Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Detections] Handle conflicts on alert status update #75492

Merged
merged 24 commits into from
Sep 4, 2020

Conversation

madirey
Copy link
Contributor

@madirey madirey commented Aug 19, 2020

Summary

Currently if a conflict is encountered (when 2 or more users are trying to update the same alert concurrently), the entire operation will fail and the user is left wondering what happened. This PR attempts to close as many alerts as possible, while also reporting conflicts. It also improves on error messaging.

Bulk Close from Alerts Table
image

Bulk Close on Exception Creation
image

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-response (Team:Endpoint Response)

@@ -117,7 +118,7 @@ export const AddExceptionModal = memo(function AddExceptionModal({
Array<ExceptionListItemSchema | CreateExceptionListItemSchema>
>([]);
const [fetchOrCreateListError, setFetchOrCreateListError] = useState<ErrorInfo | null>(null);
const { addError, addSuccess } = useAppToasts();
const { addError, addSuccess, addWarning } = useAppToasts();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not in any way blocking this PR, but just thinking, I think this component would benefit from using useReducer. The number of useStates are growing and (just personally) working on adding error states in here recently, felt like it was getting crowded.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me! I don't think I will address it here, but if I get time, will take a stab at that soon.

}

await addOrUpdateItems(exceptionItemsToAddOrUpdate);

if (isSubscribed) {
setIsLoading(false);
onSuccess();
onSuccess(updated, conflicts);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Super nit: could this also be shortened a bit to just be:

Suggested change
onSuccess(updated, conflicts);
onSuccess(response.updated ?? 0, response.version_conflicts ?? 0);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried this, but response was out of scope at this point. I did just uncover a related bug here (actually, the unit tests uncovered it)... let me know what you think about the updates. :)

Copy link
Contributor

@peluja1012 peluja1012 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for helping identify this issue and for fixing it.

@madirey
Copy link
Contributor Author

madirey commented Sep 4, 2020

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Build metrics

async chunks size

id value diff baseline
securitySolution 9.9MB +11.7KB 9.9MB

page load bundle size

id value diff baseline
securitySolution 813.0KB +54.0B 812.9KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@madirey madirey merged commit a7326e6 into elastic:master Sep 4, 2020
@madirey madirey deleted the alert-conflicts branch September 4, 2020 17:11
gmmorris added a commit to gmmorris/kibana that referenced this pull request Sep 4, 2020
* master: (47 commits)
  Do not require id & description when creating a logstash pipeline (elastic#76616)
  Remove commented src/core/tsconfig file (elastic#76792)
  Replaced whitelistedHosts with allowedHosts in actions ascii docs (elastic#76731)
  [Dashboard First] Genericize Attribute Service (elastic#76057)
  [ci-metrics] unify distributable file count metrics (elastic#76448)
  [Security Solution][Detections] Handle conflicts on alert status update (elastic#75492)
  [eslint] convert to @typescript-eslint/no-unused-expressions (elastic#76471)
  [DOCS] Add default time range filter to advanced settings (elastic#76414)
  [Security Solution] Refactor NetworkTopNFlow to use Search Strategy (elastic#76249)
  [Dashboard] Update Index Patterns when Child Index Patterns Change (elastic#76356)
  [ML] Add option to Advanced Settings to set default time range filter for AD jobs (elastic#76347)
  Add CSM app to CODEOWNERS (elastic#76793)
  [Security Solution][Exceptions] - Updates exception item find sort field (elastic#76685)
  [Security Solution][Detections][Tech Debt] - Move to using common io-ts types (elastic#75009)
  [Lens] Drag dimension to replace (elastic#75895)
  URI encode the index names we fetch in the fetchIndices lib function. (elastic#76584)
  [Security Solution] Resolver retrieve entity id of documents without field mapped (elastic#76562)
  [Ingest Manager] validate agent route using AJV instead kbn-config-schema (elastic#76546)
  Updated non-dev usages of node-forge (elastic#76699)
  [Ingest Pipelines] Processor forms for processors K-S (elastic#75638)
  ...
madirey added a commit that referenced this pull request Sep 8, 2020
…te (#75492) (#76804)

* Proceed on conflict when updating alert status

* Handle conflicts

* Don't let the user retry

* Tweak error messages

* Fix route

* Update add exception modal

* Reapply changes after fixing conflicts

* Type errors

* types

* Fix remaining conflicts

* Fix tests

* More test fixes

* Simplify onConflict evaluation

* Add callback return types

* Update translation paths

* Add missing import

Co-authored-by: Elastic Machine <[email protected]>

Co-authored-by: Elastic Machine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants