Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Migrate security Alerts from usage of TGrid component to the new data grid exposed by triggers_actions_ui plugin #138868

Closed
YulNaumenko opened this issue Aug 16, 2022 · 2 comments
Assignees
Labels
8.8 candidate epic research Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team technical debt Improvement of the software architecture and operational architecture v8.8.0

Comments

@YulNaumenko
Copy link
Contributor

YulNaumenko commented Aug 16, 2022

The goal of the issue is to migrate from the existing EuiDataGrid layer (previously TGrid sub component) usage for the Alerts tables to the new data grid - stateful component common for Security, Observability and Stack Management.
This work has pre-requisite work defined by the issues.

The scope includes:

  1. Usage of the new component registry interface to enrich the new table with security functionality:
export interface AlertsTableConfigurationRegistry {
  id: string;
  casesFeatureId: string;
  columns: EuiDataGridColumn[];
  useInternalFlyout?: () => {
      header: AlertTableFlyoutComponent;
      body: AlertTableFlyoutComponent;
      footer: AlertTableFlyoutComponent;
    };
  sort?: SortCombinations[];
  getRenderCellValue?: GetRenderCellValue;
  useActionsColumn?: () => {
    renderCustomActionsRow: (
      alert: EcsFieldsResponse,
      setFlyoutAlert: (data: unknown) => void,
      id?: string
    ) => JSX.Element;
    width?: number;
  };
  useBulkActions?: UseBulkActionsRegistry;
}

Screen Shot 2022-10-11 at 9 27 03 PM

Basic example for cases is here:

registry.register({
id: APP_ID,
casesFeatureId: CASES_FEATURE_ID,
columns: alertColumns,
getRenderCellValue: useRenderCellValue as GetRenderCellValue,
useInternalFlyout: () => {
const { header, body, footer } = useToGetInternalFlyout();
return { header, body, footer };
},

Lets describe all the parts we need to match with the new configuration:

  • useInternalFlyout we should verify how does it fit with our existing flyout.

  • useActionsColumn will be a replacement to the existing leadingControlColumns. Example from Observability:

useActionsColumn: getRowActions(observabilityRuleTypeRegistry),
getRenderCellValue: (({ setFlyoutAlert }: { setFlyoutAlert: (data: TopAlert) => void }) => {

  • getRenderCellValue configuration option should be used to set up the data value renderers which currently implemented by

const renderTGridCellValue = useMemo(() => {
const Cell: React.FC<EuiDataGridCellValueElementProps> = ({
columnId,
rowIndex,
colIndex,
setCellProps,
isDetails,
}): React.ReactElement | null => {
const pageRowIndex = getPageRowIndex(rowIndex, pageSize);
const rowData = pageRowIndex < data.length ? data[pageRowIndex].data : null;
const header = columnHeaders.find((h) => h.id === columnId);
const eventId = pageRowIndex < data.length ? data[pageRowIndex]._id : null;
const ecs = pageRowIndex < data.length ? data[pageRowIndex].ecs : null;
useEffect(() => {
const defaultStyles = { overflow: 'hidden' };
setCellProps({ style: { ...defaultStyles } });
if (ecs && rowData) {
addBuildingBlockStyle(ecs, theme, setCellProps, defaultStyles);
} else {
// disable the cell when it has no data
setCellProps({ style: { display: 'none' } });
}

  • useBulkActions?: UseBulkActionsRegistry; should help us to add our own bulk actions defined here:

const toolbarVisibility: EuiDataGridToolBarVisibilityOptions = useMemo(
() => ({
additionalControls: (
<>
{isLoading && <EuiProgress size="xs" position="absolute" color="accent" />}
<AlertCount data-test-subj="server-side-event-count">{alertCountText}</AlertCount>
{showBulkActions ? (
<>
<Suspense fallback={<EuiLoadingSpinner />}>
<StatefulAlertBulkActions
showAlertStatusActions={showAlertStatusActions}
data-test-subj="bulk-actions"
id={id}
totalItems={totalSelectAllAlerts ?? totalItems}
filterStatus={filterStatus}
query={filterQuery}
indexName={indexNames.join()}
onActionSuccess={onAlertStatusActionSuccess}
onActionFailure={onAlertStatusActionFailure}
customBulkActions={additionalBulkActions}
refetch={refetch}
/>
</Suspense>
{additionalControls ?? null}
</>

Screen Shot 2022-08-17 at 6 53 54 AM

We have pretty similar interface to the expected UseBulkActionsRegistry under timelines StatefulAlertBulkActionsProps

export interface CustomBulkAction {
  key: string;
  label: string;
  disableOnQuery?: boolean;
  disabledLabel?: string;
  onClick: (items?: TimelineItem[]) => void;
  ['data-test-subj']?: string;
}

export type CustomBulkActionProp = Omit<CustomBulkAction, 'onClick'> & {
  onClick: (eventIds: string[]) => void;
};
  • useActionsColumn

As a simpler example could be used Observability registry configuration getAsyncO11yAlertsTableConfiguration.

  1. Add a new table component from the triggersActionsUi plugin by using plugin interface method:
getAlertsStateTable: (props: AlertsTableStateProps) => ReactElement<AlertsTableStateProps>;
  1. Do the comparison of the difference for the UI details we have between existing TGrid EuiDataGrid and the new table component. For example column actions naming:

Screen Shot 2022-08-15 at 4 26 47 PM

@YulNaumenko YulNaumenko added technical debt Improvement of the software architecture and operational architecture research Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team labels Aug 16, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@YulNaumenko YulNaumenko changed the title [Security Solution][Epic][POC] Migrate from usage of T-Grid component to the new data grid exposed by triggers_actions_ui plugin [Security Solution] Migrate from usage of T-Grid component to the new data grid exposed by triggers_actions_ui plugin Oct 12, 2022
@YulNaumenko YulNaumenko changed the title [Security Solution] Migrate from usage of T-Grid component to the new data grid exposed by triggers_actions_ui plugin [Security Solution] Migrate security Alerts from usage of TGrid component to the new data grid exposed by triggers_actions_ui plugin Oct 12, 2022
@YulNaumenko YulNaumenko assigned logeekal and unassigned janmonschke Feb 8, 2023
@logeekal
Copy link
Contributor

Resolved with #149128

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
8.8 candidate epic research Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Investigations Team technical debt Improvement of the software architecture and operational architecture v8.8.0
Projects
None yet
Development

No branches or pull requests

7 participants