[SIEM] New Overview Page

[andrew-goldstein]

[SIEM] Overview Page "1.5"

A redesigned SIEM Overview page that includes Recent timelines, a Security news feed, visualizations, and rolled-up event counts

Overview enhancements

• Added the global Search bar and Date picker to the Overview page
• New Recent timelines widget affords quick access to favorite and recently modified timelines
• New Security news widget
• New Kibana advanced settings (toggle switch) for enabling or disabling the news widget and configuring the news URL
  
• New Events count by dataset widget
• Updated the Host Events and Network Events widgets to integrate with the Search bar and date picker input
• Enhanced the Host Events and Network Events widgets to use an accordion paradigm that summarizes stats by source (e.g. Auditbeat, Endgame)
• Enhanced the Host Events and Network Events widgets to visualize relative percentages of events collected as progress bars
• New Alerts count by category widget
• New Signals count by MITRE ATT&CK™ category widget
• New View events, View alerts, and View signals navigation buttons for their respective visualizations

FTUE enhancements

• FTUE "no data" view design refresh
  

• When the FTUE "no data" page is displayed, hide all global navigation links (i.e. Hosts, Network, Detection engine), such that only Overview appears in the global nav

• App Help popover design refresh
  

• Removed the Beta badge and Security Information & Event Management with the Elastic Stack from the Overview header

• Tested in Chrome 79.0.3945.117, Firefox 72.0.1, and Safari 13.0.4

Known issues

• The siem:newsFeedUrl advanced setting is defaulted to https://feeds.elastic.co/kibana
• The Signals count by MITRE ATT&CK™ category visualization does not display all categories
• The Signals count by MITRE ATT&CK™ category visualization may require a different index pattern
• EuiButtonGroup throwing a Can't perform a React state update on an unmounted component warning when switching from the Overview tab

https://github.com/elastic/siem-team/issues/484

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[joshdover]

Platform changes LGTM

[angorayc]

Found that View alerts lands at incorrect page, but it is nothing wrong with the code in this PR.
It is in link-to component I forgot to add alerts page into the route, sorry for the inconvenience.
Please update components/link_to/link_to.tsx line 39 - 46

<Route
      component={RedirectToHostsPage}
      path={`${match.url}/:pageName(${SiemPageName.hosts})/:tabName(${HostsTableType.hosts}|${HostsTableType.authentications}|${HostsTableType.uncommonProcesses}|${HostsTableType.anomalies}|${HostsTableType.events}|${HostsTableType.alerts})`}
    />
    <Route
      component={RedirectToHostDetailsPage}
      path={`${match.url}/:pageName(${SiemPageName.hosts})/:detailName/:tabName(${HostsTableType.authentications}|${HostsTableType.uncommonProcesses}|${HostsTableType.anomalies}|${HostsTableType.events}|${HostsTableType.alerts})`}
    />

[angorayc]

👍

[angorayc]

Ran it on my dev, all works well! Looks really beautiful, thanks a lot!!

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: d44c1d7

History

• 💔 Build #20427 failed f1cf13a
• 💔 Build #20398 failed 9582464a0c155af279b33a101080b67a1711b10e
• 💔 Build #20261 failed d52026bebec3f7671951816177b9819621677ca5

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream