[SIEM] Detection engine timeline#53783
Merged
XavierM merged 23 commits intoelastic:masterfrom Jan 9, 2020
Merged
Conversation
Contributor
|
Pinging @elastic/siem (Team:SIEM) |
spong
reviewed
Jan 8, 2020
x-pack/legacy/plugins/siem/public/components/timeline/search_super_select/translations.ts
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/all/helpers.ts
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
...k/legacy/plugins/siem/public/pages/detection_engine/rules/components/add_item_form/index.tsx
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
...egacy/plugins/siem/public/pages/detection_engine/rules/components/description_step/index.tsx
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
...k/legacy/plugins/siem/public/pages/detection_engine/rules/components/pick_timeline/index.tsx
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
...k/legacy/plugins/siem/public/pages/detection_engine/rules/components/pick_timeline/index.tsx
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/components/query_bar/index.tsx
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
x-pack/legacy/plugins/siem/public/pages/detection_engine/rules/components/query_bar/index.tsx
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
...plugins/siem/public/pages/detection_engine/rules/components/step_about_rule/default_value.ts
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
Comment on lines
+116
to
+119
| ): ReturnType<ValidationFunc<{}, ERROR_CODE>> | undefined => { | ||
| const [{ value, path }] = args; | ||
| let hasError = false; | ||
| (value as string[]).forEach(url => { |
Member
There was a problem hiding this comment.
nit: Types are a little loose here -- potential improvement to the es_ui_shared ValidationFunc interface.
spong
reviewed
Jan 8, 2020
...egacy/plugins/siem/public/pages/detection_engine/rules/components/step_define_rule/index.tsx
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
...gacy/plugins/siem/public/pages/detection_engine/rules/components/step_define_rule/schema.tsx
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
...lugins/siem/public/pages/detection_engine/rules/components/step_define_rule/translations.tsx
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 8, 2020
| <EuiButton fill href="#/detection-engine/rules/create" iconType="plusInCircle"> | ||
| <EuiButton | ||
| fill | ||
| href={`#${DETECTION_ENGINE_PAGE_NAME}/rules/create`} |
Member
There was a problem hiding this comment.
Consider using the route helpers (which appear to be out of date already... 😅 ):
Contributor
Author
There was a problem hiding this comment.
When we fix the state url, we will go back to it
spong
reviewed
Jan 8, 2020
.../plugins/siem/server/lib/detection_engine/scripts/rules/updates/update_query_everything.json
Outdated
Show resolved
Hide resolved
spong
approved these changes
Jan 8, 2020
Member
spong
left a comment
There was a problem hiding this comment.
Checked out locally and code reviewed all client-side code. Added a few comments for leftovers/cleanup + a minor bug or two, but everything else looks good here! Thanks for looping back around to clean things up and for also adding the Timeline Template as well. LGTM! 👍
Contributor
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
XavierM
added a commit
to XavierM/kibana
that referenced
this pull request
Jan 9, 2020
* change create to only have only one form to be open at the same time * add tick to risk score * remove compressed * fix select in schedule * fix bug to not allow more than one step panel to be open at a time * Add a color/health indicator to severity selector * Move and reword tags placeholder to bottom helper text * fix ux on the index patterns field * Reorganize MITRE ATT&CK threat * add url validation + some cleaning to prerp work for UT * add feature to get back timeline + be able to disable action on timeline modal * Add option to import the query from a saved timeline. * wip * Add timeline template selector * fix few bugs from last commit * review I * fix unit test for timeline_title * ui review * fix truncation on timeline selectable
| 'xpack.siem.detectionEngine.createRule.stepDefineRule.indicesHelperDescription', | ||
| { | ||
| defaultMessage: | ||
| 'Enter the pattern of Elasticsearch indices where you would like this rule to run.By default, these will include index patterns defined in SIEM advanced settings.', |
Contributor
There was a problem hiding this comment.
Missing space between sentences.
| 'xpack.siem.detectionEngine.createRule.stepDefineRule.outputIndiceNameFieldRequiredError', | ||
| { | ||
| defaultMessage: 'An output indice name for signals is required.', | ||
| defaultMessage: 'An index patterns for signals is required.', |
Contributor
There was a problem hiding this comment.
The plural is incorrect here. I imagine this message should be reworded to one of these:
An index pattern is required.Index patterns are required.A minimum of one index pattern is required.
39 tasks
Contributor
|
@XavierM Just seeing this PR as we had a merge conflict with the changes in the form library. Could you please next time ping our team whenever you make a change to the I see that we should have been pinged automatically but the [EDIT] It is not outdated. @cjcenizal can you have a look why we didn't get pinged by a change in the |
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jan 9, 2020
* master: (23 commits) [Vis: Default editor] Reactify the timelion editor (elastic#52990) [Discover] fix histogram min interval (elastic#53979) [Telemetry] [Monitoring] Only retry fetching usage once monito… (elastic#54309) [docs][APM] Add runtime index config documentation (elastic#53907) [SIEM] Detection engine timeline (elastic#53783) Filter scripted fields preview field list to source fields (elastic#53826) Management - New platform api (elastic#52579) Reset region and Account when switching inventory (elastic#54287) [SIEM] [Case] Case workflow api schema (elastic#51535) Code coverage setup on CI (elastic#49003) [ML] DF Analytics Results: adds link to docs (elastic#54189) Update schemas boolean, byteSize, and duration to coerce strings (elastic#54177) [Metrics UI] Pass relevant shouldAllowEdit capabilities into SettingsPage (elastic#49781) [Canvas] Fixes bugs with autoplay and refresh (elastic#53149) [ML] DF Analytics Classification: ensure confusion matrix can be fetched (elastic#53629) Fix Vega react eslint errors (elastic#54259) Remove non existing codeowners (elastic#54274) use correct type (elastic#54244) [Dashboard] Removing 100% as dshDashboardViewport height (elastic#54263) add `examples/` to no-restricted-path config (elastic#54252) ...
XavierM
added a commit
that referenced
this pull request
Jan 9, 2020
* change create to only have only one form to be open at the same time * add tick to risk score * remove compressed * fix select in schedule * fix bug to not allow more than one step panel to be open at a time * Add a color/health indicator to severity selector * Move and reword tags placeholder to bottom helper text * fix ux on the index patterns field * Reorganize MITRE ATT&CK threat * add url validation + some cleaning to prerp work for UT * add feature to get back timeline + be able to disable action on timeline modal * Add option to import the query from a saved timeline. * wip * Add timeline template selector * fix few bugs from last commit * review I * fix unit test for timeline_title * ui review * fix truncation on timeline selectable
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Open signal from the selected timeline if selectedWill do that in another PR since we are not completely sure about the requirementhere the issue
Checklist
Use
strikethroughsto remove checklist items you don't feel are applicable to this PR.[ ] This was checked for cross-browser compatibility, including a check against IE11[ ] Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support[ ] Documentation was added for features that require explanation or tutorials[ ] Unit or functional tests were updated or added to match the most common scenarios[ ] This was checked for keyboard-only and screenreader accessibilityFor maintainers
[ ] This was checked for breaking API changes and was labeled appropriately[ ] This includes a feature addition or change that requires a release note and was labeled appropriately