Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security solution][Session view] - Add Sessions tab into the Hosts page #127920

Merged
merged 32 commits into from
Mar 28, 2022
Merged

[Security solution][Session view] - Add Sessions tab into the Hosts page #127920

merged 32 commits into from
Mar 28, 2022

Conversation

opauloh
Copy link
Contributor

@opauloh opauloh commented Mar 16, 2022
edited
Loading

Summary

This PR adds the Sessions tab into Hosts page, and also introduces the sessions table, filtering sessions leader processes from the logs-endpoint.events.process-default indice from Endpoint integration.

It makes reuse of the <StatefulEventsViewer /> component, and adds the sessions entityType to update timelines Search Strategy accordingly with the sessions page needs.

It prepares the session_view plugin to be consumable for the security_solution plugin

The Open in Session View button action will be added by @kqualters-elastic in a separate PR: #127520

Issue: #125950

Screenshots

Sessions Table in Hosts Page - Sessions Tab

image

Sessions Table in Hosts Details Page - Sessions Tab

screencapture-localhost-5601-app-security-hosts-ubuntu-impish-sessions-2022-03-24-11_26_46 (1)

TODO

  • Add tests coverage

@opauloh opauloh added the WIP Work in progress label Mar 16, 2022
@opauloh opauloh self-assigned this Mar 16, 2022
@opauloh opauloh added the backport:skip This commit does not require backporting label Mar 16, 2022
@opauloh opauloh changed the title [Security Solution][Explore] - Add Sessions tab into the Hosts page [WIP][Security Solution][Explore] - Add Sessions tab into the Hosts page Mar 18, 2022
@opauloh opauloh removed the WIP Work in progress label Mar 23, 2022
@opauloh opauloh marked this pull request as ready for review March 23, 2022 20:21
@opauloh opauloh requested review from a team as code owners March 23, 2022 20:21
@opauloh opauloh requested a review from michaelolo24 March 23, 2022 20:29
@opauloh opauloh added release_note:feature Makes this part of the condensed release notes v8.2.0 labels Mar 23, 2022
@opauloh opauloh force-pushed the add-session-leader-table branch from 3df8bea to 3d2a8d9 Compare March 24, 2022 14:12
zizhouW
zizhouW approved these changes Mar 24, 2022
View reviewed changes
Copy link
Contributor

@zizhouW zizhouW left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good to me! 🎉 Just need some tests for it like we discussed :)

@opauloh opauloh changed the title [WIP][Security Solution][Explore] - Add Sessions tab into the Hosts page [Security Solution][Explore] - Add Sessions tab into the Hosts page Mar 25, 2022
mitodrummer
mitodrummer reviewed Mar 28, 2022
View reviewed changes
x-pack/plugins/security_solution/public/common/components/sessions_viewer/index.tsx
should: [
{
match: {
'process.is_entry_leader': true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just about to test whether endpoint agent added this yet, but we will have a process.entry_leader.same_as_process: true prop which will act as a means to pull all entry leaders.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here is tracking for this. https://github.com/elastic/security-team/issues/3470
we'll have to circle back and update this, for now probably can't wait for this fix.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alright, I added a TODO to switch the fields once we have same_as_process working, also a todo to remove the runtime_mapping on the search strategy.

cc @kqualters-elastic

mitodrummer
mitodrummer approved these changes Mar 28, 2022
View reviewed changes
Copy link
Contributor

@mitodrummer mitodrummer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

opauloh
opauloh commented Mar 28, 2022
View reviewed changes
x-pack/plugins/timelines/server/search_strategy/timeline/index.ts

const runtimeMappings = {
// TODO: remove once ECS is updated to support process.entry_leader.same_as_process
'process.is_entry_leader': {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kqualters-elastic this is the only field we need to keep on the runtime mappings because we don't have same_as_process being populated currently, and probably we won't have before FF, so we will have to backport that in the future. There's an open issue about that: https://github.com/elastic/security-team/issues/3470

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess 1 is ok 😬 that's what the beta flag is for i guess ha

kqualters-elastic
kqualters-elastic approved these changes Mar 28, 2022
View reviewed changes
Copy link
Contributor

@kqualters-elastic kqualters-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would prefer 0 runtime mappings, but in the meantime 👍 LGTM

@opauloh opauloh changed the title [Security Solution][Explore] - Add Sessions tab into the Hosts page [Security solution][Session view] - Add Sessions tab into the Hosts page Mar 28, 2022
@zizhouW
Copy link
Contributor

zizhouW commented Mar 28, 2022

@elasticmachine merge upstream

@kibanamachine kibanamachine requested a review from a team March 28, 2022 22:04
@zizhouW zizhouW enabled auto-merge (squash) March 28, 2022 23:26
@zizhouW zizhouW merged commit 8d117ca into elastic:main Mar 28, 2022
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 2991 2995 +4

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
sessionView 0 3 +3

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 4.8MB 4.8MB +2.8KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 247.4KB 247.6KB +236.0B
timelines 286.2KB 286.3KB +135.0B
total +371.0B
Unknown metric groups

API count

id before after diff
sessionView 0 3 +3

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @zizhouW @opauloh

@mitodrummer mitodrummer mentioned this pull request Mar 30, 2022
Closed
@jmikell821 jmikell821 mentioned this pull request Mar 31, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kqualters-elastic kqualters-elastic kqualters-elastic approved these changes

@zizhouW zizhouW zizhouW approved these changes

@mitodrummer mitodrummer mitodrummer approved these changes

@michaelolo24 michaelolo24 Awaiting requested review from michaelolo24

@animehart animehart Awaiting requested review from animehart

Assignees

@zizhouW zizhouW

@opauloh opauloh

Labels
backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes v8.2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@opauloh @zizhouW @kibana-ci @mitodrummer @kqualters-elastic @kibanamachine