Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][RAC] Remove in-progress type guards once migration is complete #109030

Closed
dplumlee opened this issue Aug 18, 2021 · 8 comments
Closed

[Security Solution][RAC] Remove in-progress type guards once migration is complete #109030

dplumlee opened this issue Aug 18, 2021 · 8 comments
Assignees
@dplumlee
Labels
impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Alerts Security Detection Alerts Area Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team technical debt Improvement of the software architecture and operational architecture Theme: rac label obsolete

Comments

@dplumlee
Copy link
Contributor

With the RAC work being done, we have decided to accept both in-progress (old) and acknowledged (new) values for the status field on alerts. Once the RAC migrations have taken place we need to remove the unused type guards in the code listed in these PR's as well as any other loose, untracked uses.

#108215
#107972
#108698
@dplumlee dplumlee added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Aug 18, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@dplumlee dplumlee mentioned this issue Aug 18, 2021
Merged
4 tasks
@MadameSheema MadameSheema added the Team:Threat Hunting Security Solution Threat Hunting Team label Aug 18, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@MadameSheema
Copy link
Member

@karanbirsingh-qasource please validate the following fix when BC1 is available. Thanks.

@ghost
Copy link

ghost commented Aug 18, 2021

@karanbirsingh-qasource please validate the following fix when BC1 is available. Thanks.

ok @MadameSheema

@dplumlee
Copy link
Contributor Author

I don't believe this has been fixed yet unless there's a been a PR submitted I don't know about, we still have the type guards in master

@peluja1012 peluja1012 added Team:Detections and Resp Security Detection Response Team and removed fixed labels Aug 18, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@ghost
Copy link

ghost commented Aug 20, 2021

Hi @MadameSheema

we have validated the linked pr fix on the 7.15.0 BC1 and below are there observations.

Build Details:

Version:7.15.0
Commit:d791226d9385122f33f4a5ca38fa5369012fbec3
Build:43636

[RAC] Enable workflow status filtering

  • Move workflow status button group to left side above trend chart and change to sm, primary EuiButtonGroup Fixed ✔️

image

  • Workflow button group statuses should be Open, Acknowledged, Closed Fixed ✔️

Mentioned filter naming is there is Alert page , Individual Rule Page

  • Change "status" to "workflow status" to keep this clearly distinguished from "system status" (which is sometimes called "alert status" in the UI)

Question : can you confirm below highlighted areas will have Workflow status or only status

image
image

  • Sets each alert document's workflow status to "open"

Question: Can you please share more details for above point , as per our observation same alert status seen on UI will be present in alert document , so how we will set each alert workflow status to "open"

image

[Security Solution][Detection Alerts] Changes in-progress status to acknowledged

  • Updates alert status options to include acknowledged instead of in-progress Fixed ✔️

[RAC][Observability] Add status update actions in row menu

Blocked 🟣 to test above ticket due to this issue #108164

image

@MadameSheema MadameSheema added Theme: rac label obsolete and removed v7.15.0 labels Aug 25, 2021
@peluja1012 peluja1012 added technical debt Improvement of the software architecture and operational architecture Team:Detection Alerts Security Detection Alerts Area Team impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. labels Mar 21, 2022
@marshallmain marshallmain removed the bug Fixes for quality problems that affect the customer experience label Mar 29, 2022
@marshallmain
Copy link
Contributor

Closing as discussed with @dplumlee - old alerts can still have in-progress statuses, so type guards are still needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dplumlee dplumlee

Labels
impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. Team:Detection Alerts Security Detection Alerts Area Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team technical debt Improvement of the software architecture and operational architecture Theme: rac label obsolete
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@peluja1012 @elasticmachine @MadameSheema @marshallmain @dplumlee