[Security Solution][Detection Alerts] Changes in-progress status to acknowledged #107972
Conversation
dplumlee
added
release_note:enhancement
v8.0.0
Team:Detections and Resp
dplumlee
force-pushed
the
in-progress-acknowledged-switch
branch
2 times, most recently
from
5d05168
to
370ac1d
Compare
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
There was a problem hiding this comment.
I checked this out and observed behavior with existing alerts. We're broadening the validations here so we should be safe in terms of legacy data, and most logic appears to treat in-progress and acknowledged identically. At a high level this seems like an opportunity to apply some "transform on read" functionality to alerts, but totally understand if that's not feasible right now.
Like other reviewers I'd love to see an integration test that asserts something about the new status value; it's also a little concerning that none of the existing integration tests do so 😬 .
dplumlee
force-pushed
the
in-progress-acknowledged-switch
branch
from
da035ee
to
51a4d0a
Compare
| @@ -193,7 +194,8 @@ export const AlertsTableComponent: React.FC<AlertsTableComponentProps> = ({ | |||
| title = i18n.OPENED_ALERT_FAILED_TOAST; | |||
| break; | |||
| case 'in-progress': | |||
There was a problem hiding this comment.
Can you create a separate issue to remove the in-progress references later on?
There was a problem hiding this comment.
issue here #109030
| ctx._source.threat.enrichments.add(enrichment); | ||
| } | ||
| ctx._source.threat.remove("indicator"); | ||
| } | ||
|
|
||
| // migrate status | ||
| if(ctx._source.signal?.status == "in-progress") { |
|
|
||
| /** | ||
| * @deprecated | ||
| * TODO: Remove after `acknowledged` migration |
There was a problem hiding this comment.
This can go with the issue above. Just don't want us to lose track of this and have a build up of dead code
|
@elasticmachine merge upstream |
dplumlee
added
the
auto-backport
| @@ -337,7 +337,9 @@ describe('EventsViewer', () => { | |||
| <EventsViewer | |||
| {...eventsViewerDefaultProps} | |||
| graphEventId={undefined} | |||
| headerFilterGroup={<AlertsTableFilterGroup onFilterGroupChanged={jest.fn()} />} | |||
| headerFilterGroup={ | |||
There was a problem hiding this comment.
the headerFilterGroup should not be used anymore
There was a problem hiding this comment.
the AlertsTableFilterGroup component updated, but we should probably delete/modify most of these since we don't use it this way in the app anymore
There was a problem hiding this comment.
@XavierM we still have the property there though, no? I don't think we need this many tests anymore but it might be worthwhile to keep some around in case we use it with the component somewhere down the line.
| </StatusFilterButton> | ||
| </StatusFilterGroup> | ||
| <EuiButtonGroup | ||
| legend="filter status" |
There was a problem hiding this comment.
maybe we need translations here
| options={options} | ||
| idSelected={status} | ||
| data-test-subj="alerts-table-filter-group" | ||
| onChange={(id) => onFilterGroupChanged(id as Status)} |
| <EuiFlexItem> | ||
| <Link | ||
| aria-label="markSelectedAlertsInProgress" | ||
| aria-label="markSelectedAlertsAcknowledged" | ||
| onClick={() => { |
| onClick={() => onClickUpdate(FILTER_IN_PROGRESS)} | ||
| key="acknowledge" | ||
| data-test-subj="acknowledged-alert-status" | ||
| onClick={() => onClickUpdate(FILTER_ACKNOWLEDGED)} |
dplumlee
force-pushed
the
in-progress-acknowledged-switch
branch
from
a9bdacb
to
ecd286c
Compare
💚 Build SucceededMetrics [docs]Async chunks
Page load bundle
Unknown metric groupsAPI count
API count missing comments
History
To update your PR or re-run it, just comment with: cc @dplumlee |
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
…cknowledged (#107972) (#109042) Co-authored-by: Davis Plumlee <[email protected]>
Summary
Related to the RAC updates (#107923)
Updates alert status options to include
acknowledgedinstead ofin-progressScreenshots
Checklist
Delete any items that are not applicable to this PR.
For maintainers