Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SecuritySolution] [UI] Re-score entity when asset criticality changes #182234

Merged
merged 9 commits into from
May 8, 2024
Merged

[SecuritySolution] [UI] Re-score entity when asset criticality changes #182234

merged 9 commits into from
May 8, 2024

Conversation

machadoum
Copy link
Member

@machadoum machadoum commented May 1, 2024
edited
Loading

Summary

Update the risk score when the user updates asset criticality.

recalculate.risk.score.2.mov
recalculate.risk.score.mov

Tech breakdown

Required changes

  • Update asset criticality APIs to use refresh: 'wait_for'
  • Update all risk score APIs in the UI to be inspected so we can refetch it from anywhere.
  • Update all risk score APIs to use the data stream index to reflect the change.
  • Update flyout risk score loading state

Sequence of events

  • Whenever asset criticality for an entity changes, wait for the response
  • Call calculateEntityRiskScore
  • Waits for calculateEntityRiskScore response
  • invalidate/refetch all risk score API calls on the UI to display the new risk score
sequenceDiagram
    participant FE as Client
    participant BE as Server


    FE->>BE: Assign Asset Criticality
    BE->>FE: Asset Criticality Response
    FE->>BE: Recalculate Risk Score
    BE->>FE: Risk Score Response
    FE->>BE: Fetch visualizations 1
    FE->>BE: Fetch  visualizations 2
    FE->>BE: Fetch  visualizations 3
    BE->>FE: Visualizations responses
Loading

Affected components:

  • Expandable flyout (user/host)
  • Entity Details page (user/host)

Why we don't have cypres tests?

  • We can test this feature on Cypress because we don't run the risk engine. Instead, we fake the API response for the risk engine status.
  • To be able to cypress test this feature, first, we need to reliably (no flakyness) enable the risk engine.

Checklist

Delete any items that are not applicable to this PR.

@machadoum machadoum changed the title Siem ea 9121 2 [SecuritySolution] [UI] Re-score entity when asset criticality changes May 1, 2024
@machadoum
Copy link
Member Author

/ci

2 similar comments
@machadoum
Copy link
Member Author

/ci

@machadoum
Copy link
Member Author

/ci

@machadoum machadoum self-assigned this May 2, 2024
@machadoum machadoum added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. release_note:feature Makes this part of the condensed release notes Theme: entity_analytics Team:Entity Analytics Security Entity Analytics Team labels May 2, 2024
@machadoum machadoum force-pushed the siem-ea-9121-2 branch 2 times, most recently from b540632 to 4287820 Compare May 3, 2024 08:49
machadoum
machadoum commented May 3, 2024
View reviewed changes
...ns/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.tsx
const timerange = useMemo(() => {
const from = dateMath.parse(LAST_30_DAYS.from)?.toISOString() ?? LAST_30_DAYS.from;
const to = dateMath.parse(LAST_30_DAYS.to)?.toISOString() ?? LAST_30_DAYS.to;
return { from, to };
}, []);
// eslint-disable-next-line react-hooks/exhaustive-deps
}, [riskDataTimestamp]); // Update the timerange whenever the risk score timestamp changes to include new entries
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is necessary to update the embedded visualization

machadoum
machadoum commented May 3, 2024
View reviewed changes
...ns/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.tsx
/>
),
},
link: riskScoreData.loading
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change fixes a cypress flakiness, it was clicking on the link before riskScoreData was loaded.

@machadoum machadoum marked this pull request as ready for review May 3, 2024 09:21
@machadoum machadoum requested review from a team as code owners May 3, 2024 09:21
@machadoum machadoum requested a review from hop-dev May 3, 2024 09:21
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

@machadoum
Copy link
Member Author

/ci

hop-dev
hop-dev approved these changes May 7, 2024
View reviewed changes
Copy link
Contributor

@hop-dev hop-dev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@jaredburgettelastic jaredburgettelastic mentioned this pull request May 7, 2024
Closed
@machadoum machadoum enabled auto-merge (squash) May 8, 2024 09:58
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 5482 5485 +3

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.7MB 13.7MB +4.6KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 83.4KB 83.5KB +111.0B
Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 519 520 +1

Total ESLint disabled count

id before after diff
securitySolution 597 598 +1

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @machadoum

@machadoum machadoum merged commit de3fa8e into elastic:main May 8, 2024
38 checks passed
@kibanamachine kibanamachine added v8.15.0 backport:skip This commit does not require backporting labels May 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@angorayc angorayc angorayc approved these changes

@hop-dev hop-dev hop-dev approved these changes

Assignees

@machadoum machadoum

Labels
backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes Team:Entity Analytics Security Entity Analytics Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Theme: entity_analytics v8.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@machadoum @elasticmachine @kibana-ci @hop-dev @angorayc @kibanamachine