the wrong version.