[Contextual Security] add relationship node type for entity graph#249479
[Contextual Security] add relationship node type for entity graph#249479alexreal1314 merged 15 commits intoelastic:mainfrom
Conversation
add RelationshipNode component with dedicated styling add EventsAndEntityRelationships story demonstrating events and entity relationships update related schemas and add unit tests for RelationshipNode component update graph popover story with entity relationship options
|
Pinging @elastic/contextual-security-apps (Team:Cloud Security) |
kfirpeled
left a comment
There was a problem hiding this comment.
Some misalignments from the design
- We should not show the arrow marker when the edge comes to the relationship
- The edge should stretch to the node - see gaps of few pixels
- The edge color of relationships has a different color in the design
While the width of the relationships is aligned with the width of events/alerts nodes, the edge curve of relationships is not aligned with the curve of events/alerts.
| schema.literal('diamond'), | ||
| schema.literal('label'), | ||
| schema.literal('group'), | ||
| schema.literal('relationship'), |
There was a problem hiding this comment.
Just a side note, the naming convention here is not aligned with the current design. However, I'm thinking to propose a new change to the existing node's names.
Instead of shape, we will have element type: relationship/entity/event/stack.
So I'm ok with keeping it now as it is.
There was a problem hiding this comment.
"relationship" sounds very business-domain specific to me, though I don't have a better suggestion.
On the other hand, I like the idea of future renaming label nodes to event, since we also have labels in each node
There was a problem hiding this comment.
I agree with both comments - right now we are coupling shape with node type. As I see it we should have the following:
- node.type = element type - as mentioned @kfirpeled
relationship/entity/event/stack. - one of the node params should be the shape. so we could reuse the component to display similar types - although need to check if its possible without major changes.
this would also require us to return additional property for each node - type.
For now i would leave current behavior and do it in a separate task.
| schema.object({ | ||
| shape: schema.literal('relationship'), | ||
| color: nodeColorSchema, | ||
| parentId: schema.maybe(schema.string()), |
There was a problem hiding this comment.
I'm not sure we would like to stack relationships - worth to double check with design
There was a problem hiding this comment.
decided to support stacked nodes for relationships as well.
There was a problem hiding this comment.
depending on the proposed design - we could add more fields such as count and documentsData as a placeholder to store entities data if we decide to add some popover menu actions later.
There was a problem hiding this comment.
@kfirpeled as discussed in the sync - we are going to show relationship nodes in stacked groupes as well.
There was a problem hiding this comment.
Since then I think we reverted that decision not to stack.. anyway. Lets leave it here for now
There was a problem hiding this comment.
yes, I would leave it for now to see if all cases are covered - if not ill remove it.
...d-security-posture/graph/src/components/node/relationship_node/relationship_node.stories.tsx
Outdated
Show resolved
Hide resolved
| label: { | ||
| control: { type: 'text' }, | ||
| }, | ||
| interactive: { |
There was a problem hiding this comment.
When interactive is false - the element is still clickable and have an effect.
While It shouldn't be interactive to mouse clicks
There was a problem hiding this comment.
we have the same effect today for every node, its not movable but there is a click effect.
Screen.Recording.2026-01-18.at.22.16.41.mov
There was a problem hiding this comment.
Yep, that's a bug.. shouldn't happen
There was a problem hiding this comment.
fixed for all node types.
fixed, there is still slight misalignment which happen in a specific case - in the middle child which is an existing issue. 
ill try to investigate it a bit, but probably will create a separate ticket for that. |
| schema.literal('diamond'), | ||
| schema.literal('label'), | ||
| schema.literal('group'), | ||
| schema.literal('relationship'), |
There was a problem hiding this comment.
"relationship" sounds very business-domain specific to me, though I don't have a better suggestion.
On the other hand, I like the idea of future renaming label nodes to event, since we also have labels in each node
.../solutions/security/packages/kbn-cloud-security-posture/graph/src/components/graph/graph.tsx
Outdated
Show resolved
Hide resolved
| export const TEST_SUBJ_HANDLE = 'relationship-node-handle'; | ||
| export const TEST_SUBJ_HOVER_OUTLINE = 'relationship-node-hover-outline'; | ||
| export const TEST_SUBJ_TOOLTIP = 'relationship-node-tooltip'; | ||
| export const TEST_SUBJ_LABEL_TEXT = 'relationship-node-text'; |
There was a problem hiding this comment.
nit: Move this to the test_ids.ts file? I think we keep these test ids locally for <Ips> and <CountryFlags> but they were the only exceptions and we're doing the same here (very minor comment)
x-pack/solutions/security/packages/kbn-cloud-security-posture/graph/src/components/utils.ts
Outdated
Show resolved
Hide resolved
...ions/security/packages/kbn-cloud-security-posture/graph/src/components/edge/default_edge.tsx
Outdated
Show resolved
Hide resolved
...ity/packages/kbn-cloud-security-posture/graph/src/components/graph/graph_popover.stories.tsx
Outdated
Show resolved
Hide resolved
albertoblaz
left a comment
There was a problem hiding this comment.
Question: How does relationship nodes work with grouping? What if we have multiple relationships between 2 grouped entity nodes? Asking because it seems there's no counter value rendered by the RelationshipNode component, and you added for now support for stacked relationships but it's still TBC by design.
We could have such case, I asked here about it. |
…d relationships update storybook unit tests
|
@kfirpeled As i currently work on the graph api to support relationships fetching and I used this branch as the base branch seems like the fields we defined for the relationship node edge are sufficient. If I encounter anything which is missing i'll add them as part of the subsequent PR. |
kfirpeled
left a comment
There was a problem hiding this comment.
Missing minimap support
| schema.object({ | ||
| shape: schema.literal('relationship'), | ||
| color: nodeColorSchema, | ||
| parentId: schema.maybe(schema.string()), |
There was a problem hiding this comment.
Since then I think we reverted that decision not to stack.. anyway. Lets leave it here for now
| label: { | ||
| control: { type: 'text' }, | ||
| }, | ||
| interactive: { |
There was a problem hiding this comment.
Yep, that's a bug.. shouldn't happen
There was a problem hiding this comment.
Not sure what can be a better name for LabelShape or LabelNodeContainer
it is being used as the label of the edge..
Connectoris one option you already used, which can be a good fit
There was a problem hiding this comment.
Yes, this is a good option to call it something like ConnectorNode once we do #249479 (comment) to render different types of connector nodes in a single ConnectorNode.
update minimap story and minimap unit tests
added, thanks. 
|
…ctive is false make the graph component refresh when interactive is toggled to reflect the changes
💛 Build succeeded, but was flaky
Failed CI StepsTest FailuresMetrics [docs]Module Count
Public APIs missing comments
Async chunks
History
|
…iew_cps * commit '3cd2ea4a515d8a0aafd32f75dc61f1cff892a4b0': Fix Failing test: APM Service overview - header filters (elastic#250355) [ES|QL] Small improvements on the editor (elastic#251004) [ES|QL] Refactor promql validation (elastic#250996) [ES|QL] Update the readme in esql-utils (elastic#251024) [ES|QL] Grouping functions as arguments to scalar functions (elastic#251015) [ES|QL] focus editor when user uses visor (elastic#251084) [Contextual Security] add relationship node type for entity graph (elastic#249479) [One Workflow] Fix email connector documentation: to field (elastic#251171)
Summary
Introduces a new "relationship" node type to the entity graph visualization, enabling the display of relationships between entities (e.g., "Owns", "Has Access") alongside event-based connections.
Key changes
RelationshipNodewith distinct dark styling to differentiate from event labelsisConnectorNodefor shared label/relationship node logicEventsAndEntityRelationshipsstory demonstrating a realistic AWS scenarioHow to test
node scripts/es snapshot --license trial -E path.data=../default -E reindex.remote.whitelist=kfir-graph-viz-wip-ba715e.es.eu-west-1.aws.qa.elastic.cloud:443 -E xpack.security.authc.api_key.enabled=trueyarn storybook cloud_security_posture_grapand check the following stories:a. Go to
Graph Components->Graph Layout->Events and Entity Relationships.b. Go to
Graph Components->Relationships Node.Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesbackport:*labels.Screenshots