Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] [Cases] Manage timeline UI API #67719

Merged
merged 16 commits into from
Jun 3, 2020

Conversation

stephmilovic
Copy link
Contributor

@stephmilovic stephmilovic commented May 28, 2020

Summary

Introduces a new hook, useTimelineManager, to manage timelines at a global level. The hook is implemented by wrapping the entire app in a context provider <ManageGlobalTimeline>, and the useManageTimeline hook is then called within the app wherever we want to expose the useTimelineManager() methods . The following timeline data is now managed in this hook, indexed by timelineId:

interface ManageTimeline {
  documentType: string;
  filterManager?: FilterManager;
  footerText: string;
  id: string;
  indexToAdd: string[] | null;
  isLoading: boolean;
  loadingText: string;
  queryFields: string[];
  selectAll: boolean;
  timelineRowActions: TimelineRowAction[];
  title: string;
  unit: (totalCount: number) => string;
}

The hook returns the following methods:

interface UseTimelineManager {
  getManageTimelineById: (id: string) => ManageTimeline;
  getTimelineFilterManager: (id: string) => FilterManager | undefined;
  initializeTimeline: (newTimeline: ManageTimelineInit) => void;
  isManagedTimeline: (id: string) => boolean;
  setIsTimelineLoading: (isLoadingArgs: { id: string; isLoading: boolean }) => void;
  setTimelineRowActions: (actionsArgs: {
    id: string;
    queryFields?: string[];
    timelineRowActions: TimelineRowAction[];
  }) => void;
  setTimelineFilterManager: (filterArgs: { id: string; filterManager: FilterManager }) => void;
}

Timeline Row Actions

One of the new methods introduced in useTimelineManager is setTimelineRowActions. This hook sets the icon actions that render at the beginning of a row in timeline as highlighted in the below screenshot.
Screen Shot 2020-05-29 at 11 38 56 AM
This is how the interface for timelineRowAction reads:

export interface TimelineRowActionOnClick {
  eventId: string;
  ecsData: Ecs;
}

export interface TimelineRowAction {
  ariaLabel?: string;
  dataTestSubj?: string;
  displayType: 'icon' | 'contextMenu';
  iconType: string;
  id: string;
  isActionDisabled?: boolean;
  onClick: ({ eventId, ecsData }: TimelineRowActionOnClick) => void;
  content: string;
  width?: number;
}

We can now display actions in either the existing top level icon pattern or a within a new context menu icon by setting displayType to either icon or contextMenu. width only needs to be set on displayType: icon. Here is the same action displayed first as an icon, and next as a contextMenu
Screen Shot 2020-05-29 at 11 42 41 AM
Screen Shot 2020-05-29 at 11 42 31 AM

NOTE TO TESTER

Add the following object to the array returned in getSignalsActions within x-pack/plugins/siem/public/alerts/components/signals/default_config.tsx in order to test the contextMenu:


  {
    onClick: ({ eventId }: TimelineRowActionOnClick) =>
      updateSignalStatusAction({
        signalIds: [eventId],
        status,
        setEventsLoading,
        setEventsDeleted,
      }),
    id: 'updateSignalStatus',
    iconType: status === FILTER_OPEN ? 'securitySignalDetected' : 'securitySignalResolved',
    isActionDisabled: !canUserCRUD || !hasIndexWrite,
    dataTestSubj: 'update-signal-status',
    ariaLabel: 'Update signal status',
    content: status === FILTER_OPEN ? i18n.ACTION_OPEN_SIGNAL : i18n.ACTION_CLOSE_SIGNAL,
    displayType: 'contextMenu',
  },

Checklist

Delete any items that are not applicable to this PR.

@stephmilovic stephmilovic added WIP Work in progress Team:SIEM v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.9.0 labels May 28, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@stephmilovic stephmilovic changed the title [Security] [Cases] [skip-ui] Manage timeline UI API [Security] [Cases] [skip-ci] Manage timeline UI API May 29, 2020
@stephmilovic stephmilovic changed the title [Security] [Cases] [skip-ci] Manage timeline UI API [Security] [Cases] Manage timeline UI API May 29, 2020
@stephmilovic stephmilovic marked this pull request as ready for review May 29, 2020 17:50
@stephmilovic stephmilovic requested review from a team as code owners May 29, 2020 17:50
Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked out locally, and verified we've got all the features we need to support our 7.9 development effort! 🚀 🌕

Left a couple comments around the popover itself, but other than that LGTM from the Detections side. Nice implementation here @stephmilovic -- happy to have a nice easy way to fetch and manage timeline configurations! 🙂

PS: In testing, a future feature came to mind that I wanted to mention. It would be nice if we had the ability to programmatically generate/disable/hide actions for a given row based on the underlying row event data. This would be nice for hiding certain actions that aren't relevant to a specific event, or you know, all sorts of other things...😅 We almost ended up having this as a requirement as we had two separate actions Add Endpoint Exception and Add Rule Exception(which would require us to introspect the row event data to know which to show/hide), but they've since been combined to the Add Exception action, so we can key off of the event data within the action itself.

Just commenting as this would change the implementation a little, and may end up being something we'll have to support in the future. Will chat with product/design tomorrow to see how near in the future something like this might be. Either way, awesome improvements here -- thanks again @stephmilovic!

@stephmilovic stephmilovic changed the title [Security] [Cases] Manage timeline UI API [Security] [Cases] [skip-ci] Manage timeline UI API Jun 3, 2020
@stephmilovic stephmilovic changed the title [Security] [Cases] [skip-ci] Manage timeline UI API [Security] [Cases] Manage timeline UI API Jun 3, 2020
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@stephmilovic stephmilovic merged commit 0279b18 into elastic:master Jun 3, 2020
@stephmilovic stephmilovic deleted the manage-timeline-2 branch June 3, 2020 21:51
stephmilovic added a commit to stephmilovic/kibana that referenced this pull request Jun 3, 2020
jloleysens added a commit to jloleysens/kibana that referenced this pull request Jun 4, 2020
…ms-column

* 'master' of github.com:elastic/kibana: (63 commits)
  remove scripts. prettire update has been done (elastic#68130)
  Closes elastic#68055 by detecting the local Kibana version and using that as (elastic#68198)
  [apm] docs: add deployment annotation example (elastic#67408)
  [ML] Extend population preview chart to show actual and typical value (elastic#67569)
  Refactor index management client integration tests for scalability (elastic#67917)
  Add generator function that creates multiple alerts (elastic#67713)
  chore(NA): remove config arg from os packages (elastic#67871)
  [Reporting] Move code out of Legacy (elastic#67904)
  [Metrics UI] Add overrides to Snapshot API to support alert previews (elastic#68125)
  [Security] [Cases] Manage timeline UI API (elastic#67719)
  [ENDPOINT][INGEST]Task/endpoint ingest update (elastic#67234)
  Fix code coverage for jest, upload merged reports (elastic#68149)
  Update documentation/examples of deprecated namespaceAgnostic field (elastic#68039)
  [DOCS] Updates Canvas docs with new menus (elastic#66061)
  chore(NA): avoids imports of server or public code into common (elastic#67231)
  [SIEM] Fix GetOneTimeline graphql type (elastic#68137)
  skip flaky suite (elastic#67838)
  [Uptime] Add loading message for monitor list no items (elastic#67378)
  [Ingest Manager] Update indexing strategy docs to use dataset.* (elastic#68068)
  [Ingest Manager] Fix datasource validation for streams without vars (elastic#67950)
  ...

# Conflicts:
#	x-pack/plugins/index_management/__jest__/client_integration/helpers/index.ts
#	x-pack/plugins/index_management/__jest__/client_integration/home.test.ts
#	x-pack/plugins/index_management/__jest__/client_integration/home/index_templates_tab.helpers.ts
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jun 4, 2020
* master: (26 commits)
  [Console]remove completion for type for filter queries and aggs (elastic#68103)
  [ML] Transforms: Filter aggregation support (elastic#67591)
  [ES UI Shared] Monaco XJSON (elastic#67485)
  [Index Management] Add data streams functionality to indices tab (elastic#67940)
  [Discover] Fix renaming of saved search not displayed in breadcrumb (elastic#67577)
  [SECURITY] Rename siem plugin to security_solution (elastic#67902)
  [Uptime] Fix Telemetry Api flaky test (elastic#67358)
  [Data plugin] Add configuration property to enable / disable autocomplete (elastic#67847)
  remove scripts. prettire update has been done (elastic#68130)
  Closes elastic#68055 by detecting the local Kibana version and using that as (elastic#68198)
  [apm] docs: add deployment annotation example (elastic#67408)
  [ML] Extend population preview chart to show actual and typical value (elastic#67569)
  Refactor index management client integration tests for scalability (elastic#67917)
  Add generator function that creates multiple alerts (elastic#67713)
  chore(NA): remove config arg from os packages (elastic#67871)
  [Reporting] Move code out of Legacy (elastic#67904)
  [Metrics UI] Add overrides to Snapshot API to support alert previews (elastic#68125)
  [Security] [Cases] Manage timeline UI API (elastic#67719)
  [ENDPOINT][INGEST]Task/endpoint ingest update (elastic#67234)
  Fix code coverage for jest, upload merged reports (elastic#68149)
  ...
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0 v8.0.0 WIP Work in progress
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants