[Security solution] Sourcerer: Kibana index pattern selector for security views#74706
[Security solution] Sourcerer: Kibana index pattern selector for security views#74706stephmilovic merged 13 commits intoelastic:masterfrom
Conversation
|
Pinging @elastic/siem (Team:SIEM) |
|
@marrasherrier @stephmilovic I played around with it and here is my thought about the experience: |
| > | ||
| {hostPageButton} | ||
| <> | ||
| <Sourcerer /> |
There was a problem hiding this comment.
this can be put anywhere in the app, putting it here for demo
|
|
||
| const OverviewHostComponentQuery = React.memo<OverviewHostProps & PropsFromRedux>( | ||
| ({ id = ID, children, filterQuery, isInspected, sourceId, startDate, endDate }) => { | ||
| const { activeSourceGroupId, getManageSourceGroupById } = useManageSource(); |
There was a problem hiding this comment.
activeSourceGroupId will be determined by which page/view the component is called in
| id, | ||
| indexPattern: getIndexFields(defaultIndex.join(), []), | ||
| indexPatterns: defaultIndex, | ||
| indicesExist: indicesExistOrDataTemporarilyUnavailable(undefined), |
There was a problem hiding this comment.
Could we keep it as undefined or null as default value instead of converting into true?
There was a problem hiding this comment.
As some components may be mislead by this, start fetching data, and cause some errors on the client side.
There was a problem hiding this comment.
I'm not sure why this was like this before (in useWithSource), but I imagine it solved a bug somewhere. Afraid to create it again
There was a problem hiding this comment.
yes, that important to keep as null at the beginning because that 's the way we know that we did not ask yet for it. so we do not show the splash screen and then the data.
There was a problem hiding this comment.
@XavierM im confused if you're saying to change it or not??
There was a problem hiding this comment.
we need to keep it as undefined
| id, | ||
| indexPattern: getIndexFields(defaultIndex.join(), []), | ||
| indexPatterns: defaultIndex, | ||
| indicesExist: indicesExistOrDataTemporarilyUnavailable(undefined), |
There was a problem hiding this comment.
we need to keep it as undefined
XavierM
left a comment
There was a problem hiding this comment.
@stephmilovic, I still think that we still need to see if we can get back the indexPatterns and build our browserfields from the index pattern services and see what you need from our server-side to be able to do that.
|
@elasticmachine merge upstream |
💚 Build SucceededBuild metrics@kbn/optimizer bundle module count
async chunks size
page load bundle size
History
To update your PR or re-run it, just comment with: |
|
Just stopping by to say I am 5000% excited about this feature and am super stoked for what this change will mean to the Many thanks @stephmilovic @angorayc @XavierM!! ❤️ 🎉 🚀 |
* master: (24 commits) [ML] Functional tests - skip regression and classification tests [Ingest Manager] fix removing ingest pipelines from elasticsearch (elastic#75092) move tests for placeholder indices to setup (elastic#75096) [jest] temporarily extend default test timeout (elastic#75118) [cli] remove reference to removed --optimize flag (elastic#75083) skip flaky suite (elastic#75044) Adding /etc/rc.d/init.d/functions to the init script when present to … (elastic#22985) [jenkins] add pipeline for hourly security solution cypress tests (elastic#75087) [Reporting/Flaky Test] Skip test for paging list of reports (elastic#75075) remove .kbn-optimizer-cache upload (elastic#75086) skip flaky suite (elastic#74814) Actions add proxy support (elastic#74289) [ILM] TS conversion of Edit policy components (elastic#74747) [Resolver] simulator tests select elements directly instead of using descendant selectors. (elastic#75058) [Enterprise Search] Add Workplace Search side navigation (elastic#74894) [Security solution] Sourcerer: Kibana index pattern selector for security views (elastic#74706) [Logs UI] Remove apollo deps from log link-to routes (elastic#74502) [Maps] add map configurations to docker list (elastic#75035) [functional test][saved objects] update tests for additional copy saved objects to space (elastic#74907) Make the alerts plugin support generics (elastic#72716) ...
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
This PR introduces a Kibana index pattern selector to the security solution... I call it the
Sourcerer. TheSourcererfinds all available Kibana index patterns and compares them against the recommended default index patterns for SIEM, and selects the available recommended patterns to pass to the source query. The component shows the available selections, unavailable selections, and allows the user to select which index patterns will go into the SIEM. I've connected one component to this data,overview_host. Hard to describe, check gifs below.Recommended index patterns that are not configured as Kibana index patterns are shown as disabled with a note
A button directs the user to create new patterns
To test you'll need to turn on the feature flag. Set
SOURCERER_FEATURE_FLAG_ONto true.Sourcerer
Checklist