[SIEM] add custom reputation link#57814
Conversation
|
Pinging @elastic/siem (Team:SIEM) |
|
@tsg , I had a chat with @XavierM about this as well, he suggested that we can use a collapsable dialogue to handle links to display in
Aside from that, I found the links in
|
x-pack/legacy/plugins/siem/public/components/field_renderers/field_renderers.tsx
Outdated
Show resolved
Hide resolved
| interface DefaultFieldRendererProps { | ||
| rowItems: string[] | null | undefined; | ||
| interface DefaultFieldRendererProps<T = string> { | ||
| rowItems: T[] | null | undefined; |
There was a problem hiding this comment.
To get some help from the compiler to ensure that only input that can really be rendered is passed in, is it possible to narrow the types here, and everywhere else where string[] was changed to T[]?
For example, would changing T with React.ReactNode, or whitelisting specific types, e.g. rowItems: string[] | Foo[] | Bar[] | null | undefined; work here, and throughout the rest of this PR where string[] was changed to T[]?
There was a problem hiding this comment.
I was considering using string | ReputationLinkSetting instead of T, but found this component is reused by embeddable, so I held back as not sure I should put ReputationLinkSetting this hight up, as it is only the case for zeekrenderer.
| name: i18n.translate('xpack.siem.uiSettings.ipReputationLinks', { | ||
| defaultMessage: 'IP Reputation Links', | ||
| }), | ||
| value: IP_REPUTATION_LINKS_SETTING_DEFAULT, |
There was a problem hiding this comment.
Any idea if we can do anything about the IP Reputation default value overflowing into the second column @angorayc? When looking around the source for field type format I'm not seeing any additional config that specifies an explicit width, so we may want to open a core kibana issue for this.
Our lengthy string default values look to be the cause (field type format has multiple spaces it can break on). I imagine the ideal fix would be to keep the column widths static and just have a scroll bar for the default value that is displayed?
Field type format name without overflow:
IP Reputation Link with overflow:
There was a problem hiding this comment.
Ahh, good catch! Thank you! I've created an issue and put it in Kibana's channel
#58102
|
@MikePaquette would you be willing to confirm the configuration of URLs should live in Kibana Advanced Settings, as opposed to |
| <div> | ||
| <VirusTotalLink link={value}>{value}</VirusTotalLink> | ||
| <ReputationLink domain={value} overflowIndexStart={1} showDomain={true} /> | ||
| <ExternalLinkIcon /> |
There was a problem hiding this comment.
After changing the siem:ipReputationLinks advanced setting to an empty array [] to disable external links, the external link icon is still displayed, per the following screenshot:
There was a problem hiding this comment.
Good catch, I'll take this into consideration and covers it with test!
x-pack/legacy/plugins/siem/public/components/links/index.test.tsx
Outdated
Show resolved
Hide resolved
| ?.slice(0, overflowIndexStart) | ||
| .map(({ name, url_template: urlTemplate }: ReputationLinkSetting, id) => ( | ||
| <EuiFlexItem grow={false}> | ||
| <EuiFlexItem grow={false} key={`reputationLink-${id}`}> |
There was a problem hiding this comment.
I accidentally put key in its children, ExternalLink , moving to the proper place here.
| overflowIndexStart={overflowIndexStart} | ||
| /> | ||
| </EuiFlexItem> | ||
| {ipReputationLinks.length && ( |
There was a problem hiding this comment.
I shouldn't put ipReputationLinks.length like this, it actually prints the number
x-pack/legacy/plugins/siem/public/components/field_renderers/field_renderers.tsx
Outdated
Show resolved
Hide resolved
andrew-goldstein
left a comment
There was a problem hiding this comment.
Thanks @angorayc for this feature! 🔗🙏
Tested locally with default, custom, and zero links
LGTM 🚀
|
@elasticmachine merge upstream |
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
|
cla/check |
* add custom reputation link * fix unit test * add number of limitation to reputation links * fix dependency * apply defaultFieldRendererOverflow to reputation link * fix unit test * fix url template * fix display links * fix types * fix for review * update test case * update snapshot * add icons and tooltips * fix style * update test * add external link component * update test * fix types * fix style * update snapshot * remove useMemo * update description * code review * review II * code review * update description * fix unit test * fix unit test * fix unit test * fix unit test * fix types * fix styles * fix style * fix style * fix review Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* add custom reputation link * fix unit test * add number of limitation to reputation links * fix dependency * apply defaultFieldRendererOverflow to reputation link * fix unit test * fix url template * fix display links * fix types * fix for review * update test case * update snapshot * add icons and tooltips * fix style * update test * add external link component * update test * fix types * fix style * update snapshot * remove useMemo * update description * code review * review II * code review * update description * fix unit test * fix unit test * fix unit test * fix unit test * fix types * fix styles * fix style * fix style * fix review Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Summary
#50489
Checklist
Delete any items that are not applicable to this PR.
[ ] This was checked for keyboard-only and screenreader accessibilityFor maintainers
[ ] This was checked for breaking API changes and was labeled appropriately