Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Entity Analytics][UI] UI changes for Risk Engine to include closed alerts for risk score calculation #201909

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

[Entity Analytics][UI] UI changes for Risk Engine to include closed alerts for risk score calculation #201909

wants to merge 12 commits into from
+1,421 −117

Conversation

abhishekbhatia1710
Copy link
Contributor

@abhishekbhatia1710 abhishekbhatia1710 commented Nov 27, 2024
edited by CAWilson94
Loading

Summary

We are introducing a new feature that allows users to include "closed" alerts in risk score calculations.

Users can toggle a button to include closed alerts in the risk score calculation and specify a date/time range for the calculation. Additionally, they can preview the data before finalising and saving these changes for the next engine run.

Image

Note : This PR is an extension to the following PRs.

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

  • Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
  • Documentation was added for features that require explanation or tutorials
  • Unit or functional tests were updated or added to match the most common scenarios
  • If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
  • This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The release_note:breaking label should be applied in these situations.
  • Flaky Test Runner was used on any tests changed
  • The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines

@abhishekbhatia1710 abhishekbhatia1710 self-assigned this Nov 27, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

@abhishekbhatia1710 abhishekbhatia1710 mentioned this pull request Nov 27, 2024
Open
@machadoum
Copy link
Member

machadoum commented Nov 27, 2024
edited
Loading

@abhishekbhatia1710 This PR name mentions "UI" but also has server changes. Is it intentional?

@abhishekbhatia1710
Copy link
Contributor Author

@abhishekbhatia1710 This PR name mentions "UI" but also has server changes. Is it intentional?

Yes @machadoum, because the UI changes rely on the API updates, so I rebased this branch with the changes from the API PRs (mentioned in the summary of this PR).

@CAWilson94
Copy link
Contributor

CAWilson94 commented Nov 27, 2024
edited
Loading

Tested locally, working well 🚀

Also, this might be more the EUI component, but I love the options for relative and absolute given here:
image

@abhishekbhatia1710 abhishekbhatia1710 added the backport:skip This commit does not require backporting label Nov 27, 2024
@abhishekbhatia1710 abhishekbhatia1710 mentioned this pull request Nov 27, 2024
Closed
7 tasks
@abhishekbhatia1710 abhishekbhatia1710 added the ci:project-deploy-security Create a Security Serverless Project label Nov 27, 2024
@abhishekbhatia1710
Copy link
Contributor Author

The log message which shows the configuration with which the Risk Score Engine has run is :

Risk Engine running with configuration

image

@elastic/security-entity-analytics

CAWilson94
CAWilson94 approved these changes Nov 28, 2024
View reviewed changes
x-pack/plugins/security_solution/public/entity_analytics/translations.ts Outdated Show resolved Hide resolved
...ugins/security_solution/public/entity_analytics/components/include_closed_alerts_section.tsx
useEffect(() => {
const savedIncludeClosedAlerts = localStorage.getItem('includeClosedAlerts');
const savedStart = localStorage.getItem('dateStart');
const savedEnd = localStorage.getItem('dateEnd');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would using useLocalStorage have any benefit over the basic localStorage? Is error handling baked into there or do we have something to check an unhappy path? :D

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

☝️
Please use useLocalStorage

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use a specific local storage key name; otherwise, it will conflict with other usages in Kibana.

...ugins/security_solution/public/entity_analytics/components/include_closed_alerts_section.tsx Outdated Show resolved Hide resolved
...ugins/security_solution/public/entity_analytics/components/include_closed_alerts_section.tsx Outdated Show resolved Hide resolved
machadoum
machadoum requested changes Nov 28, 2024
View reviewed changes
...ugins/security_solution/public/entity_analytics/components/include_closed_alerts_section.tsx
const savedStart = localStorage.getItem('dateStart');
const savedEnd = localStorage.getItem('dateEnd');

if (savedIncludeClosedAlerts !== null) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file has a lot of logic. Could your unit-test it?

...ugins/security_solution/public/entity_analytics/components/include_closed_alerts_section.tsx Outdated Show resolved Hide resolved
...plugins/security_solution/public/entity_analytics/pages/entity_analytics_management_page.tsx
}
};

const handleIncludeClosedAlertsToggle = (value: boolean) => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You probably need a useCallback here because setIncludeClosedAlerts param is used as a dependency for useEffect in IncludeClosedAlertsSection component.

...plugins/security_solution/public/entity_analytics/pages/entity_analytics_management_page.tsx Outdated Show resolved Hide resolved
...plugins/security_solution/public/entity_analytics/pages/entity_analytics_management_page.tsx Outdated Show resolved Hide resolved
...ugins/security_solution/public/entity_analytics/components/include_closed_alerts_section.tsx
useEffect(() => {
const savedIncludeClosedAlerts = localStorage.getItem('includeClosedAlerts');
const savedStart = localStorage.getItem('dateStart');
const savedEnd = localStorage.getItem('dateEnd');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use a specific local storage key name; otherwise, it will conflict with other usages in Kibana.

...ins/security_solution/public/entity_analytics/components/risk_score_useful_links_section.tsx Outdated Show resolved Hide resolved
...plugins/security_solution/public/entity_analytics/pages/entity_analytics_management_page.tsx
import { useRiskEngineStatus } from '../api/hooks/use_risk_engine_status';
import { useScheduleNowRiskEngineMutation } from '../api/hooks/use_schedule_now_risk_engine_mutation';
import { useAppToasts } from '../../common/hooks/use_app_toasts';
import * as i18n from '../translations';

export const EntityAnalyticsManagementPage = () => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add unit tests

...plugins/security_solution/public/entity_analytics/pages/entity_analytics_management_page.tsx Outdated Show resolved Hide resolved
...plugins/security_solution/public/entity_analytics/pages/entity_analytics_management_page.tsx
/>
)}

{/* Text: "Next engine run in {} minutes" */}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: In this case, creating an isolated component with a clear name is usually better than adding comments.

machadoum
machadoum reviewed Nov 28, 2024
View reviewed changes
Copy link
Member

@machadoum machadoum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left some comments.

Here are some interesting resources about kibana UI:
https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/GUIDELINE.md
https://eui.elastic.co/#/theming/typography/utilities
https://eui.elastic.co/#/utilities/i18n

@abhishekbhatia1710
Addressing review comments related to using i18n for texts, EUI compo…
b00be60 
…nenets and emotion for css and px related styles.
@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 29, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @abhishekbhatia1710

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@machadoum machadoum machadoum requested changes

@CAWilson94 CAWilson94 CAWilson94 approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

@abhishekbhatia1710 abhishekbhatia1710

Labels
8.17 candidate backport:skip This commit does not require backporting ci:project-deploy-security Create a Security Serverless Project release_note:enhancement Team:Entity Analytics Security Entity Analytics Team v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@abhishekbhatia1710 @elasticmachine @machadoum @CAWilson94 @kibanamachine