Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom Highlighted Fields Implentation in Kibana Security #152871

Closed
wants to merge 1 commit into from
Closed

Custom Highlighted Fields Implentation in Kibana Security #152871

wants to merge 1 commit into from

Conversation

RubixSolver99
Copy link

Summary

These changes allow for the ability to customize the "highlighted fields" that appear in the "Overview" tab of the event details pane for any given Kibana Security alert:

image
These highlighted fields can be customized using one of two methods: the UI Setting Method and the Rule Setting Method

UI Setting Method

Using this method allows for a "global" configuration that is applied to all alerts and will simply disregard any field that is not specified in the given index. This configuration can be accessed via:
Main Hamburger Menu -> Management -> Stack Management -> Kibana -> Advanced Settings -> Security Solution -> Custom Highlighted Fields

image

Rule Settings Method

Using this method allows for a configuration that is specific to a rule and is applied only to alerts that match the specifc rule being used. This method will also disregard any field that is not specified in the given index. This configuration can be accessed when creating a new rule or editing a pre-existing one.

If creating a new rule, the configuration can be found in:

Main Hamburger Menu -> Security -> Alerts -> Manage rules -> Create new rule -> About rule -> Advanced settings -> Custom highlighted fields

If editing a pre-existing rule, the configuration can be found in:

Main Hamburger Menu -> Security -> Alerts -> Manage rules -> [RULE NAME] -> Edit rule settings -> About -> Advanced settings -> Custom highlighted fields

image

This pull request resolves #131778.

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@cla-checker-service
Copy link

cla-checker-service bot commented Mar 7, 2023
edited
Loading

💚 CLA has been signed

@kibanamachine
Copy link
Contributor

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

@RubixSolver99 RubixSolver99 requested review from a team as code owners March 7, 2023 23:22
@RubixSolver99 RubixSolver99 requested a review from xcrzx March 7, 2023 23:22
CoenWarmer
CoenWarmer approved these changes Mar 9, 2023
View reviewed changes
Copy link
Contributor

@CoenWarmer CoenWarmer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AO Changes LGTM

@xcrzx xcrzx added release_note:enhancement Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. 8.8 candidate labels Mar 9, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@xcrzx
Copy link
Contributor

xcrzx commented Mar 9, 2023

buildkite test this

@peluja1012 peluja1012 added the ci:cloud-deploy Create or update a Cloud deployment label Mar 9, 2023
@xcrzx
Copy link
Contributor

xcrzx commented Mar 13, 2023

Hey @RubixSolver99, thanks for posting this PR 🎉
I see that there are some failing tests. Do you need any help fixing them?

@RubixSolver99
Copy link
Author

RubixSolver99 commented Mar 14, 2023
edited
Loading

Hey @RubixSolver99, thanks for posting this PR 🎉 I see that there are some failing tests. Do you need any help fixing them?

@xcrzx Definitely! Are all of these build errors from my commit?

@xcrzx
Copy link
Contributor

xcrzx commented Mar 15, 2023

@xcrzx Definitely! Are all of these build errors from my commit?

I haven't checked all the errors, but from what I saw, yes.

@RubixSolver99
Copy link
Author

@xcrzx Definitely! Are all of these build errors from my commit?

I haven't checked all the errors, but from what I saw, yes.

I will get to work! I'll be sure to let you know if there are any struggles.

@RubixSolver99 RubixSolver99 requested review from a team as code owners March 17, 2023 19:06
@RubixSolver99
Copy link
Author

Hey @RubixSolver99 ! I'm an engineer on the Detection Engine team. I'm working with our designers to finalize designs for this feature to move one step closer to getting this in! If you're available, I'd love to set up a time to chat. Are you part of the Elastic Slack Community? If you're interested, you can join here and we can chat there as we try to move this across the line.

I apologize for the late response, I have joined the Slack and would love to talk more. Thank you for everything thus far!

maryam-saeidi
maryam-saeidi requested changes Jun 7, 2023
View reviewed changes
x-pack/plugins/observability/public/pages/slo_details/slo_details.test.tsx Outdated
@@ -8,6 +8,158 @@
import React from 'react';
import { screen } from '@testing-library/react';

import { useKibana } from '../../utils/kibana_react';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes seemed to be duplicated by accident, would you please revert them?

@yctercero
Copy link
Contributor

Hey @RubixSolver99 ! I'm an engineer on the Detection Engine team. I'm working with our designers to finalize designs for this feature to move one step closer to getting this in! If you're available, I'd love to set up a time to chat. Are you part of the Elastic Slack Community? If you're interested, you can join here and we can chat there as we try to move this across the line.

I apologize for the late response, I have joined the Slack and would love to talk more. Thank you for everything thus far!

@RubixSolver99 I've sent you a message over on Slack! We can set up a time to sync there.

@gergoabraham gergoabraham removed their request for review June 13, 2023 09:10
@RubixSolver99
Merge feature with up to date kibana (#5)
e677d98 
* Added framework for custom highlighted fields

* Added temporary json support
Still looking to develop further for yml config file

* Added Custom Highlighted Fields

Created the ability to define customized highlighted fields

* Fixed plural function name

* Added docstring for config.ts file

* Fixed naming convention in ui_settings

* Added newline

* Deleted not-needed json file

* Added newline

* Removed requires reload for ui_settings

* UI update

* Finished event details to display

* Updated mock to include test fields

* Fixed docstring on ln 208

* Fixed translation

* Fixed metric mocks

* Fixed metric mocks

* Removed alerts conflict

* Resolved es_results conflict

* Resolved types conflict

* Resolved utils conflict

* Custom rule highlighted fields (#1)

* Added framework for custom highlighted fields

* Added temporary json support
Still looking to develop further for yml config file

* Added Custom Highlighted Fields

Created the ability to define customized highlighted fields

* Fixed plural function name

* Added docstring for config.ts file

* Fixed naming convention in ui_settings

* Added newline

* Deleted not-needed json file

* Added newline

* Removed requires reload for ui_settings

* UI update

* Finished event details to display

* Updated mock to include test fields

* Fixed docstring on ln 208

* Fixed translation

* Fixed metric mocks

* Fixed metric mocks

* Removed alerts conflict

* Resolved es_results conflict

* Resolved types conflict

* Resolved utils conflict

* Removed usage in kbn-rule-data-utils

* Custom Highlighted Fields Implementation (#2)

* Added framework for custom highlighted fields

* Added temporary json support
Still looking to develop further for yml config file

* Added Custom Highlighted Fields

Created the ability to define customized highlighted fields

* Fixed plural function name

* Added docstring for config.ts file

* Fixed naming convention in ui_settings

* Added newline

* Deleted not-needed json file

* Added newline

* Removed requires reload for ui_settings

* UI update

* Finished event details to display

* Updated mock to include test fields

* Fixed docstring on ln 208

* Fixed translation

* Fixed metric mocks

* Fixed metric mocks

* Removed alerts conflict

* Resolved es_results conflict

* Resolved types conflict

* Resolved utils conflict

* Removed usage in kbn-rule-data-utils

* Fixed build for helpers.test.ts

* Fixed formatting

* Fixed build for config.mock.ts

* Fixed build es_results.ts

* Fixed build schedule_notification_actions.tests.ts

* Fixed build schedule_thtrottle_notification_actions.test.ts

* Fixed build duplicate_rule.test.ts

* Fixed build get_export_by_object_ids.test.ts

* Fixed build validate.test.ts

* Fixed build alerts.ts

* Attempt to fixed build - Build API Docs

* Attempt to fix build - Build API Docs

* Attempt to fix build - Jest #1

* Attempt to fix build - Jest #7

* Attempt to fix build - Jest #13

* Attempted to fix remaining build errors

* Attempt to resolve all build errors for custom highlighted fields implementation
@RubixSolver99 RubixSolver99 reopened this Jul 31, 2023
@RubixSolver99 RubixSolver99 requested review from a team as code owners July 31, 2023 20:51
@RubixSolver99 RubixSolver99 requested a review from a team July 31, 2023 20:52
@RubixSolver99 RubixSolver99 requested review from a team as code owners July 31, 2023 20:52
stephmilovic
stephmilovic requested changes Aug 3, 2023
View reviewed changes
Copy link
Contributor

@stephmilovic stephmilovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm so confused why you are deleting so many files? Did you have a bad commit or something? 8019 files changed, most of those being deleted. Please don't delete 8,000+ files

@yctercero
Copy link
Contributor

I'm so confused why you are deleting so many files? Did you have a bad commit or something? 8019 files changed, most of those being deleted. Please don't delete 8,000+ files

Hey @stephmilovic ! @RubixSolver99 was trying to update with main after falling pretty far behind. We're working to clean this up and may suggest opening up a new PR.

@yctercero yctercero mentioned this pull request Aug 6, 2023
Merged
8 tasks
@thomheymann
Copy link
Contributor

Getting The diff you're trying to view is too large. We only load the first 3000 changed files error so am unable to review.

Can you please put this PR back into draft mode and clean it up?

@yctercero
Copy link
Contributor

Opened new PR for this - #163235

@yctercero yctercero closed this Aug 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pjhampton pjhampton pjhampton left review comments

@jbudz jbudz jbudz left review comments

@xcrzx xcrzx xcrzx left review comments

@ymao1 ymao1 ymao1 requested changes

@maryam-saeidi maryam-saeidi maryam-saeidi requested changes

@stephmilovic stephmilovic stephmilovic requested changes

@CoenWarmer CoenWarmer CoenWarmer approved these changes

@banderror banderror Awaiting requested review from banderror

Assignees
No one assigned
Labels
8.8 candidate ci:cloud-deploy Create or update a Cloud deployment 💝community release_note:enhancement Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Personalization of the Highlighted fields in an Alert Rule