Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request] New previews in expandable flyout #5495

Closed
5 tasks done
christineweng opened this issue Jul 2, 2024 · 0 comments · Fixed by #5605
Closed
5 tasks done

[Request] New previews in expandable flyout #5495

christineweng opened this issue Jul 2, 2024 · 0 comments · Fixed by #5605
Assignees
@nastasha-solomon
Labels
Effort: Small Issues that can be resolved quickly Feature: Alerts Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Threat Hunting Formerly Data Visibility v8.15.0

Comments

@christineweng
Copy link

christineweng commented Jul 2, 2024
edited by nastasha-solomon
Loading

Description

In 8.15, we are introducing new previews for host and user (from existing entity analytics flyout), and alert previews. All the updates mentioned in this issue are within the document details flyout (alerts and events), denoted as Details flyout.

There are existing preview experiences in the expandable flyout (i.e. rule preview and alert reason preview). But they are isolated, and once opened, user cannot click another preview.

With the updates in 8.15 (see PRs below), users can now open multiple previews at a time, and there is a back button to go back to the previous previews.

New host and user previews

Details flyout right section

  • Highlighted fields: host and user names are hyperlinked and open the respective preview
  • Insights -> entities: host and user names are hyperlinked and open the respective preview

Details flyout right section

  • Entities tab:
    • host and user names are hyperlinked and open the respective preview
    • In the related users and related hosts table, the names are also hyperlinked
  • Prevalence tab: host and user names are hyperlinked and open the respective preview

image

New alert preview

Details flyout left section

  • Correlations: in each tables, related alerts now have an expand button that opens an alert preview

image

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

8.15

Serverless release

Currently behind a feature flag, plan to turn on before July 26

Feature differences

N/A

API docs impact

N/A

Prerequisites, privileges, feature flags

feature flag entityAlertPreviewEnabled

Doc updates

  • View detection alert details:
    • Make the Preview panel section more generic so that users know that previews exist in multiple places throughout the flyout.
    • Update the screenshot in the Expanded entities view section:
      • expanded-entities-view.png
      • -detections-expanded-entities-view.png
    • Update the screenshot in the Expanded correlations view section:
      • expanded-correlations-view.png
      • expanded-correlations-view.png
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nastasha-solomon nastasha-solomon

Labels
Effort: Small Issues that can be resolved quickly Feature: Alerts Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Threat Hunting Formerly Data Visibility v8.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[TH: Investigations][Serverless & 8.15] New previews in expandable flyout elastic/security-docs
2 participants
@christineweng @nastasha-solomon