Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Implement "select all" rules #100554

Merged
merged 1 commit into from
Jun 9, 2021
Merged

[Security Solution][Detections] Implement "select all" rules #100554

merged 1 commit into from
Jun 9, 2021

Conversation

xcrzx
Copy link
Contributor

@xcrzx xcrzx commented May 25, 2021
edited
Loading

Addresses: #99440

Summary

Screen.Recording.2021-06-01.at.17.42.25.mov
  • Add new detection_engine/rules/_bulk_action API endpoint. It accepts a filter query, and a bulks action: enable, disable, export, delete, duplicate. Under the hood, it queries detection rules using the provided filter string and applies the action to each of them. Currently, the number of rules is limited to 10,000.
  • From the user's perspective, when a filter query matches more rules than could fit on one page, a "Select all X rules" control is displayed. By clicking on the control all rules get selected.
  • Renamed all occurrences of userHasNoPermissions to userHasPermissions to get rid of expressions like userHasNoPermissions={false} 🤯.
  • Refactored <GenericDownloader /> component into downloadBlob method. That simplifies file download logic and allows to download rules without knowing their ids.

Checklist

@xcrzx xcrzx force-pushed the 99440-select-all-rules branch 3 times, most recently from 7167ef6 to 0ca06c4 Compare May 28, 2021 11:34
@xcrzx xcrzx changed the title Implement "select all" rules [Security Solution][Detections] Implement "select all" rules May 28, 2021
@xcrzx xcrzx requested a review from a team May 28, 2021 12:22
@xcrzx xcrzx self-assigned this May 28, 2021
@xcrzx xcrzx force-pushed the 99440-select-all-rules branch 2 times, most recently from b6543a0 to 3bac34a Compare May 28, 2021 17:17
@xcrzx xcrzx added Team:Detections and Resp Security Detection Response Team release_note:enhancement auto-backport Deprecated - use backport:version if exact versions are needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.14.0 v8.0.0 labels May 31, 2021
@xcrzx xcrzx force-pushed the 99440-select-all-rules branch 9 times, most recently from 7445ab1 to c00073c Compare June 2, 2021 16:00
@xcrzx
Copy link
Contributor Author

xcrzx commented Jun 2, 2021

@elasticmachine merge upstream

1 similar comment
@xcrzx
Copy link
Contributor Author

xcrzx commented Jun 3, 2021

@elasticmachine merge upstream

@xcrzx xcrzx marked this pull request as ready for review June 3, 2021 09:33
@xcrzx xcrzx requested a review from a team as a code owner June 3, 2021 09:33
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@peluja1012
Copy link
Contributor

Hi @xcrzx, thanks for implementing this long overdue feature! I did some testing and found a couple of issues that I think we should look into.

  1. Currently, when users select the current page, we disable the Export action if there are any prebuilt rules selected (link to source). In general, we don't allow users to export prebuilt rules. I noticed that with the new "select all" functionality, the Export action is always enabled. When users only have prebuilt rules installed, click "select all", and then select the Export action, it results in an ndjson file that looks like this. I'm not sure if there is an efficient way to determine if we should enable/disable the Exportaction when the users clicks "select all", but maybe we could present a user with an error or warning if they try to export a set of rules that contains prebuilt rules.

    // rules_export.ndjson
{
    "exported_count": 0,
    "missing_rules": [
        {
            "rule_id": "df197323-72a8-46a9-a08e-3f5b04a4a97a"
        },
        {
            "rule_id": "184dfe52-2999-42d9-b9d1-d1ca54495a61"
        },
        ...
    ],
    "missing_rules_count": 535
}

  2. Now that we're providing users with a "select all" feature, there shouldn't be a need for them to display 600 rules on the page at once. We should limit the per_page options in the table. We could provide the same options that we do in the Alerts List page and give them the option to display up to 100 rows.

  3. I don't think this was introduced by this PR, but I noticed that the selection goes away after every "refresh" interval, which I think defaults to 60 seconds. So if a user clicks "select all" say at 55 seconds into the "refresh" interval, 5 seconds later the selection goes away and the user needs to click "select all" again if they want to perform an action on those rules.

    rule_selection_goes_away_after_refresh.mov

@xcrzx xcrzx force-pushed the 99440-select-all-rules branch from afd419a to 7bc37f8 Compare June 7, 2021 08:07
@xcrzx
Copy link
Contributor Author

xcrzx commented Jun 7, 2021
edited
Loading

Hey @peluja1012, Thank you for reviewing this PR.

  1. Currently, when users select the current page, we disable the Export action if there are any prebuilt rules selected.

With the "select all" feature, there is no easy way to say if the user has selected prebuilt rules. So disabling the Export button doesn't seem like an option to me. But what about showing a notification to the user with something like: "Successfully exported X of Y rules. Prebuilt rules were excluded from the resulting file."?

  1. Now that we're providing users with a "select all" feature, there shouldn't be a need for them to display 600 rules on the page at once.

Sure, no problem. I'll limit the maximum number of rows by 100.

  1. I don't think this was introduced by this PR, but I noticed that the selection goes away after every "refresh" interval, which I think defaults to 60 seconds.

Yea, I've also seen this. There is some strange logic implemented which resets the current selection on every refresh. I don't know whether it was implemented on purpose, but we could improve the rule table's UX a little bit by removing it.

UPD: I think I've found out why the table's selection gets reset after every update. Fresh data could contain a different set of rows, so previously selected rows could become no longer visible on the current page. But in the case when all rows are selected, we can keep the selection.

@xcrzx xcrzx force-pushed the 99440-select-all-rules branch 3 times, most recently from baf2a2f to 775a6a8 Compare June 7, 2021 12:45
@peluja1012
Copy link
Contributor

But what about showing a notification to the user with something like: "Successfully exported X of Y rules. Prebuilt rules were excluded from the resulting file."?

Hi @xcrzx, this sounds good to me. Thanks!

But in the case when all rows are selected, we can keep the selection.

👍

@xcrzx xcrzx force-pushed the 99440-select-all-rules branch 4 times, most recently from d898781 to 9db2f46 Compare June 8, 2021 08:14
This was referenced Jun 8, 2021
Open
Open
@xcrzx xcrzx force-pushed the 99440-select-all-rules branch from 9db2f46 to 18eb397 Compare June 8, 2021 10:57
@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / general / Chrome X-Pack UI Functional Tests.x-pack/test/functional/apps/monitoring/elasticsearch/nodes·js.Monitoring app Elasticsearch nodes listing with only online nodes should filter for non-existent index

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 2 times on tracked branches: https://github.com/elastic/kibana/issues/100438

[00:00:00]       │
[00:00:00]         └-: Monitoring app
[00:00:00]           └-> "before all" hook in "Monitoring app"
[00:05:08]           └-: Elasticsearch nodes listing
[00:05:08]             └-> "before all" hook in "Elasticsearch nodes listing"
[00:06:19]             └-: with only online nodes
[00:06:19]               └-> "before all" hook for "should have an Elasticsearch Cluster Summary Status with correct info"
[00:06:19]               └-> "before all" hook for "should have an Elasticsearch Cluster Summary Status with correct info"
[00:06:19]                 │ debg set roles = monitoring_user,kibana_admin
[00:06:19]                 │ debg creating user test_user
[00:06:19]                 │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1623149907925323912] updated user [test_user]
[00:06:19]                 │ debg created user test_user
[00:06:19]                 │ debg TestSubjects.exists(kibanaChrome)
[00:06:19]                 │ debg Find.existsByCssSelector('[data-test-subj="kibanaChrome"]') with timeout=2500
[00:06:19]                 │ debg browser[INFO] http://localhost:61211/app/monitoring?_t=1623151741648#/elasticsearch/nodes?_g=(cluster_uuid:YCxj-RAgSZCP6GuOQ8M1EQ,refreshInterval:(pause:!t,value:10000),time:(from:'2017-10-05T20:28:28.475Z',to:'2017-10-05T20:34:38.341Z')) 340 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:06:19]                 │
[00:06:19]                 │ debg browser[INFO] http://localhost:61211/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:06:20]                 │ debg TestSubjects.find(kibanaChrome)
[00:06:20]                 │ debg Find.findByCssSelector('[data-test-subj="kibanaChrome"]') with timeout=100000
[00:06:20]                 │ proc [kibana]   log   [11:30:10.779] [error][monitoring][monitoring][plugins] Error: Unable to find the cluster in the selected time range. UUID: YCxj-RAgSZCP6GuOQ8M1EQ
[00:06:20]                 │ proc [kibana]     at getClustersFromRequest (/dev/shm/workspace/kibana-build-21/x-pack/plugins/monitoring/server/lib/cluster/get_clusters_from_request.js:94:32)
[00:06:20]                 │ proc [kibana]     at runMicrotasks (<anonymous>)
[00:06:20]                 │ proc [kibana]     at processTicksAndRejections (internal/process/task_queues.js:95:5)
[00:06:20]                 │ proc [kibana]     at Object.handler (/dev/shm/workspace/kibana-build-21/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.js:59:20)
[00:06:20]                 │ proc [kibana]     at handler (/dev/shm/workspace/kibana-build-21/x-pack/plugins/monitoring/server/plugin.js:372:28)
[00:06:20]                 │ proc [kibana]     at Router.handle (/dev/shm/workspace/kibana-build-21/src/core/server/http/router/router.js:163:30)
[00:06:20]                 │ proc [kibana]     at handler (/dev/shm/workspace/kibana-build-21/src/core/server/http/router/router.js:124:50)
[00:06:20]                 │ proc [kibana]     at exports.Manager.execute (/dev/shm/workspace/kibana-build-21/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
[00:06:20]                 │ proc [kibana]     at Object.internals.handler (/dev/shm/workspace/kibana-build-21/node_modules/@hapi/hapi/lib/handler.js:46:20)
[00:06:20]                 │ proc [kibana]     at exports.execute (/dev/shm/workspace/kibana-build-21/node_modules/@hapi/hapi/lib/handler.js:31:20)
[00:06:20]                 │ proc [kibana]     at Request._lifecycle (/dev/shm/workspace/kibana-build-21/node_modules/@hapi/hapi/lib/request.js:370:32)
[00:06:20]                 │ proc [kibana]     at Request._execute (/dev/shm/workspace/kibana-build-21/node_modules/@hapi/hapi/lib/request.js:279:9) {
[00:06:20]                 │ proc [kibana]   data: null,
[00:06:20]                 │ proc [kibana]   isBoom: true,
[00:06:20]                 │ proc [kibana]   isServer: false,
[00:06:20]                 │ proc [kibana]   output: {
[00:06:20]                 │ proc [kibana]     statusCode: 404,
[00:06:20]                 │ proc [kibana]     payload: {
[00:06:20]                 │ proc [kibana]       statusCode: 404,
[00:06:20]                 │ proc [kibana]       error: 'Not Found',
[00:06:20]                 │ proc [kibana]       message: 'Unable to find the cluster in the selected time range. UUID: YCxj-RAgSZCP6GuOQ8M1EQ'
[00:06:20]                 │ proc [kibana]     },
[00:06:20]                 │ proc [kibana]     headers: {}
[00:06:20]                 │ proc [kibana]   }
[00:06:20]                 │ proc [kibana] }
[00:06:20]                 │ERROR browser[SEVERE] http://localhost:61211/api/monitoring/v1/clusters/YCxj-RAgSZCP6GuOQ8M1EQ - Failed to load resource: the server responded with a status of 404 (Not Found)
[00:06:20]                 │ERROR browser[SEVERE] http://localhost:61211/api/fleet/epm/packages?experimental=true - Failed to load resource: the server responded with a status of 403 (Forbidden)
[00:06:20]                 │ info [monitoring/singlecluster_three_nodes_shard_relocation] Loading "mappings.json"
[00:06:20]                 │ info [monitoring/singlecluster_three_nodes_shard_relocation] Loading "data.json.gz"
[00:06:20]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1623149907925323912] [.monitoring-kibana-6-2017.10.05] creating index, cause [api], templates [], shards [1]/[1]
[00:06:20]                 │ info [monitoring/singlecluster_three_nodes_shard_relocation] Created index ".monitoring-kibana-6-2017.10.05"
[00:06:20]                 │ debg [monitoring/singlecluster_three_nodes_shard_relocation] ".monitoring-kibana-6-2017.10.05" settings {"index":{"codec":"best_compression","format":"6","number_of_replicas":"1","number_of_shards":"1"}}
[00:06:20]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1623149907925323912] [.monitoring-alerts-6] creating index, cause [api], templates [], shards [1]/[1]
[00:06:20]                 │ info [monitoring/singlecluster_three_nodes_shard_relocation] Created index ".monitoring-alerts-6"
[00:06:20]                 │ debg [monitoring/singlecluster_three_nodes_shard_relocation] ".monitoring-alerts-6" settings {"index":{"codec":"best_compression","format":"6","number_of_replicas":"1","number_of_shards":"1"}}
[00:06:20]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1623149907925323912] [.monitoring-logstash-6-2017.10.05] creating index, cause [api], templates [], shards [1]/[1]
[00:06:21]                 │ info [monitoring/singlecluster_three_nodes_shard_relocation] Created index ".monitoring-logstash-6-2017.10.05"
[00:06:21]                 │ debg [monitoring/singlecluster_three_nodes_shard_relocation] ".monitoring-logstash-6-2017.10.05" settings {"index":{"codec":"best_compression","format":"6","number_of_replicas":"1","number_of_shards":"1"}}
[00:06:21]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1623149907925323912] [.monitoring-es-6-2017.10.05] creating index, cause [api], templates [], shards [1]/[1]
[00:06:21]                 │ info [monitoring/singlecluster_three_nodes_shard_relocation] Created index ".monitoring-es-6-2017.10.05"
[00:06:21]                 │ debg [monitoring/singlecluster_three_nodes_shard_relocation] ".monitoring-es-6-2017.10.05" settings {"index":{"codec":"best_compression","format":"6","number_of_replicas":"1","number_of_shards":"1"}}
[00:06:21]                 │ info [monitoring/singlecluster_three_nodes_shard_relocation] Indexed 21 docs into ".monitoring-kibana-6-2017.10.05"
[00:06:21]                 │ info [monitoring/singlecluster_three_nodes_shard_relocation] Indexed 1 docs into ".monitoring-alerts-6"
[00:06:21]                 │ info [monitoring/singlecluster_three_nodes_shard_relocation] Indexed 3 docs into ".monitoring-logstash-6-2017.10.05"
[00:06:21]                 │ info [monitoring/singlecluster_three_nodes_shard_relocation] Indexed 1317 docs into ".monitoring-es-6-2017.10.05"
[00:06:21]                 │ debg replacing kibana config doc: {}
[00:06:21]                 │ debg navigating to monitoring url: http://localhost:61211/app/monitoring
[00:06:21]                 │ debg navigate to: http://localhost:61211/app/monitoring
[00:06:22]                 │ debg browser[INFO] http://localhost:61211/app/monitoring?_t=1623151811728 340 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:06:22]                 │
[00:06:22]                 │ debg browser[INFO] http://localhost:61211/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:06:22]                 │ debg ... sleep(700) start
[00:06:22]                 │ debg ... sleep(700) end
[00:06:22]                 │ debg returned from get, calling refresh
[00:06:23]                 │ERROR browser[SEVERE] http://localhost:61211/api/fleet/epm/packages?experimental=true - Failed to load resource: the server responded with a status of 403 (Forbidden)
[00:06:23]                 │ debg browser[INFO] http://localhost:61211/app/monitoring?_t=1623151811728#/loading?_g=(filters:!(),refreshInterval:(pause:!f,value:10000),time:(from:now-15m,to:now)) 340 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:06:23]                 │
[00:06:23]                 │ debg browser[INFO] http://localhost:61211/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:06:24]                 │ debg currentUrl = http://localhost:61211/app/monitoring#/loading?_g=(filters:!(),refreshInterval:(pause:!f,value:10000),time:(from:now-15m,to:now))
[00:06:24]                 │          appUrl = http://localhost:61211/app/monitoring
[00:06:24]                 │ debg TestSubjects.find(kibanaChrome)
[00:06:24]                 │ debg Find.findByCssSelector('[data-test-subj="kibanaChrome"]') with timeout=60000
[00:06:24]                 │ debg ... sleep(501) start
[00:06:24]                 │ERROR browser[SEVERE] http://localhost:61211/api/fleet/epm/packages?experimental=true - Failed to load resource: the server responded with a status of 403 (Forbidden)
[00:06:24]                 │ERROR browser[SEVERE] http://localhost:61211/api/monitoring/v1/elasticsearch_settings/check/cluster - Failed to load resource: the server responded with a status of 403 (Forbidden)
[00:06:24]                 │ERROR browser[SEVERE] http://localhost:61211/api/monitoring/v1/elasticsearch_settings/check/nodes - Failed to load resource: the server responded with a status of 403 (Forbidden)
[00:06:25]                 │ debg ... sleep(501) end
[00:06:25]                 │ debg in navigateTo url = http://localhost:61211/app/monitoring#/no-data?_g=(filters:!(),refreshInterval:(pause:!f,value:10000),time:(from:now-15m,to:now))
[00:06:25]                 │ debg --- retry.tryForTime error: URL changed, waiting for it to settle
[00:06:25]                 │ debg ... sleep(501) start
[00:06:26]                 │ debg ... sleep(501) end
[00:06:26]                 │ debg in navigateTo url = http://localhost:61211/app/monitoring#/no-data?_g=(filters:!(),refreshInterval:(pause:!f,value:10000),time:(from:now-15m,to:now))
[00:06:26]                 │ debg pauseAutoRefresh
[00:06:26]                 │ debg setting menu open state [name=QuickSelectTime Menu] [state=open]
[00:06:26]                 │ debg TestSubjects.exists(superDatePickerQuickMenu)
[00:06:26]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="superDatePickerQuickMenu"]') with timeout=1000
[00:06:27]                 │ debg --- retry.tryForTime error: [data-test-subj="superDatePickerQuickMenu"] is not displayed
[00:06:27]                 │ debg TestSubjects.click(superDatePickerToggleQuickMenuButton)
[00:06:27]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerToggleQuickMenuButton"]') with timeout=10000
[00:06:27]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerToggleQuickMenuButton"]') with timeout=10000
[00:06:27]                 │ debg TestSubjects.exists(superDatePickerQuickMenu)
[00:06:27]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="superDatePickerQuickMenu"]') with timeout=10000
[00:06:27]                 │ debg TestSubjects.getAttribute(superDatePickerRefreshIntervalInput, value, tryTimeout=120000, findTimeout=10000)
[00:06:27]                 │ debg TestSubjects.find(superDatePickerRefreshIntervalInput)
[00:06:27]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerRefreshIntervalInput"]') with timeout=10000
[00:06:27]                 │ debg TestSubjects.find(superDatePickerRefreshIntervalUnitsSelect)
[00:06:27]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerRefreshIntervalUnitsSelect"]') with timeout=10000
[00:06:27]                 │ debg Find.allDescendantDisplayedByCssSelector('option')
[00:06:28]                 │ debg TestSubjects.getVisibleText(superDatePickerToggleRefreshButton)
[00:06:28]                 │ debg TestSubjects.find(superDatePickerToggleRefreshButton)
[00:06:28]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerToggleRefreshButton"]') with timeout=10000
[00:06:28]                 │ debg pause auto refresh
[00:06:28]                 │ debg TestSubjects.click(superDatePickerToggleRefreshButton)
[00:06:28]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerToggleRefreshButton"]') with timeout=10000
[00:06:28]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerToggleRefreshButton"]') with timeout=10000
[00:06:28]                 │ debg setting menu open state [name=QuickSelectTime Menu] [state=closed]
[00:06:28]                 │ debg TestSubjects.exists(superDatePickerQuickMenu)
[00:06:28]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="superDatePickerQuickMenu"]') with timeout=1000
[00:06:28]                 │ debg TestSubjects.click(superDatePickerToggleQuickMenuButton)
[00:06:28]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerToggleQuickMenuButton"]') with timeout=10000
[00:06:28]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerToggleQuickMenuButton"]') with timeout=10000
[00:06:28]                 │ debg Find.waitForDeletedByCssSelector('[data-test-subj="superDatePickerQuickMenu"]') with timeout=10000
[00:06:29]                 │ debg Setting absolute range to Oct 5, 2017 @ 20:31:48.354 to Oct 5, 2017 @ 20:35:12.176
[00:06:29]                 │ debg TestSubjects.exists(superDatePickerToggleQuickMenuButton)
[00:06:29]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="superDatePickerToggleQuickMenuButton"]') with timeout=20000
[00:06:29]                 │ debg TestSubjects.exists(superDatePickerShowDatesButton)
[00:06:29]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="superDatePickerShowDatesButton"]') with timeout=2500
[00:06:29]                 │ debg TestSubjects.click(superDatePickerShowDatesButton)
[00:06:29]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerShowDatesButton"]') with timeout=10000
[00:06:29]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerShowDatesButton"]') with timeout=10000
[00:06:29]                 │ debg TestSubjects.exists(superDatePickerstartDatePopoverButton)
[00:06:29]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="superDatePickerstartDatePopoverButton"]') with timeout=2500
[00:06:29]                 │ debg TestSubjects.click(superDatePickerendDatePopoverButton)
[00:06:29]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerendDatePopoverButton"]') with timeout=10000
[00:06:29]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerendDatePopoverButton"]') with timeout=10000
[00:06:29]                 │ debg Find.findByCssSelector('div.euiPopover__panel-isOpen') with timeout=10000
[00:06:29]                 │ debg TestSubjects.click(superDatePickerAbsoluteTab)
[00:06:29]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerAbsoluteTab"]') with timeout=10000
[00:06:29]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerAbsoluteTab"]') with timeout=10000
[00:06:29]                 │ debg TestSubjects.click(superDatePickerAbsoluteDateInput)
[00:06:29]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerAbsoluteDateInput"]') with timeout=10000
[00:06:29]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerAbsoluteDateInput"]') with timeout=10000
[00:06:29]                 │ debg TestSubjects.setValue(superDatePickerAbsoluteDateInput, Oct 5, 2017 @ 20:35:12.176)
[00:06:29]                 │ debg TestSubjects.click(superDatePickerAbsoluteDateInput)
[00:06:29]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerAbsoluteDateInput"]') with timeout=10000
[00:06:29]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerAbsoluteDateInput"]') with timeout=10000
[00:06:30]                 │ debg TestSubjects.click(superDatePickerstartDatePopoverButton)
[00:06:30]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerstartDatePopoverButton"]') with timeout=10000
[00:06:30]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerstartDatePopoverButton"]') with timeout=10000
[00:06:30]                 │ debg Find.waitForElementStale with timeout=10000
[00:06:30]                 │ debg Find.findByCssSelector('div.euiPopover__panel-isOpen') with timeout=10000
[00:06:30]                 │ debg TestSubjects.click(superDatePickerAbsoluteTab)
[00:06:30]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerAbsoluteTab"]') with timeout=10000
[00:06:30]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerAbsoluteTab"]') with timeout=10000
[00:06:31]                 │ debg TestSubjects.click(superDatePickerAbsoluteDateInput)
[00:06:31]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerAbsoluteDateInput"]') with timeout=10000
[00:06:31]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerAbsoluteDateInput"]') with timeout=10000
[00:06:31]                 │ debg TestSubjects.setValue(superDatePickerAbsoluteDateInput, Oct 5, 2017 @ 20:31:48.354)
[00:06:31]                 │ debg TestSubjects.click(superDatePickerAbsoluteDateInput)
[00:06:31]                 │ debg Find.clickByCssSelector('[data-test-subj="superDatePickerAbsoluteDateInput"]') with timeout=10000
[00:06:31]                 │ debg Find.findByCssSelector('[data-test-subj="superDatePickerAbsoluteDateInput"]') with timeout=10000
[00:06:31]                 │ debg TestSubjects.exists(superDatePickerApplyTimeButton)
[00:06:31]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="superDatePickerApplyTimeButton"]') with timeout=2500
[00:06:34]                 │ debg --- retry.tryForTime error: [data-test-subj="superDatePickerApplyTimeButton"] is not displayed
[00:06:34]                 │ debg TestSubjects.click(querySubmitButton)
[00:06:34]                 │ debg Find.clickByCssSelector('[data-test-subj="querySubmitButton"]') with timeout=10000
[00:06:34]                 │ debg Find.findByCssSelector('[data-test-subj="querySubmitButton"]') with timeout=10000
[00:06:34]                 │ debg Find.waitForElementStale with timeout=10000
[00:06:35]                 │ debg TestSubjects.exists(globalLoadingIndicator-hidden)
[00:06:35]                 │ debg Find.existsByCssSelector('[data-test-subj="globalLoadingIndicator-hidden"]') with timeout=100000
[00:06:35]                 │ debg TestSubjects.click(clusterItemContainerElasticsearch > esNumberOfNodes)
[00:06:35]                 │ debg Find.clickByCssSelector('[data-test-subj="clusterItemContainerElasticsearch"] [data-test-subj="esNumberOfNodes"]') with timeout=10000
[00:06:35]                 │ debg Find.findByCssSelector('[data-test-subj="clusterItemContainerElasticsearch"] [data-test-subj="esNumberOfNodes"]') with timeout=10000
[00:06:36]                 │ debg TestSubjects.find(elasticsearchNodesListingPage)
[00:06:36]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchNodesListingPage"]') with timeout=10000
[00:06:36]               └-> should have an Elasticsearch Cluster Summary Status with correct info
[00:06:36]                 └-> "before each" hook: global before each for "should have an Elasticsearch Cluster Summary Status with correct info"
[00:06:36]                 │ debg TestSubjects.getVisibleText(elasticsearchClusterStatus > nodesCount)
[00:06:36]                 │ debg TestSubjects.find(elasticsearchClusterStatus > nodesCount)
[00:06:36]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchClusterStatus"] [data-test-subj="nodesCount"]') with timeout=10000
[00:06:36]                 │ debg TestSubjects.getVisibleText(elasticsearchClusterStatus > indicesCount)
[00:06:36]                 │ debg TestSubjects.find(elasticsearchClusterStatus > indicesCount)
[00:06:36]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchClusterStatus"] [data-test-subj="indicesCount"]') with timeout=10000
[00:06:36]                 │ debg TestSubjects.getVisibleText(elasticsearchClusterStatus > memory)
[00:06:36]                 │ debg TestSubjects.find(elasticsearchClusterStatus > memory)
[00:06:36]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchClusterStatus"] [data-test-subj="memory"]') with timeout=10000
[00:06:36]                 │ debg TestSubjects.getVisibleText(elasticsearchClusterStatus > totalShards)
[00:06:36]                 │ debg TestSubjects.find(elasticsearchClusterStatus > totalShards)
[00:06:36]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchClusterStatus"] [data-test-subj="totalShards"]') with timeout=10000
[00:06:36]                 │ debg TestSubjects.getVisibleText(elasticsearchClusterStatus > unassignedShards)
[00:06:36]                 │ debg TestSubjects.find(elasticsearchClusterStatus > unassignedShards)
[00:06:36]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchClusterStatus"] [data-test-subj="unassignedShards"]') with timeout=10000
[00:06:36]                 │ debg TestSubjects.getVisibleText(elasticsearchClusterStatus > documentCount)
[00:06:36]                 │ debg TestSubjects.find(elasticsearchClusterStatus > documentCount)
[00:06:36]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchClusterStatus"] [data-test-subj="documentCount"]') with timeout=10000
[00:06:36]                 │ debg TestSubjects.getVisibleText(elasticsearchClusterStatus > dataSize)
[00:06:36]                 │ debg TestSubjects.find(elasticsearchClusterStatus > dataSize)
[00:06:36]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchClusterStatus"] [data-test-subj="dataSize"]') with timeout=10000
[00:06:36]                 │ debg TestSubjects.getAttribute(elasticsearchClusterStatus > statusIcon, alt, tryTimeout=120000, findTimeout=10000)
[00:06:36]                 │ debg TestSubjects.find(elasticsearchClusterStatus > statusIcon)
[00:06:36]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchClusterStatus"] [data-test-subj="statusIcon"]') with timeout=10000
[00:06:36]                 └- ✓ pass  (504ms) "Monitoring app Elasticsearch nodes listing with only online nodes should have an Elasticsearch Cluster Summary Status with correct info"
[00:06:36]               └-> should filter for specific indices
[00:06:36]                 └-> "before each" hook: global before each for "should filter for specific indices"
[00:06:36]                 │ debg TestSubjects.setValue(elasticsearchNodesTableContainer > monitoringTableToolBar, 01)
[00:06:36]                 │ debg TestSubjects.click(elasticsearchNodesTableContainer > monitoringTableToolBar)
[00:06:36]                 │ debg Find.clickByCssSelector('[data-test-subj="elasticsearchNodesTableContainer"] [data-test-subj="monitoringTableToolBar"]') with timeout=10000
[00:06:36]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchNodesTableContainer"] [data-test-subj="monitoringTableToolBar"]') with timeout=10000
[00:06:37]                 │ debg isGlobalLoadingIndicatorVisible
[00:06:37]                 │ debg TestSubjects.exists(globalLoadingIndicator)
[00:06:37]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="globalLoadingIndicator"]') with timeout=1500
[00:06:38]                 │ debg --- retry.tryForTime error: [data-test-subj="globalLoadingIndicator"] is not displayed
[00:06:39]                 │ debg TestSubjects.exists(globalLoadingIndicator-hidden)
[00:06:39]                 │ debg Find.existsByCssSelector('[data-test-subj="globalLoadingIndicator-hidden"]') with timeout=100000
[00:06:39]                 │ debg Find.waitForDeletedByCssSelector('.euiBasicTable-loading') with timeout=5000
[00:06:39]                 │ debg TestSubjects.find(elasticsearchNodesTableContainer)
[00:06:39]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchNodesTableContainer"]') with timeout=10000
[00:06:39]                 │ debg TestSubjects.setValue(elasticsearchNodesTableContainer > monitoringTableToolBar,  )
[00:06:39]                 │ debg TestSubjects.click(elasticsearchNodesTableContainer > monitoringTableToolBar)
[00:06:39]                 │ debg Find.clickByCssSelector('[data-test-subj="elasticsearchNodesTableContainer"] [data-test-subj="monitoringTableToolBar"]') with timeout=10000
[00:06:39]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchNodesTableContainer"] [data-test-subj="monitoringTableToolBar"]') with timeout=10000
[00:06:39]                 │ debg Find.waitForDeletedByCssSelector('.euiBasicTable-loading') with timeout=5000
[00:06:40]                 └- ✓ pass  (4.0s) "Monitoring app Elasticsearch nodes listing with only online nodes should filter for specific indices"
[00:06:40]               └-> should filter for non-existent index
[00:06:40]                 └-> "before each" hook: global before each for "should filter for non-existent index"
[00:06:40]                 │ debg TestSubjects.setValue(elasticsearchNodesTableContainer > monitoringTableToolBar, foobar)
[00:06:40]                 │ debg TestSubjects.click(elasticsearchNodesTableContainer > monitoringTableToolBar)
[00:06:40]                 │ debg Find.clickByCssSelector('[data-test-subj="elasticsearchNodesTableContainer"] [data-test-subj="monitoringTableToolBar"]') with timeout=10000
[00:06:40]                 │ debg Find.findByCssSelector('[data-test-subj="elasticsearchNodesTableContainer"] [data-test-subj="monitoringTableToolBar"]') with timeout=10000
[00:06:41]                 │ debg isGlobalLoadingIndicatorVisible
[00:06:41]                 │ debg TestSubjects.exists(globalLoadingIndicator)
[00:06:41]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="globalLoadingIndicator"]') with timeout=1500
[00:06:42]                 │ERROR browser[SEVERE] http://localhost:61211/api/monitoring/v1/clusters/YCxj-RAgSZCP6GuOQ8M1EQ/elasticsearch/nodes - Failed to load resource: net::ERR_NETWORK_CHANGED
[00:06:42]                 │ERROR browser[SEVERE] http://localhost:61211/api/monitoring/v1/clusters/YCxj-RAgSZCP6GuOQ8M1EQ/elasticsearch/nodes - Failed to load resource: net::ERR_NETWORK_CHANGED
[00:06:42]                 │ERROR browser[SEVERE] http://localhost:61211/api/monitoring/v1/clusters/YCxj-RAgSZCP6GuOQ8M1EQ/elasticsearch/nodes - Failed to load resource: net::ERR_NETWORK_CHANGED
[00:06:42]                 │ERROR browser[SEVERE] http://localhost:61211/api/monitoring/v1/clusters/YCxj-RAgSZCP6GuOQ8M1EQ/elasticsearch/nodes - Failed to load resource: net::ERR_NETWORK_CHANGED
[00:06:42]                 │ERROR browser[SEVERE] http://localhost:61211/api/monitoring/v1/clusters/YCxj-RAgSZCP6GuOQ8M1EQ/elasticsearch/nodes - Failed to load resource: net::ERR_NETWORK_CHANGED
[00:06:42]                 │ERROR browser[SEVERE] http://localhost:61211/api/monitoring/v1/clusters/YCxj-RAgSZCP6GuOQ8M1EQ/elasticsearch/nodes - Failed to load resource: net::ERR_NETWORK_CHANGED
[00:06:42]                 │ debg --- retry.tryForTime error: [data-test-subj="globalLoadingIndicator"] is not displayed
[00:06:43]                 │ debg TestSubjects.exists(globalLoadingIndicator-hidden)
[00:06:43]                 │ debg Find.existsByCssSelector('[data-test-subj="globalLoadingIndicator-hidden"]') with timeout=100000
[00:06:43]                 │ debg Find.waitForDeletedByCssSelector('.euiBasicTable-loading') with timeout=5000
[00:06:43]                 │ debg TestSubjects.exists(elasticsearchNodesTableContainer > monitoringTableNoData)
[00:06:43]                 │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="elasticsearchNodesTableContainer"] [data-test-subj="monitoringTableNoData"]') with timeout=2500
[00:06:46]                 │ debg --- retry.tryForTime error: [data-test-subj="elasticsearchNodesTableContainer"] [data-test-subj="monitoringTableNoData"] is not displayed
[00:06:46]                 │ info Taking screenshot "/dev/shm/workspace/parallel/21/kibana/x-pack/test/functional/screenshots/failure/Monitoring app Elasticsearch nodes listing with only online nodes should filter for non-existent index.png"
[00:06:46]                 │ info Current URL is: http://localhost:61211/app/monitoring#/elasticsearch/nodes?_g=(cluster_uuid:YCxj-RAgSZCP6GuOQ8M1EQ,refreshInterval:(pause:!t,value:10000),time:(from:%272017-10-05T20:31:48.354Z%27,to:%272017-10-05T20:35:12.176Z%27))
[00:06:46]                 │ info Saving page source to: /dev/shm/workspace/parallel/21/kibana/x-pack/test/functional/failure_debug/html/Monitoring app Elasticsearch nodes listing with only online nodes should filter for non-existent index.html
[00:06:46]                 └- ✖ fail: Monitoring app Elasticsearch nodes listing with only online nodes should filter for non-existent index
[00:06:46]                 │      Error: Expected to find the no data message
[00:06:46]                 │       at MonitoringPage.assertTableNoData (test/functional/page_objects/monitoring_page.ts:24:15)
[00:06:46]                 │       at Context.<anonymous> (test/functional/apps/monitoring/elasticsearch/nodes.js:289:9)
[00:06:46]                 │       at Object.apply (/dev/shm/workspace/parallel/21/kibana/node_modules/@kbn/test/src/functional_test_runner/lib/mocha/wrap_function.js:73:16)
[00:06:46]                 │ 
[00:06:46]                 │

Stack Trace

Error: Expected to find the no data message
    at MonitoringPage.assertTableNoData (test/functional/page_objects/monitoring_page.ts:24:15)
    at Context.<anonymous> (test/functional/apps/monitoring/elasticsearch/nodes.js:289:9)
    at Object.apply (/dev/shm/workspace/parallel/21/kibana/node_modules/@kbn/test/src/functional_test_runner/lib/mocha/wrap_function.js:73:16)

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 2236 2239 +3

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 6.9MB 6.9MB +4.0KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 61.2KB 61.5KB +320.0B

History

  • 💚 Build #129693 succeeded 9db2f46a47c0ccdfd47b2de7fd49981e018931d7
  • 💔 Build #129612 failed d89878168c11cc19b04182e409489667d843e012
  • 💔 Build #129602 failed 5e2d71c5a6cd0653084b5a088dd9543e3ce0aaf4
  • 💔 Build #129466 failed 775a6a8abe0ec2954ce39e0dc87d993b2713dede
  • 💔 Build #129461 failed baf2a2fd3557ed2456e43b62824f1c3503df31fd

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @xcrzx

FrankHassanabad
FrankHassanabad reviewed Jun 8, 2021
View reviewed changes
x-pack/plugins/security_solution/public/common/hooks/use_value_changed.ts
* Use this method to watch value for changes.
*
* CAUTION: you probably don't need this hook. Try to use useEffect first.
* It is only useful in rare cases when a value differs by reference but not by content between renders.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

FrankHassanabad
FrankHassanabad approved these changes Jun 8, 2021
View reviewed changes
Copy link
Contributor

@FrankHassanabad FrankHassanabad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the updates

peluja1012
peluja1012 approved these changes Jun 9, 2021
View reviewed changes
Copy link
Contributor

@peluja1012 peluja1012 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for your hard work on this feature @xcrzx!

@xcrzx xcrzx merged commit 16e66b8 into elastic:master Jun 9, 2021
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Jun 9, 2021
@xcrzx @kibanamachine
Implement "select all" rules feature (elastic#100554)
fa19bad
@kibanamachine kibanamachine mentioned this pull request Jun 9, 2021
Merged
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

gmmorris added a commit to gmmorris/kibana that referenced this pull request Jun 9, 2021
@gmmorris
Merge branch 'master' into task-manager/capacity-estimation
0270133 
* master: (54 commits)
  Implement "select all" rules feature (elastic#100554)
  [ML] Remove script fields from the Anomaly detection alerting rule executor  (elastic#101607)
  [Security solutions][Endpoint] Update event filtering texts (elastic#101563)
  [Enterprise Search] Mocks/tests tech debt - avoid hungry mocking (elastic#101107)
  [FTR] Updates esArchive paths
  [FTR] Updates esArchive paths
  [Security Solution][Detection Engine] Adds runtime field tests (elastic#101664)
  Added APM PHP agent to the list of agent names (elastic#101062)
  [CI] Restore old version_info behavior when .git directory is present (elastic#101642)
  [Fleet] Add fleet server telemetry (elastic#101400)
  [APM] Syncs agent config settings to APM Fleet policies (elastic#100744)
  [esArchiver] drop support for --dir, use repo-relative paths instead (elastic#101345)
  Revert "[xpack/test] restore incremental: false in ts project"
  [Security Solution] Remove Host Isolation feature flag (elastic#101655)
  [xpack/test] restore incremental: false in ts project
  [DOCS] Adds link to video landing page (elastic#101413)
  [ML] Move Index Data Visualizer into separate plugin (Part 1) (elastic#100922)
  Improve security plugin return types (elastic#101492)
  [ts] migrate `x-pack/test` to composite ts project (elastic#101441)
  [App Search] Updated Search UI to new URL (elastic#101320)
  ...
This was referenced Jun 9, 2021
Merged
Closed
kibanamachine added a commit that referenced this pull request Jun 9, 2021
@kibanamachine @xcrzx
Implement "select all" rules feature (#100554) (#101722)
24f99de 
Co-authored-by: Dmitry Shevchenko <[email protected]>
@peluja1012 peluja1012 mentioned this pull request Jun 14, 2021
Closed
@xcrzx xcrzx mentioned this pull request Jun 15, 2021
Closed
@peluja1012 peluja1012 mentioned this pull request Jun 22, 2021
Closed
@peluja1012 peluja1012 mentioned this pull request Jul 8, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FrankHassanabad FrankHassanabad FrankHassanabad approved these changes

@peluja1012 peluja1012 peluja1012 approved these changes

Assignees

@xcrzx xcrzx

Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:enhancement Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.14.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@xcrzx @elasticmachine @peluja1012 @kibanamachine @FrankHassanabad