[Cloud Security] Host Name Misconfiguration Datagrid & Refactor CSP Plugin PHASE 2 #192535
Conversation
…ks into common file
|
/ci |
|
/ci |
|
/ci |
…x and findingsResult check
|
/ci |
|
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security) |
animehart
added
the
release_note:skip
animehart
added
backport:prev-minor
| isMisconfigurationFindingsIndexExist: hasMisconfigurationFindingsIndex, | ||
| isMisconfigurationFindingsForThisQueryExist: hasMisconfigurationFindingsForThisQuery, |
There was a problem hiding this comment.
having two names for the same thing might be confusing (isMisconfigurationFindingsIndexExist and hasMisconfigurationFindingsIndex), ideally, we should stick with one naming only.
hasMisconfigurationFindingsIndex seems to me easier to read and understand than isMisconfigurationFindingsIndexExist, is is often used for boolean states or conditions (e.g., isEnabled, isVisible), and has is used for existence or possession (e.g., hasItems, hasError).
can we update the references of isMisconfigurationFindingsIndexExist and isMisconfigurationFindingsForThisQueryExist to hasMisconfigurationFindingsIndex and hasMisconfigurationFindingsForThisQuery respectively across the PR?
| isMisconfigurationFindingsIndexExist={false} | ||
| isMisconfigurationFindingsForThisQueryExist={true} |
There was a problem hiding this comment.
how this use case can happen? index does not exist, but the data exist?
There was a problem hiding this comment.
woops, you are right
this one is redundant
|
|
||
| const insightsButtons: EuiButtonGroupOptionProps[] = [ | ||
| { | ||
| id: 'misconfigurationTabId', |
There was a problem hiding this comment.
let's add this id to a constant, so we avoid updating the id name and forgetting to update the activeInsightsId
| data-test-subj={'insightButtonGroupsTestId'} | ||
| /> | ||
| <EuiSpacer size="xl" /> | ||
| <MisconfigurationFindingsDetailsTable fieldName={'host.name'} queryName={name} /> |
There was a problem hiding this comment.
having the fieldName fixed to host.name here might prevent this component from being reusable in the future, I would suggest including the fieldName in the props and pass it down from the getInsightsInputTab function.
There was a problem hiding this comment.
was planning to just do that on my next ticket (do this with user.name column) as shown in this branch that i made to see how much stuff i need to change
but now that u mentioned it, might as well change it now
| navToFindings({ 'rule.id': ruleId, 'resource.id': resourceId }); | ||
| }; | ||
|
|
||
| const columns: Array<EuiBasicTableColumn<Pick<CspFinding, 'result' | 'rule' | 'resource'>>> = [ |
There was a problem hiding this comment.
this type Pick<CspFinding, 'result' | 'rule' | 'resource'> is being reused multiple times, what about create one type for it:
type MisconfigurationFindingDetailFields = Pick<CspFinding, 'result' | 'rule' | 'resource'>| return { | ||
| index: CDR_MISCONFIGURATIONS_INDEX_PATTERN, | ||
| size: isPreview ? 0 : 500, | ||
| aggs: getFindingsCountAggQueryMisconfiguration(), | ||
| ignore_unavailable: true, | ||
| query: buildMisconfigurationsFindingsQueryWithFilters(query, mutedRulesFilterQuery), | ||
| }; |
There was a problem hiding this comment.
Since we are only using a couple of fields, it would be nice to update the query to only retrieve the fields we need. We can do that by including a source filtering:
const MISCONFIGURATIONS_SOURCE_FIELDS = ['result.*', 'rule.*', 'resource.*'];
//...
return {
index: CDR_MISCONFIGURATIONS_INDEX_PATTERN,
size: isPreview ? 0 : 500,
aggs: getFindingsCountAggQueryMisconfiguration(),
ignore_unavailable: true,
query: buildMisconfigurationsFindingsQueryWithFilters(query, mutedRulesFilterQuery),
_source: MISCONFIGURATIONS_SOURCE_FIELDS
};That's important in this context since the Alerts component already loads a bunch of data at the same time, we can save some bandwidth by not loading unnecessary data.
There was a problem hiding this comment.
ooo good thing to know, i never knew this
|
|
||
| // Determine if the Insights tab should be included | ||
| const insightsTab = | ||
| hasMisconfigurationFindingsIndex && hasMisconfigurationFindingsForThisQuery |
There was a problem hiding this comment.
Is it really useful to have both hasMisconfigurationFindingsIndex and hasMisconfigurationFindingsForThisQuery?
Most of the conditions seem to be checking for hasMisconfigurationFindingsIndex && hasMisconfigurationFindingsForThisQuery, in that case, wouldn't it be better to work only the hasMisconfigurationFindingsForThisQuery? since when hasMisconfigurationFindingsForThisQuery is true it means hasMisconfigurationFindingsIndex is also true.
Unless there is a use case for having only the hasMisconfigurationFindingsIndex that I'm missing
| fieldName, | ||
| }: { | ||
| name: string; | ||
| fieldName: 'host.name' | 'user.name'; |
| css={css` | ||
| font-weight: ${euiTheme.font.weight.bold}; | ||
| `} |
There was a problem hiding this comment.
Isn't font-weight: bold applied by default in EuiTitle?
| const passedFindings = data?.count.passed || 0; | ||
| const failedFindings = data?.count.failed || 0; | ||
|
|
||
| const hasMisconfigurationFindingsForThisQuery = passedFindings > 0 || failedFindings > 0; |
There was a problem hiding this comment.
nit: we could rename this to hasMisconfigurationFindings now
💛 Build succeeded, but was flaky
Failed CI StepsTest FailuresMetrics [docs]Module Count
Public APIs missing comments
Async chunks
Unknown metric groupsAPI count
History
To update your PR or re-run it, just comment with: |
…lugin PHASE 2 (elastic#192535) In an attempt to make Reviewing easier and more accurate, the implementation of Misconfiguration Data grid on Host.name flyout in Alerts Page will be split into 2 Phases Phase 1: Move Functions, Utils or Helpers, Hooks, constants to Package Phase 2: Implementing the feature This is **Phase 2** of the process <img width="1712" alt="Screenshot 2024-09-11 at 2 16 20 PM" src="https://github.com/user-attachments/assets/29ab56db-8561-486c-ae8d-c254b932cea4"> How to test: Pre req: In order to test this, you need to generate some fake alerts. This [repo](https://github.com/elastic/security-documents-generator) will help you do that 1. Generate Some Alerts 2. Use the Reindex API to get some Findings data in (change the host.name field to match the host.name from alerts generated if you want to test Findings table in the left panel flyout) 3. Turn on Risky Entity Score if you want to test if both Risk Contribution and Insights tabs shows up, follow this [guide](https://www.elastic.co/guide/en/security/current/turn-on-risk-engine.html) to turn on Risk Entity Score (cherry picked from commit 28becfd)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…ctor CSP Plugin PHASE 2 (#192535) (#192942) # Backport This will backport the following commits from `main` to `8.x`: - [[Cloud Security] Host Name Misconfiguration Datagrid & Refactor CSP Plugin PHASE 2 (#192535)](#192535) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Rickyanto Ang","email":"rickyangwyn@gmail.com"},"sourceCommit":{"committedDate":"2024-09-14T04:41:41Z","message":"[Cloud Security] Host Name Misconfiguration Datagrid & Refactor CSP Plugin PHASE 2 (#192535)\n\nIn an attempt to make Reviewing easier and more accurate, the\r\nimplementation of Misconfiguration Data grid on Host.name flyout in\r\nAlerts Page will be split into 2 Phases\r\n\r\nPhase 1: Move Functions, Utils or Helpers, Hooks, constants to Package\r\nPhase 2: Implementing the feature\r\n\r\nThis is **Phase 2** of the process\r\n<img width=\"1712\" alt=\"Screenshot 2024-09-11 at 2 16 20 PM\"\r\nsrc=\"https://github.com/user-attachments/assets/29ab56db-8561-486c-ae8d-c254b932cea4\">\r\n\r\nHow to test:\r\nPre req: In order to test this, you need to generate some fake alerts.\r\nThis [repo](https://github.com/elastic/security-documents-generator)\r\nwill help you do that\r\n1. Generate Some Alerts\r\n2. Use the Reindex API to get some Findings data in (change the\r\nhost.name field to match the host.name from alerts generated if you want\r\nto test Findings table in the left panel flyout)\r\n3. Turn on Risky Entity Score if you want to test if both Risk\r\nContribution and Insights tabs shows up, follow this\r\n[guide](https://www.elastic.co/guide/en/security/current/turn-on-risk-engine.html)\r\nto turn on Risk Entity Score","sha":"28becfdce90ff5a0cec0345070c301aa7ca338ed","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Cloud Security","backport:prev-minor","ci:project-deploy-security","v8.16.0"],"title":"[Cloud Security] Host Name Misconfiguration Datagrid & Refactor CSP Plugin PHASE 2","number":192535,"url":"https://github.com/elastic/kibana/pull/192535","mergeCommit":{"message":"[Cloud Security] Host Name Misconfiguration Datagrid & Refactor CSP Plugin PHASE 2 (#192535)\n\nIn an attempt to make Reviewing easier and more accurate, the\r\nimplementation of Misconfiguration Data grid on Host.name flyout in\r\nAlerts Page will be split into 2 Phases\r\n\r\nPhase 1: Move Functions, Utils or Helpers, Hooks, constants to Package\r\nPhase 2: Implementing the feature\r\n\r\nThis is **Phase 2** of the process\r\n<img width=\"1712\" alt=\"Screenshot 2024-09-11 at 2 16 20 PM\"\r\nsrc=\"https://github.com/user-attachments/assets/29ab56db-8561-486c-ae8d-c254b932cea4\">\r\n\r\nHow to test:\r\nPre req: In order to test this, you need to generate some fake alerts.\r\nThis [repo](https://github.com/elastic/security-documents-generator)\r\nwill help you do that\r\n1. Generate Some Alerts\r\n2. Use the Reindex API to get some Findings data in (change the\r\nhost.name field to match the host.name from alerts generated if you want\r\nto test Findings table in the left panel flyout)\r\n3. Turn on Risky Entity Score if you want to test if both Risk\r\nContribution and Insights tabs shows up, follow this\r\n[guide](https://www.elastic.co/guide/en/security/current/turn-on-risk-engine.html)\r\nto turn on Risk Entity Score","sha":"28becfdce90ff5a0cec0345070c301aa7ca338ed"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192535","number":192535,"mergeCommit":{"message":"[Cloud Security] Host Name Misconfiguration Datagrid & Refactor CSP Plugin PHASE 2 (#192535)\n\nIn an attempt to make Reviewing easier and more accurate, the\r\nimplementation of Misconfiguration Data grid on Host.name flyout in\r\nAlerts Page will be split into 2 Phases\r\n\r\nPhase 1: Move Functions, Utils or Helpers, Hooks, constants to Package\r\nPhase 2: Implementing the feature\r\n\r\nThis is **Phase 2** of the process\r\n<img width=\"1712\" alt=\"Screenshot 2024-09-11 at 2 16 20 PM\"\r\nsrc=\"https://github.com/user-attachments/assets/29ab56db-8561-486c-ae8d-c254b932cea4\">\r\n\r\nHow to test:\r\nPre req: In order to test this, you need to generate some fake alerts.\r\nThis [repo](https://github.com/elastic/security-documents-generator)\r\nwill help you do that\r\n1. Generate Some Alerts\r\n2. Use the Reindex API to get some Findings data in (change the\r\nhost.name field to match the host.name from alerts generated if you want\r\nto test Findings table in the left panel flyout)\r\n3. Turn on Risky Entity Score if you want to test if both Risk\r\nContribution and Insights tabs shows up, follow this\r\n[guide](https://www.elastic.co/guide/en/security/current/turn-on-risk-engine.html)\r\nto turn on Risk Entity Score","sha":"28becfdce90ff5a0cec0345070c301aa7ca338ed"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Rickyanto Ang <rickyangwyn@gmail.com>
In an attempt to make Reviewing easier and more accurate, the implementation of Misconfiguration Data grid on Host.name flyout in Alerts Page will be split into 2 Phases
Phase 1: Move Functions, Utils or Helpers, Hooks, constants to Package
Phase 2: Implementing the feature
This is Phase 2 of the process
How to test:
Pre req: In order to test this, you need to generate some fake alerts. This repo will help you do that