-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[TIP] Enables TI plugin with kibana.yml feature flag #137838
Conversation
@@ -22,9 +22,10 @@ export const allowedExperimentalValues = Object.freeze({ | |||
pendingActionResponsesWithAck: true, | |||
policyListEnabled: true, | |||
policyResponseInFleetEnabled: true, | |||
threatIntelligenceEnabled: false, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure I was allowed to use this object but it seemed to make sense, as the Threat Intelligence plugin is loaded within the Security Solution plugin
): Promise<AppLinkItems> => { | ||
const managementFilteredLinks = await getManagementFilteredLinks(core, plugins); | ||
|
||
const threatHuntingFilteredLinks = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hesitated to go the opposite way (adding the threatIntelligence entry to the threatHuntingLandingLinks.link property) but going this current route meant modifying one less file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no need to do this, links have support for experimentalFeatures, you can add the experimentalKey: 'threatIntelligenceEnabled',
prop directly to the threat intelligence link definition at: https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/threat_intelligence/links.ts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
haha I had took a note of this experimentalKey
while working on another feature, tried it and didn't get it to work... I'll try again thank you :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah that worked, I don't know what I did... must have forgotten to update my kibana.yml... 🤦♂️
How does it work with our e2e suite?:) |
crap I forgot about that, looking into it now 😆 |
fixed with this https://github.com/elastic/kibana/pull/137838/files#diff-44620cc130a0b96260224571a9a76e86eae76d5924f3798cca8838224bf8340cR54 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested, works as expected
d136d19
to
a8fbab4
Compare
- show/hide navbar entries in both old and new navigation per feature flag value - load plugin per feature flag value - flag: xpack.securitySolution.enableExperimental: ['threatIntelligenceEnabled'] elastic/security-team#4505
a8fbab4
to
5bfd9bc
Compare
): Promise<AppLinkItems> => { | ||
const managementFilteredLinks = await getManagementFilteredLinks(core, plugins); | ||
|
||
const threatHuntingFilteredLinks = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no need to do this, links have support for experimentalFeatures, you can add the experimentalKey: 'threatIntelligenceEnabled',
prop directly to the threat intelligence link definition at: https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/threat_intelligence/links.ts
Would it be possible to start the subPlugin normally in the plugin and check the experimental flag inside the threat_intelligence main component? kibana/x-pack/plugins/security_solution/public/threat_intelligence/routes.tsx Lines 14 to 25 in 70efbf0
So we don't have to do all those conditionals in the
|
@semd absolutely! I thought I was being smart by not having the plugin load at all, but if this is not required/desired I'll gladly remove all the logic and make this PR a lot smaller! |
ee8c027
to
71cd3b6
Compare
71cd3b6
to
ad3b62c
Compare
Plugin is now loaded all the time, and the logic to show the indicators page or route back to the Get Started page from Security is handled within the Threat Intelligence folder
ad3b62c
to
815f876
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome! LGTM 🚀
thanks
@@ -52,6 +52,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { | |||
'riskyHostsEnabled', | |||
'riskyUsersEnabled', | |||
'insightsRelatedAlertsByProcessAncestry', | |||
'threatIntelligenceEnabled', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any plan of adding specific TI plugin tests on Security Solution Cypress tests?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MadameSheema we have some e2e Cypress tests in our plugin directly and this PR updates some e2e Cypress tests within the Security Solution plugin.
I wasn't thinking about adding any other tests, especially because this feature flag is temporary and should be very short lived. We're planning on releasing everything in 8.5 (plans could change though).
Did you have anything specify in mind you wanted me/us to add?
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
- show/hide navbar entries in both old and new navigation per feature flag value - load plugin per feature flag value - flag: xpack.securitySolution.enableExperimental: ['threatIntelligenceEnabled'] elastic/security-team#4505 (cherry picked from commit ff28e68)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…elastic#138373) - show/hide navbar entries in both old and new navigation per feature flag value - load plugin per feature flag value - flag: xpack.securitySolution.enableExperimental: ['threatIntelligenceEnabled'] elastic/security-team#4505 (cherry picked from commit ff28e68) Co-authored-by: Philippe Oberti <[email protected]>
Summary
The Threat Intelligence plugin (introduced in this PR) and is not yet ready for General Availability. This PR hides the new plugin behind a feature flag. As the plugin is dynamically loaded within the Security Solution plugin, we're leveraging the already existing
allowedExperimentalValues
constant to:How to test
Threat Intelligence plugin disabled:
Screen.Recording.2022-08-02.at.2.51.21.PM.mov
Threat Intelligence plugin enabled:
xpack.securitySolution.enableExperimental: ['threatIntelligenceEnabled']
Screen.Recording.2022-08-02.at.2.57.27.PM.mov
When the Threat Intelligence plugin is ready for General Availability, we should be able to simply do a revert of this commit! :)
https://github.com/elastic/security-team/issues/4505
Checklist
Delete any items that are not applicable to this PR.