[SIEM] Adds ECS link to help menu #57104
Conversation
spong
added
Team:SIEM
v8.0.0
release_note:skip
|
Pinging @elastic/siem (Team:SIEM) |
| content: i18n.translate('xpack.siem.chrome.helpMenu.documentation.ecs', { | ||
| defaultMessage: 'ECS documentation', | ||
| }), | ||
| href: `${docLinks.ELASTIC_WEBSITE_URL}guide/en/ecs/${docLinks.DOC_LINK_VERSION}/index.html`, |
There was a problem hiding this comment.
What's the value of DOC_LINK_VERSION here? If this is the stack version, this will 404. If you're maintaining a mapping between SIEM versions and ECS versions, I still think this is risky.
I think the simplest approach would likely be best, here, and simply link to "current".
There was a problem hiding this comment.
That's right! Forgot about that 🤦♂ Thanks @webmat! Will update to just be current.
As an aside, is there anywhere we maintain a mapping to what the current ECS version is at the time of Kibana/SIEM releases?
There was a problem hiding this comment.
is there anywhere we maintain a mapping to what the current ECS version is at the time of Kibana/SIEM releases?
Short answer: not that I know of.
Long answer :-)
I don't necessarily think it's a good idea to even try to track a mapping between different versions. Here's why:
Right now Beats declares globally an ECS version for all sources at every product version, and puts that in all event's ecs.version field. This happens in libbeat, whether or not a given source was adjusted to recent additions in ECS.
From the beginning I've tried to advocate for setting the appropriate ECS version per source, and adjust it only when the source is modified to adjust to new developments in ECS. It was deemed too much maintenance initially, but the current "global ECS version" has been causing confusion. So the discussion is on the table again: elastic/beats#16089.
If we go the direction of declaring a more precise ECS version per source, then mapping between a product version and an ECS version becomes moot.
All of this complexity would be unnecessary if we upgraded all sources in lockstep with new developments in ECS. But that hasn't been happening so far.
For similar reasons to Beats, I'm not sure I'd try to maintain a mapping between Elastic SIEM and ECS.
Perhaps SIEM upgrading all visualizations and queries in lockstep with ECS is easier than the Beats situation, I don't know. If so, then we could maintain that and publish it somehow.
I actually don't know if there's already such a mapping anywhere in SIEM.
There was a problem hiding this comment.
Thanks for the details + history @webmat -- this is helpful 🙂
Upgrading our visualizations/queries in lockstep with ECS sounds like the right path forward, and feels in line with what we did during initial development. There were often ECS fields that visualizations were using that beats hadn't been updated to utilize yet (asn comes to mind), and so that field would just be empty till the beat supported it, but the visualization would at least be in sync with ECS and ready to ship.
As for any such version mapping within SIEM itself, I don't believe there is. We do however maintain a few ECS field mappings like here and here though, which is a process that could probably use a revisit to ensure we're staying in sync with each ECS release as they happen.
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
## Summary Adds link to ECS docs in SIEM HelpMenu as requested by @MikePaquette. 🙌 📜 <img src="https://user-images.githubusercontent.com/2946766/74039051-71ab9a80-497e-11ea-92e0-e69988af8fdc.png" width=300> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ - [ ] ~This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)~ - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ ### For maintainers - [ ] ~This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~
## Summary Adds link to ECS docs in SIEM HelpMenu as requested by @MikePaquette. 🙌 📜 <img src="https://user-images.githubusercontent.com/2946766/74039051-71ab9a80-497e-11ea-92e0-e69988af8fdc.png" width=300> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ - [ ] ~This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)~ - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ ### For maintainers - [ ] ~This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~
## Summary Adds link to ECS docs in SIEM HelpMenu as requested by @MikePaquette. 🙌 📜 <img src="https://user-images.githubusercontent.com/2946766/74039051-71ab9a80-497e-11ea-92e0-e69988af8fdc.png" width=300> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ - [ ] ~This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)~ - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ ### For maintainers - [ ] ~This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~
* master: (34 commits) [Index management] Server-side NP ready (elastic#56829) Webhook action - make user and password secrets optional (elastic#56823) [DOCS] Removes reference to IRC (elastic#57245) [Monitoring] NP migration: Local angular module (elastic#51823) [SIEM] Adds ECS link to help menu (elastic#57104) Ensure http interceptors are shares across lifecycle methods (elastic#57150) [Remote clusters] Migrate server code out of legacy (elastic#56781) fixes render bug in alert list (elastic#57152) siem 7.6 updates (elastic#57169) Make the update alert API key API work when AAD is out of sync (elastic#56640) fix(NA): MaxListenersExceededWarning on getLoggerStream (elastic#57133) [Metrics UI] Setup commonly used time ranges in timepicker (elastic#56701) [Maps] set filter.meta.key to geoFieldName so query passes filterMatchesIndex when ignoreFilterIfFieldNotInIndex is true (elastic#56692) Create plugin mock for event log plugin (elastic#57048) fix ts error on master (elastic#57236) Don't create API key for disabled alerts when calling create API (elastic#57041) Fix enable and disable API to still work when AAD is out of sync (elastic#56634) [DOCS] Canvas embed objects (elastic#57156) Delete autocomplete namespace (elastic#57187) Security - Inject logout url (elastic#57201) ...
* [SIEM] Adds ECS link to help menu (#57104) ## Summary Adds link to ECS docs in SIEM HelpMenu as requested by @MikePaquette. 🙌 📜 <img src="https://user-images.githubusercontent.com/2946766/74039051-71ab9a80-497e-11ea-92e0-e69988af8fdc.png" width=300> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md) - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ - [ ] ~This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)~ - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ ### For maintainers - [ ] ~This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~ * Updating doc route with explicit URL
Summary
Adds link to ECS docs in SIEM HelpMenu as requested by @MikePaquette. 🙌 📜
Checklist
Delete any items that are not applicable to this PR.
Documentation was added for features that require explanation or tutorialsUnit or functional tests were updated or added to match the most common scenariosThis was checked for keyboard-only and screenreader accessibilityThis renders correctly on smaller devices using a responsive layout. (You can test this in your browserThis was checked for cross-browser compatibility, including a check against IE11For maintainers
This was checked for breaking API changes and was labeled appropriately