-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SIEM] Alerts view - adding alerts table #51959
Merged
Merged
Changes from all commits
Commits
Show all changes
37 commits
Select commit
Hold shift + click to select a range
6e4e895
add alert view to hosts page
angorayc 43be007
add defaultHeaders
angorayc 745dad1
add alerts table
angorayc 4b7ea70
fix dsl query
angorayc 1b153d8
add alerts histogram
angorayc ee3aca7
Merge remote-tracking branch 'upstream/master' into alert-view
angorayc 16a0306
Merge remote-tracking branch 'upstream/master' into alert-view
angorayc d605ffb
add i18n for alerts table
angorayc 56be243
fix types error
angorayc 6140dd2
fix type issue
angorayc c9f00a7
Merge remote-tracking branch 'upstream/master' into alert-view
angorayc 71ef4a0
whitespace cleanup
patrykkopycinski 2f45923
fix types
patrykkopycinski 5044662
fix types
patrykkopycinski 4fd84dc
Merge branch 'alert-view' of github.com:angorayc/kibana into alert-view
angorayc a9c020e
fix types
angorayc 89823a3
fix types
angorayc ae8fd5e
fix types
angorayc 592a8ed
rename params
angorayc 001aed3
fix unit test
angorayc 9c40863
fix types
angorayc 1d7b42e
revert change on updateHostsSort
angorayc 69d5476
remove unused prop
angorayc b2cd515
Merge remote-tracking branch 'upstream/master' into alert-view
angorayc 838c9bc
update unit test
angorayc f231c4e
pair programming with angela to get filter working
XavierM 5acbff6
update alerts query
angorayc 9479d73
clean up
angorayc 8133ffa
fix queries
angorayc 69d2a87
align type for pageFilters
angorayc 1e22251
apply page filter for network page
angorayc 2eeeb78
Merge branch 'master' into alert-view
elasticmachine ccc57ff
simplify filter props for alerts view
angorayc ec44616
clean up
angorayc c49b214
Merge branch 'alert-view' of github.com:angorayc/kibana into alert-view
angorayc 0de574e
replace hard coded tab name
angorayc affdcf1
Merge remote-tracking branch 'upstream/master' into alert-view
angorayc File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
85 changes: 85 additions & 0 deletions
85
x-pack/legacy/plugins/siem/public/components/alerts_viewer/alerts_table.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import React, { useMemo } from 'react'; | ||
|
||
import { esFilters } from '../../../../../../../src/plugins/data/common/es_query'; | ||
import { StatefulEventsViewer } from '../events_viewer'; | ||
import * as i18n from './translations'; | ||
import { alertsDefaultModel } from './default_headers'; | ||
|
||
export interface OwnProps { | ||
end: number; | ||
id: string; | ||
start: number; | ||
} | ||
|
||
const ALERTS_TABLE_ID = 'timeline-alerts-table'; | ||
const defaultAlertsFilters: esFilters.Filter[] = [ | ||
{ | ||
meta: { | ||
alias: null, | ||
negate: false, | ||
disabled: false, | ||
type: 'phrase', | ||
key: 'event.kind', | ||
params: { | ||
query: 'alert', | ||
}, | ||
}, | ||
query: { | ||
bool: { | ||
filter: [ | ||
{ | ||
bool: { | ||
should: [ | ||
{ | ||
match: { | ||
'event.kind': 'alert', | ||
}, | ||
}, | ||
], | ||
minimum_should_match: 1, | ||
}, | ||
}, | ||
], | ||
}, | ||
}, | ||
}, | ||
]; | ||
|
||
export const AlertsTable = React.memo( | ||
({ | ||
endDate, | ||
startDate, | ||
pageFilters = [], | ||
}: { | ||
endDate: number; | ||
startDate: number; | ||
pageFilters?: esFilters.Filter[]; | ||
}) => { | ||
const alertsFilter = useMemo(() => [...defaultAlertsFilters, ...pageFilters], [pageFilters]); | ||
return ( | ||
<StatefulEventsViewer | ||
defaultFilters={alertsFilter} | ||
defaultModel={alertsDefaultModel} | ||
end={endDate} | ||
id={ALERTS_TABLE_ID} | ||
start={startDate} | ||
timelineTypeContext={useMemo( | ||
() => ({ | ||
documentType: i18n.ALERTS_DOCUMENT_TYPE, | ||
footerText: i18n.TOTAL_COUNT_OF_ALERTS, | ||
showCheckboxes: false, | ||
showRowRenderers: false, | ||
title: i18n.ALERTS_TABLE_TITLE, | ||
}), | ||
[] | ||
)} | ||
/> | ||
); | ||
} | ||
); |
68 changes: 68 additions & 0 deletions
68
x-pack/legacy/plugins/siem/public/components/alerts_viewer/default_headers.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { ColumnHeader } from '../timeline/body/column_headers/column_header'; | ||
import { defaultColumnHeaderType } from '../timeline/body/column_headers/default_headers'; | ||
import { DEFAULT_COLUMN_MIN_WIDTH, DEFAULT_DATE_COLUMN_MIN_WIDTH } from '../timeline/body/helpers'; | ||
import { timelineDefaults, SubsetTimelineModel } from '../../store/timeline/model'; | ||
|
||
export const alertsHeaders: ColumnHeader[] = [ | ||
{ | ||
columnHeaderType: defaultColumnHeaderType, | ||
id: '@timestamp', | ||
width: DEFAULT_DATE_COLUMN_MIN_WIDTH, | ||
}, | ||
{ | ||
columnHeaderType: defaultColumnHeaderType, | ||
id: 'event.module', | ||
width: DEFAULT_COLUMN_MIN_WIDTH, | ||
}, | ||
{ | ||
columnHeaderType: defaultColumnHeaderType, | ||
id: 'event.dataset', | ||
width: DEFAULT_COLUMN_MIN_WIDTH, | ||
}, | ||
{ | ||
columnHeaderType: defaultColumnHeaderType, | ||
id: 'event.category', | ||
width: DEFAULT_COLUMN_MIN_WIDTH, | ||
}, | ||
{ | ||
columnHeaderType: defaultColumnHeaderType, | ||
id: 'event.severity', | ||
width: DEFAULT_COLUMN_MIN_WIDTH, | ||
}, | ||
{ | ||
columnHeaderType: defaultColumnHeaderType, | ||
id: 'observer.name', | ||
width: DEFAULT_COLUMN_MIN_WIDTH, | ||
}, | ||
{ | ||
columnHeaderType: defaultColumnHeaderType, | ||
id: 'host.name', | ||
width: DEFAULT_COLUMN_MIN_WIDTH, | ||
}, | ||
{ | ||
columnHeaderType: defaultColumnHeaderType, | ||
id: 'message', | ||
width: DEFAULT_COLUMN_MIN_WIDTH, | ||
}, | ||
{ | ||
columnHeaderType: defaultColumnHeaderType, | ||
id: 'agent.id', | ||
width: DEFAULT_COLUMN_MIN_WIDTH, | ||
}, | ||
{ | ||
columnHeaderType: defaultColumnHeaderType, | ||
id: 'agent.type', | ||
width: DEFAULT_COLUMN_MIN_WIDTH, | ||
}, | ||
]; | ||
|
||
export const alertsDefaultModel: SubsetTimelineModel = { | ||
...timelineDefaults, | ||
columns: alertsHeaders, | ||
}; | ||
59 changes: 59 additions & 0 deletions
59
x-pack/legacy/plugins/siem/public/components/alerts_viewer/index.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { noop } from 'lodash/fp'; | ||
import React from 'react'; | ||
|
||
import { EuiSpacer } from '@elastic/eui'; | ||
import { manageQuery } from '../page/manage_query'; | ||
import { AlertsOverTimeHistogram } from '../page/hosts/alerts_over_time'; | ||
import { AlertsComponentsQueryProps } from './types'; | ||
import { AlertsOverTimeQuery } from '../../containers/alerts/alerts_over_time'; | ||
import { hostsModel } from '../../store/model'; | ||
import { AlertsTable } from './alerts_table'; | ||
|
||
const AlertsOverTimeManage = manageQuery(AlertsOverTimeHistogram); | ||
export const AlertsView = ({ | ||
defaultFilters, | ||
deleteQuery, | ||
endDate, | ||
filterQuery, | ||
pageFilters, | ||
skip, | ||
setQuery, | ||
startDate, | ||
type, | ||
updateDateRange = noop, | ||
}: AlertsComponentsQueryProps) => ( | ||
<> | ||
<AlertsOverTimeQuery | ||
endDate={endDate} | ||
filterQuery={filterQuery} | ||
sourceId="default" | ||
startDate={startDate} | ||
type={hostsModel.HostsType.page} | ||
> | ||
angorayc marked this conversation as resolved.
Show resolved
Hide resolved
|
||
{({ alertsOverTime, loading, id, inspect, refetch, totalCount }) => ( | ||
<AlertsOverTimeManage | ||
data={alertsOverTime!} | ||
endDate={endDate} | ||
id={id} | ||
inspect={inspect} | ||
loading={loading} | ||
refetch={refetch} | ||
setQuery={setQuery} | ||
startDate={startDate} | ||
totalCount={totalCount} | ||
updateDateRange={updateDateRange} | ||
/> | ||
)} | ||
</AlertsOverTimeQuery> | ||
<EuiSpacer size="l" /> | ||
<AlertsTable endDate={endDate} startDate={startDate} pageFilters={pageFilters} /> | ||
</> | ||
); | ||
|
||
AlertsView.displayName = 'AlertsView'; |
19 changes: 19 additions & 0 deletions
19
x-pack/legacy/plugins/siem/public/components/alerts_viewer/translations.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { i18n } from '@kbn/i18n'; | ||
|
||
export const ALERTS_DOCUMENT_TYPE = i18n.translate('xpack.siem.hosts.alertsDocumentType', { | ||
defaultMessage: 'Alerts', | ||
}); | ||
|
||
export const TOTAL_COUNT_OF_ALERTS = i18n.translate('xpack.siem.hosts.totalCountOfAlerts', { | ||
defaultMessage: 'alerts match the search criteria', | ||
}); | ||
|
||
export const ALERTS_TABLE_TITLE = i18n.translate('xpack.siem.hosts.alertsDocumentType', { | ||
defaultMessage: 'Alerts', | ||
}); |
26 changes: 26 additions & 0 deletions
26
x-pack/legacy/plugins/siem/public/components/alerts_viewer/types.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { esFilters } from '../../../../../../../src/plugins/data/common'; | ||
import { HostsComponentsQueryProps } from '../../pages/hosts/navigation/types'; | ||
import { NetworkComponentQueryProps } from '../../pages/network/navigation/types'; | ||
|
||
type CommonQueryProps = HostsComponentsQueryProps | NetworkComponentQueryProps; | ||
export interface AlertsComponentsQueryProps | ||
extends Pick< | ||
CommonQueryProps, | ||
| 'deleteQuery' | ||
| 'endDate' | ||
| 'filterQuery' | ||
| 'skip' | ||
| 'setQuery' | ||
| 'startDate' | ||
| 'type' | ||
| 'updateDateRange' | ||
> { | ||
pageFilters: esFilters.Filter[]; | ||
defaultFilters?: esFilters.Filter[]; | ||
XavierM marked this conversation as resolved.
Show resolved
Hide resolved
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nothing to change here, but just a heads up that I ended up moving
showCheckboxes
andshowRowRenderers
from theTimelineTypeContext
into redux, so when we merge we'll want to add the following to thealertsDefaultModel
( showCheckboxes defaults to false in timelineDefaults, and can be left off)