[Security Solution] Alert flyout - update document id in analyzer preview and same ancestry #174651
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
christineweng
added
release_note:fix
Team:Threat Hunting
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
💚 Build Succeeded
Metrics [docs]Async chunks
To update your PR or re-run it, just comment with: |
PhilippeOberti
approved these changes
Jan 16, 2024
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 16, 2024
…view and same ancestry (elastic#174651) ## Summary Address: elastic#169373 This PR updates the use of `kibana.alert.ancestor.id` to `_id` (available in flyout context as `eventId`) in analyzer preview and alerts by ancestry. This change allows upgrade from 7.x kibana to 8.10+ to utilize analyzer preview. No UI change introduced. **How to test** - Analyzer preview should match that of prior to the change - Alert by ancestry in correlations overview (right section) and correlations tab (left section -> Insights) should match that of prior to the change - Analyzer preview should match the analyzer viewer in alerts table ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit f288919)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jan 16, 2024
…zer preview and same ancestry (#174651) (#174972) # Backport This will backport the following commits from `main` to `8.12`: - [[Security Solution] Alert flyout - update document id in analyzer preview and same ancestry (#174651)](#174651) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"christineweng","email":"18648970+christineweng@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-01-16T21:30:32Z","message":"[Security Solution] Alert flyout - update document id in analyzer preview and same ancestry (#174651)\n\n## Summary\r\n\r\nAddress: https://github.com/elastic/kibana/issues/169373\r\n\r\nThis PR updates the use of `kibana.alert.ancestor.id` to `_id`\r\n(available in flyout context as `eventId`) in analyzer preview and\r\nalerts by ancestry. This change allows upgrade from 7.x kibana to 8.10+\r\nto utilize analyzer preview.\r\n\r\nNo UI change introduced.\r\n\r\n**How to test**\r\n- Analyzer preview should match that of prior to the change\r\n- Alert by ancestry in correlations overview (right section) and\r\ncorrelations tab (left section -> Insights) should match that of prior\r\nto the change\r\n- Analyzer preview should match the analyzer viewer in alerts table\r\n\r\n\r\n### Checklist\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"f288919b144dbfc2e99a3ff689ddfc0707c89379","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Threat Hunting","Team:Threat Hunting:Investigations","v8.12.1","v8.13.0"],"title":"[Security Solution] Alert flyout - update document id in analyzer preview and same ancestry","number":174651,"url":"https://github.com/elastic/kibana/pull/174651","mergeCommit":{"message":"[Security Solution] Alert flyout - update document id in analyzer preview and same ancestry (#174651)\n\n## Summary\r\n\r\nAddress: https://github.com/elastic/kibana/issues/169373\r\n\r\nThis PR updates the use of `kibana.alert.ancestor.id` to `_id`\r\n(available in flyout context as `eventId`) in analyzer preview and\r\nalerts by ancestry. This change allows upgrade from 7.x kibana to 8.10+\r\nto utilize analyzer preview.\r\n\r\nNo UI change introduced.\r\n\r\n**How to test**\r\n- Analyzer preview should match that of prior to the change\r\n- Alert by ancestry in correlations overview (right section) and\r\ncorrelations tab (left section -> Insights) should match that of prior\r\nto the change\r\n- Analyzer preview should match the analyzer viewer in alerts table\r\n\r\n\r\n### Checklist\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"f288919b144dbfc2e99a3ff689ddfc0707c89379"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174651","number":174651,"mergeCommit":{"message":"[Security Solution] Alert flyout - update document id in analyzer preview and same ancestry (#174651)\n\n## Summary\r\n\r\nAddress: https://github.com/elastic/kibana/issues/169373\r\n\r\nThis PR updates the use of `kibana.alert.ancestor.id` to `_id`\r\n(available in flyout context as `eventId`) in analyzer preview and\r\nalerts by ancestry. This change allows upgrade from 7.x kibana to 8.10+\r\nto utilize analyzer preview.\r\n\r\nNo UI change introduced.\r\n\r\n**How to test**\r\n- Analyzer preview should match that of prior to the change\r\n- Alert by ancestry in correlations overview (right section) and\r\ncorrelations tab (left section -> Insights) should match that of prior\r\nto the change\r\n- Analyzer preview should match the analyzer viewer in alerts table\r\n\r\n\r\n### Checklist\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"f288919b144dbfc2e99a3ff689ddfc0707c89379"}}]}] BACKPORT--> Co-authored-by: christineweng <18648970+christineweng@users.noreply.github.com>
|
This PR didn't make it into the latest BC for 8.12.0. Updating the labels. |
2 tasks
christineweng
added a commit
that referenced
this pull request
Jan 29, 2024
… hover actions in rule preview (#175282) ## Summary - Fixed a bug introduced by #174651: analyzer preview is stuck in loading state because `_id` is not in the index for a preview alert. Added back `kibana.alert.ancestor.id` when flyout is open in alert preview. - Refactor the use of security hover actions in flyout. The hover action wrapper checks the type of document/scope (whether it is an alert, or in a preview) to determine what actions to show on hover. Most hover actions should behave consistently when flyout is in rule preview (do not show filter options) - Related: #173608 - Not included in this pr: 1) hover actions in alert reason preview, 2) hover actions in left panel entity details as the component is owned by a different team and required greater refactor effort - Fixed a UI bug on assignees breaking into multiple lines  ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
christineweng
added a commit
to christineweng/kibana
that referenced
this pull request
Feb 7, 2024
… hover actions in rule preview (elastic#175282) ## Summary - Fixed a bug introduced by elastic#174651: analyzer preview is stuck in loading state because `_id` is not in the index for a preview alert. Added back `kibana.alert.ancestor.id` when flyout is open in alert preview. - Refactor the use of security hover actions in flyout. The hover action wrapper checks the type of document/scope (whether it is an alert, or in a preview) to determine what actions to show on hover. Most hover actions should behave consistently when flyout is in rule preview (do not show filter options) - Related: elastic#173608 - Not included in this pr: 1) hover actions in alert reason preview, 2) hover actions in left panel entity details as the component is owned by a different team and required greater refactor effort - Fixed a UI bug on assignees breaking into multiple lines  ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit d51fddb) # Conflicts: # x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx # x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.test.tsx # x-pack/plugins/security_solution/public/flyout/document_details/right/components/assignees.tsx # x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx
christineweng
added a commit
that referenced
this pull request
Feb 7, 2024
… update hover actions in rule preview (#175282) (#176243) # Backport This will backport the following commits from `main` to `8.12`: - [[Security Solution][Flyout] - fix analyzer preview loading and update hover actions in rule preview (#175282)](#175282) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"christineweng","email":"18648970+christineweng@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-01-29T23:16:30Z","message":"[Security Solution][Flyout] - fix analyzer preview loading and update hover actions in rule preview (#175282)\n\n## Summary\r\n\r\n- Fixed a bug introduced by\r\nhttps://github.com//pull/174651: analyzer preview is stuck\r\nin loading state because `_id` is not in the index for a preview alert.\r\nAdded back `kibana.alert.ancestor.id` when flyout is open in alert\r\npreview.\r\n\r\n- Refactor the use of security hover actions in flyout. The hover action\r\nwrapper checks the type of document/scope (whether it is an alert, or in\r\na preview) to determine what actions to show on hover. Most hover\r\nactions should behave consistently when flyout is in rule preview (do\r\nnot show filter options)\r\n - Related: #173608 \r\n- Not included in this pr: 1) hover actions in alert reason preview, 2)\r\nhover actions in left panel entity details as the component is owned by\r\na different team and required greater refactor effort\r\n\r\n- Fixed a UI bug on assignees breaking into multiple lines\r\n\r\n\r\n \r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"d51fddb332f824889c24c6a8278c81259ad445ae","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport missing","Team:Threat Hunting","Team:Threat Hunting:Investigations","v8.12.1","v8.13.0"],"number":175282,"url":"https://github.com/elastic/kibana/pull/175282","mergeCommit":{"message":"[Security Solution][Flyout] - fix analyzer preview loading and update hover actions in rule preview (#175282)\n\n## Summary\r\n\r\n- Fixed a bug introduced by\r\nhttps://github.com//pull/174651: analyzer preview is stuck\r\nin loading state because `_id` is not in the index for a preview alert.\r\nAdded back `kibana.alert.ancestor.id` when flyout is open in alert\r\npreview.\r\n\r\n- Refactor the use of security hover actions in flyout. The hover action\r\nwrapper checks the type of document/scope (whether it is an alert, or in\r\na preview) to determine what actions to show on hover. Most hover\r\nactions should behave consistently when flyout is in rule preview (do\r\nnot show filter options)\r\n - Related: #173608 \r\n- Not included in this pr: 1) hover actions in alert reason preview, 2)\r\nhover actions in left panel entity details as the component is owned by\r\na different team and required greater refactor effort\r\n\r\n- Fixed a UI bug on assignees breaking into multiple lines\r\n\r\n\r\n \r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"d51fddb332f824889c24c6a8278c81259ad445ae"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/175282","number":175282,"mergeCommit":{"message":"[Security Solution][Flyout] - fix analyzer preview loading and update hover actions in rule preview (#175282)\n\n## Summary\r\n\r\n- Fixed a bug introduced by\r\nhttps://github.com//pull/174651: analyzer preview is stuck\r\nin loading state because `_id` is not in the index for a preview alert.\r\nAdded back `kibana.alert.ancestor.id` when flyout is open in alert\r\npreview.\r\n\r\n- Refactor the use of security hover actions in flyout. The hover action\r\nwrapper checks the type of document/scope (whether it is an alert, or in\r\na preview) to determine what actions to show on hover. Most hover\r\nactions should behave consistently when flyout is in rule preview (do\r\nnot show filter options)\r\n - Related: #173608 \r\n- Not included in this pr: 1) hover actions in alert reason preview, 2)\r\nhover actions in left panel entity details as the component is owned by\r\na different team and required greater refactor effort\r\n\r\n- Fixed a UI bug on assignees breaking into multiple lines\r\n\r\n\r\n \r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"d51fddb332f824889c24c6a8278c81259ad445ae"}}]}] BACKPORT-->
CoenWarmer
pushed a commit
to CoenWarmer/kibana
that referenced
this pull request
Feb 15, 2024
…view and same ancestry (elastic#174651) ## Summary Address: elastic#169373 This PR updates the use of `kibana.alert.ancestor.id` to `_id` (available in flyout context as `eventId`) in analyzer preview and alerts by ancestry. This change allows upgrade from 7.x kibana to 8.10+ to utilize analyzer preview. No UI change introduced. **How to test** - Analyzer preview should match that of prior to the change - Alert by ancestry in correlations overview (right section) and correlations tab (left section -> Insights) should match that of prior to the change - Analyzer preview should match the analyzer viewer in alerts table ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
CoenWarmer
pushed a commit
to CoenWarmer/kibana
that referenced
this pull request
Feb 15, 2024
… hover actions in rule preview (elastic#175282) ## Summary - Fixed a bug introduced by elastic#174651: analyzer preview is stuck in loading state because `_id` is not in the index for a preview alert. Added back `kibana.alert.ancestor.id` when flyout is open in alert preview. - Refactor the use of security hover actions in flyout. The hover action wrapper checks the type of document/scope (whether it is an alert, or in a preview) to determine what actions to show on hover. Most hover actions should behave consistently when flyout is in rule preview (do not show filter options) - Related: elastic#173608 - Not included in this pr: 1) hover actions in alert reason preview, 2) hover actions in left panel entity details as the component is owned by a different team and required greater refactor effort - Fixed a UI bug on assignees breaking into multiple lines  ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
fkanout
pushed a commit
to fkanout/kibana
that referenced
this pull request
Mar 4, 2024
… hover actions in rule preview (elastic#175282) ## Summary - Fixed a bug introduced by elastic#174651: analyzer preview is stuck in loading state because `_id` is not in the index for a preview alert. Added back `kibana.alert.ancestor.id` when flyout is open in alert preview. - Refactor the use of security hover actions in flyout. The hover action wrapper checks the type of document/scope (whether it is an alert, or in a preview) to determine what actions to show on hover. Most hover actions should behave consistently when flyout is in rule preview (do not show filter options) - Related: elastic#173608 - Not included in this pr: 1) hover actions in alert reason preview, 2) hover actions in left panel entity details as the component is owned by a different team and required greater refactor effort - Fixed a UI bug on assignees breaking into multiple lines  ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Address: #169373
This PR updates the use of
kibana.alert.ancestor.idto_id(available in flyout context aseventId) in analyzer preview and alerts by ancestry. This change allows upgrade from 7.x kibana to 8.10+ to utilize analyzer preview.No UI change introduced.
How to test
Checklist