Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Add more actions to alerts flyout #105767

Merged
merged 33 commits into from
Aug 4, 2021
Merged
Show file tree
Hide file tree
Changes from 27 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
5493e61
add investigate in timeline action to flyout
angorayc Jul 15, 2021
40c9cc3
close context menu on item clicked
angorayc Jul 15, 2021
7efb220
add investigate in timeline
angorayc Jul 16, 2021
ab00883
add investigat in timeline button
angorayc Jul 16, 2021
698d8bc
fix failing tests
angorayc Jul 19, 2021
7a89b68
add alerts status actions
angorayc Jul 19, 2021
c4a6f29
update unit test
angorayc Jul 20, 2021
4be133e
export alerts actions from hook
angorayc Jul 20, 2021
68c485f
add disable props
angorayc Jul 20, 2021
bec2c89
add case action items
angorayc Jul 26, 2021
653c79c
clean up
angorayc Jul 27, 2021
4be7137
split alert status hook and hide add to case action
angorayc Jul 28, 2021
7161b66
add useHoseIsolationAction hook
angorayc Jul 28, 2021
b34c3af
move out take action dropdown
angorayc Jul 29, 2021
484440a
refeactor hooks to only manage one thing
XavierM Jul 29, 2021
a26904b
apply hooks to alerts table
angorayc Jul 29, 2021
c684b43
Merge branch 'master' of github.com:elastic/kibana into flyout-overvi…
angorayc Jul 29, 2021
0aaece0
Merge branch 'master' of github.com:elastic/kibana into flyout-overvi…
angorayc Jul 30, 2021
b4a7473
clean up
angorayc Jul 30, 2021
21a7690
fix unit tests
angorayc Jul 30, 2021
870fa0b
replace euiCodeBlock
angorayc Jul 30, 2021
cee5390
take actions from case
angorayc Aug 2, 2021
0a803f6
fetch ecs in flyout footer
angorayc Aug 2, 2021
044900a
move fetch alert ecs to container
angorayc Aug 2, 2021
0848f31
add AddExceptionModalWrapperData interface
angorayc Aug 2, 2021
e267e3d
fix cypress tests
angorayc Aug 2, 2021
9b6476e
Merge branch 'master' of github.com:elastic/kibana into flyout-overvi…
angorayc Aug 2, 2021
6793bde
update snapshot for json view
angorayc Aug 2, 2021
6270a49
fix cypress test
angorayc Aug 3, 2021
e5d06d2
update AddEndpointExceptionComponent
angorayc Aug 3, 2021
9bd89e9
fix data retrieved from event details
angorayc Aug 3, 2021
001bb03
fix host isolation action
angorayc Aug 4, 2021
102fc60
use endpointAlertCheck
angorayc Aug 4, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -469,6 +469,7 @@ export type TimelineExpandedEventType =
params?: {
eventId: string;
indexName: string;
refetch?: () => void;
};
}
| EmptyObject;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@

import React, { useCallback, useRef, useState } from 'react';
import { useDispatch } from 'react-redux';
import { SearchResponse } from 'elasticsearch';
import { isEmpty } from 'lodash';

import {
getCaseDetailsUrl,
Expand All @@ -18,18 +16,17 @@ import {
getRuleDetailsUrl,
useFormatUrl,
} from '../../../common/components/link_to';
import { Ecs } from '../../../../common/ecs';
import { Case, CaseViewRefreshPropInterface } from '../../../../../cases/common';
import { TimelineId } from '../../../../common/types/timeline';
import { SecurityPageName } from '../../../app/types';
import { KibanaServices, useKibana } from '../../../common/lib/kibana';
import { APP_ID, DETECTION_ENGINE_QUERY_SIGNALS_URL } from '../../../../common/constants';
import { useKibana } from '../../../common/lib/kibana';
import { APP_ID } from '../../../../common/constants';
import { timelineActions } from '../../../timelines/store/timeline';
import { useSourcererScope } from '../../../common/containers/sourcerer';
import { SourcererScopeName } from '../../../common/store/sourcerer/model';
import { DetailsPanel } from '../../../timelines/components/side_panel';
import { InvestigateInTimelineAction } from '../../../detections/components/alerts_table/timeline_actions/investigate_in_timeline_action';
import { buildAlertsQuery, formatAlertToEcsSignal, useFetchAlertData } from './helpers';
import { useFetchAlertData } from './helpers';
import { SEND_ALERT_TO_TIMELINE } from './translations';
import { useInsertTimeline } from '../use_insert_timeline';
import { SpyRoute } from '../../../common/utils/route/spy_routes';
Expand Down Expand Up @@ -70,39 +67,12 @@ const TimelineDetailsPanel = () => {
};

const InvestigateInTimelineActionComponent = (alertIds: string[]) => {
const fetchEcsAlertsData = async (fetchAlertIds?: string[]): Promise<Ecs[]> => {
if (isEmpty(fetchAlertIds)) {
return [];
}
const alertResponse = await KibanaServices.get().http.fetch<
SearchResponse<{ '@timestamp': string; [key: string]: unknown }>
>(DETECTION_ENGINE_QUERY_SIGNALS_URL, {
method: 'POST',
body: JSON.stringify(buildAlertsQuery(fetchAlertIds ?? [])),
});
return (
alertResponse?.hits.hits.reduce<Ecs[]>(
(acc, { _id, _index, _source }) => [
...acc,
{
...formatAlertToEcsSignal(_source as {}),
_id,
_index,
timestamp: _source['@timestamp'],
},
],
[]
) ?? []
);
};

return (
<InvestigateInTimelineAction
ariaLabel={SEND_ALERT_TO_TIMELINE}
alertIds={alertIds}
key="investigate-in-timeline"
ecsRowData={null}
fetchEcsAlertsData={fetchEcsAlertsData}
nonEcsRowData={[]}
/>
);
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* 2.0.
*/

import { EuiCodeEditor } from '@elastic/eui';
import { EuiCodeBlock } from '@elastic/eui';
import { set } from '@elastic/safer-lodash-set/fp';
import React, { useMemo } from 'react';
import styled from 'styled-components';
Expand All @@ -23,8 +23,6 @@ const EuiCodeEditorContainer = styled.div`
}
`;

const EDITOR_SET_OPTIONS = { fontSize: '12px' };

export const JsonView = React.memo<Props>(({ data }) => {
const value = useMemo(
() =>
Expand All @@ -38,15 +36,15 @@ export const JsonView = React.memo<Props>(({ data }) => {

return (
<EuiCodeEditorContainer>
<EuiCodeEditor
<EuiCodeBlock
language="json"
fontSize="m"
paddingSize="m"
isCopyable
data-test-subj="jsonView"
isReadOnly
mode="javascript"
setOptions={EDITOR_SET_OPTIONS}
value={value}
width="100%"
height="100%"
/>
>
{value}
</EuiCodeBlock>
</EuiCodeEditorContainer>
);
});
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EuiContextMenuItem, EuiText } from '@elastic/eui';
import React from 'react';
import * as i18n from '../translations';

interface AddEndpointExceptionProps {
onClick: () => void;
disabled?: boolean;
}

const AddEndpointExceptionComponent: React.FC<AddEndpointExceptionProps> = ({
onClick,
disabled,
}) => {
return (
<EuiContextMenuItem
key="add-endpoint-exception-menu-item"
aria-label={i18n.ACTION_ADD_ENDPOINT_EXCEPTION}
data-test-subj="add-endpoint-exception-menu-item"
id="addEndpointException"
onClick={onClick}
disabled={disabled}
>
<EuiText size="m">{i18n.ACTION_ADD_ENDPOINT_EXCEPTION}</EuiText>
</EuiContextMenuItem>
);
};

export const AddEndpointException = React.memo(AddEndpointExceptionComponent);
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EuiContextMenuItem, EuiText } from '@elastic/eui';
import React from 'react';
import * as i18n from '../translations';

interface AddEventFilterProps {
onClick: () => void;
disabled?: boolean;
}

const AddEventFilterComponent: React.FC<AddEventFilterProps> = ({ onClick, disabled }) => {
return (
<EuiContextMenuItem
key="add-event-filter-menu-item"
aria-label={i18n.ACTION_ADD_EVENT_FILTER}
data-test-subj="add-event-filter-menu-item"
id="addEventFilter"
onClick={onClick}
disabled={disabled}
>
<EuiText data-test-subj="addEventFilterButton" size="m">
{i18n.ACTION_ADD_EVENT_FILTER}
</EuiText>
</EuiContextMenuItem>
);
};

export const AddEventFilter = React.memo(AddEventFilterComponent);
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { EuiContextMenuItem, EuiText } from '@elastic/eui';
import React from 'react';
import * as i18n from '../translations';

interface AddExceptionProps {
disabled?: boolean;
eventKind?: string | null | undefined;
onClick: () => void;
ruleId: string | null | undefined;
}

const AddExceptionComponent: React.FC<AddExceptionProps> = ({
disabled,
eventKind,
onClick,
ruleId,
}) => {
return eventKind === 'event' && ruleId ? (
angorayc marked this conversation as resolved.
Show resolved Hide resolved
<EuiContextMenuItem
key="add-exception-menu-item"
aria-label={i18n.ACTION_ADD_EXCEPTION}
data-test-subj="add-exception-menu-item"
id="addException"
onClick={onClick}
disabled={disabled}
>
<EuiText data-test-subj="addExceptionButton" size="m">
{i18n.ACTION_ADD_EXCEPTION}
</EuiText>
</EuiContextMenuItem>
) : null;
};

export const AddException = React.memo(AddExceptionComponent);
Loading