[Security Solution] Add more actions to alerts flyout #105767
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
angorayc
changed the title
parkiino
reviewed
Jul 20, 2021
There was a problem hiding this comment.
i wonder if it makes more sense to move the TakeActionDropdown component outside of the host_isolation folder into a more top level folder since now there are new actions that aren't necessarily related to host isolation? Also is it possible to make each menu item look the same?
angorayc
force-pushed
the
flyout-overview-inspect
branch
from
c580050 to
51bef34
Compare
angorayc
force-pushed
the
flyout-overview-inspect
branch
from
2a6c5a9 to
0aaece0
Compare
angorayc
added
Team:Threat Hunting
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
semd
reviewed
Aug 2, 2021
...curity_solution/public/detections/components/alerts_table/timeline_actions/add_exception.tsx
Outdated
Show resolved
Hide resolved
parkiino
reviewed
Aug 3, 2021
| { | ||
| name: isolateHostTitle, | ||
| onClick: isolateHostHandler, | ||
| disabled: loadingHostIsolationStatus || agentStatus === HostStatus.UNENROLLED, |
There was a problem hiding this comment.
I found a fix for why the Isolate host options always remain disabled after some digging. It looks like the loadingHostIsolationStatus is always true b/c of some code I wrote before that no longer works. If you could modify the use_isolation_status.tsx file with the below diff, the isolate host option should work again. Let me know if you want me to send you a patch file, otherwise i just copy and pasted the diff below!
index 6a40898d0a1..0631964660b 100644
--- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_host_isolation_status.tsx
+++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_host_isolation_status.tsx
@@ -37,6 +37,7 @@ export const useHostIsolationStatus = ({
const abortCtrl = new AbortController();
// isMounted tracks if a component is mounted before changing state
let isMounted = true;
+ setLoading(true);
let fleetAgentId: string;
const fetchData = async () => {
try {
@@ -73,15 +74,10 @@ export const useHostIsolationStatus = ({
}
};
- setLoading((prevState) => {
- if (prevState) {
- return prevState;
- }
- if (!isEmpty(agentId)) {
- fetchData();
- }
- return true;
- });
+ if (!isEmpty(agentId)) {
+ fetchData();
+ }
+
return () => {
// updates to show component is unmounted
isMounted = false;
parkiino
reviewed
Aug 3, 2021
| const alertIds = useMemo(() => [actionsData.eventId], [actionsData.eventId]); | ||
| const isEvent = actionsData.eventKind === 'event'; | ||
|
|
||
| const isEndpointAlert = useMemo((): boolean => { |
There was a problem hiding this comment.
there's actually a helper function written in public/common/utils/endpoint_alert_check.ts that you could use
cnasikas
reviewed
Aug 4, 2021
| import { useExceptionActions } from '../alerts_table/timeline_actions/use_add_exception_actions'; | ||
| import { useAlertsActions } from '../alerts_table/timeline_actions/use_alerts_actions'; | ||
| import { useInvestigateInTimeline } from '../alerts_table/timeline_actions/use_investigate_in_timeline'; | ||
| /* Todo: Uncomment case action after getAddToCaseAction is split into action and modal |
There was a problem hiding this comment.
That was planed to be part of this PR, but there is still another dependency.
💚 Build SucceededMetrics [docs]Module Count
Async chunks
History
To update your PR or re-run it, just comment with: |
cnasikas
approved these changes
Aug 4, 2021
parkiino
approved these changes
Aug 4, 2021
angorayc
added a commit
to angorayc/kibana
that referenced
this pull request
Aug 5, 2021
* add investigate in timeline action to flyout * close context menu on item clicked * add investigate in timeline * add investigat in timeline button * fix failing tests * add alerts status actions * update unit test * export alerts actions from hook * add disable props * add case action items * clean up * split alert status hook and hide add to case action * add useHoseIsolationAction hook * move out take action dropdown * refeactor hooks to only manage one thing * apply hooks to alerts table * clean up * fix unit tests * replace euiCodeBlock * take actions from case * fetch ecs in flyout footer * move fetch alert ecs to container * add AddExceptionModalWrapperData interface * fix cypress tests * update snapshot for json view * fix cypress test * update AddEndpointExceptionComponent * fix data retrieved from event details * fix host isolation action * use endpointAlertCheck Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com>
angorayc
added a commit
that referenced
this pull request
Aug 5, 2021
) * add investigate in timeline action to flyout * close context menu on item clicked * add investigate in timeline * add investigat in timeline button * fix failing tests * add alerts status actions * update unit test * export alerts actions from hook * add disable props * add case action items * clean up * split alert status hook and hide add to case action * add useHoseIsolationAction hook * move out take action dropdown * refeactor hooks to only manage one thing * apply hooks to alerts table * clean up * fix unit tests * replace euiCodeBlock * take actions from case * fetch ecs in flyout footer * move fetch alert ecs to container * add AddExceptionModalWrapperData interface * fix cypress tests * update snapshot for json view * fix cypress test * update AddEndpointExceptionComponent * fix data retrieved from event details * fix host isolation action * use endpointAlertCheck Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com> Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com>
streamich
pushed a commit
to vadimkibana/kibana
that referenced
this pull request
Aug 8, 2021
* add investigate in timeline action to flyout * close context menu on item clicked * add investigate in timeline * add investigat in timeline button * fix failing tests * add alerts status actions * update unit test * export alerts actions from hook * add disable props * add case action items * clean up * split alert status hook and hide add to case action * add useHoseIsolationAction hook * move out take action dropdown * refeactor hooks to only manage one thing * apply hooks to alerts table * clean up * fix unit tests * replace euiCodeBlock * take actions from case * fetch ecs in flyout footer * move fetch alert ecs to container * add AddExceptionModalWrapperData interface * fix cypress tests * update snapshot for json view * fix cypress test * update AddEndpointExceptionComponent * fix data retrieved from event details * fix host isolation action * use endpointAlertCheck Co-authored-by: Xavier Mouligneau <189600+XavierM@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR is to implement take action button for alert flyout.
Add
Investigate in timelineoption inTake actionbutton on alert flyout. - [Security Solution][Enhancement] Investigate timeline button should be available under Quick alert details fly out. #104581Add actions for alert status
Add exception modal
Replace EuiCodeEditor with EuiCodeBlock, as EuiCodeEditor will be deprecated.
The action button should be available from case view and alerts table: