Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SIEM] Adds ability to infer the newsfeed.enabled setting #56236

Merged
merged 6 commits into from
Jan 29, 2020

Conversation

rylnd
Copy link
Contributor

@rylnd rylnd commented Jan 28, 2020

Summary

In order to determine whether to show the new Security news feed within the SIEM app, we first need to know whether the newsfeed is disabled globally.

Since we are no longer able to access the newsfeed.enabled setting directly from the kibana config, we needed to make some changes to the newsfeed plugin in order to infer that setting's value. With these changes, dependent plugins can predicate upon the presence/absence of the newsfeed plugin in the same way as the newsfeed.enabled boolean.

Checklist

Use strikethroughs to remove checklist items you don't feel are applicable to this PR.

For maintainers

Without a contract, dependent plugins have no way of knowing whether the
plugin is enabled or not as the contract will always be undefined.
So that dependent plugins can use them.
We're going to use the availability of the newsfeed plugin as part of our
determination for whether or not to show the security newsfeed. If users
set `newsfeed.enabled: false`, the plugin will be unavailable and the
security feed will not be shown.
@rylnd rylnd self-assigned this Jan 28, 2020
@rylnd rylnd added v7.6.0 v7.7.0 v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:SIEM labels Jan 28, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

Copy link
Member

@tsullivan tsullivan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See if my suggested change can be made and let you avoid the eslint-disable

The presence of the newsfeed plugin means that newsfeed.enabled is true.
If both that and our local setting are true, we will show the Security
feed.
@rylnd rylnd requested a review from tsullivan January 28, 2020 22:02
Copy link
Member

@tsullivan tsullivan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

reviewed the code only

Copy link
Contributor

@andrew-goldstein andrew-goldstein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @rylnd for implementing this request from @MikePaquette! 🙏

When the newsfeed.enabled setting in config/kibana.yml is changed from it's default value to false, the Security news widget in the SIEM Overview will not make a network request for news, and the Security news widget will not be displayed in the Overview.

Setting newsfeed.enabled to false in config/kibana.yml overrides the setting shown in the screenshot below:

news-feed-setting

I desk tested this with @rylnd over a zoom.

LGTM 🚀 📰

@rylnd
Copy link
Contributor Author

rylnd commented Jan 28, 2020

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@XavierM
Copy link
Contributor

XavierM commented Jan 29, 2020

@rylnd @tsullivan
Am I wondering if we need to add newsfeed as require here now since it is a dependency https://github.com/elastic/kibana/blob/master/x-pack/legacy/plugins/siem/index.ts#L43

After discussing with Ryland, we are loading newsfeed through ui/new-platform so we should be fine since we are doing the same with map embeddable.

@rylnd rylnd merged commit 02befde into elastic:master Jan 29, 2020
rylnd added a commit to rylnd/kibana that referenced this pull request Jan 29, 2020
)

* Always return a contract from the newsfeed plugin

Without a contract, dependent plugins have no way of knowing whether the
plugin is enabled or not as the contract will always be undefined.

* Export newsfeed contract types from public index

So that dependent plugins can use them.

* Declare newsfeed as an optional dependency of SIEM

We're going to use the availability of the newsfeed plugin as part of our
determination for whether or not to show the security newsfeed. If users
set `newsfeed.enabled: false`, the plugin will be unavailable and the
security feed will not be shown.

* Respect global newsfeed.enabled config in Security newsfeed

The presence of the newsfeed plugin means that newsfeed.enabled is true.
If both that and our local setting are true, we will show the Security
feed.

* Prefer object type over empty interface

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@rylnd rylnd deleted the siem_newsfeed_setting branch January 29, 2020 04:44
rylnd added a commit that referenced this pull request Jan 29, 2020
…56265)

* Always return a contract from the newsfeed plugin

Without a contract, dependent plugins have no way of knowing whether the
plugin is enabled or not as the contract will always be undefined.

* Export newsfeed contract types from public index

So that dependent plugins can use them.

* Declare newsfeed as an optional dependency of SIEM

We're going to use the availability of the newsfeed plugin as part of our
determination for whether or not to show the security newsfeed. If users
set `newsfeed.enabled: false`, the plugin will be unavailable and the
security feed will not be shown.

* Respect global newsfeed.enabled config in Security newsfeed

The presence of the newsfeed plugin means that newsfeed.enabled is true.
If both that and our local setting are true, we will show the Security
feed.

* Prefer object type over empty interface

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
rylnd added a commit that referenced this pull request Jan 29, 2020
…56266)

* Always return a contract from the newsfeed plugin

Without a contract, dependent plugins have no way of knowing whether the
plugin is enabled or not as the contract will always be undefined.

* Export newsfeed contract types from public index

So that dependent plugins can use them.

* Declare newsfeed as an optional dependency of SIEM

We're going to use the availability of the newsfeed plugin as part of our
determination for whether or not to show the security newsfeed. If users
set `newsfeed.enabled: false`, the plugin will be unavailable and the
security feed will not be shown.

* Respect global newsfeed.enabled config in Security newsfeed

The presence of the newsfeed plugin means that newsfeed.enabled is true.
If both that and our local setting are true, we will show the Security
feed.

* Prefer object type over empty interface

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jan 29, 2020
* master: (31 commits)
  [SIEM] Overview page feedback (elastic#56261)
  refactor (elastic#56131)
  [NP Cleanup] Remove ui/public/inspector (elastic#55677)
  [SIEM] [TIMELINE] Only add endpoint logo when on event.module === endgame (elastic#56263)
  Basic Functionality Alert List (elastic#55800)
  [SIEM] Fix filters on Hosts and Network page (elastic#56234)
  [SIEM] Adds ability to infer the newsfeed.enabled setting (elastic#56236)
  [SIEM][Detection Engine] critical blocker for updated rules
  [SIEM][Detection Engine] critical blocker, fixes ordering issue that causes rules to not run the first time
  [SIEM] Add link to endpoint app through reference.url (elastic#56211)
  [Metrics UI] Fixing title truncation in Metrics Explorer (elastic#55917)
  [SIEM] Put the notice for rules in comment block (elastic#56123)
  [SIEM][Detection Engine] critical blocker with the UI crashing
  Consistent timeouts for the Space onPostAuth interceptor tests (elastic#56158)
  Skip tests that depend on other skipped test
  [SIEM] [Detection Engine] Timestamps for rules (elastic#56197)
  Sort server-side in SavedObject export (elastic#55128)
  [Reporting] Document the 8.0 breaking changes (elastic#56187)
  Revert "[Monitoring] Change all configs to `monitoring.*`" (elastic#56214)
  add owners for es_archiver (elastic#56184)
  ...
jloleysens added a commit to jloleysens/kibana that referenced this pull request Jan 29, 2020
…55831

* '7.x' of github.com:elastic/kibana: (78 commits)
  Re-enable watcher FireFox functional test (elastic#56112) (elastic#56294)
  [Metrics UI] Fixing title truncation in Metrics Explorer (elastic#55917) (elastic#56248)
  [APM] x-axis labels on Error occurrences chart are incorrect based on Kibana timezone (elastic#55686) (elastic#56288)
  Migrate saved_object_save_as_checkbox directive to timelion (elastic#56114) (elastic#56286)
  [APM] Treat error.exception.stacktrace.line as optional (elastic#55733) (elastic#55840)
  Remove alerts and actions from feature catalogue (elastic#56140) (elastic#56208)
  Migrate UI capabilities to use new platform APIs (elastic#56070) (elastic#56207)
  [ML] Add functional tests for analytics UI: creation addition and regression/outlier results (elastic#56059) (elastic#56191)
  [SIEM] Overview page feedback (elastic#56261) (elastic#56276)
  [NP Cleanup] Remove ui/public/inspector (elastic#55677) (elastic#56271)
  [Index template] Fix editor should support mappings types (elastic#55804)
  fixes map index message (elastic#56104) (elastic#56194)
  [SIEM] [TIMELINE] Only add endpoint logo when on event.module === endgame (elastic#56263) (elastic#56269)
  [SIEM] Fix filters on Hosts and Network page (elastic#56234) (elastic#56267)
  [SIEM] Adds ability to infer the newsfeed.enabled setting (elastic#56236) (elastic#56265)
  [SIEM][Detection Engine] critical blocker for updated rules (elastic#56259)
  [SIEM] Put the notice for rules in comment block (elastic#56123) (elastic#56246)
  [SIEM][Detection Engine] critical blocker, fixes ordering issue that causes rules to not run the first time (elastic#56256)
  [Reporting/NP] Migration of Reporting Security dependency (elastic#56046) (elastic#56198)
  [SIEM] Add link to endpoint app through reference.url (elastic#56211) (elastic#56250)
  ...

# Conflicts:
#	x-pack/plugins/watcher/public/plugin.ts
@rylnd rylnd mentioned this pull request Apr 30, 2020
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release_note:skip Skip the PR/issue when compiling release notes Team:SIEM v7.6.0 v7.7.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants