Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Update alert kpi to exclude closed alerts in document details flyout #200268

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[Security Solution] Update alert kpi to exclude closed alerts in document details flyout #200268

wants to merge 2 commits into from
+195 −181

Conversation

christineweng
Copy link
Contributor

@christineweng christineweng commented Nov 14, 2024
edited
Loading

Summary

This PR made some changes to the alert count API in document details flyout. Closed alerts are now removed when showing total count and distributions. Data fetching logic is updated to match the one used in host flyout (#197102).

Notable changes:

  • Closed alerts are now excluded
  • Number of alerts in alerts flyout should match the ones in host flyout
  • Clicking the number will open timeline with the specific entity and NOT kibana.alert.workflow_status: closed filters
  • If a host/user does not have active alerts (all closed), no distribution bar is shown
Screen.Recording.2024-11-14.at.4.05.08.PM.mov

Checklist

@christineweng christineweng added this to the 8.17 milestone Nov 14, 2024
@christineweng christineweng self-assigned this Nov 14, 2024
@christineweng christineweng marked this pull request as ready for review November 14, 2024 22:16
@christineweng christineweng requested a review from a team as a code owner November 14, 2024 22:16
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

PhilippeOberti
PhilippeOberti approved these changes Nov 14, 2024
View reviewed changes
Copy link
Contributor

@PhilippeOberti PhilippeOberti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for bringing the consistent behavior between the entity and the alerts details flyout. Desk tested and code LGTM!

oas_docs/output/kibana.serverless.yaml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you know why there are changes to this file? I see that these were introduced by an auto CI commit... weird...

@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 14, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] Jest Tests #5 / distribution bar insights should not render if no data is available
  • [job] [logs] Jest Tests #5 / distribution bar insights should not render if no data is available
  • [job] [logs] Jest Tests #5 / distribution bar insights should not render if no data is available
  • [job] [logs] Jest Tests #5 / distribution bar insights should not render if no data is available
  • [job] [logs] Jest Tests #5 / distribution bar insights should not render if no data is available
  • [job] [logs] Jest Tests #5 / distribution bar insights should not render if no data is available
  • [job] [logs] Jest Tests #5 / distribution bar insights should not render if no data is available
  • [job] [logs] Jest Tests #5 / distribution bar insights should not render if no data is available
  • [job] [logs] FTR Configs #96 / Screenshots - serverless observability UI response ops docs observability cases Observability case settings case settings screenshots
  • [job] [logs] FTR Configs #1 / serverless search UI Elasticsearch Start [Onboarding Empty State] developer should show the api key in code view
  • [job] [logs] FTR Configs #1 / serverless search UI Elasticsearch Start [Onboarding Empty State] developer should show the api key in code view

Metrics [docs]

‼️ ERROR: no builds found for mergeBase sha [16127fc]

History

cc @christineweng

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PhilippeOberti PhilippeOberti PhilippeOberti approved these changes

Assignees

@christineweng christineweng

Labels
backport release_note:enhancement Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team v8.17.0 v9.0.0
Projects
None yet
Milestone
8.17
Development

Successfully merging this pull request may close these issues.
4 participants
@christineweng @elasticmachine @PhilippeOberti @kibanamachine