Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM] Default the Timeline events filter to show All events #58953

Merged
merged 4 commits into from
Mar 2, 2020
Merged

[SIEM] Default the Timeline events filter to show All events #58953

merged 4 commits into from
Mar 2, 2020

Conversation

andrew-goldstein
Copy link
Contributor

[SIEM] Default the Timeline events filter to show All events

The Timeline events filter introduced in 7.6 to support the detection engine defaulted to filtering by Raw events, and thus required manually selecting All events or Signal events from the dropdown to view signals.

The new default is All events, per the screenshots below:

Before

event-filter-before

After

event-filter-after

@andrew-goldstein andrew-goldstein self-assigned this Feb 28, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@andrew-goldstein
## [SIEM] Default the Timeline events filter to show All events
6e0d2db 
The Timeline events filter introduced in `7.6` to support the [detection engine](https://www.elastic.co/guide/en/siem/guide/current/detection-engine-overview.html) defaulted to filtering by `Raw events`, and thus required manually selecting `All events` or `Signal events` from the dropdown to view signals.

The new default is `All events`, per the screenshots below:

### Before
![event-filter-before](https://user-images.githubusercontent.com/4459398/75593223-ecc61500-5a41-11ea-8d7d-8db5eccb1eb4.png)

### After
![event-filter-after](https://user-images.githubusercontent.com/4459398/75593238-f5b6e680-5a41-11ea-9e12-2fc1232f58d1.png)
FrankHassanabad
FrankHassanabad approved these changes Feb 29, 2020
View reviewed changes
Copy link
Contributor

@FrankHassanabad FrankHassanabad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked it out and ran the code and this looks 👍
LGTM

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@elastic elastic deleted a comment from XavierM Mar 2, 2020
@andrew-goldstein andrew-goldstein merged commit e9abe73 into elastic:master Mar 2, 2020
@andrew-goldstein andrew-goldstein deleted the default-to-all-events branch March 2, 2020 16:36
This was referenced Mar 2, 2020
Merged
Merged
andrew-goldstein added a commit to andrew-goldstein/kibana that referenced this pull request Mar 2, 2020
@andrew-goldstein
[SIEM] Default the Timeline events filter to show All events (elastic…
c7febd7 
…#58953)

## [SIEM] Default the Timeline events filter to show All events

The Timeline events filter introduced in `7.6` to support the [detection engine](https://www.elastic.co/guide/en/siem/guide/current/detection-engine-overview.html) defaulted to filtering by `Raw events`, and thus required manually selecting `All events` or `Signal events` from the dropdown to view signals.

The new default is `All events`, per the screenshots below:

### Before
![event-filter-before](https://user-images.githubusercontent.com/4459398/75593223-ecc61500-5a41-11ea-8d7d-8db5eccb1eb4.png)

### After
![event-filter-after](https://user-images.githubusercontent.com/4459398/75593238-f5b6e680-5a41-11ea-9e12-2fc1232f58d1.png)
gmmorris added a commit to gmmorris/kibana that referenced this pull request Mar 3, 2020
@gmmorris
Merge branch 'master' into alerting/view-in-app
5184196 
* master: (26 commits)
  [Endpoint] Alert Details Overview (elastic#58412)
  Service map language icons (elastic#58633)
  [SIEM] [Case] Comments to case view (elastic#58315)
  Remove appBasePath from docs + add mock for AppMountParameters (elastic#58775)
  [kbn/optimizer] fix ui/* url rewrites in dist (elastic#58627)
  Dashboard a11y tests (elastic#58122)
  Downgrade "setting up plugin" log to debug (elastic#58776)
  [CI] Pipeline refactoring (elastic#56447)
  [Advanced Settings] Fix a11y of unsaved indicator (elastic#58511)
  put params into short url instead of behind it (elastic#58846)
  show timepicker in timelion and tsvb (elastic#58857)
  improve graph missing workspace error message (elastic#58876)
  [Maps] direct Discover "visualize" to open Maps application (elastic#58549)
  Disallow duplicate percentiles (elastic#57444) (elastic#58299)
  removing references to visTypes uiExports (elastic#58337)
  [SIEM] Default the Timeline events filter to show All events (elastic#58953)
  [Remote clusters] Add indexManagement as required plugin (elastic#58915)
  [DOCS] Rework of main get started page (elastic#58260)
  [Endpoint] [Tests] fixes elastic#57946 flaky endpoint policy list test (elastic#58348)
  [Endpoint] add resolver middleware (elastic#58288)
  ...
@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Mar 3, 2020
andrew-goldstein added a commit that referenced this pull request Mar 3, 2020
@andrew-goldstein
[7.6] [SIEM] Default the Timeline events filter to show All events (#…
e29a53f 
…58953) (#59059)

* [SIEM] Default the Timeline events filter to show All events (#58953)

## [SIEM] Default the Timeline events filter to show All events

The Timeline events filter introduced in `7.6` to support the [detection engine](https://www.elastic.co/guide/en/siem/guide/current/detection-engine-overview.html) defaulted to filtering by `Raw events`, and thus required manually selecting `All events` or `Signal events` from the dropdown to view signals.

The new default is `All events`, per the screenshots below:

### Before
![event-filter-before](https://user-images.githubusercontent.com/4459398/75593223-ecc61500-5a41-11ea-8d7d-8db5eccb1eb4.png)

### After
![event-filter-after](https://user-images.githubusercontent.com/4459398/75593238-f5b6e680-5a41-11ea-9e12-2fc1232f58d1.png)

* * Added `eventType`, which is a required prop in `7.6.x` to pass the type check, along with this note:

```
CAUTION: `eventType` is an optional prop in post-`7.6.x` branches. In later branches, `eventType`
is omitted from this test, to truly verify the new default from redux. In this branch, we must
specify `eventType` to pass the type check, but this is not the true intent of this test.
```
@kibanamachine kibanamachine removed the backport missing Added to PRs automatically when the are determined to be missing a backport. label Mar 3, 2020
@elastic elastic deleted a comment from kibanamachine Mar 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FrankHassanabad FrankHassanabad FrankHassanabad approved these changes

Assignees

@andrew-goldstein andrew-goldstein

Labels
release_note:fix Team:SIEM v7.6.2 v7.7.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@andrew-goldstein @elasticmachine @kibanamachine @FrankHassanabad