From 8931358251878e9ea2c0b490caf601143c1cb467 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 18 Dec 2024 23:41:26 +0000 Subject: [PATCH] Remove threat intel checkbox detector creation (#1232) * removed threat intel from detector creation Signed-off-by: Amardeepsingh Siglani * fixed trigger edit; show callout in detector details view Signed-off-by: Amardeepsingh Siglani * work in progress Signed-off-by: Amardeepsingh Siglani * updated logic Signed-off-by: Amardeepsingh Siglani * removed unused prop Signed-off-by: Amardeepsingh Siglani * simplified changes Signed-off-by: Amardeepsingh Siglani * updated snapshot Signed-off-by: Amardeepsingh Siglani --------- Signed-off-by: Amardeepsingh Siglani (cherry picked from commit 251e69591e87642250e77e7c903c4ef657586b4a) Signed-off-by: github-actions[bot] --- .../DetectorSchedule/DetectorSchedule.tsx | 6 +- .../ThreatIntelligence/ThreatIntelligence.tsx | 86 ++++++++++++---- .../containers/DefineDetector.tsx | 3 +- .../DetectorBasicDetailsView.tsx | 34 ++++++- .../UpdateBasicDetails/UpdateBasicDetails.tsx | 1 + .../UpdateDetectorBasicDetails.test.tsx.snap | 98 ++++++++++--------- .../GettingStarted/GettingStartedContent.tsx | 9 +- .../Overview/containers/Overview/Overview.tsx | 14 ++- public/utils/constants.ts | 2 - public/utils/helpers.tsx | 11 +++ 10 files changed, 183 insertions(+), 81 deletions(-) diff --git a/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/DetectorSchedule.tsx b/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/DetectorSchedule.tsx index 0bafe87e..c55a6417 100644 --- a/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/DetectorSchedule.tsx +++ b/public/pages/CreateDetector/components/DefineDetector/components/DetectorSchedule/DetectorSchedule.tsx @@ -4,7 +4,7 @@ */ import React from 'react'; -import { EuiSpacer, EuiTitle } from '@elastic/eui'; +import { EuiSpacer, EuiText } from '@elastic/eui'; import { PeriodSchedule } from '../../../../../../../models/interfaces'; import { Interval } from './Interval'; import { Detector } from '../../../../../../../types'; @@ -23,9 +23,9 @@ export class DetectorSchedule extends React.Component { render() { return ( <> - +

Detector schedule

-
+ void; } @@ -14,25 +24,67 @@ export interface ThreatIntelligenceProps { export const ThreatIntelligence: React.FC = ({ threatIntelChecked, onThreatIntelChange, + isEdit, }) => { + const [shouldShowEditUI] = useState(isEdit && threatIntelChecked); + const threatIntelUrl = useMemo(() => { + return buildRouteUrl(THREAT_INTEL_NAV_ID, ROUTES.THREAT_INTEL_OVERVIEW); + }, []); + return ( <> - -

Threat intelligence feeds

-
+ {!shouldShowEditUI && ( + <> + +

Threat intelligence feeds

+
+ +

+ To match your data source against known indicators of compromise configure logs scan + with threat intel sources on the{' '} + + Threat intelligence + {' '} + page. +

+
+ + )} + {shouldShowEditUI && ( + <> + +

Threat intelligence feeds

+
- -

- Match your data source against known malicious IP-addresses. Available for standard log - types only. -

-
- onThreatIntelChange(e.target.checked)} - /> + +

+ Match your data source against known malicious IP-addresses. Available for standard + log types only. +

+
+ + + To match your data against known indicators of compromise we recommend configuring + scan using the new{' '} + + Threat Intelligence + {' '} + platform and disabling threat intelligence in the detector. +

+ } + /> + + onThreatIntelChange(e.target.checked)} + /> + + )} ); }; diff --git a/public/pages/CreateDetector/components/DefineDetector/containers/DefineDetector.tsx b/public/pages/CreateDetector/components/DefineDetector/containers/DefineDetector.tsx index bad21041..a356673c 100644 --- a/public/pages/CreateDetector/components/DefineDetector/containers/DefineDetector.tsx +++ b/public/pages/CreateDetector/components/DefineDetector/containers/DefineDetector.tsx @@ -146,7 +146,7 @@ export default class DefineDetector extends Component diff --git a/public/pages/Detectors/components/DetectorBasicDetailsView/DetectorBasicDetailsView.tsx b/public/pages/Detectors/components/DetectorBasicDetailsView/DetectorBasicDetailsView.tsx index 683397fd..1b2d3627 100644 --- a/public/pages/Detectors/components/DetectorBasicDetailsView/DetectorBasicDetailsView.tsx +++ b/public/pages/Detectors/components/DetectorBasicDetailsView/DetectorBasicDetailsView.tsx @@ -3,12 +3,17 @@ * SPDX-License-Identifier: Apache-2.0 */ -import { EuiSmallButton, EuiSpacer, EuiLink, EuiIcon, EuiText } from '@elastic/eui'; +import { EuiSmallButton, EuiSpacer, EuiLink, EuiIcon, EuiText, EuiCallOut } from '@elastic/eui'; import React from 'react'; import { ContentPanel } from '../../../../components/ContentPanel'; -import { createTextDetailsGroup, parseSchedule } from '../../../../utils/helpers'; +import { buildRouteUrl, createTextDetailsGroup, parseSchedule } from '../../../../utils/helpers'; import moment from 'moment'; -import { DEFAULT_EMPTY_DATA, logTypesWithDashboards } from '../../../../utils/constants'; +import { + DEFAULT_EMPTY_DATA, + logTypesWithDashboards, + ROUTES, + THREAT_INTEL_NAV_ID, +} from '../../../../utils/constants'; import { Detector } from '../../../../../types'; import { getLogTypeLabel } from '../../../LogTypes/utils/helpers'; @@ -51,7 +56,10 @@ export const DetectorBasicDetailsView: React.FC = actions={ isEditable ? [ - + Edit , ] @@ -101,6 +109,24 @@ export const DetectorBasicDetailsView: React.FC = {createTextDetailsGroup([ { label: 'Threat intelligence', content: threat_intel_enabled ? 'Enabled' : 'Disabled' }, ])} + {threat_intel_enabled && ( + + To match your data against known indicators of compromise we recommend configuring + scan using the new{' '} + + Threat Intelligence + {' '} + platform and disabling threat intelligence in the detector. +

+ } + /> + )} {rulesCanFold ? children : null} ); diff --git a/public/pages/Detectors/components/UpdateBasicDetails/UpdateBasicDetails.tsx b/public/pages/Detectors/components/UpdateBasicDetails/UpdateBasicDetails.tsx index 4bf7c284..a74976b3 100644 --- a/public/pages/Detectors/components/UpdateBasicDetails/UpdateBasicDetails.tsx +++ b/public/pages/Detectors/components/UpdateBasicDetails/UpdateBasicDetails.tsx @@ -295,6 +295,7 @@ export const UpdateDetectorBasicDetails: React.FC diff --git a/public/pages/Detectors/components/UpdateBasicDetails/__snapshots__/UpdateDetectorBasicDetails.test.tsx.snap b/public/pages/Detectors/components/UpdateBasicDetails/__snapshots__/UpdateDetectorBasicDetails.test.tsx.snap index 6c0bbb94..2e2d68e6 100644 --- a/public/pages/Detectors/components/UpdateBasicDetails/__snapshots__/UpdateDetectorBasicDetails.test.tsx.snap +++ b/public/pages/Detectors/components/UpdateBasicDetails/__snapshots__/UpdateDetectorBasicDetails.test.tsx.snap @@ -1171,17 +1171,20 @@ exports[` spec renders the component 1`] = ` />
- -

- Threat intelligence feeds -

-
+

+ Threat intelligence feeds +

+ + @@ -1189,41 +1192,46 @@ exports[` spec renders the component 1`] = ` className="euiText euiText--small" >

- Match your data source against known malicious IP-addresses. Available for standard log types only. + To match your data source against known indicators of compromise configure logs scan with threat intel sources on the + + + + Threat intelligence + + EuiIconMock + + + + + (opens in a new tab or window) + + + + + + + page.

- -
- -
- -
- spec renders the component 1`] = ` } onDetectorScheduleChange={[Function]} > - -

- Detector schedule -

-
+

+ Detector schedule +

+
+
= (props) => { const isSecurityAnalyticsUseCase = currentNavGroup?.id === SECURITY_ANALYTICS_USE_CASE_ID; useEffect(() => { - setBreadcrumbs(isSecurityAnalyticsUseCase ? [ BREADCRUMBS.OVERVIEW] : [{...BREADCRUMBS.OVERVIEW, text: 'Security Analytics overview'}]); + setBreadcrumbs( + isSecurityAnalyticsUseCase + ? [BREADCRUMBS.OVERVIEW] + : [{ ...BREADCRUMBS.OVERVIEW, text: 'Security Analytics overview' }] + ); overviewViewModelActor.registerRefreshHandler(updateState, true /* allowPartialResults */); overviewViewModelActor.registerRefreshHandler( onLoadingComplete, @@ -273,7 +277,13 @@ export const Overview: React.FC = (props) => { {getOverviewsCardsProps().map((p, idx) => ( - + ))} diff --git a/public/utils/constants.ts b/public/utils/constants.ts index 87e36ea2..25ab3da8 100644 --- a/public/utils/constants.ts +++ b/public/utils/constants.ts @@ -320,5 +320,3 @@ const LocalCluster: DataSourceOption = { export const dataSourceObservable = new BehaviorSubject({}); export const DATA_SOURCE_NOT_SET_ERROR = 'Data source is not set'; - - diff --git a/public/utils/helpers.tsx b/public/utils/helpers.tsx index 14527df3..ff3ba0b6 100644 --- a/public/utils/helpers.tsx +++ b/public/utils/helpers.tsx @@ -70,6 +70,7 @@ import { getUseUpdatedUx, setBrowserServices, getDataSourceManagementPlugin, + getApplication, } from '../services/utils/constants'; import DetectorsService from '../services/DetectorService'; import CorrelationService from '../services/CorrelationService'; @@ -84,6 +85,7 @@ import semver from 'semver'; import * as pluginManifest from '../../opensearch_dashboards.json'; import { DataSourceThreatAlertsCard } from '../components/DataSourceThreatAlertsCard/DataSourceThreatAlertsCard'; import { DataSourceAttributes } from '../../../../src/plugins/data_source/common/data_sources'; +import { RouteComponentProps } from 'react-router-dom'; export const parseStringsToOptions = (strings: string[]) => { return strings.map((str) => ({ id: str, label: str })); @@ -770,3 +772,12 @@ export function initializeServices(coreStart: CoreStart, indexPattern: CoreIndex setBrowserServices(services); DataStore.init(services, coreStart.notifications); } + +export const buildRouteUrl = (appId: string, route: string) => { + const useUpdatedUx = getUseUpdatedUx(); + if (useUpdatedUx) { + return getApplication().getUrlForApp(appId, { path: `#${route}` }); + } else { + return `#${route}`; + } +};