Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Epic] [Security Solution] One Discover Custom Cell Rendering for Security Solution #186783

Open
2 of 4 tasks
logeekal opened this issue Jun 24, 2024 · 1 comment
Open
2 of 4 tasks

[Epic] [Security Solution] One Discover Custom Cell Rendering for Security Solution #186783

logeekal opened this issue Jun 24, 2024 · 1 comment
Assignees
@logeekal
Labels
epic Feature:Discover in Security Team:Threat Hunting:Investigations Security Solution Investigations Team triage_needed
Milestone
8.17

Comments

@logeekal
Copy link
Contributor

logeekal commented Jun 24, 2024
edited
Loading

Blockers 🔴

  • Do we need kibana.alert.rule.name as Link to a Flyout or as a redirection ? [ Yes, we will want Rule Name to act as link to the rule details page so that users can navigate appropriately. ]
  • Do we need to customize kibana.alert.severity to show as badges ? [ Anyways an enhancement. Ask Paul but we can move forward without it as well. ]

🔴 Open questions

  • What happens when there is no metadata available record.
    • Yes, we do show the flyout with basic JSON and Table tab.
      • There are 2 options to go about it, we can simple returns discover's flyout in the extension point when metadata is not available. See if there is that capability available.

Describe the feature:

According to the One Discover Program, Discover now has a support for custom cell Rendering in Unified Data Table. This enabled security solution to provide a consistent experience to its users.

Note

This issue is only applicable to representation of the table cells and not the Security Cell Actions.

Dependencies
Preview Give feedback
  1. [Security Solution] Implement Expandable Flyout in One Discover Cell Renderer Extension #189151
    Feature:Discover in Security Team:Threat Hunting:Investigations
    logeekal
  2. [Security Solution] Implement Host/User/IP Flyouts in One Discover #191998
    Feature:Discover in Security Team:Threat Hunting:Investigations
    logeekal
  3. [Security Solution ] Add One Discover hover actions to above entity Flyouts #196667
    Feature:Discover in Security Team:Threat Hunting:Investigations
    logeekal
  4. [Security Solution] Entity Flyout navigation to Document viewer flyout #199660
    Feature:Discover in Security Team:Threat Hunting:Investigations
    logeekal

Entity Flyout Interactions

  1. Link to HostName/User name leads to new tab with corresponding Entity details.

Hover Actions on Observed Data

  1. Filter In
  2. Filter Out
  3. TopN
  4. Copy to Clipboard
  5. Toggle Column in Table

Expandable Section

  1. Risk Contribution
  • This Leads to Alert Listing and further Alert Actions such as
  • Alert Detail
  • Add to New/Existing Case

Preview Section

  1. Alert Details
    • Can lead to complete Alert Flyout ( Refer to Alert Flyout Ticket )

🟡 Caveats

  1. There are some actions within cell flyouts such as Host Details flyout where user can perform actions on certain entities.
    • Until Discover enables the ability to add those actions, those actions should be disabled.
      host_details_flyout_actions mov

✅ Acceptance Criteria

Below columns in Unified Data table should custmized as given below and very similar to how they are today in security solution.

host.name

  • Should be a link
  • Should open a Entity Flyout for hosts.
  • Ability to change Asset Criticality in Flyouts

user.name

  • Should be a link
  • Should open a Entity Flyout for hosts.
  • Ability to change Asset Criticality in Flyouts

source.ip

  • Should be a link
  • Should open a Entity Flyout for hosts.

destination.ip

  • Should be a link
  • Should open a Entity Flyredout for hosts.

kibana.alert.rule.name

  • should be link to Entity Flyout for Rule? ( Create as a separate ticket @logeekal )
@botelastic botelastic bot added the needs-team Issues missing a team label label Jun 24, 2024
@logeekal logeekal removed the needs-team Issues missing a team label label Jun 24, 2024
@botelastic botelastic bot added the needs-team Issues missing a team label label Jun 24, 2024
@logeekal logeekal added the Team:Threat Hunting:Investigations Security Solution Investigations Team label Jun 24, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Jun 24, 2024
@logeekal logeekal changed the title [Security Solution] Discover Custom Cell Rendering [Security Solution] One Discover Custom Cell Rendering Jul 22, 2024
@logeekal logeekal self-assigned this Jul 22, 2024
@logeekal logeekal changed the title [Security Solution] One Discover Custom Cell Rendering [Security Solution] [Epic] One Discover Custom Cell Rendering Jul 30, 2024
@logeekal logeekal added this to the 8.16 milestone Jul 30, 2024
This was referenced Aug 1, 2024
Merged
Closed
@logeekal logeekal changed the title [Security Solution] [Epic] One Discover Custom Cell Rendering [Security Solution] [Epic] One Discover Custom Cell Rendering for Security Solution Aug 1, 2024
logeekal added a commit that referenced this issue Aug 27, 2024
@logeekal @kibanamachine
[Security Solution] One Discover - Enable Security Solution Expandabl…
9293bc1 
…e Flyout in One Discover entities (#189633)

>[!Note]
> This Change is only applicable to Serverless Security Solution as of
now. In follow-up PRs, support will be added to ESS as well based
data-sources such as index or intergrations.
## Summary

Resolves #189151

This PR is foundation for the work described in
#186783. This just enables
expandable flyout for entity details, which is currently only used in
security solution, in discover as well.

As a part of **One Discover** work, we need to make sure that cell
rendering in Discover should behave exactly like it does in security
solution.

To enable this, a new `shared-browser` package
`@kbn/security-solution-common` in `x-pack/packages/security-solution`
has been created which can used to share components between `security
solution` and `discover`. Below is the usage pattern

```mermaid
flowchart TD
    disc-utils[@kbn/discover-utils] --> sscommon
    sscommon[@kbn/security-solution-common] --> ssplugin[security_solution]
    sscommon[@kbn/security-solution-common] --> discover[discover]
    disc-utils[@kbn/discover-utils] --> discover
```


## Desk Testing Guide.

1. Enable Security profile in serverless by adding below to `kibana.yml`

```yaml
discover.experimental.enabledProfiles: ['security-root-profile']
```

2. Load Some data

4. Navigate to discover and add `host.name` as one of the column.

5. Should open an expandable flyout as shown below.


https://github.com/user-attachments/assets/92b84c89-8769-45dd-bf7e-a9fe527fdcf0

## Code Review Guide

Most of the changes in the PR are code-organization. There are NO
changes in security solution but only the changes to import statements.

You can focus regarding the changes in below packages:

- x-pack/packages/security-solution/common
- packages/kbn-discover-utils
- packages/kbn-expandable-flyout

---------

Co-authored-by: kibanamachine <[email protected]>
@logeekal logeekal modified the milestones: 8.16, 8.17 Nov 11, 2024
@logeekal logeekal changed the title [Security Solution] [Epic] One Discover Custom Cell Rendering for Security Solution [Epic] [Security Solution] One Discover Custom Cell Rendering for Security Solution Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@logeekal logeekal

Labels
epic Feature:Discover in Security Team:Threat Hunting:Investigations Security Solution Investigations Team triage_needed
Projects
None yet
Milestone
8.17
Development

No branches or pull requests
2 participants
@logeekal @elasticmachine