[Security Solution] Custom dashboard UI prerequisite #136409
Assignees
Labels
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Threat Hunting:Explore
Team:Threat Hunting
Security Solution Threat Hunting Team
Comments
angorayc
added
Team:Threat Hunting
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
This was referenced Aug 8, 2022
Closed
|
The target for 8.6 is to replace the KPIs on hosts, network and users page with Lens Embeddables. This feature will be hidden behind a feature flag until we are ready. |
angorayc
added a commit
that referenced
this issue
Nov 9, 2022
… Embeddables (#138369) ## Summary This is part of #136409 In this PR we replace KPIs on Host, Network, and Users with Lens Embeddables. **Feature flag: chartEmbeddablesEnabled** Please add **xpack.securitySolution.enableExperimental: [chartEmbeddablesEnabled]** to kibana.dev.yml to verify There shouldn't be much difference between Lens Embeddables and Elastic Charts. This migration is more like a tech debt as Lens Embeddables have implemented the functionality we need from fetching data to UI display, there's no need for us to implement / maintain the same functionality again on our side. From the UI side, users might find that some bar charts and area charts (e.g.: source and dest. IP, authentication success and failed) now have two requests and responses in the inspector. That's expected, it's just because they are query separately in Lens Embeddables. Eventually we'd like to replace all the charts on Security Solution with Lens Embeddable. However, this scolp is too big to ship in a single release and we would like to have more testing before we're confident enough, we put it behind the feature flag for now. **To test:** 1. Apply global queries and filters 2. Apply indices from sourcerer 3. Hitting global refreshing button 4. Update time range and refetch by brushing on area charts 5. Actions in `...` button https://user-images.githubusercontent.com/6295984/198309104-47da9069-cab5-4f48-ad41-4c441778c06c.mov Before <img width="1398" alt="Screenshot 2022-08-11 at 13 06 47" src="https://user-images.githubusercontent.com/6295984/184129786-0853a2b3-7924-4833-b4e7-8212a5d5f166.png"> ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
angorayc
changed the title
1 task
2 tasks
angorayc
added a commit
that referenced
this issue
Jan 17, 2023
## Summary Behind feature flag `chartEmbeddablesEnabled` - Replace host and user risk scores donut charts with Lens - Known issue: 1. legend is temporary disabled as Lens does not render the legend if its value is zero. - #136409 - please find `There is a logic in Lens that it doesn't show the legend item if its value is zero - Could we have the option to show the legend even the value it represent is zero.` for more details about this bug. 2. No title in the donut by default when open in Lens. - #136409 - please find `No title in the donut by default when open in Lens - Could we have an option to display title / subtitle outside` for more details about this bug. 3. #148710 4. Color palette does not match with the setting of Host / User risk score classification - as it uses one of the color palette settings in Lens. - #136409 - please find `Could we choose a custom color for each filter and render the legend with the same order as the filters here?` <img width="1659" alt="Screenshot 2023-01-12 at 12 54 54" src="https://user-images.githubusercontent.com/6295984/212071852-a5107aa7-0249-41d3-a8be-de337745888d.png"> 5. Lens do not support query without a timerange, which makes the data not aligned on the page. - #136409 - `Could we support query without a time range?` ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
|
Here is an example of how it may look after migrating most of the charts to Lens: https://kibana-pr-148624.kb.us-west2.gcp.elastic-cloud.com:9243/s/data/app/security/overview https://p.elstc.co/paste/N8VOV4gE#4yoL5fiVG+8F8BeTCV7GP77LKSBXq2MU5pOatGUbb2y |
This was referenced Jan 18, 2023
angorayc
added a commit
that referenced
this issue
Feb 2, 2023
## Summary Relevant issue: #136409 These are all behind feature flag `chartEmbeddablesEnabled` --- ### Changes: 1. Legends are all moved to the left side of the chart to avoid overlapping with chart actions. 2. The second `group by` of Alerts Trend Chart is removed (as it is always disabled). --- ### Events: <img width="2545" alt="Screenshot 2023-01-25 at 15 33 27" src="https://user-images.githubusercontent.com/6295984/214605761-2e08d848-feb3-42e3-9850-08cd7f8b9c99.png"> --- ### Top N <img width="2552" alt="Screenshot 2023-01-25 at 15 34 21" src="https://user-images.githubusercontent.com/6295984/214605889-91f74c33-e8c4-43ac-b137-6098f4764a6d.png"> --- ### No indices: <img width="1671" alt="Screenshot 2022-12-21 at 17 03 05" src="https://user-images.githubusercontent.com/6295984/208963467-ccbb6bf4-11b3-4bc8-b568-208dd0791828.png"> --- ### Alerts - Trend <img width="2548" alt="Screenshot 2023-01-25 at 15 34 52" src="https://user-images.githubusercontent.com/6295984/214605993-ea1a2fe5-6f44-4c70-9152-79f76ed9e48f.png"> --- ### ~Alerts - Treemap~ (Not included in this PR - #149592) **Big Difference after converting to Lens. Likely to have a redesign:** Known issues: 1. Alerts tree map: Is not rendered exactly the same due to the limits of dimension of Lens. 3. No value display in each legend item for alerts tree map 4. Background color cannot be decided by risk score Before: <img width="1661" alt="Screenshot 2023-01-10 at 12 00 51" src="https://user-images.githubusercontent.com/6295984/211546444-f98b0f4a-0666-493c-b57e-934b3d154211.png"> After: <img width="2550" alt="Screenshot 2023-01-25 at 15 35 16" src="https://user-images.githubusercontent.com/6295984/214606117-7a1e78a4-8947-4d95-9994-2acb106ca3af.png"> --- ### ~Alerts - Charts~ (Not included in this PR - #149592) **Lens does not support the [design](elastic/security-team#5599). Likely to have a redesign:** <img width="2536" alt="Screenshot 2023-01-25 at 15 35 55" src="https://user-images.githubusercontent.com/6295984/214606298-bcc97920-bb52-4367-901f-102a778799b6.png"> --- ### Alerts - Table <img width="1666" alt="Screenshot 2022-12-21 at 17 12 25" src="https://user-images.githubusercontent.com/6295984/208964514-b39e40ae-ecb4-4e06-8cc5-32d63e28823a.png"> Known issues: 1. #149828 2. Unable to restore a column after hiding it. 3. #150048 4. #150158 --- ### Alerts - Preview Known issue: There's no legend in alerts preview as its legend action, filter in, filter out are not useful on rule creation page. - #149220 <img width="2543" alt="Screenshot 2023-01-26 at 13 32 00" src="https://user-images.githubusercontent.com/6295984/214848163-437ca866-46ee-47ee-a550-aa3b9c97eef6.png"> ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This was referenced Feb 16, 2023
angorayc
added a commit
that referenced
this issue
Mar 7, 2023
## Summary **Original Issue** #136409 **Preview** https://kibana-pr-150531.kb.us-west2.gcp.elastic-cloud.com:9243/ https://p.elstc.co/paste/G+PhWdS0#WEyGBtMD9I4r74WPNIQFvgELZPOp-SZCG3yja1LOuwQ **Migrated charts** #149123 **Known issues of the Embeddables after enabling the feature flag:** #136409 (Feature request on Lens’ side & Bugs section) **Charts not supported by Lens Embeddable:** #149592 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
bmorelli25
pushed a commit
to bmorelli25/kibana
that referenced
this issue
Mar 10, 2023
…ic#150531) ## Summary **Original Issue** elastic#136409 **Preview** https://kibana-pr-150531.kb.us-west2.gcp.elastic-cloud.com:9243/ https://p.elstc.co/paste/G+PhWdS0#WEyGBtMD9I4r74WPNIQFvgELZPOp-SZCG3yja1LOuwQ **Migrated charts** elastic#149123 **Known issues of the Embeddables after enabling the feature flag:** elastic#136409 (Feature request on Lens’ side & Bugs section) **Charts not supported by Lens Embeddable:** elastic#149592 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
angorayc
added a commit
that referenced
this issue
Jan 12, 2024
…sEnabled feature flag (#173884) ## Summary This PR is a part of #171287, the final goal is to remove `chartEmbeddablesEnabled` feature flag 1. Enabling and removing **alertsPreviewChartEmbeddablesEnabled** feature flag (It's unblocked by #136409 item 9) 2. Replacing **rules preview** histogram with Lens Embeddable. https://github.com/elastic/kibana/assets/6295984/c29aa600-c86b-4d32-933b-4d8f6f1fd04f   ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To be compatible with custom dashboards, we'd like to migrate existing charts to
Lens Embeddables.Apart from adaptable with custom dashboards, users can have aligned experience when interacting with charts in security solution and Lens, means that without additional implementation, we can access the inspect, open in dev tools ...etc actions.
Therefore we can remove many of our existing implantation and make this easier to maintain.
These are all behind feature flag
chartEmbeddablesEnabled. The feature flag is expected to be lifted in 8.8Tasks
Migration to Lens Embeddable
Allow using custom inspector - [Security Solution] Add custom features to lens #138995 , [SecuritySolution] Replace KPIs on Host, Network, and Users with Lens Embeddables #138369 - v8.6
UI Style adjustment for Metric - [Security Solution] Add custom features to lens #138995 , [SecuritySolution] Replace KPIs on Host, Network, and Users with Lens Embeddables #138369 - v8.6
Add custom legend actions to Lens - v8.7 - [Security Solution][Lens] New trigger actions for chart legends and table cell actions #146779
Bug: [Lens] Table shows extra rows when embedded on a dashboard - 8.7 - [Lens] Table shows extra rows when embedded on a dashboard #147922
Feature request on Lens' side
1.
Donut size with the legendExample
When we display the donut Lens Embeddable without legend it looks alright.
But after enabling the legend, the donut becomes very small and it's no longer at the center of the space.
Expected
Could we have an option to overlap the legend over the donut so the size of the donut could remain the same with or without the legend. (Like we can choose to display legend inside the bar chart)
2. Donut title - To be followed up
Expected:
This is what we have in Security Solution:
If that's not an option, could we consider apply the title / subtitle like this to the donut chart?
3. Donut click custom actions
Use case
Navigate to a new page on clicking a portion of the donut.
4.
Query without time-rangeCan be achieved by adHocDataView without timestampUse case
SecuritySolution has some charts based on
Transformedresult, for example: displaying thelatestvalue. The value has been calculated by Transform, so shouldn't worry about the performance when no timerange given.5. Show legend items with zero value
Example:
The current legend items in this donut should be Critical, High, Medium, and Low, but all bucket value is zero except
Low, so there's onlyLowappears in the legend.Expected:
The Legend show all the buckets, Critical, High, Medium, Low even the bucket value is zero, and each bucket stick to it's color and order, color and order shouldn't change because any of the buckets is zero
6. Color and sort filter series
Could we choose a custom color for each filter and render the legend with the same order as the filters here?
Example
Expected
7. Always show values on legend items - To be followed up
Example
At the moment, no value show on legend item by default
Value of each legend item only show on hovering the chart:
Expected
Could we show the sum of the bucket by default, and only if users hovering on the chart, it display the value of the selected bucket.
8. Display count on treemap legend - To be followed up
Example
Expected
Display doc count in the legend.
9. An option to disable legend actions by passing a prop to Lens Embeddable
10. Color palette by Metric - To be followed up
Expected
11. Display multiple metric on treemap - To be followed up
Expected
After putting everything together, ideally it'll look like this:
12. Icon decoration is cropped - added24th Jan 2023
Replace visualisations with Lens Embeddable
Replace KPI with Lens Embeddable - Hosts, Network, Users - [SecuritySolution] Replace KPIs on Host, Network, and Users with Lens Embeddables #138369
Replace histograms with Lens Embeddable, including events, alerts, and rule preview - v8.7 - [SecuritySolution] Render histograms with Lens #147261
Replace alerts donut charts with Lens Embeddable - v8.7 - [SecuritySolution] Replace donuts with Lens #148519 (Not included in 8.8 because of the known issues 2-6 above)
Replace risk score donut charts with Lens Embeddable - v8.7 - [SecuritySolution] Replace risk scores donut charts with Lens #148755 (Not included in 8.8 because of the known issues 2-6 above)
Replace host / user risk score over time with Lens Embeddable - 8.7 #149015 - 8.7 - [SecuritySolution] Replace risk score over time with Lens Embeddable #149035
[SecuritySolution] Designer's review and redesign on migration to Lens Embeddables #149123 - 8.8
[SecuritySolution] Enable chartEmbeddablesEnabled feature flag #150531 - 8.8
Unsupported charts - [SecuritySolution] Follow up unsupported charts #149592 - 8.9
Remove feature flag & clean up - 8.9
Bugs:
============================================================
Migration to generic inspector
The text was updated successfully, but these errors were encountered: