[SecuritySolutions] Create Asset Criticality CSV upload page (#179891)

## Summary Create a new Asset Criticality page for updating asset criticality by file upload. Flaky test runner: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5662 Server side PR: #179930 https://github.com/elastic/kibana/assets/1490444/f524b5e8-8efa-40c7-8e43-45cf43decefb The new page has three steps. You can access the page by going to Security -> Manage -> Asset Criticality. <img src="https://github.com/elastic/kibana/assets/1490444/080a51bf-20e9-4f4b-84b2-13fe1cfdc1d5" width="400" /> ### File picker Step: <img src="https://github.com/elastic/kibana/assets/1490444/e3aea4b8-2083-49a4-b4bf-dbb645fb463b" width="400" /> ### File validation step <img src="https://github.com/elastic/kibana/assets/1490444/54b3018e-ef0e-4ac4-93b2-67ae02743eb8" width="400" /> ### Result step <img src="https://github.com/elastic/kibana/assets/1490444/aa47a7af-1108-4ad6-8dc0-f728e0187026" width="400" /> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) a-docker) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) ## How to test it? * Open the page * Upload a valid CSV file * Check if everything is ok on the validation step * Click Assign * Check if the success message is displayed * Open the alert flyout for an updated asset and check if it has the new value ## What is not included? * Serverless * Disable the feature when asset criticality advanced setting is disabled ## Code owners files: <details> <summary>elastic/docs</summary> * packages/kbn-doc-links/src/get_doc_links.ts * packages/kbn-doc-links/src/types.ts </details> <details> <summary>elastic/security-defend-workflows</summary> * x-pack/plugins/security_solution/public/management/links.ts </details> <details> <summary>elastic/security-detection-engine</summary> * x-pack/test/security_solution_cypress/cypress/urls/navigation.ts </details> <details> <summary>elastic/security-detections-response</summary> * x-pack/test/security_solution_cypress/cypress/fixtures/asset_criticality.csv </details> <details> <summary>elastic/security-engineering-productivity</summary> * x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/asset_criticality_upload_page.cy.ts * x-pack/test/security_solution_cypress/cypress/fixtures/asset_criticality.csv * x-pack/test/security_solution_cypress/cypress/screens/asset_criticality.ts * x-pack/test/security_solution_cypress/cypress/tasks/asset_criticality.ts * x-pack/test/security_solution_cypress/cypress/urls/navigation.ts </details> <details> <summary>elastic/security-threat-hunting</summary> * x-pack/test/security_solution_cypress/cypress/fixtures/asset_criticality.csv </details> <details> <summary>elastic/security-threat-hunting-investigations</summary> * x-pack/plugins/security_solution/public/resolver/view/panels/node_list.tsx * x-pack/test/security_solution_cypress/cypress/urls/navigation.ts </details> --------- Co-authored-by: Mark Hopkin <[email protected]>
elastic · Apr 12, 2024 · 79096be · 79096be
1 parent 73d8533
commit 79096be
Show file tree

Hide file tree

Showing 42 changed files with 2,538 additions and 13 deletions.
diff --git a/packages/deeplinks/security/deep_links.ts b/packages/deeplinks/security/deep_links.ts
@@ -83,5 +83,6 @@ export enum SecurityPageName {
   usersRisk = 'users-risk',
   entityAnalytics = 'entity_analytics',
   entityAnalyticsManagement = 'entity_analytics-management',
+  entityAnalyticsAssetClassification = 'entity_analytics-asset-classification',
   coverageOverview = 'coverage-overview',
 }
diff --git a/packages/kbn-doc-links/src/get_doc_links.ts b/packages/kbn-doc-links/src/get_doc_links.ts
@@ -483,6 +483,7 @@ export const getDocLinks = ({ kibanaBranch, buildFlavor }: GetDocLinkOptions): D
         hostRiskScore: `${SECURITY_SOLUTION_DOCS}host-risk-score.html`,
         userRiskScore: `${SECURITY_SOLUTION_DOCS}user-risk-score.html`,
         entityRiskScoring: `${SECURITY_SOLUTION_DOCS}entity-risk-scoring.html`,
+        assetCriticality: `${SECURITY_SOLUTION_DOCS}asset-criticality.html`,
       },
       detectionEngineOverview: `${SECURITY_SOLUTION_DOCS}detection-engine-overview.html`,
     },

diff --git a/packages/kbn-doc-links/src/types.ts b/packages/kbn-doc-links/src/types.ts
@@ -358,6 +358,7 @@ export interface DocLinks {
       readonly hostRiskScore: string;
       readonly userRiskScore: string;
       readonly entityRiskScoring: string;
+      readonly assetCriticality: string;
     };
     readonly detectionEngineOverview: string;
   };

diff --git a/x-pack/plugins/security_solution/common/constants.ts b/x-pack/plugins/security_solution/common/constants.ts
@@ -119,6 +119,8 @@ export const BLOCKLIST_PATH = `${MANAGEMENT_PATH}/blocklist` as const;
 export const RESPONSE_ACTIONS_HISTORY_PATH = `${MANAGEMENT_PATH}/response_actions_history` as const;
 export const ENTITY_ANALYTICS_PATH = '/entity_analytics' as const;
 export const ENTITY_ANALYTICS_MANAGEMENT_PATH = `/entity_analytics_management` as const;
+export const ENTITY_ANALYTICS_ASSET_CRITICALITY_PATH =
+  `/entity_analytics_asset_criticality` as const;
 export const APP_OVERVIEW_PATH = `${APP_PATH}${OVERVIEW_PATH}` as const;
 export const APP_LANDING_PATH = `${APP_PATH}${LANDING_PATH}` as const;
 export const APP_DETECTION_RESPONSE_PATH = `${APP_PATH}${DETECTION_RESPONSE_PATH}` as const;

diff --git a/x-pack/plugins/security_solution/public/app/translations.ts b/x-pack/plugins/security_solution/public/app/translations.ts
@@ -25,6 +25,13 @@ export const ENTITY_ANALYTICS_RISK_SCORE = i18n.translate(
   }
 );
 
+export const ASSET_CRITICALITY = i18n.translate(
+  'xpack.securitySolution.navigation.assetCriticality',
+  {
+    defaultMessage: 'Asset criticality',
+  }
+);
+
 export const DETECTION_RESPONSE = i18n.translate(
   'xpack.securitySolution.navigation.detectionResponse',
   {

diff --git a/x-pack/plugins/security_solution/public/common/icons/asset_criticality.tsx b/x-pack/plugins/security_solution/public/common/icons/asset_criticality.tsx
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { SVGProps } from 'react';
+import React from 'react';
+export const IconAssetCriticality: React.FC<SVGProps<SVGSVGElement>> = ({ ...props }) => (
+  <svg
+    fill="none"
+    xmlns="http://www.w3.org/2000/svg"
+    width="16"
+    height="16"
+    viewBox="0 0 32 32"
+    {...props}
+  >
+    <path
+      fillRule="evenodd"
+      clipRule="evenodd"
+      d="M4 24C6.20928 24 8 22.2093 8 20C8 17.7907 6.20928 16 4 16C1.79072 16 0 17.7907 0 20C0 22.2093 1.79072 24 4 24ZM4 18C5.10472 18 6 18.8953 6 20C6 21.1047 5.10472 22 4 22C2.89528 22 2 21.1047 2 20C2 18.8953 2.89528 18 4 18Z"
+      fill="#535766"
+    />
+    <path d="M3 26H5V31H3V26Z" fill="#00BFB3" />
+    <path d="M3 1H5V17H3V1Z" fill="#535766" />
+    <path
+      fillRule="evenodd"
+      clipRule="evenodd"
+      d="M16 14C18.2093 14 20 12.2093 20 10C20 7.79072 18.2093 6 16 6C13.7907 6 12 7.79072 12 10C12 12.2093 13.7907 14 16 14ZM16 8C17.1047 8 18 8.89528 18 10C18 11.1047 17.1047 12 16 12C14.8953 12 14 11.1047 14 10C14 8.89528 14.8953 8 16 8Z"
+      fill="#535766"
+    />
+    <path d="M15 16H17V31H15V16Z" fill="#00BFB3" />
+    <path d="M15 1H17V7H15V1Z" fill="#535766" />
+    <path
+      fillRule="evenodd"
+      clipRule="evenodd"
+      d="M28 24C30.2093 24 32 22.2093 32 20C32 17.7907 30.2093 16 28 16C25.7907 16 24 17.7907 24 20C24 22.2093 25.7907 24 28 24ZM28 18C29.1047 18 30 18.8953 30 20C30 21.1047 29.1047 22 28 22C26.8953 22 26 21.1047 26 20C26 18.8953 26.8953 18 28 18Z"
+      fill="#535766"
+    />
+    <path d="M27 26H29V31H27V26Z" fill="#00BFB3" />
+    <path d="M27 1H29V17H27V1Z" fill="#535766" />
+  </svg>
+);
diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts
@@ -45,6 +45,9 @@ export enum TelemetryEventTypes {
   AssistantMessageSent = 'Assistant Message Sent',
   AssistantQuickPrompt = 'Assistant Quick Prompt',
   AssistantSettingToggled = 'Assistant Setting Toggled',
+  AssetCriticalityCsvPreviewGenerated = 'Asset Criticality Csv Preview Generated',
+  AssetCriticalityFileSelected = 'Asset Criticality File Selected',
+  AssetCriticalityCsvImported = 'Asset Criticality CSV Imported',
   InsightsGenerated = 'Insights Generated',
   EntityDetailsClicked = 'Entity Details Clicked',
   EntityAlertsClicked = 'Entity Alerts Clicked',

diff --git a/...ck/plugins/security_solution/public/common/lib/telemetry/events/entity_analytics/index.ts b/...ck/plugins/security_solution/public/common/lib/telemetry/events/entity_analytics/index.ts
@@ -99,3 +99,118 @@ export const addRiskInputToTimelineClickedEvent: TelemetryEvent = {
     },
   },
 };
+
+export const assetCriticalityFileSelectedEvent: TelemetryEvent = {
+  eventType: TelemetryEventTypes.AssetCriticalityFileSelected,
+  schema: {
+    valid: {
+      type: 'boolean',
+      _meta: {
+        description: 'If the file is valid',
+        optional: false,
+      },
+    },
+    errorCode: {
+      type: 'keyword',
+      _meta: {
+        description: 'Error code if the file is invalid',
+        optional: true,
+      },
+    },
+    file: {
+      properties: {
+        size: {
+          type: 'long',
+          _meta: {
+            description: 'File size in bytes',
+            optional: false,
+          },
+        },
+      },
+    },
+  },
+};
+
+export const assetCriticalityCsvPreviewGeneratedEvent: TelemetryEvent = {
+  eventType: TelemetryEventTypes.AssetCriticalityCsvPreviewGenerated,
+  schema: {
+    file: {
+      properties: {
+        size: {
+          type: 'long',
+          _meta: {
+            description: 'File size in bytes',
+            optional: false,
+          },
+        },
+      },
+    },
+    processing: {
+      properties: {
+        startTime: {
+          type: 'date',
+          _meta: {
+            description: 'Processing start time',
+            optional: false,
+          },
+        },
+        endTime: {
+          type: 'date',
+          _meta: {
+            description: 'Processing end time',
+            optional: false,
+          },
+        },
+        tookMs: {
+          type: 'long',
+          _meta: {
+            description: 'Processing time in milliseconds',
+            optional: false,
+          },
+        },
+      },
+    },
+    stats: {
+      properties: {
+        validLines: {
+          type: 'long',
+          _meta: {
+            description: 'Number of valid lines',
+            optional: false,
+          },
+        },
+        invalidLines: {
+          type: 'long',
+          _meta: {
+            description: 'Number of invalid lines',
+            optional: false,
+          },
+        },
+        totalLines: {
+          type: 'long',
+          _meta: {
+            description: 'Total number of lines',
+            optional: false,
+          },
+        },
+      },
+    },
+  },
+};
+
+export const assetCriticalityCsvImportedEvent: TelemetryEvent = {
+  eventType: TelemetryEventTypes.AssetCriticalityCsvImported,
+  schema: {
+    file: {
+      properties: {
+        size: {
+          type: 'long',
+          _meta: {
+            description: 'File size in bytes',
+            optional: false,
+          },
+        },
+      },
+    },
+  },
+};
diff --git a/...ck/plugins/security_solution/public/common/lib/telemetry/events/entity_analytics/types.ts b/...ck/plugins/security_solution/public/common/lib/telemetry/events/entity_analytics/types.ts
@@ -29,13 +29,46 @@ export interface ReportAddRiskInputToTimelineClickedParams {
   quantity: number;
 }
 
+export interface ReportAssetCriticalityFileSelectedParams {
+  valid: boolean;
+  errorCode?: string;
+  file: {
+    size: number;
+  };
+}
+
+export interface ReportAssetCriticalityCsvPreviewGeneratedParams {
+  file: {
+    size: number;
+  };
+  processing: {
+    startTime: string;
+    endTime: string;
+    tookMs: number;
+  };
+  stats: {
+    validLines: number;
+    invalidLines: number;
+    totalLines: number;
+  };
+}
+
+export interface ReportAssetCriticalityCsvImportedParams {
+  file: {
+    size: number;
+  };
+}
+
 export type ReportEntityAnalyticsTelemetryEventParams =
   | ReportEntityDetailsClickedParams
   | ReportEntityAlertsClickedParams
   | ReportEntityRiskFilteredParams
   | ReportToggleRiskSummaryClickedParams
   | ReportRiskInputsExpandedFlyoutOpenedParams
-  | ReportAddRiskInputToTimelineClickedParams;
+  | ReportAddRiskInputToTimelineClickedParams
+  | ReportAssetCriticalityCsvPreviewGeneratedParams
+  | ReportAssetCriticalityFileSelectedParams
+  | ReportAssetCriticalityCsvImportedParams;
 
 export type EntityAnalyticsTelemetryEvent =
   | {
@@ -61,4 +94,16 @@ export type EntityAnalyticsTelemetryEvent =
   | {
       eventType: TelemetryEventTypes.RiskInputsExpandedFlyoutOpened;
       schema: RootSchema<ReportRiskInputsExpandedFlyoutOpenedParams>;
+    }
+  | {
+      eventType: TelemetryEventTypes.AssetCriticalityCsvPreviewGenerated;
+      schema: RootSchema<ReportAssetCriticalityCsvPreviewGeneratedParams>;
+    }
+  | {
+      eventType: TelemetryEventTypes.AssetCriticalityFileSelected;
+      schema: RootSchema<ReportAssetCriticalityFileSelectedParams>;
+    }
+  | {
+      eventType: TelemetryEventTypes.AssetCriticalityCsvImported;
+      schema: RootSchema<ReportAssetCriticalityCsvImportedParams>;
     };
diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/telemetry_events.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/events/telemetry_events.ts
@@ -18,6 +18,9 @@ import {
   addRiskInputToTimelineClickedEvent,
   RiskInputsExpandedFlyoutOpenedEvent,
   toggleRiskSummaryClickedEvent,
+  assetCriticalityCsvPreviewGeneratedEvent,
+  assetCriticalityFileSelectedEvent,
+  assetCriticalityCsvImportedEvent,
 } from './entity_analytics';
 import {
   assistantInvokedEvent,
@@ -152,6 +155,9 @@ export const telemetryEvents = [
   entityClickedEvent,
   entityAlertsClickedEvent,
   entityRiskFilteredEvent,
+  assetCriticalityCsvPreviewGeneratedEvent,
+  assetCriticalityFileSelectedEvent,
+  assetCriticalityCsvImportedEvent,
   toggleRiskSummaryClickedEvent,
   RiskInputsExpandedFlyoutOpenedEvent,
   addRiskInputToTimelineClickedEvent,

diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.mock.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.mock.ts
@@ -29,5 +29,8 @@ export const createTelemetryClientMock = (): jest.Mocked<TelemetryClientStart> =
   reportAddRiskInputToTimelineClicked: jest.fn(),
   reportDetailsFlyoutOpened: jest.fn(),
   reportDetailsFlyoutTabClicked: jest.fn(),
+  reportAssetCriticalityCsvPreviewGenerated: jest.fn(),
+  reportAssetCriticalityFileSelected: jest.fn(),
+  reportAssetCriticalityCsvImported: jest.fn(),
   reportInsightsGenerated: jest.fn(),
 });
diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts
@@ -29,9 +29,12 @@ import type {
   ReportToggleRiskSummaryClickedParams,
   ReportDetailsFlyoutOpenedParams,
   ReportDetailsFlyoutTabClickedParams,
+  ReportAssetCriticalityCsvPreviewGeneratedParams,
+  ReportAssetCriticalityFileSelectedParams,
+  ReportAssetCriticalityCsvImportedParams,
+  ReportAddRiskInputToTimelineClickedParams,
 } from './types';
 import { TelemetryEventTypes } from './constants';
-import type { ReportAddRiskInputToTimelineClickedParams } from './events/entity_analytics/types';
 
 /**
  * Client which aggregate all the available telemetry tracking functions
@@ -94,6 +97,22 @@ export class TelemetryClient implements TelemetryClientStart {
     });
   };
 
+  public reportAssetCriticalityCsvPreviewGenerated = (
+    params: ReportAssetCriticalityCsvPreviewGeneratedParams
+  ) => {
+    this.analytics.reportEvent(TelemetryEventTypes.AssetCriticalityCsvPreviewGenerated, params);
+  };
+
+  public reportAssetCriticalityFileSelected = (
+    params: ReportAssetCriticalityFileSelectedParams
+  ) => {
+    this.analytics.reportEvent(TelemetryEventTypes.AssetCriticalityFileSelected, params);
+  };
+
+  public reportAssetCriticalityCsvImported = (params: ReportAssetCriticalityCsvImportedParams) => {
+    this.analytics.reportEvent(TelemetryEventTypes.AssetCriticalityCsvImported, params);
+  };
+
   public reportMLJobUpdate = (params: ReportMLJobUpdateParams) => {
     this.analytics.reportEvent(TelemetryEventTypes.MLJobUpdate, params);
   };

diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/types.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/types.ts
@@ -35,6 +35,9 @@ import type {
   ReportEntityRiskFilteredParams,
   ReportRiskInputsExpandedFlyoutOpenedParams,
   ReportToggleRiskSummaryClickedParams,
+  ReportAssetCriticalityCsvPreviewGeneratedParams,
+  ReportAssetCriticalityFileSelectedParams,
+  ReportAssetCriticalityCsvImportedParams,
 } from './events/entity_analytics/types';
 import type {
   AssistantTelemetryEvent,
@@ -62,6 +65,9 @@ export type {
   ReportRiskInputsExpandedFlyoutOpenedParams,
   ReportToggleRiskSummaryClickedParams,
   ReportAddRiskInputToTimelineClickedParams,
+  ReportAssetCriticalityCsvPreviewGeneratedParams,
+  ReportAssetCriticalityFileSelectedParams,
+  ReportAssetCriticalityCsvImportedParams,
 } from './events/entity_analytics/types';
 export * from './events/document_details/types';
 
@@ -129,7 +135,12 @@ export interface TelemetryClientStart {
   reportToggleRiskSummaryClicked(params: ReportToggleRiskSummaryClickedParams): void;
   reportRiskInputsExpandedFlyoutOpened(params: ReportRiskInputsExpandedFlyoutOpenedParams): void;
   reportAddRiskInputToTimelineClicked(params: ReportAddRiskInputToTimelineClickedParams): void;
-
+  // Entity Analytics Asset Criticality
+  reportAssetCriticalityFileSelected(params: ReportAssetCriticalityFileSelectedParams): void;
+  reportAssetCriticalityCsvPreviewGenerated(
+    params: ReportAssetCriticalityCsvPreviewGeneratedParams
+  ): void;
+  reportAssetCriticalityCsvImported(params: ReportAssetCriticalityCsvImportedParams): void;
   reportCellActionClicked(params: ReportCellActionClickedParams): void;
 
   reportAnomaliesCountClicked(params: ReportAnomaliesCountClickedParams): void;

diff --git a/x-pack/plugins/security_solution/public/common/mock/storybook_providers.tsx b/x-pack/plugins/security_solution/public/common/mock/storybook_providers.tsx
@@ -62,6 +62,7 @@ const coreMock = {
   settings: {
     client: {
       get: () => {},
+      get$: () => new Subject(),
       set: () => {},
     },
   },