[Rules migration] Improvements & fixes #207177
Merged
+205
−19
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
e40pud
added
release_note:skip
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
semd
reviewed
Jan 20, 2025
...ins/security_solution/public/siem_migrations/rules/components/rules_table_columns/status.tsx
Outdated
Show resolved
Hide resolved
semd
approved these changes
Jan 20, 2025
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
History
cc @e40pud |
|
Starting backport for target branches: 8.x /~https://github.com/elastic/kibana/actions/runs/12871174128 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 20, 2025
## Summary [Internal link](elastic/security-team#10820) to the feature details This PR includes next improvements and fixes ### Improvements 1. Add information tooltip for `Status`, `Severity`, `Author`, `Integrations` and `Actions` column headers. [Figma link](https://www.figma.com/design/BD9GZZz6y8pfSbubAt5H2W?node-id=2579-182863#1094946220) /~https://github.com/user-attachments/assets/8de91149-8b47-4dc1-8a6c-853c9e428522 ### Fixes 1. Migration rules page flickering/reloading on filter updates. Make sure that we show loading indicator for the table only when rules data is being fetched: /~https://github.com/user-attachments/assets/ff24fd50-c286-46a6-a850-9d12d3a01993 2. Make sure that we split translation tab equally between original and translated query code block components. /~https://github.com/user-attachments/assets/c1214f2c-e0a9-4add-82e6-4296458ce7f9 To reproduce this issue you need to add a splunk rule with the long one line query. For example > tag=watchlist NOT sourcetype=stash | eval risk_object=case(isnotnull(user),user,isnotnull(src_user),src_user,isnotnull(dest),dest,isnotnull(src),src,1=1,host) | eval risk_object_type=case(isnotnull(user),"user",isnotnull(src_user),"user",isnotnull(dest),"system",isnotnull(src),"system",1=1,"system") | eval risk_score=if(eventtype="website_watchlist",50,null()) | eval suppression_value=sourcetype."|".risk_object | `get_event_id` | table _raw,event_id,host,source,sourcetype,src,dest,dvc,src_user,user > [!NOTE] > This feature needs `siemMigrationsEnabled` experimental flag enabled to work. (cherry picked from commit 49d1cea)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jan 20, 2025
# Backport This will backport the following commits from `main` to `8.x`: - [[Rules migration] Improvements & fixes (#207177)](#207177) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](/~https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"ievgen.sorokopud@elastic.co"},"sourceCommit":{"committedDate":"2025-01-20T15:25:15Z","message":"[Rules migration] Improvements & fixes (#207177)\n\n## Summary\r\n\r\n[Internal link](/~https://github.com/elastic/security-team/issues/10820)\r\nto the feature details\r\n\r\nThis PR includes next improvements and fixes\r\n\r\n### Improvements\r\n\r\n1. Add information tooltip for `Status`, `Severity`, `Author`,\r\n`Integrations` and `Actions` column headers. [Figma\r\nlink](https://www.figma.com/design/BD9GZZz6y8pfSbubAt5H2W?node-id=2579-182863#1094946220)\r\n\r\n\r\n/~https://github.com/user-attachments/assets/8de91149-8b47-4dc1-8a6c-853c9e428522\r\n\r\n### Fixes\r\n\r\n1. Migration rules page flickering/reloading on filter updates. Make\r\nsure that we show loading indicator for the table only when rules data\r\nis being fetched:\r\n\r\n\r\n/~https://github.com/user-attachments/assets/ff24fd50-c286-46a6-a850-9d12d3a01993\r\n\r\n2. Make sure that we split translation tab equally between original and\r\ntranslated query code block components.\r\n\r\n\r\n/~https://github.com/user-attachments/assets/c1214f2c-e0a9-4add-82e6-4296458ce7f9\r\n\r\nTo reproduce this issue you need to add a splunk rule with the long one\r\nline query. For example\r\n\r\n> tag=watchlist NOT sourcetype=stash | eval\r\nrisk_object=case(isnotnull(user),user,isnotnull(src_user),src_user,isnotnull(dest),dest,isnotnull(src),src,1=1,host)\r\n| eval\r\nrisk_object_type=case(isnotnull(user),\"user\",isnotnull(src_user),\"user\",isnotnull(dest),\"system\",isnotnull(src),\"system\",1=1,\"system\")\r\n| eval risk_score=if(eventtype=\"website_watchlist\",50,null()) | eval\r\nsuppression_value=sourcetype.\"|\".risk_object | `get_event_id` | table\r\n_raw,event_id,host,source,sourcetype,src,dest,dvc,src_user,user\r\n\r\n> [!NOTE] \r\n> This feature needs `siemMigrationsEnabled` experimental flag enabled\r\nto work.","sha":"49d1cea3ba58746d44d05a23cb132df46c0ccccb","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat Hunting","Team: SecuritySolution","backport:prev-minor"],"title":"[Rules migration] Improvements & fixes","number":207177,"url":"/~https://github.com/elastic/kibana/pull/207177","mergeCommit":{"message":"[Rules migration] Improvements & fixes (#207177)\n\n## Summary\r\n\r\n[Internal link](/~https://github.com/elastic/security-team/issues/10820)\r\nto the feature details\r\n\r\nThis PR includes next improvements and fixes\r\n\r\n### Improvements\r\n\r\n1. Add information tooltip for `Status`, `Severity`, `Author`,\r\n`Integrations` and `Actions` column headers. [Figma\r\nlink](https://www.figma.com/design/BD9GZZz6y8pfSbubAt5H2W?node-id=2579-182863#1094946220)\r\n\r\n\r\n/~https://github.com/user-attachments/assets/8de91149-8b47-4dc1-8a6c-853c9e428522\r\n\r\n### Fixes\r\n\r\n1. Migration rules page flickering/reloading on filter updates. Make\r\nsure that we show loading indicator for the table only when rules data\r\nis being fetched:\r\n\r\n\r\n/~https://github.com/user-attachments/assets/ff24fd50-c286-46a6-a850-9d12d3a01993\r\n\r\n2. Make sure that we split translation tab equally between original and\r\ntranslated query code block components.\r\n\r\n\r\n/~https://github.com/user-attachments/assets/c1214f2c-e0a9-4add-82e6-4296458ce7f9\r\n\r\nTo reproduce this issue you need to add a splunk rule with the long one\r\nline query. For example\r\n\r\n> tag=watchlist NOT sourcetype=stash | eval\r\nrisk_object=case(isnotnull(user),user,isnotnull(src_user),src_user,isnotnull(dest),dest,isnotnull(src),src,1=1,host)\r\n| eval\r\nrisk_object_type=case(isnotnull(user),\"user\",isnotnull(src_user),\"user\",isnotnull(dest),\"system\",isnotnull(src),\"system\",1=1,\"system\")\r\n| eval risk_score=if(eventtype=\"website_watchlist\",50,null()) | eval\r\nsuppression_value=sourcetype.\"|\".risk_object | `get_event_id` | table\r\n_raw,event_id,host,source,sourcetype,src,dest,dvc,src_user,user\r\n\r\n> [!NOTE] \r\n> This feature needs `siemMigrationsEnabled` experimental flag enabled\r\nto work.","sha":"49d1cea3ba58746d44d05a23cb132df46c0ccccb"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"/~https://github.com/elastic/kibana/pull/207177","number":207177,"mergeCommit":{"message":"[Rules migration] Improvements & fixes (#207177)\n\n## Summary\r\n\r\n[Internal link](/~https://github.com/elastic/security-team/issues/10820)\r\nto the feature details\r\n\r\nThis PR includes next improvements and fixes\r\n\r\n### Improvements\r\n\r\n1. Add information tooltip for `Status`, `Severity`, `Author`,\r\n`Integrations` and `Actions` column headers. [Figma\r\nlink](https://www.figma.com/design/BD9GZZz6y8pfSbubAt5H2W?node-id=2579-182863#1094946220)\r\n\r\n\r\n/~https://github.com/user-attachments/assets/8de91149-8b47-4dc1-8a6c-853c9e428522\r\n\r\n### Fixes\r\n\r\n1. Migration rules page flickering/reloading on filter updates. Make\r\nsure that we show loading indicator for the table only when rules data\r\nis being fetched:\r\n\r\n\r\n/~https://github.com/user-attachments/assets/ff24fd50-c286-46a6-a850-9d12d3a01993\r\n\r\n2. Make sure that we split translation tab equally between original and\r\ntranslated query code block components.\r\n\r\n\r\n/~https://github.com/user-attachments/assets/c1214f2c-e0a9-4add-82e6-4296458ce7f9\r\n\r\nTo reproduce this issue you need to add a splunk rule with the long one\r\nline query. For example\r\n\r\n> tag=watchlist NOT sourcetype=stash | eval\r\nrisk_object=case(isnotnull(user),user,isnotnull(src_user),src_user,isnotnull(dest),dest,isnotnull(src),src,1=1,host)\r\n| eval\r\nrisk_object_type=case(isnotnull(user),\"user\",isnotnull(src_user),\"user\",isnotnull(dest),\"system\",isnotnull(src),\"system\",1=1,\"system\")\r\n| eval risk_score=if(eventtype=\"website_watchlist\",50,null()) | eval\r\nsuppression_value=sourcetype.\"|\".risk_object | `get_event_id` | table\r\n_raw,event_id,host,source,sourcetype,src,dest,dvc,src_user,user\r\n\r\n> [!NOTE] \r\n> This feature needs `siemMigrationsEnabled` experimental flag enabled\r\nto work.","sha":"49d1cea3ba58746d44d05a23cb132df46c0ccccb"}}]}] BACKPORT--> Co-authored-by: Ievgen Sorokopud <ievgen.sorokopud@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Internal link to the feature details
This PR includes next improvements and fixes
Improvements
Status,Severity,Author,IntegrationsandActionscolumn headers. Figma linkScreen.Recording.2025-01-20.at.12.25.28.mov
Fixes
Screen.Recording.2025-01-20.at.12.24.36.mov
Screen.Recording.2025-01-20.at.12.26.26.mov
To reproduce this issue you need to add a splunk rule with the long one line query. For example
Note
This feature needs
siemMigrationsEnabledexperimental flag enabled to work.