Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Entity Analytics dashboard #137688

Merged
merged 29 commits into from
Aug 25, 2022
Merged

Create Entity Analytics dashboard #137688

merged 29 commits into from
Aug 25, 2022

Conversation

machadoum
Copy link
Member

@machadoum machadoum commented Aug 1, 2022
edited
Loading

issue: https://github.com/elastic/security-team/issues/3062

Summary

  • I created the new Entity analytics dashboard page
    • It is hidden behind the experimental feature flag entityAnalyticsDashboardEnabled but also requires riskyHostsEnabled, and/or riskyUsersEnabled
    • It requires the platinum license
    • For now it only contains user and host risk.

Screenshot 2022-08-11 at 15 28 52

Screenshot 2022-08-11 at 15 37 19

Screenshot 2022-08-11 at 15 53 04

Screenshot 2022-08-11 at 15 53 11

How to test it

  • Enable entityAnalyticsDashboardEnabled, riskyHostsEnabled, and riskyUsersEnabled flags
  • Go to the entity analytics page
  • Click on "enable host risk score" button and follow the steps
  • Click on "enable user risk score" button and follow the steps

Another possibility is to load data with es_archiver:

node ./scripts/es_archiver load ./x-pack/test/security_solution_cypress/es_archives/risky_users --config .//x-pack/test/security_solution_cypress/config.ts --es-url http://admin:??????@localhost:9220  --kibana-url http://admin:?????@localhost:5601/

node ./scripts/es_archiver load ./x-pack/test/security_solution_cypress/es_archives/risky_hosts --config .//x-pack/test/security_solution_cypress/config.ts --es-url http://admin:<PWD>@localhost:9220  --kibana-url http://admin:<PWD>@localhost:5601/

Checklist

Delete any items that are not applicable to this PR.

@machadoum machadoum force-pushed the analytics-dashboard branch from 8bb0cbd to cc68676 Compare August 1, 2022 11:47
@machadoum machadoum self-assigned this Aug 1, 2022
@machadoum
Copy link
Member Author

@elasticmachine merge upstream

@machadoum machadoum force-pushed the analytics-dashboard branch from 4516db4 to db0a20b Compare August 9, 2022 13:58
@machadoum machadoum force-pushed the analytics-dashboard branch from 7fd5eb7 to c8a80df Compare August 10, 2022 14:38
@machadoum machadoum force-pushed the analytics-dashboard branch from 68283ab to 2542c03 Compare August 11, 2022 12:20
@machadoum machadoum changed the title Analytics dashboard Create Entity Analytics dashboard Aug 11, 2022
@machadoum
Copy link
Member Author

@elasticmachine merge upstream

@jamster10
Copy link
Contributor

NIT: this might be personal preference more than anything but using index.ts just for exporting, and renaming the other files to EntityAnalyticsUserRiskScores.tsx, EntityAnalyticsHostRiskScores.tsx, etc. This would reduce the amount of index.ts files to search through, and make it easier to find these components.

@stephmilovic
Copy link
Contributor

your entity_analytics_dashboard.png screenshot says "Host risk classification" where it should say "User risk classification"

stephmilovic
stephmilovic reviewed Aug 15, 2022
View reviewed changes
...urity_solution/public/overview/components/entity_analytics/common/risk_score_donut_chart.tsx
{legendItems.length > 0 && <Legend legendItems={legendItems} />}
</StyledLegendItems>
<DonutContainer grow={false} className="eui-textCenter">
<DonutChart
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@machadoum
Copy link
Member Author

Off a fresh build the view does not show up without feature flag as expected, but adding the feature flag, but not having a license I am able to access the view- although it is blank. Im wondering what the behaviour should be for unlicensed users if they should get an error message or if they should not be able to access it all?

image

Thanks for catching it! Users should not be able to see the page if they don't have the required license. I updated the old menu to check for ml permissions. It should work now.

@machadoum
Copy link
Member Author

Off a fresh build the view does not show up without feature flag as expected, but adding the feature flag, but not having a license I am able to access the view- although it is blank. Im wondering what the behaviour should be for unlicensed users if they should get an error message or if they should not be able to access it all?

Figured it out, I was missing the host risk and user risk feature flags. I updated the test description to include them, though perhaps the page should kick back or require at least one of them

Hey, thanks for testing this scenario! It is a valid concern but I think we shouldn't focus on it right now. We are planning on deleting the feature flags soon and this page will get an extra anomalies table too. It is still a work in progress.

@machadoum machadoum force-pushed the analytics-dashboard branch from 97d1200 to 7348fa4 Compare August 16, 2022 11:03
jamster10
jamster10 approved these changes Aug 16, 2022
View reviewed changes
Copy link
Contributor

@jamster10 jamster10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

works like a dream 🔥

MadameSheema
MadameSheema approved these changes Aug 24, 2022
View reviewed changes
Copy link
Member

@MadameSheema MadameSheema left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sec-eng-prod changes LGTM

michaelolo24
michaelolo24 approved these changes Aug 24, 2022
View reviewed changes
Copy link
Contributor

@michaelolo24 michaelolo24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! LGTM 🚀

@michaelolo24
Copy link
Contributor

I know It says it at the top of the description, but I'd change this section in the description

How to test it
Enable entityAnalyticsDashboardEnabled flag

to

How to test it
Enable entityAnalyticsDashboardEnabled, riskyHostsEnabled, and riskyUsersEnabled flags

Took me a sec to figure out why I was seeing an empty box on the page 😂

YulNaumenko
YulNaumenko approved these changes Aug 24, 2022
View reviewed changes
Copy link
Contributor

@YulNaumenko YulNaumenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Nice work

@machadoum machadoum enabled auto-merge (squash) August 25, 2022 08:15
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 2998 3013 +15

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 5.4MB 5.4MB +13.9KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 255.4KB 256.0KB +566.0B
Unknown metric groups

miscellaneous assets size

id before after diff
securitySolution 4.0MB 4.1MB +97.5KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @machadoum

@machadoum machadoum merged commit bbcadf1 into elastic:main Aug 25, 2022
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Aug 25, 2022
Mpdreamz pushed a commit to Mpdreamz/kibana that referenced this pull request Sep 6, 2022
@machadoum @kibanamachine @Mpdreamz
Create Entity Analytics dashboard (elastic#137688)
75175e7 
* Create Entity analytics page

* Add Hosts risk dashboard to Entity analytics page

* Add entity analytics to the old menu

* Add entity analytics dashboard header

* Add User risk dashboard to Entity analytics

* Add entityAnalyticsDashoardEnabled feature flag

* Move useEnableHostRiskFromUrl to a shared folder

* Upgrade Entity analytics license to platinum

* Add ml permission check for entity analytics dashboard old menu

Co-authored-by: Kibana Machine <[email protected]>
@jmikell821 jmikell821 mentioned this pull request Sep 28, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stephmilovic stephmilovic stephmilovic left review comments

@YulNaumenko YulNaumenko YulNaumenko approved these changes

@jamster10 jamster10 jamster10 approved these changes

@MadameSheema MadameSheema MadameSheema approved these changes

@michaelolo24 michaelolo24 michaelolo24 approved these changes

Assignees

@machadoum machadoum

Labels
backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team v8.5.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@machadoum @elasticmachine @jamster10 @stephmilovic @michaelolo24 @kibana-ci @MadameSheema @YulNaumenko @kibanamachine