Update Security Cell actions and default Cell actions to support multiple fields #159480
Labels
Feature:Cell Actions
Security Solution Cell Actions feature
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Threat Hunting:Explore
Team:Threat Hunting
Security Solution Threat Hunting Team
technical debt
Improvement of the software architecture and operational architecture
Comments
machadoum
added
Team:Threat Hunting
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
6 tasks
machadoum
added
the
technical debt
machadoum
added a commit
that referenced
this issue
Jun 22, 2023
…7243 (#157834) issue: #150347 ## Context Some Actions need to access `FieldSpec` data, which is not present on the `CellActions` API (`subType`and `isMapped`). So we are updating the `CellActions` `field` property to be compatible with `FieldSpec`. ## Summary This PR is the first step to fix #150347. * Updates the `CellActions` to support an array of data objects, each containing field (`FieldSpec`) and value * Create a new `SecurityCellActions` component that accepts a field name and loads `FieldSpec` from the Dataview. ## Examples Before: ```tsx <SecurityCellActions value={'admin'} field={{ name: 'user.name', type: 'keyword', searchable: true, aggregatable: true, ... }} /> ``` After: ```tsx <SecurityCellActions data={{ field: 'user.name', value: 'admin' }}/> ``` `SecurityCellActions` will load the spec from the Dataview and provide it to `CellActons`. `CellActons` now also support an of fields instead of only one field. It will be useful when rendering cell actions for aggregated data like on the Entity Analytic page. But for now, the actions are not supporting multiple values, we need to rewrite them #159480. ### Next steps We must refactor the Security Solution to get `FieldSpec` from the `DataView` instead of using BrowserFields. Ideally, we have to do that for every `CellAction` call so the actions can access the `subType` property. - [x] ~Refactor the Security Solution CellActions calls to get `FieldSpec` from the `DataView`~ - [x] Refactor data grid cell actions to get `FieldSpec` from the `DataView` - [ ] Rewrite actions to support multiple fields and use them on the investigation in timeline (.andFilters) - [ ] Fix #150347 using `subType` from `fieldSpec` - [ ] Fix #154714 using `isMapped` from `fieldSpec` ### Extra information *** Previously we were mixing `esTypes` and `kbnTypes`. For example, if the `esType` is a keyword the `kbnType` has to be a `string`. [Here](https://github.com/machadoum/kibana/blob/9799dbba27c5baf594357eae0bbfc79b4e7da77c/packages/kbn-field-types/src/types.ts#L22) you can check all possible ES and KBN types and [here](https://github.com/machadoum/kibana/blob/9799dbba27c5baf594357eae0bbfc79b4e7da77c/packages/kbn-field-types/src/kbn_field_types_factory.ts) you can see the mapping between esType and kbnType ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature:
PR #157834 updates the interface, and now the API supports multiple fields, but all currently implemented actions only work when only one field is provided. We need to update all of them.
Describe a specific use case for the feature:
This feature will be used on the entity analytics page and any other page displaying cell actions for an aggregated field. We must delete
andFiltersfrommetadatabecause it will become obsolete.The text was updated successfully, but these errors were encountered: