-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SIEM] Adds actions and selection to Signals Table #53101
Conversation
Pinging @elastic/siem (Team:SIEM) |
x-pack/legacy/plugins/siem/public/pages/detection_engine/signals/index.tsx
Outdated
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/public/components/events_viewer/events_viewer.tsx
Outdated
Show resolved
Hide resolved
const totalCountMinusDeleted = | ||
totalCount > 0 ? totalCount - deletedEventIds.length : 0; | ||
|
||
// TODO: Reset eventDeletedIds/eventLoadingIds on refresh/loadmore (getUpdatedAt) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe TimelineQuery can take care of that if you passed the parameter and default it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perfect! I was hesitant to move that logic into TimelineQuery
and wanted to chat with you first -- this will work out well.
/> | ||
<StatefulBody | ||
browserFields={browserFields} | ||
data={events.filter(e => !deletedEventIds.includes(e._id))} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really do think that TimelineQuery need to take care of that because that will cause re-rendering
x-pack/legacy/plugins/siem/public/components/timeline/body/actions/index.tsx
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/public/components/timeline/body/column_headers/index.tsx
Outdated
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/public/components/timeline/body/events/event_column_view.tsx
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/public/components/timeline/body/index.tsx
Outdated
Show resolved
Hide resolved
...blic/pages/detection_engine/signals/components/signals_filter_group/signals_filter_group.tsx
Outdated
Show resolved
Hide resolved
…ble, fixes selection issues, support for updating status of all signals, and send multi-signal to timeline support
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
@@ -150,6 +203,13 @@ const StatefulBodyComponent = React.memo<StatefulBodyComponentProps>( | |||
[id] | |||
); | |||
|
|||
// Sync to timelineTypeContext.selectAll so parent components can select all events | |||
useEffect(() => { | |||
if (timelineTypeContext.selectAll) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For My Information, can use that later on also to unselect all if we are putting it back the value to false
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, it's on the provider of the TimelineTypeContext prop to StatefulEventViewer
that's responsible for resetting it, so there's some flexibility. I've made a note to better document this in the TimelineTypeContext docs as this is a good one to know about. Thanks for mentioning! 🙂
@@ -65,8 +66,7 @@ export const DetectionEngineComponent = React.memo(() => { | |||
</EuiPanel> | |||
|
|||
<EuiSpacer /> | |||
|
|||
<SignalsTable /> | |||
<GlobalTime>{({ to, from }) => <SignalsTable from={from} to={to} />}</GlobalTime> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I ended up yanking it out as the histogram needs it as well. Once we update our redux/hooks libs, I wonder if it'll be better/cleaner to just wire up the components individually? Will think about that one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No please do not do it individually, or it will break everything
export const getFilterAndRuleBounds = ( | ||
data: TimelineNonEcsData[][] | ||
): [string[], number, number] => { | ||
const stringFilter = data?.[0].filter(d => d.field === 'signal.rule.filters')?.[0]?.value ?? []; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if a string why default to Array
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am wondering if we should write a query to get the min and max of the time with an aggregation. It might be cleaner and safer. what do you think? no need to do it now, just wondering
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like it defaults to Array as a byproduct of createTimeline()
's filters
arg preferring an []
.
And I like that idea -- that also opens possibilities around the ability to send all signals for the current query (select all signals on all pages
) as well, which we don't currently allow.
? i18n.BATCH_ACTION_CLOSE_SELECTED | ||
: i18n.BATCH_ACTION_OPEN_SELECTED; | ||
|
||
return [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can use your nice technique that you did above with JSX element maybe ;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, Enjoyable user experience here, no I am joking it is awesome!!!
When reviewing the code I think that there is a way to refresh the data when deleting a signal with re-fetch functionality.
## Summary This is `Part II` of `II` for adding the `Signals Table` to the main Detection Engine landing page ([meta issue](#50405)). `Part II` includes: * Adding `selection`, `selectAll` & `selectAllGlobal` (i.e. query select) functionality to the EventsViewer * Includes ability to specify a fieldset when storing selection state so it can be used by custom actions * Introduces following new Timeline state: * `deletedEventIds: string[]` * `loadingEventIds: string[]` * `selectedEventIds: Record<string, TimelineNonEcsData[]>` * `showCheckboxes: boolean` * `showRowRenderers: boolean` * Adds Send to Timeline overflow/batch action (detailed [here](#50405 (comment))) * Adds Update Signal Status overflow/batch action Resolves #51785 ##### Selection / Update Signal Status ![update_signal_state](https://user-images.githubusercontent.com/2946766/70887496-61d59280-1f9b-11ea-8483-ab30e3936738.gif) ##### Send Signal to Timeline Action ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ ### For maintainers - [ ] ~This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~ - [ ] ~This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~
Summary
This is
Part II
ofII
for adding theSignals Table
to the main Detection Engine landing page (meta issue).Part II
includes:selection
,selectAll
&selectAllGlobal
(i.e. query select) functionality to the EventsViewerdeletedEventIds: string[]
loadingEventIds: string[]
selectedEventIds: Record<string, TimelineNonEcsData[]>
showCheckboxes: boolean
showRowRenderers: boolean
Resolves #51785
Selection / Update Signal Status
Send Signal to Timeline Action
Checklist
Use
strikethroughsto remove checklist items you don't feel are applicable to this PR.This was checked for keyboard-only and screenreader accessibilityFor maintainers
This was checked for breaking API changes and was labeled appropriatelyThis includes a feature addition or change that requires a release note and was labeled appropriately