Security Solution] render session view in tools flyout in Security Solution and Discover#257543
Merged
PhilippeOberti merged 2 commits intoelastic:mainfrom Mar 24, 2026
Merged
Conversation
af75cf7 to
61e2b57
Compare
Contributor
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
61e2b57 to
2123a9c
Compare
2123a9c to
a1d96f9
Compare
DennisKo
reviewed
Mar 20, 2026
Contributor
DennisKo
left a comment
There was a problem hiding this comment.
looks good. just some clarifications.
| ] | ||
| ); | ||
|
|
||
| const closeDetails = useCallback(() => {}, []); |
Contributor
Author
There was a problem hiding this comment.
Yes, that prop is mandatory on the Session View component but we're not using it... I guess I could make a change on their end to make it optional, but that would require an approval from their end and I'd like to avoid that for now if possible?
| const alertsIndex = useMemo(() => selectedPatterns.join(','), [selectedPatterns]); | ||
|
|
||
| const onShowAlertDetails = useCallback( | ||
| (alertId: string) => { |
Contributor
There was a problem hiding this comment.
isnt this defined das onShowAlertDetails: (alertId: string, alertIndex: string) => void; or am I following this incorrectly?
Contributor
Author
There was a problem hiding this comment.
Good catch, I think I had made that improvement in another PR and forgot to update the code it after merging it. I'm surprised typescript didn't complain.... Fixed!
| return ( | ||
| <div data-test-subj={SESSION_VIEW_TEST_ID}> | ||
| {sessionView.getSessionView({ | ||
| ...(sessionViewConfig as SessionViewConfig), |
Contributor
There was a problem hiding this comment.
SessionViewConfig | null -> SessionViewConfig
what happens if SessionViewConfig is null?
Contributor
Author
There was a problem hiding this comment.
At this point it is actually not possible for sessionViewConfig to be null. The Session View tools flyout can only be opened from the alert flyout's session view preview, and the link is only enabled if sessionViewConfig is defined. So I made the conscious decision to not have to worry about it here...
| ), | ||
| }), | ||
| { | ||
| ownFocus: false, |
Contributor
There was a problem hiding this comment.
don't we need type: 'overlay' here?
Contributor
Author
There was a problem hiding this comment.
I don't think it's really necessary, but I'm not sure. In doubt I've added it here as well in the second callback a bit below in the same file. Thanks!
…olution and Discover
a1d96f9 to
166bff9
Compare
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
History
|
DennisKo
approved these changes
Mar 23, 2026
kubasobon
pushed a commit
that referenced
this pull request
Mar 24, 2026
…lution and Discover (#257543) ## Summary This PR adds the new Session View tools flyout, that can be opened in the Security Solution and in Discover. ### Code changes The PR focuses on the Session View component, which is an item that can be opened from the Session View preview component under the Visualizations section in the alert flyout. Here are the main changes introduced here: - create a new session view component under the `flyout_v2` folder. Because a lot of the logic related to the expandable flyout was baked in the code, it was easier to have a little bit of duplication here, instead of moving the entire component from the `flyout` folder - move the `ProcessTab`, `MetadataTab` and `AlertsTab` components to the `flyout_v2` folder. - move the `useSessionViewConfig` from the `flyout_v2/document/hooks` folder to the new `session_view/hooks` folder, to have the code colocated > [!TIP] > Session View is used both in the expandable flyout (in Security Solution) and in this new EUI flyout system (in Security Solution and Discover). The UIUX experience in the expandable flyout remains totally unchanged. ### UI changes The UI of the current alert/event flyouts (using the expandable flyout framework) in Security Solution should remain unchanged after this PR (when the feature flag is off). https://github.com/user-attachments/assets/39a26d24-3896-4567-860a-cd9c3ba2ece3 Then when the feature flag is on, the new flyout show the prevalence overview. This is accessible both in Security Solution and in Discover: https://github.com/user-attachments/assets/b5b4a441-daae-40e6-9333-0dd334e4aa4e ## How to test To see the new (emtpy) flyout in Security Solution, add this to your `kibana.dev.yml` file: ```xpack.securitySolution.enableExperimental: [ 'newFlyoutSystemEnabled' ]``` Too see the new (emtpy) flyout in Discover, add this to your `kibana.dev.yml` file: ```discover.experimental.enabledProfiles: [ 'enhanced-security-document-profile' ]``` ## What to look for when testing - verify that the Session View on the Security Solution side has not changed in the expandable flyout (`newFlyoutSystemEnabled` feature flag off) - verify that Session View in the new flyout (`newFlyoutSystemEnabled` feature flag on) - verify that Session View shows up in Discover ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. #251805 _PR developed with Cursor + gpt-5.2
delanni
added a commit
that referenced
this pull request
Mar 24, 2026
jeramysoucy
pushed a commit
to jeramysoucy/kibana
that referenced
this pull request
Mar 26, 2026
…lution and Discover (elastic#257543) ## Summary This PR adds the new Session View tools flyout, that can be opened in the Security Solution and in Discover. ### Code changes The PR focuses on the Session View component, which is an item that can be opened from the Session View preview component under the Visualizations section in the alert flyout. Here are the main changes introduced here: - create a new session view component under the `flyout_v2` folder. Because a lot of the logic related to the expandable flyout was baked in the code, it was easier to have a little bit of duplication here, instead of moving the entire component from the `flyout` folder - move the `ProcessTab`, `MetadataTab` and `AlertsTab` components to the `flyout_v2` folder. - move the `useSessionViewConfig` from the `flyout_v2/document/hooks` folder to the new `session_view/hooks` folder, to have the code colocated > [!TIP] > Session View is used both in the expandable flyout (in Security Solution) and in this new EUI flyout system (in Security Solution and Discover). The UIUX experience in the expandable flyout remains totally unchanged. ### UI changes The UI of the current alert/event flyouts (using the expandable flyout framework) in Security Solution should remain unchanged after this PR (when the feature flag is off). https://github.com/user-attachments/assets/39a26d24-3896-4567-860a-cd9c3ba2ece3 Then when the feature flag is on, the new flyout show the prevalence overview. This is accessible both in Security Solution and in Discover: https://github.com/user-attachments/assets/b5b4a441-daae-40e6-9333-0dd334e4aa4e ## How to test To see the new (emtpy) flyout in Security Solution, add this to your `kibana.dev.yml` file: ```xpack.securitySolution.enableExperimental: [ 'newFlyoutSystemEnabled' ]``` Too see the new (emtpy) flyout in Discover, add this to your `kibana.dev.yml` file: ```discover.experimental.enabledProfiles: [ 'enhanced-security-document-profile' ]``` ## What to look for when testing - verify that the Session View on the Security Solution side has not changed in the expandable flyout (`newFlyoutSystemEnabled` feature flag off) - verify that Session View in the new flyout (`newFlyoutSystemEnabled` feature flag on) - verify that Session View shows up in Discover ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [x] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. elastic#251805 _PR developed with Cursor + gpt-5.2
jeramysoucy
pushed a commit
to jeramysoucy/kibana
that referenced
this pull request
Mar 26, 2026
## Summary elastic#258166 - renamed in elastic#257543 - used in
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds the new Session View tools flyout, that can be opened in the Security Solution and in Discover.
Code changes
The PR focuses on the Session View component, which is an item that can be opened from the Session View preview component under the Visualizations section in the alert flyout. Here are the main changes introduced here:
flyout_v2folder. Because a lot of the logic related to the expandable flyout was baked in the code, it was easier to have a little bit of duplication here, instead of moving the entire component from theflyoutfolderProcessTab,MetadataTabandAlertsTabcomponents to theflyout_v2folder.useSessionViewConfigfrom theflyout_v2/document/hooksfolder to the newsession_view/hooksfolder, to have the code colocatedTip
Session View is used both in the expandable flyout (in Security Solution) and in this new EUI flyout system (in Security Solution and Discover). The UIUX experience in the expandable flyout remains totally unchanged.
UI changes
The UI of the current alert/event flyouts (using the expandable flyout framework) in Security Solution should remain unchanged after this PR (when the feature flag is off).
Screen.Recording.2026-03-18.at.4.05.21.PM.mov
Then when the feature flag is on, the new flyout show the prevalence overview. This is accessible both in Security Solution and in Discover:
Screen.Recording.2026-03-18.at.4.05.50.PM.mov
How to test
To see the new (emtpy) flyout in Security Solution, add this to your
kibana.dev.ymlfile:xpack.securitySolution.enableExperimental: [ 'newFlyoutSystemEnabled' ]Too see the new (emtpy) flyout in Discover, add this to your
kibana.dev.ymlfile:discover.experimental.enabledProfiles: [ 'enhanced-security-document-profile' ]What to look for when testing
newFlyoutSystemEnabledfeature flag off)newFlyoutSystemEnabledfeature flag on)Checklist
release_note:*label is applied per the guidelinesbackport:*labels.#251805
_PR developed with Cursor + gpt-5.2