Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Add rule snoozing on the rule editing page #155612

Merged

Conversation

maximpn
Copy link
Contributor

@maximpn maximpn commented Apr 24, 2023

Addresses: #147737

Summary

This PR adds rule snooze feature on the Rule editing page.

Screen.Recording.2023-04-25.at.07.51.57.mov

Checklist

@maximpn maximpn added Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. release_note:feature Makes this part of the condensed release notes Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team v8.8.0 labels Apr 24, 2023
@maximpn maximpn self-assigned this Apr 24, 2023
@maximpn maximpn marked this pull request as ready for review April 24, 2023 14:41
@maximpn maximpn requested review from a team as code owners April 24, 2023 14:41
@maximpn maximpn requested a review from banderror April 24, 2023 14:41
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@maximpn maximpn requested a review from xcrzx April 24, 2023 14:43
Copy link
Contributor

@xcrzx xcrzx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have checked and tested the PR locally. Rule snoozing on the editing page works as expected. There is just one issue with outgoing snooze status requests on the rules management page that needs to be addressed. Regardless, I approve in advance so the PR can be merged before the feature freeze.

Comment on lines 22 to 26
const {
data: rulesSnoozeSettings,
isFetching: isSingleSnoozeSettingsFetching,
isError: isSingleSnoozeSettingsError,
} = useFetchRulesSnoozeSettings([id]);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please pass { enabled: false } to this hook when there's a table context available. Otherwise, it sends tens of snooze requests from the rules management page.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++, in my case with 5 installed rules I'm getting 6 requests to /internal/alerting/rules/_find on page load. So I guess it's N+1 in general: one for the whole page and one for each rule on the page.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem has been fixed by this commit 583c096

Comment on lines 22 to 26
const {
data: rulesSnoozeSettings,
isFetching: isSingleSnoozeSettingsFetching,
isError: isSingleSnoozeSettingsError,
} = useFetchRulesSnoozeSettings([id]);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++, in my case with 5 installed rules I'm getting 6 requests to /internal/alerting/rules/_find on page load. So I guess it's N+1 in general: one for the whole page and one for each rule on the page.

Comment on lines 30 to 37
<EuiFlexItem grow={false}>
<RuleSnoozeBadge id={id} showTooltipInline />
</EuiFlexItem>
<EuiFlexItem>
<EuiText size="s">
<strong>{i18n.SNOOZED_ACTIONS_WARNING}</strong>
</EuiText>
</EuiFlexItem>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like we show the Actions will not be preformed until it is unsnoozed message unconditionally, i.e. regardless of whether the rule is snoozed or not. Since it's in bold it feels like a warning in the case where it doesn't really matter:

Screenshot 2023-04-24 at 18 36 31

Can we hide it when the rule is not snoozed? If it's not trivial, can we make it look less dangerous by making the font regular and playing with the copy a little bit? E.g. If snoozed actions will not be triggered.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@banderror your comment is addressed by this PR.

Copy link
Contributor

@banderror banderror left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Zoomed with @maximpn and went through the comments. Approving the PR in advance.

@vitaliidm
Copy link
Contributor

When I'm trying to remove snooze, delete confirmation dialog is overlapped by snooze window.
It seems like component issue. do we have it logged somewhere so it can be fixed in future?
Screenshot 2023-04-25 at 10 10 43

@@ -211,6 +212,15 @@ export const fetchRulesSnoozeSettings = async ({
}
);

return response.data?.map((x) => ({
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would try to avoid using variables named as x, etc

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've renamed x to snoozeSettings.

@maximpn
Copy link
Contributor Author

maximpn commented Apr 25, 2023

@vitaliidm thank you for reviewing my PR 🙏

When I'm trying to remove snooze, delete confirmation dialog is overlapped by snooze window.
It seems like component issue. do we have it logged somewhere so it can be fixed in future?

There is a PR #153219 to address z-index issues which solves the current problem as well (see the screenshot below).

image

Copy link
Contributor

@vitaliidm vitaliidm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alerts area LGTM

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 3843 3845 +2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.1MB 9.1MB +2.9KB
Unknown metric groups

ESLint disabled line counts

id before after diff
enterpriseSearch 17 19 +2
securitySolution 395 398 +3
total +5

Total ESLint disabled count

id before after diff
enterpriseSearch 18 20 +2
securitySolution 475 478 +3
total +5

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @maximpn

@maximpn maximpn merged commit 65a4ae6 into elastic:main Apr 25, 2023
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Apr 25, 2023
@maximpn maximpn deleted the add-rule-snoozing-support-on-rule-editing-page branch April 25, 2023 10:52
maximpn added a commit that referenced this pull request May 5, 2023
…age (#155850)

**Addresses:** #147737
**Relates to:** #155612

## Summary

After merging #155612 back there is one issue is left unresolved described in this [comment](#155612 (comment)):

> Looks like we show the `Actions will not be preformed until it is unsnoozed` message unconditionally, i.e. regardless of whether the rule is snoozed or not. Since it's in bold it feels like a warning in the case where it doesn't really matter:

> Can we hide it when the rule is not snoozed? If it's not trivial, can we make it look less dangerous by making the font regular and playing with the copy a little bit? E.g. `If snoozed actions will not be triggered`.

This PR resolves rule snooze description text issue. As snooze settings are resolved outside the security solution plugin having any logic to conditionally display a message will increase the complexity. This way the message was changes to avoid any text to appear conditionally.

*Before:*

<img width="703" alt="Screenshot 2023-04-24 at 18 36 31" src="https://user-images.githubusercontent.com/7359339/234060523-fe9161a1-0e83-4d39-a193-81c946d95106.png">

*After:*

![image](https://user-images.githubusercontent.com/3775283/236254424-533a6502-49ba-444e-87e5-9cda7e84c315.png)


### Checklist

- [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request May 5, 2023
…age (elastic#155850)

**Addresses:** elastic#147737
**Relates to:** elastic#155612

## Summary

After merging elastic#155612 back there is one issue is left unresolved described in this [comment](elastic#155612 (comment)):

> Looks like we show the `Actions will not be preformed until it is unsnoozed` message unconditionally, i.e. regardless of whether the rule is snoozed or not. Since it's in bold it feels like a warning in the case where it doesn't really matter:

> Can we hide it when the rule is not snoozed? If it's not trivial, can we make it look less dangerous by making the font regular and playing with the copy a little bit? E.g. `If snoozed actions will not be triggered`.

This PR resolves rule snooze description text issue. As snooze settings are resolved outside the security solution plugin having any logic to conditionally display a message will increase the complexity. This way the message was changes to avoid any text to appear conditionally.

*Before:*

<img width="703" alt="Screenshot 2023-04-24 at 18 36 31" src="https://user-images.githubusercontent.com/7359339/234060523-fe9161a1-0e83-4d39-a193-81c946d95106.png">

*After:*

![image](https://user-images.githubusercontent.com/3775283/236254424-533a6502-49ba-444e-87e5-9cda7e84c315.png)

### Checklist

- [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)

(cherry picked from commit 6714d92)
maximpn added a commit to maximpn/kibana that referenced this pull request May 5, 2023
…age (elastic#155850)

**Addresses:** elastic#147737
**Relates to:** elastic#155612

## Summary

After merging elastic#155612 back there is one issue is left unresolved described in this [comment](elastic#155612 (comment)):

> Looks like we show the `Actions will not be preformed until it is unsnoozed` message unconditionally, i.e. regardless of whether the rule is snoozed or not. Since it's in bold it feels like a warning in the case where it doesn't really matter:

> Can we hide it when the rule is not snoozed? If it's not trivial, can we make it look less dangerous by making the font regular and playing with the copy a little bit? E.g. `If snoozed actions will not be triggered`.

This PR resolves rule snooze description text issue. As snooze settings are resolved outside the security solution plugin having any logic to conditionally display a message will increase the complexity. This way the message was changes to avoid any text to appear conditionally.

*Before:*

<img width="703" alt="Screenshot 2023-04-24 at 18 36 31" src="https://user-images.githubusercontent.com/7359339/234060523-fe9161a1-0e83-4d39-a193-81c946d95106.png">

*After:*

![image](https://user-images.githubusercontent.com/3775283/236254424-533a6502-49ba-444e-87e5-9cda7e84c315.png)

### Checklist

- [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)

(cherry picked from commit 6714d92)
kibanamachine added a commit that referenced this pull request May 5, 2023
…ting page (#155850) (#156888)

# Backport

This will backport the following commits from `main` to `8.8`:
- [[Security Solution] Fix rule snooze description on the rule editing
page (#155850)](#155850)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Maxim
Palenov","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-05-05T16:14:41Z","message":"[Security
Solution] Fix rule snooze description on the rule editing page
(#155850)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/147737\r\n**Relates to:**
https://github.com/elastic/kibana/pull/155612\r\n\r\n##
Summary\r\n\r\nAfter merging
#155612 back there is one issue is
left unresolved described in this
[comment](https://github.com/elastic/kibana/pull/155612#discussion_r1175545697):\r\n\r\n>
Looks like we show the `Actions will not be preformed until it is
unsnoozed` message unconditionally, i.e. regardless of whether the rule
is snoozed or not. Since it's in bold it feels like a warning in the
case where it doesn't really matter:\r\n\r\n> Can we hide it when the
rule is not snoozed? If it's not trivial, can we make it look less
dangerous by making the font regular and playing with the copy a little
bit? E.g. `If snoozed actions will not be triggered`.\r\n\r\nThis PR
resolves rule snooze description text issue. As snooze settings are
resolved outside the security solution plugin having any logic to
conditionally display a message will increase the complexity. This way
the message was changes to avoid any text to appear
conditionally.\r\n\r\n*Before:*\r\n\r\n<img width=\"703\"
alt=\"Screenshot 2023-04-24 at 18 36 31\"
src=\"https://user-images.githubusercontent.com/7359339/234060523-fe9161a1-0e83-4d39-a193-81c946d95106.png\">\r\n\r\n*After:*\r\n\r\n![image](https://user-images.githubusercontent.com/3775283/236254424-533a6502-49ba-444e-87e5-9cda7e84c315.png)\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)","sha":"6714d926ee041d61c627037189263905918303b3","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Detections
and Resp","Team: SecuritySolution","Feature:Rule
Management","Team:Detection
Rules","ui-copy","v8.8.0","v8.9.0"],"number":155850,"url":"https://github.com/elastic/kibana/pull/155850","mergeCommit":{"message":"[Security
Solution] Fix rule snooze description on the rule editing page
(#155850)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/147737\r\n**Relates to:**
https://github.com/elastic/kibana/pull/155612\r\n\r\n##
Summary\r\n\r\nAfter merging
#155612 back there is one issue is
left unresolved described in this
[comment](https://github.com/elastic/kibana/pull/155612#discussion_r1175545697):\r\n\r\n>
Looks like we show the `Actions will not be preformed until it is
unsnoozed` message unconditionally, i.e. regardless of whether the rule
is snoozed or not. Since it's in bold it feels like a warning in the
case where it doesn't really matter:\r\n\r\n> Can we hide it when the
rule is not snoozed? If it's not trivial, can we make it look less
dangerous by making the font regular and playing with the copy a little
bit? E.g. `If snoozed actions will not be triggered`.\r\n\r\nThis PR
resolves rule snooze description text issue. As snooze settings are
resolved outside the security solution plugin having any logic to
conditionally display a message will increase the complexity. This way
the message was changes to avoid any text to appear
conditionally.\r\n\r\n*Before:*\r\n\r\n<img width=\"703\"
alt=\"Screenshot 2023-04-24 at 18 36 31\"
src=\"https://user-images.githubusercontent.com/7359339/234060523-fe9161a1-0e83-4d39-a193-81c946d95106.png\">\r\n\r\n*After:*\r\n\r\n![image](https://user-images.githubusercontent.com/3775283/236254424-533a6502-49ba-444e-87e5-9cda7e84c315.png)\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)","sha":"6714d926ee041d61c627037189263905918303b3"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/155850","number":155850,"mergeCommit":{"message":"[Security
Solution] Fix rule snooze description on the rule editing page
(#155850)\n\n**Addresses:**
https://github.com/elastic/kibana/issues/147737\r\n**Relates to:**
https://github.com/elastic/kibana/pull/155612\r\n\r\n##
Summary\r\n\r\nAfter merging
#155612 back there is one issue is
left unresolved described in this
[comment](https://github.com/elastic/kibana/pull/155612#discussion_r1175545697):\r\n\r\n>
Looks like we show the `Actions will not be preformed until it is
unsnoozed` message unconditionally, i.e. regardless of whether the rule
is snoozed or not. Since it's in bold it feels like a warning in the
case where it doesn't really matter:\r\n\r\n> Can we hide it when the
rule is not snoozed? If it's not trivial, can we make it look less
dangerous by making the font regular and playing with the copy a little
bit? E.g. `If snoozed actions will not be triggered`.\r\n\r\nThis PR
resolves rule snooze description text issue. As snooze settings are
resolved outside the security solution plugin having any logic to
conditionally display a message will increase the complexity. This way
the message was changes to avoid any text to appear
conditionally.\r\n\r\n*Before:*\r\n\r\n<img width=\"703\"
alt=\"Screenshot 2023-04-24 at 18 36 31\"
src=\"https://user-images.githubusercontent.com/7359339/234060523-fe9161a1-0e83-4d39-a193-81c946d95106.png\">\r\n\r\n*After:*\r\n\r\n![image](https://user-images.githubusercontent.com/3775283/236254424-533a6502-49ba-444e-87e5-9cda7e84c315.png)\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)","sha":"6714d926ee041d61c627037189263905918303b3"}}]}]
BACKPORT-->

Co-authored-by: Maxim Palenov <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting Feature:Rule Management Security Solution Detection Rule Management area release_note:feature Makes this part of the condensed release notes Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.8.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants