Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Added guided onboarding for the rules area #144016

Merged
merged 3 commits into from
Oct 31, 2022

Conversation

xcrzx
Copy link
Contributor

@xcrzx xcrzx commented Oct 26, 2022

Resolves: https://github.com/elastic/security-team/issues/5089

Related PR with other onboarding steps: #143598

Summary

Added Rules Area guided onboarding steps.

1. If no onboarding rules are installed - show the install rules tour step

Screenshot 2022-10-26 at 14 12 39

We search for any prebuilt detection rules that have the "Guided Onboarding" tag on them. I there's no any, we will show the tour step. It works for both cases when the user has no rules at all or their rules are outdated. If the rules are already installed - skip to the next step.

2. If onboarding rules are installed - show the enable rule step

Screenshot 2022-10-26 at 14 22 49

We check if any of the shipped onboarding rules are activated. If yes - skip to the end of the tour; otherwise, show the tour step. Once the user activates an onboarding rule, we automatically finish the current onboarding step.

Testing instructions

  1. add feature flag to kibana.dev.yml: xpack.securitySolution.enableExperimental: ['guidedOnboarding']
  2. Run kibana with examples: yarn start --run-examples
  3. Go to /app/guidedOnboardingExample
  4. Use the "Set guide state" section to set Guide to security and Step ID to rules
  5. The Setup guide menu will automatically open. Hit the "Start" button
  6. You will be redirected to the rules management page with tour steps active.

@xcrzx xcrzx added release_note:enhancement Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team v8.6.0 labels Oct 26, 2022
@xcrzx xcrzx self-assigned this Oct 26, 2022
@stephmilovic
Copy link
Contributor

@elasticmachine merge upstream

Copy link
Contributor

@kellyemurphy kellyemurphy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small change to the text in one of the tour screens, otherwise the copy LGTM

@xcrzx xcrzx force-pushed the rules-guided-onboarding branch from 68bf5c7 to 2bb0b7d Compare October 28, 2022 11:31
@xcrzx xcrzx marked this pull request as ready for review October 28, 2022 16:01
@xcrzx xcrzx requested a review from a team as a code owner October 28, 2022 16:01
@xcrzx xcrzx requested a review from maximpn October 28, 2022 16:01
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@xcrzx xcrzx force-pushed the rules-guided-onboarding branch from ddbb89f to 37bbf51 Compare October 31, 2022 09:27
Copy link
Contributor

@maximpn maximpn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xcrzx LGTM

The only thing which is unclear to me is why there are changes for "more detailed cache keys" in guided onboarding for the rules area.

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 3267 3270 +3

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.6MB 9.6MB +3.1KB
Unknown metric groups

ESLint disabled in files

id before after diff
osquery 1 2 +1

ESLint disabled line counts

id before after diff
enterpriseSearch 19 21 +2
fleet 57 63 +6
osquery 103 108 +5
securitySolution 439 443 +4
total +17

Total ESLint disabled count

id before after diff
enterpriseSearch 20 22 +2
fleet 65 71 +6
osquery 104 110 +6
securitySolution 516 520 +4
total +18

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @xcrzx

@xcrzx
Copy link
Contributor Author

xcrzx commented Oct 31, 2022

The only thing which is unclear to me is why there are changes for "more detailed cache keys" in guided onboarding for the rules area.

@maximpn Initially, I was going to implement the tour logic based on cache invalidation. But it turned out to be not necessary. So I left the changes related to cache keys in this PR, which is a nice improvement disregarding the final implementation.

@xcrzx xcrzx merged commit 7a3243b into elastic:main Oct 31, 2022
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Oct 31, 2022
@xcrzx xcrzx deleted the rules-guided-onboarding branch October 31, 2022 10:44
@xcrzx
Copy link
Contributor Author

xcrzx commented Oct 31, 2022

@gavinwye I've merged this PR, but feel free to leave any feedback here. I'll address it in a follow-up PR.

jloleysens added a commit to jloleysens/kibana that referenced this pull request Oct 31, 2022
* main:
  Upgrade @elastic/makelogs from v6.0.0 to v6.1.1 (elastic#144231)
  [Files] move to src (elastic#144044)
  [Synthetics UI] Add pagination and date filtering to test runs table (elastic#144029)
  Update time range when opening timeline from Entity Analytics page (elastic#144024)
  [Security Solution] Added guided onboarding for the rules area (elastic#144016)
xcrzx added a commit that referenced this pull request Nov 15, 2022
…area (#145223)

**Related to: #144016

## Summary

This follow-up PR addresses guided onboarding feedback mentioned
[here](elastic/security-team#5386) and
[here](#144458).

To summarize:

- We're keeping the first step (install prebuilt rules) intact, but most
users wouldn't see it as the rules are installed automatically during
previous stages. This step is needed to cover edge cases when rules were
deleted for some reason.
- We're splitting the second step into two: 1) search the first rule and
2) activate it.
- We're adding "Next" buttons to these steps.
- For the search step, the "Next" button will automatically filter the
rules table, so the first rule becomes visible.
- For the activate step, the "Next" button automatically activates the
first rule.
- The "Next" button stays optional; we still automatically progress the
guide once user actions satisfy certain conditions, like the user
filtered the rules table manually or activated the first rule by
clicking its toggle.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting release_note:enhancement Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.6.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants