[SIEM] New Overview Page #54783

andrew-goldstein · 2020-01-14T18:28:41Z

[SIEM] Overview Page "1.5"

A redesigned SIEM Overview page that includes Recent timelines, a Security news feed, visualizations, and rolled-up event counts

Overview enhancements

Added the global Search bar and Date picker to the Overview page
New Recent timelines widget affords quick access to favorite and recently modified timelines
New Security news widget
New Kibana advanced settings (toggle switch) for enabling or disabling the news widget and configuring the news URL
New Events count by dataset widget
Updated the Host Events and Network Events widgets to integrate with the Search bar and date picker input
Enhanced the Host Events and Network Events widgets to use an accordion paradigm that summarizes stats by source (e.g. Auditbeat, Endgame)
Enhanced the Host Events and Network Events widgets to visualize relative percentages of events collected as progress bars
New Alerts count by category widget
New Signals count by MITRE ATT&CK™ category widget
New View events, View alerts, and View signals navigation buttons for their respective visualizations

FTUE enhancements

FTUE "no data" view design refresh
When the FTUE "no data" page is displayed, hide all global navigation links (i.e. Hosts, Network, Detection engine), such that only Overview appears in the global nav
App Help popover design refresh
Removed the Beta badge and Security Information & Event Management with the Elastic Stack from the Overview header
Tested in Chrome 79.0.3945.117, Firefox 72.0.1, and Safari 13.0.4

Known issues

The siem:newsFeedUrl advanced setting is defaulted to https://feeds.elastic.co/kibana
The Signals count by MITRE ATT&CK™ category visualization does not display all categories
The Signals count by MITRE ATT&CK™ category visualization may require a different index pattern
EuiButtonGroup throwing a Can't perform a React state update on an unmounted component warning when switching from the Overview tab

https://github.com/elastic/siem-team/issues/484

elasticmachine · 2020-01-14T18:28:45Z

Pinging @elastic/siem (Team:SIEM)

joshdover

Platform changes LGTM

angorayc · 2020-01-14T20:22:44Z

Found that View alerts lands at incorrect page, but it is nothing wrong with the code in this PR.
It is in link-to component I forgot to add alerts page into the route, sorry for the inconvenience.
Please update components/link_to/link_to.tsx line 39 - 46

<Route
      component={RedirectToHostsPage}
      path={`${match.url}/:pageName(${SiemPageName.hosts})/:tabName(${HostsTableType.hosts}|${HostsTableType.authentications}|${HostsTableType.uncommonProcesses}|${HostsTableType.anomalies}|${HostsTableType.events}|${HostsTableType.alerts})`}
    />
    <Route
      component={RedirectToHostDetailsPage}
      path={`${match.url}/:pageName(${SiemPageName.hosts})/:detailName/:tabName(${HostsTableType.authentications}|${HostsTableType.uncommonProcesses}|${HostsTableType.anomalies}|${HostsTableType.events}|${HostsTableType.alerts})`}
    />

x-pack/legacy/plugins/siem/public/components/news_feed/no_news/index.tsx

angorayc · 2020-01-14T22:36:49Z

x-pack/legacy/plugins/siem/public/components/page/overview/overview_network/index.tsx

+                  (total, stat) => total + stat.count,
+                  0
+                );
+                const formattedNetworkEventsCount = numeral(networkEventsCount).format(


x-pack/legacy/plugins/siem/public/pages/overview/sidebar/sidebar.tsx

x-pack/legacy/plugins/siem/public/pages/overview/overview.tsx

x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine_no_signal_index.tsx

.../legacy/plugins/siem/public/pages/detection_engine/detection_engine_user_unauthenticated.tsx

angorayc

Ran it on my dev, all works well! Looks really beautiful, thanks a lot!!

…Security news` feed, visualizations, and rolled-up event counts ![overview-day](https://user-images.githubusercontent.com/4459398/72394573-f7c42080-36f3-11ea-93a1-57c52152cfdd.png) ![overview-night](https://user-images.githubusercontent.com/4459398/72394575-fb57a780-36f3-11ea-868e-8fcd2c5c4543.png) - Added the global Search bar and Date picker to the Overview page - New `Recent timelines` widget affords quick access to favorite and recently modified timelines - New `Security news` widget - New Kibana advanced settings (toggle switch) for enabling or disabling the news widget and configuring the news URL ![news-settings](https://user-images.githubusercontent.com/4459398/72362776-fd4c4700-36b0-11ea-805b-3c7353f2c1cd.png) - New `Events count by dataset` widget - Updated the `Host Events` and `Network Events` widgets to integrate with the Search bar and date picker input - Enhanced the `Host Events` and `Network Events` widgets to use an accordion paradigm that summarizes stats by source (e.g. `Auditbeat`, `Endgame`) - Enhanced the `Host Events` and `Network Events` widgets to visualize relative percentages of events collected as progress bars - New `Alerts count by category` widget - New `Signals count by MITRE ATT&CK™ category` widget - New `View events`, `View alerts`, and `View signals` navigation buttons for their respective visualizations - FTUE "no data" view design refresh ![ftue](https://user-images.githubusercontent.com/4459398/72361771-43a0a680-36af-11ea-969f-5872ac4a01a1.png) - When the FTUE "no data" page is displayed, hide all global navigation links (i.e. `Hosts`, `Network`, `Detection engine`), such that only `Overview` appears in the global nav - App Help popover design refresh ![help](https://user-images.githubusercontent.com/4459398/72362132-d80b0900-36af-11ea-9b58-1fd3b923b7c8.png) - Removed the `Beta` badge and `Security Information & Event Management with the Elastic Stack` from the Overview header - Tested in Chrome `79.0.3945.117`, Firefox `72.0.1`, and Safari `13.0.4` - The `siem:newsFeedUrl` advanced setting is defaulted to `https://feeds.elastic.co/kibana` - The `Signals count by MITRE ATT&CK™ category` visualization does not display all categories - The `Signals count by MITRE ATT&CK™ category` visualization may require a different index pattern - `EuiButtonGroup` throwing a `Can't perform a React state update on an unmounted component` warning when switching from the Overview tab elastic/siem-team#484

…e outside of the `siem` app

kibanamachine · 2020-01-15T04:01:56Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: d44c1d7

History

💔 Build #20427 failed f1cf13a
💔 Build #20398 failed 9582464a0c155af279b33a101080b67a1711b10e
💔 Build #20261 failed d52026bebec3f7671951816177b9819621677ca5

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

## [SIEM] Overview Page "1.5" A redesigned SIEM Overview page that includes `Recent timelines`, a `Security news` feed, visualizations, and rolled-up event counts ![overview-day](https://user-images.githubusercontent.com/4459398/72396016-90f53600-36f8-11ea-9b41-6d54d09de589.png) ![overview-night](https://user-images.githubusercontent.com/4459398/72394575-fb57a780-36f3-11ea-868e-8fcd2c5c4543.png) ### Overview enhancements - Added the global Search bar and Date picker to the Overview page - New `Recent timelines` widget affords quick access to favorite and recently modified timelines - New `Security news` widget - New Kibana advanced settings (toggle switch) for enabling or disabling the news widget and configuring the news URL ![news-settings](https://user-images.githubusercontent.com/4459398/72362776-fd4c4700-36b0-11ea-805b-3c7353f2c1cd.png) - New `Events count by dataset` widget - Updated the `Host Events` and `Network Events` widgets to integrate with the Search bar and date picker input - Enhanced the `Host Events` and `Network Events` widgets to use an accordion paradigm that summarizes stats by source (e.g. `Auditbeat`, `Endgame`) - Enhanced the `Host Events` and `Network Events` widgets to visualize relative percentages of events collected as progress bars - New `Alerts count by category` widget - New `Signals count by MITRE ATT&CK™ category` widget - New `View events`, `View alerts`, and `View signals` navigation buttons for their respective visualizations ### FTUE enhancements - FTUE "no data" view design refresh ![ftue](https://user-images.githubusercontent.com/4459398/72361771-43a0a680-36af-11ea-969f-5872ac4a01a1.png) - When the FTUE "no data" page is displayed, hide all global navigation links (i.e. `Hosts`, `Network`, `Detection engine`), such that only `Overview` appears in the global nav - App Help popover design refresh ![help](https://user-images.githubusercontent.com/4459398/72362132-d80b0900-36af-11ea-9b58-1fd3b923b7c8.png) - Removed the `Beta` badge and `Security Information & Event Management with the Elastic Stack` from the Overview header - Tested in Chrome `79.0.3945.117`, Firefox `72.0.1`, and Safari `13.0.4` ## Known issues - The `siem:newsFeedUrl` advanced setting is defaulted to `https://feeds.elastic.co/kibana` - The `Signals count by MITRE ATT&CK™ category` visualization does not display all categories - The `Signals count by MITRE ATT&CK™ category` visualization may require a different index pattern - `EuiButtonGroup` throwing a `Can't perform a React state update on an unmounted component` warning when switching from the Overview tab elastic/siem-team#484 Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

* upstream/master: (72 commits) [ML] Calculate model memory limit API integration tests (elastic#54557) Skip flakey index template component integration tests. (elastic#54878) Add label and icon to nested fields in the doc table (elastic#54199) Reverse dependency of home plugin and apm/ml/cloud (elastic#52883) [SIEM][Detection Engine] Order JSON keys, fix scripts, update pre-packaged rules update invalid snapshot add readme note about alerting / manage_api_key cluster privilege (elastic#54639) [SIEM] New Overview Page (elastic#54783) [Uptime] Feature/refactor context initialization (elastic#54494) Upgrade EUI to v18.2.0 (elastic#54786) [SIEM] [Detection engine] from signals to timeline (elastic#54769) [Index Management] Add Mappings Editor to Index Template Wizard (elastic#47562) [SIEM][Detection Engine] Removes deprecated filter from mapping [Maps] Add categorical styling (elastic#54408) Add mapbox-gl-rtl-text library (elastic#54842) [SIEM][Detection Engine] Adds actions to Rule Details (elastic#54828) Lexicographically sort location tags (elastic#54832) [Maps] expand extent filter to tile boundaries (elastic#54276) [Maps] Use v7.6 Elastic Maps Service API (elastic#54399) [DOCS] Adds monitoring setting (elastic#54819) ...

## [SIEM] Overview Page "1.5" A redesigned SIEM Overview page that includes `Recent timelines`, a `Security news` feed, visualizations, and rolled-up event counts ![overview-day](https://user-images.githubusercontent.com/4459398/72396016-90f53600-36f8-11ea-9b41-6d54d09de589.png) ![overview-night](https://user-images.githubusercontent.com/4459398/72394575-fb57a780-36f3-11ea-868e-8fcd2c5c4543.png) ### Overview enhancements - Added the global Search bar and Date picker to the Overview page - New `Recent timelines` widget affords quick access to favorite and recently modified timelines - New `Security news` widget - New Kibana advanced settings (toggle switch) for enabling or disabling the news widget and configuring the news URL ![news-settings](https://user-images.githubusercontent.com/4459398/72362776-fd4c4700-36b0-11ea-805b-3c7353f2c1cd.png) - New `Events count by dataset` widget - Updated the `Host Events` and `Network Events` widgets to integrate with the Search bar and date picker input - Enhanced the `Host Events` and `Network Events` widgets to use an accordion paradigm that summarizes stats by source (e.g. `Auditbeat`, `Endgame`) - Enhanced the `Host Events` and `Network Events` widgets to visualize relative percentages of events collected as progress bars - New `Alerts count by category` widget - New `Signals count by MITRE ATT&CK™ category` widget - New `View events`, `View alerts`, and `View signals` navigation buttons for their respective visualizations ### FTUE enhancements - FTUE "no data" view design refresh ![ftue](https://user-images.githubusercontent.com/4459398/72361771-43a0a680-36af-11ea-969f-5872ac4a01a1.png) - When the FTUE "no data" page is displayed, hide all global navigation links (i.e. `Hosts`, `Network`, `Detection engine`), such that only `Overview` appears in the global nav - App Help popover design refresh ![help](https://user-images.githubusercontent.com/4459398/72362132-d80b0900-36af-11ea-9b58-1fd3b923b7c8.png) - Removed the `Beta` badge and `Security Information & Event Management with the Elastic Stack` from the Overview header - Tested in Chrome `79.0.3945.117`, Firefox `72.0.1`, and Safari `13.0.4` ## Known issues - The `siem:newsFeedUrl` advanced setting is defaulted to `https://feeds.elastic.co/kibana` - The `Signals count by MITRE ATT&CK™ category` visualization does not display all categories - The `Signals count by MITRE ATT&CK™ category` visualization may require a different index pattern - `EuiButtonGroup` throwing a `Can't perform a React state update on an unmounted component` warning when switching from the Overview tab https://github.com/elastic/siem-team/issues/484

andrew-goldstein added release_note:enhancement Team:SIEM v8.0.0 v7.6.0 labels Jan 14, 2020

andrew-goldstein requested a review from angorayc January 14, 2020 18:28

andrew-goldstein requested a review from a team as a code owner January 14, 2020 18:28

andrew-goldstein self-assigned this Jan 14, 2020

joshdover approved these changes Jan 14, 2020

View reviewed changes