[Security Solution] Severity level chart on Alerts page #146938

christineweng · 2022-12-03T00:49:56Z

Summary

Capabilities added

Additional 'Charts' drop down on Alerts page
A table and a donut chart that shows severity level composition
Filter capabilities when donut is clicked or when hovering to the Levels column

Feature flag: alertsPageChartsEnabled

Screen.Recording.2022-12-07.at.12.21.35.PM.mov

Checklist

Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
Unit or functional tests were updated or added to match the most common scenarios
Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)
This was checked for cross-browser compatibility

For maintainers

This was checked for breaking API changes and was labeled appropriately

severity charts draft add inspect and hover actions

…-fix'

…ana into 8.7_Alerts_Page_Charts

…-ref HEAD~1..HEAD --fix'

…_Charts

elasticmachine · 2022-12-08T16:06:26Z

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

elasticmachine · 2022-12-08T16:06:27Z

Pinging @elastic/security-solution (Team: SecuritySolution)

...ty_solution/public/detections/components/alerts_kpis/alerts_summary_charts_panel/columns.tsx

...s/components/alerts_kpis/alerts_summary_charts_panel/severity_donut/severity_level_chart.tsx

...rity_solution/public/detections/components/alerts_kpis/alerts_summary_charts_panel/index.tsx

...components/alerts_kpis/alerts_summary_charts_panel/severity_donut/use_severity_chart_data.ts

...olution/public/detections/components/alerts_kpis/alerts_summary_charts_panel/translations.ts

..._solution/public/detections/pages/detection_engine/chart_panels/chart_select/helpers.test.ts

jamster10

Reviewed for @elastic/security-threat-hunting-explore. Looks great. Thanks Christine!

kqualters-elastic

Made most of my comments on zoom, but looks good! Some of these types might be reused in the wider security solution, but can come back to that if needed, they are relatively simple anyway. LGTM 👍

kibana-ci · 2022-12-12T21:20:15Z

💚 Build Succeeded

Buildkite Build
Commit: 4b39057

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
`securitySolution`	3386	3392	+6

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
`securitySolution`	10.1MB	10.1MB	+6.5KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
`securitySolution`	50.5KB	50.5KB	+27.0B

Unknown metric groups

ESLint disabled in files

id	before	after	diff
`osquery`	1	2	+1

ESLint disabled line counts

id	before	after	diff
`enterpriseSearch`	19	21	+2
`fleet`	60	66	+6
`osquery`	109	115	+6
`securitySolution`	445	451	+6
total			+20

Total ESLint disabled count

id	before	after	diff
`enterpriseSearch`	20	22	+2
`fleet`	69	75	+6
`osquery`	110	117	+7
`securitySolution`	521	527	+6
total			+21

History

💚 Build #94123 succeeded 3fc4b9d
💔 Build #93798 failed 945e279
💔 Build #93796 failed d12a713
💔 Build #93451 failed 4f0745e
💔 Build #93399 failed ab014ac
💚 Build #92918 succeeded cdd0c96

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @christineweng

## Summary This PR is a part 2 of #146938 that populates the remaining 2 charts for the summary section on Alerts Page. Capabilities added - Alerts by type: alert count by rule and by type (prevention vs. detection) - Top alerts: top 10 alert grouping based on user selected drop down Changes from previous PR - Refactor `useSeverityChartData` to `useSummaryChartData` so that it can be used by all 3 charts to fetch data - Move `SeverityLevel` chart up one level to `alerts_kpi` folder to better isolate components for testing. Feature flag: `alertsPageChartsEnabled` ![image](https://user-images.githubusercontent.com/18648970/213945018-57a15c60-ed53-4e86-90f5-c1909e88420d.png) ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) Co-authored-by: Kibana Machine <[email protected]>

## Summary This PR is a part 2 of elastic#146938 that populates the remaining 2 charts for the summary section on Alerts Page. Capabilities added - Alerts by type: alert count by rule and by type (prevention vs. detection) - Top alerts: top 10 alert grouping based on user selected drop down Changes from previous PR - Refactor `useSeverityChartData` to `useSummaryChartData` so that it can be used by all 3 charts to fetch data - Move `SeverityLevel` chart up one level to `alerts_kpi` folder to better isolate components for testing. Feature flag: `alertsPageChartsEnabled` ![image](https://user-images.githubusercontent.com/18648970/213945018-57a15c60-ed53-4e86-90f5-c1909e88420d.png) ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) Co-authored-by: Kibana Machine <[email protected]>

…150242) ## Summary This PR is part 3 of #149173 and #146938 that add additional KPI visualizations to the Alerts page. #### Capabilities added Charts menu: changed from a drop down selection to tabs format, with wording that better describe the usage of each charts Chart collapse: when the toggle is collapsed, instead of showing the same menu options, a summary of the KPIs are shown. Feature flag: `alertsPageChartsEnabled` is set to true by default #### Changes from previous PR Before this PR, each chart (trend, tree map etc.) keeps its own state of toggle status. This is no longer suitable because the new layout does not show options when collapsed. This PR also moves the toggle status to be at the chart panel's level, and be passed down to each chart component. One exception is the histogram (trend analysis), it is currently being used in alerts detail page and overview dashboard, hence it needs to keep track of toggle state on its own. #### When charts are expanded ![image](https://user-images.githubusercontent.com/18648970/216714087-a872cdeb-5d69-40fd-a392-4130ad6c925c.png) #### When collapsed and has data ![image](https://user-images.githubusercontent.com/18648970/216714168-e4d72ca2-b214-48d8-9182-932927c0b473.png) #### When collapsed with no data ![image](https://user-images.githubusercontent.com/18648970/216714250-628b96d2-6380-4999-a2a6-ed22eb0d8791.png) ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

christineweng and others added 8 commits November 28, 2022 18:06

set up charts panel and placehoders

7691ea6

add severity donut structure

abafdf1

severity charts draft add inspect and hover actions

clean up

1eca557

Merge branch 'main' into 8.7_Alerts_Page_Charts

733199c

[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…

88ddf74

…-fix'

add interaction, fix CI

ca1fffb

Merge branch '8.7_Alerts_Page_Charts' of github.com:christineweng/kib…

2e200fa

…ana into 8.7_Alerts_Page_Charts

fix CI

cdd0c96

christineweng self-assigned this Dec 6, 2022

christineweng and others added 4 commits December 7, 2022 12:52

add unit tests

6194538

[CI] Auto-commit changed files from 'node scripts/precommit_hook.js -…

ab014ac

…-ref HEAD~1..HEAD --fix'

Merge branch 'main' of github.com:elastic/kibana into 8.7_Alerts_Page…

867e3ba

…_Charts

Merge branch 'main' into 8.7_Alerts_Page_Charts

4f0745e

christineweng marked this pull request as ready for review December 8, 2022 16:06

christineweng requested review from a team as code owners December 8, 2022 16:06

christineweng added 3 commits December 8, 2022 17:26

clean up tests, move severity donut into its own folder

5d17e45

clean up tests, move severity donut into its own folder

d12a713

fix reference

945e279

christineweng removed the request for review from a team December 8, 2022 23:40