Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Detection Alerts] Fixes follow-up alert refresh bugs #112169

Merged
merged 12 commits into from
Oct 12, 2021

Conversation

dplumlee
Copy link
Contributor

@dplumlee dplumlee commented Sep 14, 2021

Summary

Follow-up to #111042

Addresses #112011

  • Fixes bug where closing alert via the add exception modal when opening modal from the take action flyout menu wouldn't properly refresh the alerts page
  • Adds tests
  • Fixes timeline sync

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@dplumlee dplumlee added bug Fixes for quality problems that affect the customer experience release_note:fix v8.0.0 Team:Detections and Resp Security Detection Response Team Feature:Detection Alerts Security Solution Detection Alerts Feature auto-backport Deprecated - use backport:version if exact versions are needed v7.16.0 labels Sep 14, 2021
@dplumlee dplumlee self-assigned this Sep 14, 2021
@dplumlee dplumlee force-pushed the alert-status-refresh-pt2 branch from 9ce2833 to e844acc Compare September 22, 2021 19:55
@dplumlee
Copy link
Contributor Author

@elasticmachine merge upstream

@dplumlee dplumlee force-pushed the alert-status-refresh-pt2 branch from a9e0ccc to b92715f Compare September 23, 2021 19:24
@dplumlee dplumlee marked this pull request as ready for review September 23, 2021 19:43
@dplumlee dplumlee requested review from a team as code owners September 23, 2021 19:43
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@dplumlee dplumlee requested a review from XavierM September 23, 2021 19:44
@dplumlee dplumlee force-pushed the alert-status-refresh-pt2 branch from b92715f to 55010df Compare October 4, 2021 17:47
Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked out, desk tested locally and code-reviewed -- Loooks GREEEEAT To Me! 👍 Thanks for following through with the thoroughness in fixes here @dplumlee! Everything I tested refreshed as expected and I identified no stale data when performing actions 🙂

Testing notes:

  • Updating alert status from Alert Details closes flyout? I think this is desired UX, but was unexpected to me (I think this I mentioned this in the last PR 😅) .
  • Closing alert from Alert Details Add Exception UI keeps flyout open, so slightly different UX from above with same action outcome.
  • Updating alert status from Alert Details -> Investigate in Timeline -> Close Alert -> Close Timeline, still shows close action in Alert Details flyout actions (Quite the corner case 😅 -- no resolution expected here).

Comment on lines +57 to +66
cy.get(ALERT_COUNT_TABLE_FIRST_ROW_COUNT).should('have.text', `${expectedNumberOfAlerts}`);

goToAcknowledgedAlerts();
waitForAlerts();

cy.get(ALERTS_COUNT).should('have.text', `${numberOfAlertsToBeMarkedAcknowledged} alert`);
cy.get(ALERT_COUNT_TABLE_FIRST_ROW_COUNT).should(
'have.text',
`${numberOfAlertsToBeMarkedAcknowledged}`
);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a case for verifying the Trend histogram has refreshed as well? No explicit counts visible in that component, so we'd need a separate method for verification here -- perhaps setup test to only have one alert and then verify Rule Name is no longer in legend? Or could hover on a bar and verify counts in tooltip (though may be tough to sort out the flake)?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment goes for opening/closing specs below.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it doesn't verify the trend histogram yet, I was looking at some possible ways to do that since the data isn't as neat from a css selector standpoint for cypress. I think having the one alert would be a good way to do that, though, I'll add it to the test case here and in the other relevant files 👍

Comment on lines +117 to +119
if (routeProps.pageName === 'alerts') {
refetchQuery(globalQuery);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! I had explicitly tried closing an alert from within timeline elsewhere in the app to see if we'd still refetch, haha! 😅

🚀 🥮

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@@ -37,7 +37,7 @@ export const useUpdateAlertsStatus = (
const { http } = useKibana<CoreStart>().services;
return {
updateAlertStatus: async ({ status, index, query }) => {
if (['detections-page', 'detections-rules-details-page'].includes(timelineId)) {
if (useDetectionEngine) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May want to rename -- wasn't immediately clear how the detection engine wasn't involved with updating alert status, but clicking through to see the conditional showed this is just a feature flag check between legacy impl and RAC RBAC routes. I guess this makes sense since the route ends up not being a DE route, but RAC, so don't mind me....

Do need some JSDocs though, haha 😉

@@ -1054,7 +1054,7 @@ Array [
</div>
</EuiFlyoutBody>
</Styled(EuiFlyoutBody)>
<Memo()
<Connect(Component)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not for you to resolve, so commenting for posterity, but it's probably time we revisit some of these larger snapshot tests and determine if they can be broken up into smaller more understandable/maintainable chunks. We've discussed before how they lose their utility when reaching thousands of lines, and I think this is a reasonable example of this. (I identified the structural changes that resulted from this PR, but tough to make sense if that's all that changed that should have.)

@dplumlee dplumlee force-pushed the alert-status-refresh-pt2 branch from 55010df to acbe509 Compare October 6, 2021 18:53
Copy link
Contributor

@kqualters-elastic kqualters-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code lgtm 👍 , but might be a good idea to get @angorayc to sign off on this before merging, i know there were some strange bugs with refetch in very specific circumstances that were recently fixed

@dplumlee
Copy link
Contributor Author

@elasticmachine merge upstream

@dplumlee dplumlee enabled auto-merge (squash) October 11, 2021 16:22
@dplumlee
Copy link
Contributor Author

@elasticmachine merge upstream

@dplumlee
Copy link
Contributor Author

@elasticmachine merge upstream

@dplumlee
Copy link
Contributor Author

@elasticmachine merge upstream

@dplumlee
Copy link
Contributor Author

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 4.3MB 4.3MB +19.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
timelines 156.7KB 156.6KB -62.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @dplumlee

@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x
7.15

The backport PRs will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Oct 12, 2021
@dplumlee dplumlee deleted the alert-status-refresh-pt2 branch October 13, 2021 04:24
kibanamachine added a commit that referenced this pull request Oct 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-backport Deprecated - use backport:version if exact versions are needed bug Fixes for quality problems that affect the customer experience Feature:Detection Alerts Security Solution Detection Alerts Feature release_note:fix Team:Detections and Resp Security Detection Response Team v7.15.1 v7.16.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants