[Security Solution][Endpoint]Activity Log API/UX changes #114905
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ashokaditya
added
auto-backport
|
@elasticmachine merge upstream |
…ons-default` indices fixes elastic/security-team/issues/1702
|
Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt) |
pzl
reviewed
Oct 14, 2021
There was a problem hiding this comment.
getActivityLog() is getting pretty big. It's hard to read through the logic top-to-bottom and understand why we're doing any of those operations. Can you refactor and split some of those sections into functions, and then getActivityLog()'s purpose can be described by reading those function names?
x-pack/plugins/security_solution/server/endpoint/services/actions.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/server/endpoint/services/actions.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/server/endpoint/services/actions.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/server/endpoint/services/actions.ts
Outdated
Show resolved
Hide resolved
…t to Fleet review comments
review comments
pzl
approved these changes
Oct 15, 2021
Simplify `getActivityLog` so it is easier to reason with. review comments
academo
reviewed
Oct 15, 2021
| @@ -912,6 +932,25 @@ describe('when on the endpoint list page', () => { | |||
| expect(`${logEntries[1]} .euiCommentTimeline__icon--regular`).not.toBe(null); | |||
| }); | |||
|
|
|||
| it('should display log accurately with endpoint responses', async () => { | |||
| const activityLogTab = await renderResult.findByTestId('activity_log'); | |||
| reactTestingLibrary.act(() => { | |||
There was a problem hiding this comment.
no need to take action, but just so you know, userEvent is available in kibana and avoids the whole having to wrap this in act https://testing-library.com/docs/ecosystem-user-event/
academo
reviewed
Oct 15, 2021
x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.test.ts
Outdated
Show resolved
Hide resolved
pzl
reviewed
Oct 18, 2021
|
@elasticmachine merge upstream |
|
I also checked this our and tried it. After a fix from @ferullo it should work! With the Endpoint that has the fix to get the activity log working |
kevinlog
approved these changes
Oct 18, 2021
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: cc @ashokaditya |
kibanamachine
added a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 19, 2021
) * rename legacy actions/responses fixes elastic/security-team/issues/1702 * use correct name for responses index refs elastic/pull/113621 * extract helper method to utils * append endpoint responses docs to activity log * Show completed responses on activity log fixes elastic/security-team/issues/1703 * remove width restriction on date picker * add a simple test to verify endpoint responses fixes elastic/security-team/issues/1702 * find unique action_ids from `.fleet-actions` and `.logs-endpoint.actions-default` indices fixes elastic/security-team/issues/1702 * do not filter out endpoint only actions/responses that did not make it to Fleet review comments * use a constant to manage various doc types review comments * refactor `getActivityLog` Simplify `getActivityLog` so it is easier to reason with. review comments * skip this for now will mock this better in a new PR * improve types * display endpoint actions similar to fleet actions, but with success icon color * Correctly do mocks for tests * Include only errored endpoint actions, remove successful duplicates fixes elastic/security-team/issues/1703 * Update tests to use non duplicate action_ids review comments fixes elastic/security-team/issues/1703 * show correct action title review fixes * statusCode constant review change * rename review changes * Update translations.ts refs elastic@74a8340 Co-authored-by: Kibana Machine <[email protected]>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
kibanamachine
added a commit
that referenced
this pull request
Oct 19, 2021
…115492) * rename legacy actions/responses fixes elastic/security-team/issues/1702 * use correct name for responses index refs /pull/113621 * extract helper method to utils * append endpoint responses docs to activity log * Show completed responses on activity log fixes elastic/security-team/issues/1703 * remove width restriction on date picker * add a simple test to verify endpoint responses fixes elastic/security-team/issues/1702 * find unique action_ids from `.fleet-actions` and `.logs-endpoint.actions-default` indices fixes elastic/security-team/issues/1702 * do not filter out endpoint only actions/responses that did not make it to Fleet review comments * use a constant to manage various doc types review comments * refactor `getActivityLog` Simplify `getActivityLog` so it is easier to reason with. review comments * skip this for now will mock this better in a new PR * improve types * display endpoint actions similar to fleet actions, but with success icon color * Correctly do mocks for tests * Include only errored endpoint actions, remove successful duplicates fixes elastic/security-team/issues/1703 * Update tests to use non duplicate action_ids review comments fixes elastic/security-team/issues/1703 * show correct action title review fixes * statusCode constant review change * rename review changes * Update translations.ts refs 74a8340 Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Ashokaditya <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
In addition to fleet actions and responses in the activity log, this PR enriches the log by showing successful or failed action responses that were completed when the endpoint finishes executing the action request.
action_ids for each agent from.fleet-actionsand.logs-endpoint.actions-defaultindices, if the new endpoint action index exists. Otherwise, findsaction_ids from.fleet-actionsindex.action_idresponses from.fleet-action-resultsand.logs-endpoint.action.responses-defaultindices if it exists. Distinguishes each type of record by labeling themfleetResponseorresponse(for endpoint responses)fleetAction. Since we want to continue showing fleet action requests, fleet action responses, and the new endpoint response (as completed response).fleetwith matching endpoint responses that didn't execute.with actions/responses that didn't make to fleet:
Checklist
Delete any items that are not applicable to this PR.