-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Alert Flyout] Enable network preview and previews in table tab #190560
[Security Solution][Alert Flyout] Enable network preview and previews in table tab #190560
Conversation
/ci |
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
18acf27
to
3605773
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code looks great and testing went well. I left a couple of minor comments.
Also, I feel like - while this might not have been the intent of this PR - it would be the right place to add the same preview logic to the rule preview inside the new Table tab. Unless I'm mistaken, we already have everything to display the rule preview. This would allow to handle this case
Screen.Recording.2024-08-19.at.1.28.55.PM.mov
which I think might be the last one for the table?
.../plugins/security_solution/public/flyout/document_details/shared/components/cell_actions.tsx
Show resolved
Hide resolved
.../plugins/security_solution/public/flyout/document_details/shared/components/preview_link.tsx
Outdated
Show resolved
Hide resolved
.../plugins/security_solution/public/flyout/document_details/shared/components/preview_link.tsx
Outdated
Show resolved
Hide resolved
Yes, good point. I wanted to confirm with product before doing this though. Alerts and entity flyout are currently enabled in alerts table, but the rule still goes to rule details page. That action may need to change to a flyout as well. |
f93d8aa
to
ca259b2
Compare
ca259b2
to
433ac12
Compare
/ci |
0f13432
to
89220c6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
desk tested and code LGTM, thanks for making this great change!
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
…d enable rule previews (#191764) ## Summary This PR converts rule name in alert table to be a flyout (consistent with host name and user name) and enables rule preview whenever rule name is present. This PR also moved the rule details component into its own `rule_details` folder to be independent of the `document_details` flyout. Dependency: #190560 to be merged first New behavior: - Rule link in alert table opens rule flyout - Clicking the rule title goes to rule details page - Clicking rule name in alert flyout opens rule preview https://github.com/user-attachments/assets/857aa894-6253-4041-873a-18d6e8a003b6 ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…d enable rule previews (elastic#191764) ## Summary This PR converts rule name in alert table to be a flyout (consistent with host name and user name) and enables rule preview whenever rule name is present. This PR also moved the rule details component into its own `rule_details` folder to be independent of the `document_details` flyout. Dependency: elastic#190560 to be merged first New behavior: - Rule link in alert table opens rule flyout - Clicking the rule title goes to rule details page - Clicking rule name in alert flyout opens rule preview https://github.com/user-attachments/assets/857aa894-6253-4041-873a-18d6e8a003b6 ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…d enable rule previews (elastic#191764) ## Summary This PR converts rule name in alert table to be a flyout (consistent with host name and user name) and enables rule preview whenever rule name is present. This PR also moved the rule details component into its own `rule_details` folder to be independent of the `document_details` flyout. Dependency: elastic#190560 to be merged first New behavior: - Rule link in alert table opens rule flyout - Clicking the rule title goes to rule details page - Clicking rule name in alert flyout opens rule preview https://github.com/user-attachments/assets/857aa894-6253-4041-873a-18d6e8a003b6 ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Summary
This PR is a refactor of preview links in document details flyout:
EuiLink
component with a sharedPreviewLink
that renders a link based on fieldNetwork previews
After
Screen.Recording.2024-08-14.at.3.31.36.PM.mov
Exceptions
IP addresses in entity details section are not yet worked on, as it is owned by the Explore team and therefore has impacts outside of alerts flyout.
How to test
Checklist