Skip to content

Commit

Permalink
Remove threat intel checkbox detector creation (#1232)
Browse files Browse the repository at this point in the history
* removed threat intel from detector creation

Signed-off-by: Amardeepsingh Siglani <[email protected]>

* fixed trigger edit; show callout in detector details view

Signed-off-by: Amardeepsingh Siglani <[email protected]>

* work in progress

Signed-off-by: Amardeepsingh Siglani <[email protected]>

* updated logic

Signed-off-by: Amardeepsingh Siglani <[email protected]>

* removed unused prop

Signed-off-by: Amardeepsingh Siglani <[email protected]>

* simplified changes

Signed-off-by: Amardeepsingh Siglani <[email protected]>

* updated snapshot

Signed-off-by: Amardeepsingh Siglani <[email protected]>

---------

Signed-off-by: Amardeepsingh Siglani <[email protected]>
  • Loading branch information
amsiglan authored Dec 18, 2024
1 parent fa0f407 commit 251e695
Show file tree
Hide file tree
Showing 10 changed files with 183 additions and 81 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
*/

import React from 'react';
import { EuiSpacer, EuiTitle } from '@elastic/eui';
import { EuiSpacer, EuiText } from '@elastic/eui';
import { PeriodSchedule } from '../../../../../../../models/interfaces';
import { Interval } from './Interval';
import { Detector } from '../../../../../../../types';
Expand All @@ -23,9 +23,9 @@ export class DetectorSchedule extends React.Component<DetectorScheduleProps> {
render() {
return (
<>
<EuiTitle size="m">
<EuiText size="m">
<h3>Detector schedule</h3>
</EuiTitle>
</EuiText>
<EuiSpacer />
<Interval
schedule={this.props.detector.schedule}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,36 +3,88 @@
* SPDX-License-Identifier: Apache-2.0
*/

import React from 'react';
import { EuiCompressedCheckbox, EuiText, EuiTitle, htmlIdGenerator } from '@elastic/eui';
import React, { useMemo, useState } from 'react';
import {
EuiCallOut,
EuiCompressedCheckbox,
EuiLink,
EuiSpacer,
EuiText,
htmlIdGenerator,
} from '@elastic/eui';
import { buildRouteUrl } from '../../../../../../utils/helpers';
import { ROUTES, THREAT_INTEL_NAV_ID } from '../../../../../../utils/constants';

export interface ThreatIntelligenceProps {
isEdit: boolean;
threatIntelChecked: boolean;
onThreatIntelChange: (checked: boolean) => void;
}

export const ThreatIntelligence: React.FC<ThreatIntelligenceProps> = ({
threatIntelChecked,
onThreatIntelChange,
isEdit,
}) => {
const [shouldShowEditUI] = useState(isEdit && threatIntelChecked);
const threatIntelUrl = useMemo(() => {
return buildRouteUrl(THREAT_INTEL_NAV_ID, ROUTES.THREAT_INTEL_OVERVIEW);
}, []);

return (
<>
<EuiTitle size="m">
<h3>Threat intelligence feeds</h3>
</EuiTitle>
{!shouldShowEditUI && (
<>
<EuiText size="m">
<h3>Threat intelligence feeds</h3>
</EuiText>
<EuiText size="s">
<p>
To match your data source against known indicators of compromise configure logs scan
with threat intel sources on the{' '}
<EuiLink target="_blank" href={threatIntelUrl}>
Threat intelligence
</EuiLink>{' '}
page.
</p>
</EuiText>
</>
)}
{shouldShowEditUI && (
<>
<EuiText size="m">
<h3>Threat intelligence feeds</h3>
</EuiText>

<EuiText size="s">
<p>
Match your data source against known malicious IP-addresses. Available for standard log
types only.
</p>
</EuiText>
<EuiCompressedCheckbox
id={htmlIdGenerator()()}
label="Enable threat intelligence-based detection"
checked={threatIntelChecked}
onChange={(e) => onThreatIntelChange(e.target.checked)}
/>
<EuiText size="s">
<p>
Match your data source against known malicious IP-addresses. Available for standard
log types only.
</p>
</EuiText>
<EuiSpacer size="s" />
<EuiCallOut
size="s"
title={
<p>
To match your data against known indicators of compromise we recommend configuring
scan using the new{' '}
<EuiLink target="_blank" href={threatIntelUrl}>
Threat Intelligence
</EuiLink>{' '}
platform and disabling threat intelligence in the detector.
</p>
}
/>
<EuiSpacer size="s" />
<EuiCompressedCheckbox
id={htmlIdGenerator()()}
label="Enable threat intelligence-based detection"
checked={threatIntelChecked}
onChange={(e) => onThreatIntelChange(e.target.checked)}
/>
</>
)}
</>
);
};
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ export default class DefineDetector extends Component<DefineDetectorProps, Defin
const newDetector: Detector = {
...this.state.detector,
detector_type: detectorType,
threat_intel_enabled: this.standardLogTypes.has(detectorType),
threat_intel_enabled: false,
};

this.updateDetectorCreationState(newDetector);
Expand Down Expand Up @@ -251,6 +251,7 @@ export default class DefineDetector extends Component<DefineDetectorProps, Defin

{this.standardLogTypes.has(detector_type) && (
<ThreatIntelligence
isEdit={isEdit}
threatIntelChecked={threat_intel_enabled}
onThreatIntelChange={this.onThreatIntelligenceChanged}
/>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,17 @@
* SPDX-License-Identifier: Apache-2.0
*/

import { EuiSmallButton, EuiSpacer, EuiLink, EuiIcon, EuiText } from '@elastic/eui';
import { EuiSmallButton, EuiSpacer, EuiLink, EuiIcon, EuiText, EuiCallOut } from '@elastic/eui';
import React from 'react';
import { ContentPanel } from '../../../../components/ContentPanel';
import { createTextDetailsGroup, parseSchedule } from '../../../../utils/helpers';
import { buildRouteUrl, createTextDetailsGroup, parseSchedule } from '../../../../utils/helpers';
import moment from 'moment';
import { DEFAULT_EMPTY_DATA, logTypesWithDashboards } from '../../../../utils/constants';
import {
DEFAULT_EMPTY_DATA,
logTypesWithDashboards,
ROUTES,
THREAT_INTEL_NAV_ID,
} from '../../../../utils/constants';
import { Detector } from '../../../../../types';
import { getLogTypeLabel } from '../../../LogTypes/utils/helpers';

Expand Down Expand Up @@ -51,7 +56,10 @@ export const DetectorBasicDetailsView: React.FC<DetectorBasicDetailsViewProps> =
actions={
isEditable
? [
<EuiSmallButton onClick={onEditClicked} data-test-subj={'edit-detector-basic-details'}>
<EuiSmallButton
onClick={onEditClicked}
data-test-subj={'edit-detector-basic-details'}
>
Edit
</EuiSmallButton>,
]
Expand Down Expand Up @@ -101,6 +109,24 @@ export const DetectorBasicDetailsView: React.FC<DetectorBasicDetailsViewProps> =
{createTextDetailsGroup([
{ label: 'Threat intelligence', content: threat_intel_enabled ? 'Enabled' : 'Disabled' },
])}
{threat_intel_enabled && (
<EuiCallOut
size="s"
title={
<p>
To match your data against known indicators of compromise we recommend configuring
scan using the new{' '}
<EuiLink
target="_blank"
href={buildRouteUrl(THREAT_INTEL_NAV_ID, ROUTES.THREAT_INTEL_OVERVIEW)}
>
Threat Intelligence
</EuiLink>{' '}
platform and disabling threat intelligence in the detector.
</p>
}
/>
)}
{rulesCanFold ? children : null}
</ContentPanel>
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -295,6 +295,7 @@ export const UpdateDetectorBasicDetails: React.FC<UpdateDetectorBasicDetailsProp
<EuiSpacer size={'l'} />

<ThreatIntelligence
isEdit={true}
threatIntelChecked={detector.threat_intel_enabled}
onThreatIntelChange={onThreatIntelFeedToggle}
/>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1171,59 +1171,67 @@ exports[`<UpdateDetectorBasicDetails /> spec renders the component 1`] = `
/>
</EuiSpacer>
<ThreatIntelligence
isEdit={true}
onThreatIntelChange={[Function]}
>
<EuiTitle
<EuiText
size="m"
>
<h3
className="euiTitle euiTitle--medium"
<div
className="euiText euiText--medium"
>
Threat intelligence feeds
</h3>
</EuiTitle>
<h3>
Threat intelligence feeds
</h3>
</div>
</EuiText>
<EuiText
size="s"
>
<div
className="euiText euiText--small"
>
<p>
Match your data source against known malicious IP-addresses. Available for standard log types only.
To match your data source against known indicators of compromise configure logs scan with threat intel sources on the
<EuiLink
href="#/threat-intel"
target="_blank"
>
<a
className="euiLink euiLink--primary"
href="#/threat-intel"
rel="noopener noreferrer"
target="_blank"
>
Threat intelligence
<EuiIcon
aria-label="External link"
className="euiLink__externalIcon"
size="s"
type="popout"
>
EuiIconMock
</EuiIcon>
<EuiScreenReaderOnly>
<span
className="euiScreenReaderOnly"
>
<EuiI18n
default="(opens in a new tab or window)"
token="euiLink.newTarget.screenReaderOnlyText"
>
(opens in a new tab or window)
</EuiI18n>
</span>
</EuiScreenReaderOnly>
</a>
</EuiLink>
page.
</p>
</div>
</EuiText>
<EuiCompressedCheckbox
checked={false}
compressed={true}
disabled={false}
id="some_html_id"
indeterminate={false}
label="Enable threat intelligence-based detection"
onChange={[Function]}
>
<div
className="euiCheckbox euiCheckbox--compressed"
>
<input
checked={false}
className="euiCheckbox__input"
disabled={false}
id="some_html_id"
onChange={[Function]}
type="checkbox"
/>
<div
className="euiCheckbox__square"
/>
<label
className="euiCheckbox__label"
htmlFor="some_html_id"
>
Enable threat intelligence-based detection
</label>
</div>
</EuiCompressedCheckbox>
</ThreatIntelligence>
<EuiSpacer
size="l"
Expand Down Expand Up @@ -1419,15 +1427,17 @@ exports[`<UpdateDetectorBasicDetails /> spec renders the component 1`] = `
}
onDetectorScheduleChange={[Function]}
>
<EuiTitle
<EuiText
size="m"
>
<h3
className="euiTitle euiTitle--medium"
<div
className="euiText euiText--medium"
>
Detector schedule
</h3>
</EuiTitle>
<h3>
Detector schedule
</h3>
</div>
</EuiText>
<EuiSpacer>
<div
className="euiSpacer euiSpacer--l"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,7 @@
*/

import React, { useMemo } from 'react';
import {
EuiHorizontalRule,
EuiLink,
EuiPanel,
EuiSpacer,
EuiSteps,
EuiText,
} from '@elastic/eui';
import { EuiHorizontalRule, EuiLink, EuiPanel, EuiSpacer, EuiSteps, EuiText } from '@elastic/eui';
import { EuiContainedStepProps } from '@elastic/eui/src/components/steps/steps';
import {
BREADCRUMBS,
Expand Down
14 changes: 12 additions & 2 deletions public/pages/Overview/containers/Overview/Overview.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,11 @@ export const Overview: React.FC<OverviewProps> = (props) => {
const isSecurityAnalyticsUseCase = currentNavGroup?.id === SECURITY_ANALYTICS_USE_CASE_ID;

useEffect(() => {
setBreadcrumbs(isSecurityAnalyticsUseCase ? [ BREADCRUMBS.OVERVIEW] : [{...BREADCRUMBS.OVERVIEW, text: 'Security Analytics overview'}]);
setBreadcrumbs(
isSecurityAnalyticsUseCase
? [BREADCRUMBS.OVERVIEW]
: [{ ...BREADCRUMBS.OVERVIEW, text: 'Security Analytics overview' }]
);
overviewViewModelActor.registerRefreshHandler(updateState, true /* allowPartialResults */);
overviewViewModelActor.registerRefreshHandler(
onLoadingComplete,
Expand Down Expand Up @@ -273,7 +277,13 @@ export const Overview: React.FC<OverviewProps> = (props) => {
<EuiFlexGroup gutterSize="m">
{getOverviewsCardsProps().map((p, idx) => (
<EuiFlexItem key={idx}>
<EuiCard {...p} layout="vertical" textAlign="left" titleElement='h4' titleSize='s'/>
<EuiCard
{...p}
layout="vertical"
textAlign="left"
titleElement="h4"
titleSize="s"
/>
</EuiFlexItem>
))}
</EuiFlexGroup>
Expand Down
2 changes: 0 additions & 2 deletions public/utils/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -320,5 +320,3 @@ const LocalCluster: DataSourceOption = {
export const dataSourceObservable = new BehaviorSubject<DataSourceOption>({});

export const DATA_SOURCE_NOT_SET_ERROR = 'Data source is not set';


Loading

0 comments on commit 251e695

Please sign in to comment.