-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Timeline] - Store flyout information in the url #148800
[Security Solution][Timeline] - Store flyout information in the url #148800
Conversation
8fa6b2a
to
2486573
Compare
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
code LGTM, tested with and without alerts, the flyout seems to handle it just fine!
If I understand correctly, at the moment we do not save which tab within the flyout is displayed. I guess this will happen with the new expanded flyout work right?
Yep, that's the plan! |
aa5adb0
to
ca0b2e0
Compare
f3da48e
to
d03d76b
Compare
682d081
to
a9199a5
Compare
⏳ Build in-progress, with failures
Failed CI StepsHistory
To update your PR or re-run it, just comment with: |
1e55b3d
to
a2bb6f8
Compare
bac2f5c
to
723d5ea
Compare
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested again, LGTM! Thanks for adding some e2e tests.
You could potentially add some short documentation to the couple of hooks you added, but maybe their names are clear enough, plus this will be replaced by the expandable flyout soon..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pulled down and tested, all looks good to me!
Thanks! I'll add that in the follow up PR on Monday that removes the old alert details page as well |
## Summary This PR introduces the field `kibana.alert.url` to the alerts generated by al alert rule types. Functionality was added in [this PR](#148800) for 8.8 to allow users to link directly to the alert flyout. To be able to provide users with this field via our connectors, we are adding the url under the field `kibana.alert.url`. To test, create an alert of any type and you should see this field set in the alert flyout: <img width="838" alt="image" src="https://user-images.githubusercontent.com/17211684/233993880-fc7fd790-105e-4c16-947e-e2f5a2965936.png"> The url provided is a redirect path that contains the necessary information (space, id, index, and timestamp) to be able to redirect the user to a filtered alert page for the given alert and the detail flyout opened. This allows us to retain flexibility in the future for any changes that may occur with the alert flyout or an alert page. More on that can be found in the earlier pr: #148800 ### Testing 1. The `kibana.alert.url` field makes use of the `publicBaseUrl` configuration which must be set in your kibana.dev.yml for this field to be generated. Add the following to your yaml file. Note that if you use a `basePath`, it will have to be appended to the end of your `publicBaseUrl` path. ``` server.publicBaseUrl: 'http://localhost:5601' ``` with basePath: ``` server.basePath: '/someBasePath' server.publicBaseUrl: 'http://localhost:5601/someBasePath' ``` 2. Generate data and enable any rule type to get alerts. 3. Go to the alert page, click expand detail, and search for `kibana.alert.url` in the table. 4. Visit that url and you should see a filtered alert page with the details flyout opened ***Caveat - when grouping is enabled, the details flyout will not open as the table that it is attached to is not actually loaded at that point in time. When the table is loaded by either disabling grouping or opening the group, the details flyout will open
Summary
The purpose of this PR is to give users the ability to share a given alert on the alert's page. This is possible via two changes. First, the simple state of the details flyout is now stored in a url query param
eventFlyout=(...flyoutState)
, when opened. Secondly, the addition of aShare Alert
button which allows users to share a link directly to the alert page filtered for the given alert and the flyout opened.Caveats
Ideally storing the url state in the url should have been enough, but because of the potential for relative time ranges in the global kql query bar (which are also stored in the url), it it is possible to share a url by copying the browser url that doesn't actually open the given alert.
As an example: A user with a relative time range of
last 24 hours
opens an alert that was created this morning with a colleague. The colleague doesn't actually visit the link till the following afternoon. When the user visits the link, they may see the flyout open, but may not actually see the associated alert in the alert table. This is because the relative time range oflast 24 hours
doesn't contain the alert that was opened the previous morning. The flyout may open because it is not constrained by the relative time range, but the primary alert table may easily be out of sync. Given this, theShare Alert
button creates a custom urlalerts/alertId?index='blah'×tamp='...'
which redirects the user to the specific alert and time range of their given alert.Although this flyout is used in multiple locations, we only want to preserve it on this singular page to keep the user flow simple, and also allow us to more smoothly transition to the future flyout experience.
Demo
Sharing via the browser url
Screen.Recording.2023-03-24.at.11.18.57.AM.mov
Sharing via the
Share alert
buttonScreen.Recording.2023-03-31.at.1.20.59.PM.mov
Follow up work
Revert/Delete the changes of the old Alerts Page POC:
#154477