[Security Solution][Alerts Detail] - fix missing investigated alert id when fetching all alerts for the details panel alerts tab #206873
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…d when fetching all alerts for the details panel alerts tab
PhilippeOberti
added
release_note:skip
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
janmonschke
approved these changes
Jan 16, 2025
christineweng
approved these changes
Jan 16, 2025
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/12894388628 |
💚 Build Succeeded
Metrics [docs]Async chunks
History
|
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 21, 2025
…d when fetching all alerts for the details panel alerts tab (elastic#206873) ## Summary This PR fixes an issue in the session view detailed panel alerts tab when used in the expandable flyout. As can seen in the screenshot below, when used in the alerts table, the detailed panel alerts tab renders the investigated alert if it is available.  But when rendered in the expandable flyout the investigated alert is not always rendered.  The issue came from a mistake done in [this previous PR](elastic#200270) that aimed at extracting the session view detailed panel in the expandable flyout preview panel. Specifically [this line](https://github.com/elastic/kibana/pull/200270/files#diff-1f5a98dfb88e0067b1557ae15325887e48f561b35a0f99989360efea7f4aa6adR33) where I hardcoded the `investigatedAlertId` to `undefined`. I believe this happened during early stage of the development where I just wanted to get things to run. Then when I made the `investigatedAlertId` available via the session view panel context, I forgot to come back and replace the `undefined`... When looking at the network tab, I see 2 calls to the `internal/session_view/alerts` endpoint: - the first one made when opening the session view component the first time contains the `investigatedAlertId` value and returns more data   - the same call made when navigating to the detailed panel alerts tab only has `undefined` and returns less data   ### How to test - make sure the `securitySolution:enableVisualizationsInFlyout` advanced settings is turned on Co-authored-by: Paulo Silva <[email protected]> (cherry picked from commit 326a8d3)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jan 21, 2025
…lert id when fetching all alerts for the details panel alerts tab (#206873) (#207430) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution][Alerts Detail] - fix missing investigated alert id when fetching all alerts for the details panel alerts tab (#206873)](#206873) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Philippe Oberti","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-01-21T19:28:15Z","message":"[Security Solution][Alerts Detail] - fix missing investigated alert id when fetching all alerts for the details panel alerts tab (#206873)\n\n## Summary\r\n\r\nThis PR fixes an issue in the session view detailed panel alerts tab\r\nwhen used in the expandable flyout.\r\n\r\nAs can seen in the screenshot below, when used in the alerts table, the\r\ndetailed panel alerts tab renders the investigated alert if it is\r\navailable.\r\n\r\n\r\n\r\nBut when rendered in the expandable flyout the investigated alert is not\r\nalways rendered.\r\n\r\n\r\n\r\nThe issue came from a mistake done in [this previous\r\nPR](#200270) that aimed at\r\nextracting the session view detailed panel in the expandable flyout\r\npreview panel. Specifically [this\r\nline](https://github.com/elastic/kibana/pull/200270/files#diff-1f5a98dfb88e0067b1557ae15325887e48f561b35a0f99989360efea7f4aa6adR33)\r\nwhere I hardcoded the `investigatedAlertId` to `undefined`. I believe\r\nthis happened during early stage of the development where I just wanted\r\nto get things to run. Then when I made the `investigatedAlertId`\r\navailable via the session view panel context, I forgot to come back and\r\nreplace the `undefined`...\r\n\r\nWhen looking at the network tab, I see 2 calls to the\r\n`internal/session_view/alerts` endpoint:\r\n- the first one made when opening the session view component the first\r\ntime contains the `investigatedAlertId` value and returns more data\r\n\r\n\r\n- the same call made when navigating to the detailed panel alerts tab\r\nonly has `undefined` and returns less data\r\n\r\n\r\n \r\n### How to test\r\n\r\n- make sure the `securitySolution:enableVisualizationsInFlyout` advanced\r\nsettings is turned on\r\n\r\nCo-authored-by: Paulo Silva <[email protected]>","sha":"326a8d3f3b17d420f063cada2925828729186998","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat Hunting:Investigations","backport:version","v8.18.0"],"title":"[Security Solution][Alerts Detail] - fix missing investigated alert id when fetching all alerts for the details panel alerts tab","number":206873,"url":"https://github.com/elastic/kibana/pull/206873","mergeCommit":{"message":"[Security Solution][Alerts Detail] - fix missing investigated alert id when fetching all alerts for the details panel alerts tab (#206873)\n\n## Summary\r\n\r\nThis PR fixes an issue in the session view detailed panel alerts tab\r\nwhen used in the expandable flyout.\r\n\r\nAs can seen in the screenshot below, when used in the alerts table, the\r\ndetailed panel alerts tab renders the investigated alert if it is\r\navailable.\r\n\r\n\r\n\r\nBut when rendered in the expandable flyout the investigated alert is not\r\nalways rendered.\r\n\r\n\r\n\r\nThe issue came from a mistake done in [this previous\r\nPR](#200270) that aimed at\r\nextracting the session view detailed panel in the expandable flyout\r\npreview panel. Specifically [this\r\nline](https://github.com/elastic/kibana/pull/200270/files#diff-1f5a98dfb88e0067b1557ae15325887e48f561b35a0f99989360efea7f4aa6adR33)\r\nwhere I hardcoded the `investigatedAlertId` to `undefined`. I believe\r\nthis happened during early stage of the development where I just wanted\r\nto get things to run. Then when I made the `investigatedAlertId`\r\navailable via the session view panel context, I forgot to come back and\r\nreplace the `undefined`...\r\n\r\nWhen looking at the network tab, I see 2 calls to the\r\n`internal/session_view/alerts` endpoint:\r\n- the first one made when opening the session view component the first\r\ntime contains the `investigatedAlertId` value and returns more data\r\n\r\n\r\n- the same call made when navigating to the detailed panel alerts tab\r\nonly has `undefined` and returns less data\r\n\r\n\r\n \r\n### How to test\r\n\r\n- make sure the `securitySolution:enableVisualizationsInFlyout` advanced\r\nsettings is turned on\r\n\r\nCo-authored-by: Paulo Silva <[email protected]>","sha":"326a8d3f3b17d420f063cada2925828729186998"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/206873","number":206873,"mergeCommit":{"message":"[Security Solution][Alerts Detail] - fix missing investigated alert id when fetching all alerts for the details panel alerts tab (#206873)\n\n## Summary\r\n\r\nThis PR fixes an issue in the session view detailed panel alerts tab\r\nwhen used in the expandable flyout.\r\n\r\nAs can seen in the screenshot below, when used in the alerts table, the\r\ndetailed panel alerts tab renders the investigated alert if it is\r\navailable.\r\n\r\n\r\n\r\nBut when rendered in the expandable flyout the investigated alert is not\r\nalways rendered.\r\n\r\n\r\n\r\nThe issue came from a mistake done in [this previous\r\nPR](#200270) that aimed at\r\nextracting the session view detailed panel in the expandable flyout\r\npreview panel. Specifically [this\r\nline](https://github.com/elastic/kibana/pull/200270/files#diff-1f5a98dfb88e0067b1557ae15325887e48f561b35a0f99989360efea7f4aa6adR33)\r\nwhere I hardcoded the `investigatedAlertId` to `undefined`. I believe\r\nthis happened during early stage of the development where I just wanted\r\nto get things to run. Then when I made the `investigatedAlertId`\r\navailable via the session view panel context, I forgot to come back and\r\nreplace the `undefined`...\r\n\r\nWhen looking at the network tab, I see 2 calls to the\r\n`internal/session_view/alerts` endpoint:\r\n- the first one made when opening the session view component the first\r\ntime contains the `investigatedAlertId` value and returns more data\r\n\r\n\r\n- the same call made when navigating to the detailed panel alerts tab\r\nonly has `undefined` and returns less data\r\n\r\n\r\n \r\n### How to test\r\n\r\n- make sure the `securitySolution:enableVisualizationsInFlyout` advanced\r\nsettings is turned on\r\n\r\nCo-authored-by: Paulo Silva <[email protected]>","sha":"326a8d3f3b17d420f063cada2925828729186998"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Philippe Oberti <[email protected]>
viduni94
pushed a commit
to viduni94/kibana
that referenced
this pull request
Jan 23, 2025
…d when fetching all alerts for the details panel alerts tab (elastic#206873) ## Summary This PR fixes an issue in the session view detailed panel alerts tab when used in the expandable flyout. As can seen in the screenshot below, when used in the alerts table, the detailed panel alerts tab renders the investigated alert if it is available.  But when rendered in the expandable flyout the investigated alert is not always rendered.  The issue came from a mistake done in [this previous PR](elastic#200270) that aimed at extracting the session view detailed panel in the expandable flyout preview panel. Specifically [this line](https://github.com/elastic/kibana/pull/200270/files#diff-1f5a98dfb88e0067b1557ae15325887e48f561b35a0f99989360efea7f4aa6adR33) where I hardcoded the `investigatedAlertId` to `undefined`. I believe this happened during early stage of the development where I just wanted to get things to run. Then when I made the `investigatedAlertId` available via the session view panel context, I forgot to come back and replace the `undefined`... When looking at the network tab, I see 2 calls to the `internal/session_view/alerts` endpoint: - the first one made when opening the session view component the first time contains the `investigatedAlertId` value and returns more data   - the same call made when navigating to the detailed panel alerts tab only has `undefined` and returns less data   ### How to test - make sure the `securitySolution:enableVisualizationsInFlyout` advanced settings is turned on Co-authored-by: Paulo Silva <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes an issue in the session view detailed panel alerts tab when used in the expandable flyout.
As can seen in the screenshot below, when used in the alerts table, the detailed panel alerts tab renders the investigated alert if it is available.
But when rendered in the expandable flyout the investigated alert is not always rendered.
The issue came from a mistake done in this previous PR that aimed at extracting the session view detailed panel in the expandable flyout preview panel. Specifically this line where I hardcoded the
investigatedAlertIdtoundefined. I believe this happened during early stage of the development where I just wanted to get things to run. Then when I made theinvestigatedAlertIdavailable via the session view panel context, I forgot to come back and replace theundefined...When looking at the network tab, I see 2 calls to the
internal/session_view/alertsendpoint:investigatedAlertIdvalue and returns more dataundefinedand returns less dataHow to test
securitySolution:enableVisualizationsInFlyoutadvanced settings is turned on