Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][RAC] - Update reason field text #110308

Merged
merged 17 commits into from
Sep 2, 2021
Merged

[Security Solution][RAC] - Update reason field text #110308

merged 17 commits into from
Sep 2, 2021

Conversation

michaelolo24
Copy link
Contributor

@michaelolo24 michaelolo24 commented Aug 26, 2021
edited
Loading

Summary

The goal of this PR is to update the reason field to be more meaningful for our users by making use of potentially interesting fields to give more detailed feedback. The updated string can be seen below:

image

Checklist

Delete any items that are not applicable to this PR.

@michaelolo24 michaelolo24 added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team v7.15.0 v7.16.0 v8.0.0 Feature:RAC label obsolete auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes labels Aug 26, 2021
@michaelolo24 michaelolo24 added the bug Fixes for quality problems that affect the customer experience label Sep 2, 2021
@michaelolo24 michaelolo24 marked this pull request as ready for review September 2, 2021 14:52
@michaelolo24 michaelolo24 requested a review from a team as a code owner September 2, 2021 14:52
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

stephmilovic
stephmilovic reviewed Sep 2, 2021
View reviewed changes
x-pack/plugins/security_solution/server/lib/detection_engine/signals/reason_formatters.ts
sourceAddress: getFieldTemplateValue(sourceAddress, true),
sourcePort: getFieldTemplateValue(sourcePort, true),
userName: getFieldTemplateValue(userName),
hasFieldOfInterest: fieldPresenceTracker.hasFieldOfInterest, // Tracking if we have any fields to show the 'with' word
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how interesting

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

stephmilovic
stephmilovic reviewed Sep 2, 2021
View reviewed changes
x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_bulk_body.ts
const mergedEvents = objectArrayIntersection(events.map((event) => event._source));
const reason = buildReasonMessage({ rule, mergedDoc: mergedEvents as SignalSourceHit });
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i struggled with this typecast for a while, couldn't get it either. blerg

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea, it was a pain. Just went with the path of least resistance 😅

stephmilovic
stephmilovic approved these changes Sep 2, 2021
View reviewed changes
Copy link
Contributor

@stephmilovic stephmilovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🚀

@michaelolo24 michaelolo24 merged commit 3dda4da into elastic:master Sep 2, 2021
@michaelolo24 michaelolo24 deleted the update-reason-string branch September 2, 2021 17:52
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Sep 2, 2021
@michaelolo24 @kibanamachine
[Security Solution][RAC] - Update reason field text (elastic#110308)
d8e3c8b
@kibanamachine kibanamachine mentioned this pull request Sep 2, 2021
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Sep 2, 2021
@michaelolo24 @kibanamachine
[Security Solution][RAC] - Update reason field text (elastic#110308)
5585e04
@kibanamachine kibanamachine mentioned this pull request Sep 2, 2021
Merged
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.15
7.x

The backport PRs will be merged automatically after passing CI.

jloleysens added a commit to jloleysens/kibana that referenced this pull request Sep 3, 2021
@jloleysens
Merge branch 'master' of github.com:elastic/kibana into vis/migrate-r…
7fe9e60 
…eporting-to-v2

* 'master' of github.com:elastic/kibana: (65 commits)
  Move to vis_types folder part 2 (elastic#110574)
  [SOR] use initialNamespaces when checking for conflict for `create` and `bulkCreate` (elastic#111023)
  [Discover] Remove export* syntax (elastic#110934)
  [Event log][7.x] Updated event log client to search across legacy IDs (elastic#109365)
  [Security Solution][Detection Rules] Changes 'activated' text on rule details page  (elastic#111044)
  [Metrics UI] Filter out APM nodes from the inventory view (elastic#110300)
  [package testing] Update logging and pid configuration (elastic#111059)
  [Dashboard] Read App State from URL on Soft Refresh (elastic#109354)
  Add correct roles to test user for functional tests in dashboard (elastic#110880)
  [DOCS] Adds Lens Inspector and minor edits (elastic#109736)
  [DOCS] Updates Spaces page (elastic#111005)
  normalize initialNamespaces (elastic#110936)
  [Reporting] Clean up `any` usage, reorganize server route files (elastic#110740)
  [Security Solution] [CTI] Fixes bug that caused Threshold and Indicator Match rules to ignore custom rule filters if a saved query was used in the rule definition. (elastic#109253)
  skip flaky suites: elastic#111001, elastic#111022
  [Security Solution][RAC] - Update reason field text (elastic#110308)
  [RAC][Security Solution] Make analyzer work with EuiDataGrid full screen (elastic#110913)
  [Metrics UI] Add integration tests for Metric Threshold Rule and refactor to fire correctly (elastic#109971)
  [DOCS] Updates Discover docs (elastic#110346)
  [RAC] Persistent timeline fields fix (elastic#110685)
  ...
kibanamachine added a commit that referenced this pull request Sep 3, 2021
@kibanamachine @michaelolo24
[Security Solution][RAC] - Update reason field text (#110308) (#111020)
73c5a27 
Co-authored-by: Michael Olorunnisola <[email protected]>
kibanamachine added a commit that referenced this pull request Sep 3, 2021
@kibanamachine @michaelolo24
[Security Solution][RAC] - Update reason field text (#110308) (#111021)
4af5415 
Co-authored-by: Michael Olorunnisola <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stephmilovic stephmilovic stephmilovic approved these changes

Assignees
No one assigned
Labels
auto-backport Deprecated - use backport:version if exact versions are needed bug Fixes for quality problems that affect the customer experience Feature:RAC label obsolete release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team v7.15.0 v7.16.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@michaelolo24 @elasticmachine @kibanamachine @stephmilovic