Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] show case names in isolation success message #102664

Merged
merged 10 commits into from
Jun 22, 2021
Merged

[Security Solution] show case names in isolation success message #102664

merged 10 commits into from
Jun 22, 2021

Conversation

kevinlog
Copy link
Contributor

@kevinlog kevinlog commented Jun 18, 2021
edited
Loading

Summary

Addresses: #102331

Adds the Case names to the Isolation success message.

image

Checklist

Delete any items that are not applicable to this PR.

@kevinlog kevinlog changed the title [Security Solution] show case names in isolateion success message [Security Solution] show case names in isolation success message Jun 18, 2021
@kevinlog kevinlog marked this pull request as ready for review June 21, 2021 19:15
@kevinlog kevinlog requested review from a team as code owners June 21, 2021 19:15
@kevinlog
Copy link
Contributor Author

@elasticmachine merge upstream

@kevinlog kevinlog added the Team:Defend Workflows “EDR Workflows” sub-team of Security Solution label Jun 21, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

@kevinlog kevinlog added v7.14.0 release_note:feature Makes this part of the condensed release notes labels Jun 21, 2021
cnasikas
cnasikas reviewed Jun 22, 2021
View reviewed changes
x-pack/plugins/security_solution/public/detections/components/host_isolation/isolate.tsx
cancelCallback: () => void;
}) => {
const [comment, setComment] = useState('');
const [isIsolated, setIsIsolated] = useState(false);

const caseIds: string[] = casesInfo.map((caseInfo): string => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think is best to use the useMemo here and not in caseCount. The reason is that iterating over an array could be expensive but accessing an array attribute (length) is not.

cnasikas
cnasikas reviewed Jun 22, 2021
View reviewed changes
x-pack/plugins/security_solution/public/detections/components/host_isolation/isolate.tsx
@@ -47,7 +52,7 @@ export const IsolateHost = React.memo(
[]
);

const caseCount: number = useMemo(() => caseIds.length, [caseIds]);
const caseCount: number = useMemo(() => casesInfo.length, [casesInfo]);
Copy link
Member

@cnasikas cnasikas Jun 22, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that the overhead of the useMemo here surpass the benefits using it. const caseCount: number = casesInfo.length would not cause re-renders as the value is a primitive type.

cnasikas
cnasikas reviewed Jun 22, 2021
View reviewed changes
x-pack/plugins/security_solution/public/detections/components/host_isolation/unisolate.tsx
cancelCallback: () => void;
}) => {
const [comment, setComment] = useState('');
const [isUnIsolated, setIsUnIsolated] = useState(false);

const caseIds: string[] = casesInfo.map((caseInfo): string => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/elastic/kibana/pull/102664/files#r655965043

cnasikas
cnasikas reviewed Jun 22, 2021
View reviewed changes
x-pack/plugins/cases/server/client/cases/get.ts
@@ -75,20 +77,53 @@ export const getCaseIDsByAlertID = async (
Operations.getCaseIDsByAlertID.savedObjectType
);

// This will likely only return one comment saved object, the response aggregation will contain
Copy link
Member

@cnasikas cnasikas Jun 22, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will likely only return one comment saved object

What will be the response if the same alert is attached to multiple cases?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The service requests page: 1, perPage: 1 so I think it'll only ever return 1 comment. But the aggregations of that single comment will have all the unique case IDs that we need.

cnasikas
cnasikas reviewed Jun 22, 2021
View reviewed changes
x-pack/plugins/cases/server/client/cases/get.ts
return [];
}

const casesInfo = await caseService.getCases({
Copy link
Member

@cnasikas cnasikas Jun 22, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that we fetch the cases I am wondering if there is any benefit with the aggregation. Do we still need it? The comments will have the case id in the reference field, right?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Christos and I talked about this offline and we do still need the aggregation because the alert ID could appear in multiple comment saved objects. So I think we're ok to leave this as it is.

@kevinlog kevinlog added the auto-backport Deprecated - use backport:version if exact versions are needed label Jun 22, 2021
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
cases 401 403 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 6.9MB 6.9MB +152.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
cases 126.6KB 126.8KB +171.0B
Unknown metric groups

API count

id before after diff
cases 437 439 +2

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@kevinlog kevinlog merged commit bfbe6ab into elastic:master Jun 22, 2021
@kevinlog kevinlog deleted the bug/add-case-names-to-isolation-success branch June 22, 2021 18:01
@kibanamachine
Copy link
Contributor

💔 Backport failed

Status Branch Result
7.x Commit could not be cherrypicked due to conflicts

To backport manually run:
node scripts/backport --pr 102664

@kevinlog kevinlog mentioned this pull request Jun 22, 2021
Merged
kevinlog added a commit to kevinlog/kibana that referenced this pull request Jun 22, 2021
@kevinlog
[Security Solution] show case names in isolation success message (ela…
7bc4804 
…stic#102664)

# Conflicts:
#	x-pack/plugins/security_solution/server/endpoint/routes/actions/isolation.ts
kevinlog added a commit that referenced this pull request Jun 22, 2021
@kevinlog
[Security Solution] show case names in isolation success message (#10…
3d4521b 
…2664) (#102974)

# Conflicts:
#	x-pack/plugins/security_solution/server/endpoint/routes/actions/isolation.ts
@nastasha-solomon nastasha-solomon mentioned this pull request Mar 9, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonathan-buttner jonathan-buttner jonathan-buttner approved these changes

@cnasikas cnasikas cnasikas approved these changes

Assignees
No one assigned
Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:feature Makes this part of the condensed release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v7.14.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kevinlog @elasticmachine @kibanamachine @cnasikas @jonathan-buttner