Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] expanded flyout - right section - overview tab - mitre attack #152767

Merged
merged 1 commit into from
Mar 10, 2023
Merged

[Security Solution] expanded flyout - right section - overview tab - mitre attack #152767

merged 1 commit into from
Mar 10, 2023

Conversation

PhilippeOberti
Copy link
Contributor

@PhilippeOberti PhilippeOberti commented Mar 6, 2023
edited
Loading

Summary

This PR leverages the work done in a previous PR and add the Mitre Attack section under the overview tab of the Security Solution expandable flyout right section panel:

  • the mitre attack section is displayed at the top of the overview tab. It reuses the getMitreComponentParts method to get the display of the mitre attack's description
  • displays an empty component if the mitre attack information is missing on the document

How to test

  • add xpack.securitySolution.enableExperimental: ['securityFlyoutEnabled'] to the kibana.json file
  • run yarn es snapshot --license trial, yarn test:generate and yarn start --no-base-path
  • go to the Alerts page, and click on the expand detail button on any row of the table
  • navigate to the Overview tab

Notes

To generate alerts with Mitre Attack value, you can for example create a new Custom Query rule with the following _id is * query, then in the second section (About rule), expand the Advanced Settings then add some tactic and technique values

Run tests and storybook

  • node scripts/storybook security_solution to run Storybook
  • npm run test:jest --config ./x-pack/plugins/security_solution/public/flyout to run the unit tests
  • yarn cypress:open-as-ci but note that the integration/e2e tests have been written but are now skipped because the feature is protected behind a feature flag, disabled by default. To check them, add 'securityFlyoutEnabled' here

Screenshot 2023-03-06 at 4 02 52 PM

https://github.com/elastic/security-team/issues/6069

Checklist

Delete any items that are not applicable to this PR.

@PhilippeOberti PhilippeOberti requested review from a team as code owners March 6, 2023 22:24
@PhilippeOberti PhilippeOberti added Team:Threat Hunting Security Solution Threat Hunting Team release_note:feature Makes this part of the condensed release notes Team:Threat Hunting:Investigations Security Solution Investigations Team v8.8.0 labels Mar 6, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@PhilippeOberti PhilippeOberti marked this pull request as draft March 7, 2023 20:58
@PhilippeOberti PhilippeOberti force-pushed the expanded-flyout-6069 branch 2 times, most recently from 5219c54 to 73059de Compare March 10, 2023 01:11
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 3777 3778 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 15.7MB 15.7MB +4.3KB
Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 434 437 +3

Total ESLint disabled count

id before after diff
securitySolution 514 517 +3

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@PhilippeOberti PhilippeOberti marked this pull request as ready for review March 10, 2023 03:09
@lgestc lgestc self-assigned this Mar 10, 2023
@lgestc
Copy link
Contributor

lgestc commented Mar 10, 2023

I will take a look after the base one is merged:)

@PhilippeOberti
Copy link
Contributor Author

I will take a look after the base one is merged:)

the base one was merged yesterday, this PR is rebased and ready for review, I just had forgotten to update the description!

michaelolo24
michaelolo24 approved these changes Mar 10, 2023
View reviewed changes
Copy link
Contributor

@michaelolo24 michaelolo24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, getting real data in here! 🕺🏾

@PhilippeOberti PhilippeOberti merged commit 6e3a34f into main Mar 10, 2023
@PhilippeOberti PhilippeOberti deleted the expanded-flyout-6069 branch March 10, 2023 19:39
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Mar 10, 2023
bmorelli25 pushed a commit to bmorelli25/kibana that referenced this pull request Mar 10, 2023
@PhilippeOberti @bmorelli25
[Security Solution] expanded flyout - right section - overview tab - …
f5ab39e 
…mitre attack (elastic#152767)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelolo24 michaelolo24 michaelolo24 approved these changes

@christineweng christineweng Awaiting requested review from christineweng

Assignees

@lgestc lgestc

Labels
backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team v8.8.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@PhilippeOberti @elasticmachine @kibana-ci @lgestc @michaelolo24 @kibanamachine