Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] [Exceptions] Auto-populate exception flyout with alert’s “highlighted fields” values #159029

Merged
merged 18 commits into from
Jun 15, 2023
Merged

[Security Solution] [Exceptions] Auto-populate exception flyout with alert’s “highlighted fields” values #159029

merged 18 commits into from
Jun 15, 2023

Conversation

WafaaNasr
Copy link
Contributor

@WafaaNasr WafaaNasr commented Jun 5, 2023
edited
Loading

Summary

Contents of this PR:

  • Exports the getEventFieldsToDisplay function from the AlertSummary component, which retrieves the Highlighted Fields based on the Event data and Rule get_alert_summary_rows.tsx
  • Introduces helper functions to populate the highlighted fields from the alertData in the add_exception_flyout component.
  • Adds highlighted_fields_config.ts configuration file, which contains the fields to be filtered out from the Exceptions and the fields used to obtain the highlighted fields.
  • Auto-populate the Rule Exception add_exception_flyout on initiation, if alertData is provided and listType is RuleException, with the highlighted fields from the Alert.

Screenshots

image

Checklist

@WafaaNasr WafaaNasr self-assigned this Jun 5, 2023
@WafaaNasr WafaaNasr added release_note:feature Makes this part of the condensed release notes ci:cloud-deploy Create or update a Cloud deployment labels Jun 5, 2023
@WafaaNasr WafaaNasr added 8.9 candidate Feature:Rule Exceptions Security Solution Detection Rule Exceptions area Theme: simp_prot_mgmt Security Solution Simplified Protection Management Theme Team:Detection Engine Security Solution Detection Engine Area labels Jun 5, 2023
yctercero
yctercero approved these changes Jun 9, 2023
View reviewed changes
Copy link
Contributor

@yctercero yctercero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed code and pulled down to play around with it. LGTM!

I think it's worth adding a cypress test for it, but that can also be done after this goes in as there are unit tests here. I would just create a ticket to track some of the additional improvements we discussed around allowing all alert document fields to be available in the dropdown for a user when they're adding an exception from the alerts flow.

Thanks for adding this Wafaa!

@WafaaNasr WafaaNasr force-pushed the 6405-autopopulate-rule-exception-with-highlightedfields branch from ab59662 to a88527c Compare June 12, 2023 14:28
@WafaaNasr WafaaNasr marked this pull request as ready for review June 12, 2023 14:44
@WafaaNasr WafaaNasr requested review from a team as code owners June 12, 2023 14:44
vitaliidm
vitaliidm reviewed Jun 13, 2023
View reviewed changes
Copy link
Contributor

@vitaliidm vitaliidm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @WafaaNasr for working on this feature. This should help a lot our customers in their workflows!

@WafaaNasr WafaaNasr requested a review from a team as a code owner June 13, 2023 13:34
vitaliidm
vitaliidm approved these changes Jun 15, 2023
View reviewed changes
Copy link
Contributor

@vitaliidm vitaliidm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing comments and creating issues for discovered bugs

@nastasha-solomon nastasha-solomon mentioned this pull request Jun 15, 2023
Closed
@kibana-ci
Copy link
Collaborator

kibana-ci commented Jun 15, 2023
edited
Loading

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #45 / discover/group3 discover sidebar renders field groups should show selected and available fields in text-based mode

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 4143 4144 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 10.8MB 10.8MB +1.4KB
Unknown metric groups

ESLint disabled line counts

id before after diff
enterpriseSearch 13 15 +2
securitySolution 410 414 +4
total +6

Total ESLint disabled count

id before after diff
enterpriseSearch 14 16 +2
securitySolution 493 497 +4
total +6

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @WafaaNasr

@nastasha-solomon nastasha-solomon added the ui-copy Review of UI copy with docs team is recommended label Jun 15, 2023
PhilippeOberti
PhilippeOberti approved these changes Jun 15, 2023
View reviewed changes
Copy link
Contributor

@PhilippeOberti PhilippeOberti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for the threat-hunting-investigations team!

@WafaaNasr WafaaNasr merged commit 9ebe5d5 into elastic:main Jun 15, 2023
@kibanamachine kibanamachine added v8.9.0 backport:skip This commit does not require backporting labels Jun 15, 2023
@WafaaNasr WafaaNasr deleted the 6405-autopopulate-rule-exception-with-highlightedfields branch June 15, 2023 15:19
@WafaaNasr WafaaNasr mentioned this pull request Jun 26, 2023
Closed
@peluja1012 peluja1012 mentioned this pull request Jul 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nastasha-solomon nastasha-solomon nastasha-solomon left review comments

@yctercero yctercero yctercero approved these changes

@PhilippeOberti PhilippeOberti PhilippeOberti approved these changes

@vitaliidm vitaliidm vitaliidm approved these changes

Assignees
No one assigned
Labels
8.9 candidate backport:skip This commit does not require backporting ci:cloud-deploy Create or update a Cloud deployment Feature:Rule Exceptions Security Solution Detection Rule Exceptions area release_note:feature Makes this part of the condensed release notes Team:Detection Engine Security Solution Detection Engine Area Theme: simp_prot_mgmt Security Solution Simplified Protection Management Theme ui-copy Review of UI copy with docs team is recommended v8.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@WafaaNasr @kibana-ci @yctercero @PhilippeOberti @nastasha-solomon @vitaliidm @kibanamachine