-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Endpoint][Response Actions] Do fuzzy search on given usernames for Actions Log #141239
[Security Solution][Endpoint][Response Actions] Do fuzzy search on given usernames for Actions Log #141239
Conversation
f7a440f
to
c8c77b0
Compare
c8c77b0
to
756221f
Compare
Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm approving, but I did leave a comment with (maybe) a concern with making this the default behaviour for the API
]; | ||
|
||
if (userIds?.length) { | ||
const kql = userIds.map((userId) => `user_id:*${userId}*`).join(' or '); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just so that we are all clear: this implies that the API does not allow for searching on exact names. It will always do a wildcard search. Is that the intent?
Would it be better if we allowed the user to enter values (user names) along with the wildcards?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
from the UI perspective, I think it's easier to just let users fuzzy search so that they don't have to remember full usernames, but I see your point regarding the API.
@ashokaditya I see you add the *
in this line of code. Could we just implicitly add them on the client side after they enter the values before we submit to the API? That way we still have the usability of users being able to just type in a partial name, but we don't tie the API to always being a fuzzy search. Then, in the future, if we ever wanted an exact match option it the UI, it's much easier to change that implementation in a non-breaking way.
If the above is hard, then let's just require *
characters in the UI for a fuzzy search.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done 069ee75
Do fuzzy search via the request review suggestions
Tried it again, still works great! Thanks for the changes @ashokaditya |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: cc @ashokaditya |
…ven usernames for Actions Log (elastic#141239) * Do fuzzy search on given usernames fixes elastic/security-team/issues/4724 refs elastic/pull/140975 * Allow `match` searches on the API Do fuzzy search via the request review suggestions (cherry picked from commit 15fc5b7)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
* main: (33 commits) Fix Next and Previous button on step screenshot carousel. (elastic#141422) [journeys] add a short delay after loading data (elastic#141437) skip failing test suite (elastic#140797) skip failing test suite (elastic#138776) Documents saved objects bulk delete API (elastic#141164) [Response Ops][Alerting] Defining default action params on connector type (elastic#141226) [ML] Explain Log Rate Spikes: Adds jest tests for query_utils/buildBaseFilterCriteria. (elastic#141213) [APM] Fix search bar suggestions (elastic#141101) close popover on click (elastic#141272) [Fleet] Update to use savedObjects bulkDelete for package policy delete (elastic#141276) [Security Solution][Endpoint][Response Actions] Do fuzzy search on given usernames for Actions Log (elastic#141239) [Graph] Fix guidance panel appearing for a moment when saving Graph (elastic#141228) [Fleet] Add experimental data stream features support to simplified package policy API (elastic#141288) Shameless copy of the retryTransientEsErrors from fleet (elastic#141246) [Security Solution][Fix]-Issue with disabled dataProvider (elastic#140735) Changing triggers actions ui routes to internal (elastic#141149) skip flaky test suit elastic#141356 [SharedUX] Removing TODOs from KibanaPageTemplate (elastic#141043) [dashboard controls] skip failing test on cloud (elastic#141291) [Synthetics] unskip edit_monitor api integration tests (elastic#141277) ...
… on given usernames for Actions Log (#141239) (#141429) Co-authored-by: Ashokaditya <[email protected]> Co-authored-by: spalger <[email protected]>
Summary
Allows fuzzy searcing on given usernames in the user filter input for Actions Log.
refs /pull/140975
Checklist
For maintainers