mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 01:13:23 -04:00
# Backport This will backport the following commits from `main` to `8.10`: - [[Security Solution] Expandable flyout - update copy writing (#164929)](https://github.com/elastic/kibana/pull/164929) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"christineweng","email":"18648970+christineweng@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-08-31T16:44:03Z","message":"[Security Solution] Expandable flyout - update copy writing (#164929)\n\n## Summary\r\n\r\nThis PR made updates to section titles and wordings in expandable flyout\r\naccording to [docs\r\nsuggestions](https://github.com/elastic/kibana/issues/164786).\r\n\r\n## Right panel\r\n**Response**\r\n - Updated empty response message\r\n\r\n\r\n\r\n**Visualizations -> Session viewer preview**\r\n - Added upsell message when user does not have enterprise license\r\n\r\n\r\n \r\n - Added empty message when session viewer preview is not available\r\n\r\n\r\n\r\n**Visualizations -> Analyzer preview**\r\n - Added empty message\r\n\r\n\r\n\r\n**Investigation -> Investigation guide**\r\n - Updated empty message when investigation guide is not available\r\n\r\n\r\n\r\n**Insights -> Prevalence**\r\n- Updated empty message when no filed/value pair meets prevalence\r\nthreashold\r\n\r\n\r\n\r\n**Insights -> Entities**\r\n- Updated empty message when neither host name or user name are present\r\n\r\n\r\n\r\n## Left panel\r\n**Insights -> Entities**\r\n - Updated empty state message\r\n\r\n\r\n\r\n - \"User info\" -> \"User information\"\r\n\r\n\r\n\r\n - Tooltip and empty table message in related hosts table \r\n\r\n\r\n\r\n - \"Host info\" -> \"Host information\"\r\n\r\n\r\n\r\n - Tooltip and empty table message in related users table\r\n\r\n\r\n\r\n**Insights -> Threat Intelligence**\r\n\r\n - Updated title to lower case\r\n- Updated empty message for threat match detected and enriched with\r\nthreat intelligence sections\r\n\r\n\r\n\r\n - Updated tooltips\r\n\r\n\r\n\r\n**Investigation**\r\n - Updated empty state message to stay consistent with right section\r\n\r\n\r\n\r\n**Insights -> Correlations**\r\n - Updated table message when no item is found\r\n\r\n\r\n\r\n**Insights -> Prevalence**\r\n - Added tooltips to each column other than `Field` and `Value`\r\n\r\n\r\n\r\n**Response**\r\n- Updated empty state message to match response section on right section\r\n\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"bf4254eb502e16583c04a6e51d76fdd72c6b431c","branchLabelMapping":{"^v8.11.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Threat Hunting:Investigations","v8.10.0","v8.11.0"],"number":164929,"url":"https://github.com/elastic/kibana/pull/164929","mergeCommit":{"message":"[Security Solution] Expandable flyout - update copy writing (#164929)\n\n## Summary\r\n\r\nThis PR made updates to section titles and wordings in expandable flyout\r\naccording to [docs\r\nsuggestions](https://github.com/elastic/kibana/issues/164786).\r\n\r\n## Right panel\r\n**Response**\r\n - Updated empty response message\r\n\r\n\r\n\r\n**Visualizations -> Session viewer preview**\r\n - Added upsell message when user does not have enterprise license\r\n\r\n\r\n \r\n - Added empty message when session viewer preview is not available\r\n\r\n\r\n\r\n**Visualizations -> Analyzer preview**\r\n - Added empty message\r\n\r\n\r\n\r\n**Investigation -> Investigation guide**\r\n - Updated empty message when investigation guide is not available\r\n\r\n\r\n\r\n**Insights -> Prevalence**\r\n- Updated empty message when no filed/value pair meets prevalence\r\nthreashold\r\n\r\n\r\n\r\n**Insights -> Entities**\r\n- Updated empty message when neither host name or user name are present\r\n\r\n\r\n\r\n## Left panel\r\n**Insights -> Entities**\r\n - Updated empty state message\r\n\r\n\r\n\r\n - \"User info\" -> \"User information\"\r\n\r\n\r\n\r\n - Tooltip and empty table message in related hosts table \r\n\r\n\r\n\r\n - \"Host info\" -> \"Host information\"\r\n\r\n\r\n\r\n - Tooltip and empty table message in related users table\r\n\r\n\r\n\r\n**Insights -> Threat Intelligence**\r\n\r\n - Updated title to lower case\r\n- Updated empty message for threat match detected and enriched with\r\nthreat intelligence sections\r\n\r\n\r\n\r\n - Updated tooltips\r\n\r\n\r\n\r\n**Investigation**\r\n - Updated empty state message to stay consistent with right section\r\n\r\n\r\n\r\n**Insights -> Correlations**\r\n - Updated table message when no item is found\r\n\r\n\r\n\r\n**Insights -> Prevalence**\r\n - Added tooltips to each column other than `Field` and `Value`\r\n\r\n\r\n\r\n**Response**\r\n- Updated empty state message to match response section on right section\r\n\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"bf4254eb502e16583c04a6e51d76fdd72c6b431c"}},"sourceBranch":"main","suggestedTargetBranches":["8.10"],"targetPullRequestStates":[{"branch":"8.10","label":"v8.10.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.11.0","labelRegex":"^v8.11.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/164929","number":164929,"mergeCommit":{"message":"[Security Solution] Expandable flyout - update copy writing (#164929)\n\n## Summary\r\n\r\nThis PR made updates to section titles and wordings in expandable flyout\r\naccording to [docs\r\nsuggestions](https://github.com/elastic/kibana/issues/164786).\r\n\r\n## Right panel\r\n**Response**\r\n - Updated empty response message\r\n\r\n\r\n\r\n**Visualizations -> Session viewer preview**\r\n - Added upsell message when user does not have enterprise license\r\n\r\n\r\n \r\n - Added empty message when session viewer preview is not available\r\n\r\n\r\n\r\n**Visualizations -> Analyzer preview**\r\n - Added empty message\r\n\r\n\r\n\r\n**Investigation -> Investigation guide**\r\n - Updated empty message when investigation guide is not available\r\n\r\n\r\n\r\n**Insights -> Prevalence**\r\n- Updated empty message when no filed/value pair meets prevalence\r\nthreashold\r\n\r\n\r\n\r\n**Insights -> Entities**\r\n- Updated empty message when neither host name or user name are present\r\n\r\n\r\n\r\n## Left panel\r\n**Insights -> Entities**\r\n - Updated empty state message\r\n\r\n\r\n\r\n - \"User info\" -> \"User information\"\r\n\r\n\r\n\r\n - Tooltip and empty table message in related hosts table \r\n\r\n\r\n\r\n - \"Host info\" -> \"Host information\"\r\n\r\n\r\n\r\n - Tooltip and empty table message in related users table\r\n\r\n\r\n\r\n**Insights -> Threat Intelligence**\r\n\r\n - Updated title to lower case\r\n- Updated empty message for threat match detected and enriched with\r\nthreat intelligence sections\r\n\r\n\r\n\r\n - Updated tooltips\r\n\r\n\r\n\r\n**Investigation**\r\n - Updated empty state message to stay consistent with right section\r\n\r\n\r\n\r\n**Insights -> Correlations**\r\n - Updated table message when no item is found\r\n\r\n\r\n\r\n**Insights -> Prevalence**\r\n - Added tooltips to each column other than `Field` and `Value`\r\n\r\n\r\n\r\n**Response**\r\n- Updated empty state message to match response section on right section\r\n\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"bf4254eb502e16583c04a6e51d76fdd72c6b431c"}}]}] BACKPORT--> Co-authored-by: christineweng <18648970+christineweng@users.noreply.github.com> Co-authored-by: Philippe Oberti <philippe.oberti@elastic.co>
This commit is contained in:
Kibana Machine
GitHub
parent
9072df1855
commit
61e049be22
32 changed files with 306 additions and 131 deletions
|
|
@ -23,7 +23,7 @@ export const getTooltipContent = (type: string | undefined) =>
|
|||
|
||||
export const EnrichmentIcon: React.FC<{ type: string | undefined }> = ({ type }) => {
|
||||
return (
|
||||
<EuiToolTip title={getTooltipTitle(type)} content={getTooltipContent(type)}>
|
||||
<EuiToolTip content={getTooltipContent(type)}>
|
||||
<EuiIcon type="iInCircle" size="m" />
|
||||
</EuiToolTip>
|
||||
);
|
||||
|
|
|
|||
|
|
@ -6,7 +6,8 @@
|
|||
*/
|
||||
import React from 'react';
|
||||
import styled from 'styled-components';
|
||||
|
||||
import { FormattedMessage } from '@kbn/i18n-react';
|
||||
import { EuiLink } from '@elastic/eui';
|
||||
import * as i18n from './translations';
|
||||
import { ENRICHMENT_TYPES } from '../../../../../common/cti/constants';
|
||||
|
||||
|
|
@ -19,9 +20,27 @@ export const EnrichmentNoData: React.FC<{ type?: ENRICHMENT_TYPES }> = ({ type }
|
|||
if (!type) return null;
|
||||
return (
|
||||
<InlineBlock data-test-subj="no-enrichments-found">
|
||||
{type === ENRICHMENT_TYPES.IndicatorMatchRule
|
||||
? i18n.NO_ENRICHMENTS_FOUND_DESCRIPTION
|
||||
: i18n.NO_INVESTIGATION_ENRICHMENTS_DESCRIPTION}
|
||||
{type === ENRICHMENT_TYPES.IndicatorMatchRule ? (
|
||||
i18n.NO_ENRICHMENTS_FOUND_DESCRIPTION
|
||||
) : (
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.enrichment.noInvestigationEnrichment"
|
||||
defaultMessage="Additional threat intelligence wasn't found within the selected time frame. Try a different time frame, or {link} to collect threat intelligence for threat detection and matching."
|
||||
values={{
|
||||
link: (
|
||||
<EuiLink
|
||||
href="https://www.elastic.co/guide/en/security/current/es-threat-intel-integrations.html"
|
||||
target="_blank"
|
||||
>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.enrichment.investigationEnrichmentDocumentationLink"
|
||||
defaultMessage="enable threat intelligence integrations"
|
||||
/>
|
||||
</EuiLink>
|
||||
),
|
||||
}}
|
||||
/>
|
||||
)}
|
||||
</InlineBlock>
|
||||
);
|
||||
};
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ describe('ThreatSummaryView', () => {
|
|||
</TestProviders>
|
||||
);
|
||||
|
||||
expect(getByText('Enriched with Threat Intelligence')).toBeInTheDocument();
|
||||
expect(getByText('Enriched with threat intelligence')).toBeInTheDocument();
|
||||
|
||||
expect(getAllByTestId('EnrichedDataRow')).toHaveLength(
|
||||
enrichments.length + RISK_SCORE_DATA_ROWS
|
||||
|
|
|
|||
|
|
@ -20,22 +20,21 @@ export const FEED_NAME_PREPOSITION = i18n.translate(
|
|||
export const INDICATOR_ENRICHMENT_TITLE = i18n.translate(
|
||||
'xpack.securitySolution.eventDetails.ctiSummary.indicatorEnrichmentTitle',
|
||||
{
|
||||
defaultMessage: 'Threat Match Detected',
|
||||
defaultMessage: 'Threat match detected',
|
||||
}
|
||||
);
|
||||
|
||||
export const INVESTIGATION_ENRICHMENT_TITLE = i18n.translate(
|
||||
'xpack.securitySolution.eventDetails.ctiSummary.investigationEnrichmentTitle',
|
||||
{
|
||||
defaultMessage: 'Enriched with Threat Intelligence',
|
||||
defaultMessage: 'Enriched with threat intelligence',
|
||||
}
|
||||
);
|
||||
|
||||
export const INDICATOR_TOOLTIP_CONTENT = i18n.translate(
|
||||
'xpack.securitySolution.eventDetails.ctiSummary.indicatorEnrichmentTooltipContent',
|
||||
{
|
||||
defaultMessage:
|
||||
'This field value matched a threat intelligence indicator with a rule you created.',
|
||||
defaultMessage: 'Shows available threat indicator matches.',
|
||||
}
|
||||
);
|
||||
|
||||
|
|
@ -50,23 +49,21 @@ export const INVESTIGATION_TOOLTIP_CONTENT = i18n.translate(
|
|||
'xpack.securitySolution.eventDetails.ctiSummary.investigationEnrichmentTooltipContent',
|
||||
{
|
||||
defaultMessage:
|
||||
'This field value has additional information available from threat intelligence sources.',
|
||||
'Shows additional threat intelligence for the alert. The past 30 days were queried by default.',
|
||||
}
|
||||
);
|
||||
|
||||
export const NO_INVESTIGATION_ENRICHMENTS_DESCRIPTION = i18n.translate(
|
||||
'xpack.securitySolution.alertDetails.noInvestigationEnrichmentsDescription',
|
||||
{
|
||||
defaultMessage:
|
||||
"We haven't found field value has additional information available from threat intelligence sources we searched in the past 30 days by default.",
|
||||
defaultMessage: 'This alert does not have supplemental threat intelligence data.',
|
||||
}
|
||||
);
|
||||
|
||||
export const NO_ENRICHMENTS_FOUND_DESCRIPTION = i18n.translate(
|
||||
'xpack.securitySolution.alertDetails.noEnrichmentsFoundDescription',
|
||||
{
|
||||
defaultMessage:
|
||||
'We did not find threat intelligence that matches any of the indicator match rules, or any enrichment for this alert.',
|
||||
defaultMessage: 'This alert does not have threat intelligence.',
|
||||
}
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
* 2.0.
|
||||
*/
|
||||
|
||||
import type { ReactNode } from 'react';
|
||||
import React, { type FC, useMemo, useCallback } from 'react';
|
||||
import { type Criteria, EuiBasicTable, formatDate } from '@elastic/eui';
|
||||
import { Severity } from '@kbn/securitysolution-io-ts-alerting-types';
|
||||
|
|
@ -73,6 +74,10 @@ export interface CorrelationsDetailsAlertsTableProps {
|
|||
* Id of the document
|
||||
*/
|
||||
eventId: string;
|
||||
/**
|
||||
* No data message to render if the table is empty
|
||||
*/
|
||||
noItemsMessage?: ReactNode;
|
||||
/**
|
||||
* Data test subject string for testing
|
||||
*/
|
||||
|
|
@ -88,6 +93,7 @@ export const CorrelationsDetailsAlertsTable: FC<CorrelationsDetailsAlertsTablePr
|
|||
alertIds,
|
||||
scopeId,
|
||||
eventId,
|
||||
noItemsMessage,
|
||||
'data-test-subj': dataTestSubj,
|
||||
}) => {
|
||||
const {
|
||||
|
|
@ -142,18 +148,19 @@ export const CorrelationsDetailsAlertsTable: FC<CorrelationsDetailsAlertsTablePr
|
|||
header={{
|
||||
title,
|
||||
iconType: 'warning',
|
||||
headerContent: (
|
||||
<div data-test-subj={`${dataTestSubj}InvestigateInTimeline`}>
|
||||
<InvestigateInTimelineButton
|
||||
dataProviders={dataProviders}
|
||||
filters={filters}
|
||||
asEmptyButton
|
||||
iconType="timeline"
|
||||
>
|
||||
{ACTION_INVESTIGATE_IN_TIMELINE}
|
||||
</InvestigateInTimelineButton>
|
||||
</div>
|
||||
),
|
||||
headerContent:
|
||||
alertIds && alertIds.length && alertIds.length > 0 ? (
|
||||
<div data-test-subj={`${dataTestSubj}InvestigateInTimeline`}>
|
||||
<InvestigateInTimelineButton
|
||||
dataProviders={dataProviders}
|
||||
filters={filters}
|
||||
asEmptyButton
|
||||
iconType="timeline"
|
||||
>
|
||||
{ACTION_INVESTIGATE_IN_TIMELINE}
|
||||
</InvestigateInTimelineButton>
|
||||
</div>
|
||||
) : null,
|
||||
}}
|
||||
content={{ error }}
|
||||
expand={{
|
||||
|
|
@ -170,6 +177,7 @@ export const CorrelationsDetailsAlertsTable: FC<CorrelationsDetailsAlertsTablePr
|
|||
pagination={paginationConfig}
|
||||
sorting={sorting}
|
||||
onChange={onTableChange}
|
||||
noItemsMessage={noItemsMessage}
|
||||
/>
|
||||
</ExpandablePanel>
|
||||
);
|
||||
|
|
|
|||
|
|
@ -254,7 +254,7 @@ describe('<HostDetails />', () => {
|
|||
</TestProviders>
|
||||
);
|
||||
expect(getByTestId(HOST_DETAILS_RELATED_USERS_TABLE_TEST_ID).textContent).toContain(
|
||||
'No items found'
|
||||
'No users identified'
|
||||
);
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -267,7 +267,7 @@ export const HostDetails: React.FC<HostDetailsProps> = ({ hostName, timestamp, s
|
|||
</EuiTitle>
|
||||
</EuiFlexItem>
|
||||
<EuiFlexItem grow={false}>
|
||||
<EuiToolTip content={i18n.RELATED_USERS_TOOL_TIP}>
|
||||
<EuiToolTip content={i18n.RELATED_USERS_TOOL_TIP(hostName)}>
|
||||
<EuiIcon color="subdued" type="iInCircle" className="eui-alignTop" />
|
||||
</EuiToolTip>
|
||||
</EuiFlexItem>
|
||||
|
|
@ -287,6 +287,7 @@ export const HostDetails: React.FC<HostDetailsProps> = ({ hostName, timestamp, s
|
|||
loading={isRelatedUsersLoading}
|
||||
data-test-subj={HOST_DETAILS_RELATED_USERS_TABLE_TEST_ID}
|
||||
pagination={pagination}
|
||||
message={i18n.RELATED_USERS_TABLE_NO_DATA}
|
||||
/>
|
||||
<InspectButton
|
||||
queryId={relatedUsersQueryId}
|
||||
|
|
|
|||
|
|
@ -56,16 +56,16 @@ export const InvestigationGuide: React.FC = () => {
|
|||
<div data-test-subj={INVESTIGATION_GUIDE_NO_DATA_TEST_ID}>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.flyout.investigationGuideNoData"
|
||||
defaultMessage="An investigation guide has not been created for this rule. Refer to this {documentation} to learn more about adding investigation guides."
|
||||
defaultMessage="There’s no investigation guide for this rule. {documentation} to add one."
|
||||
values={{
|
||||
documentation: (
|
||||
<EuiLink
|
||||
href="https://www.elastic.co/guide/en/security/current/rules-ui-create.html#rule-ui-advanced-params"
|
||||
href="https://www.elastic.co/guide/en/security/current/rules-ui-management.html#edit-rules-settings"
|
||||
target="_blank"
|
||||
>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.flyout.documentDetails.investigationGuideDocumentationLink"
|
||||
defaultMessage="documentation"
|
||||
defaultMessage="Edit the rule's settings"
|
||||
/>
|
||||
</EuiLink>
|
||||
),
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import {
|
|||
EuiPanel,
|
||||
EuiSpacer,
|
||||
EuiSuperDatePicker,
|
||||
EuiToolTip,
|
||||
} from '@elastic/eui';
|
||||
import { InvestigateInTimelineButton } from '../../../common/components/event_details/table/investigate_in_timeline_button';
|
||||
import type { PrevalenceData } from '../../shared/hooks/use_prevalence';
|
||||
|
|
@ -32,6 +33,10 @@ import {
|
|||
PREVALENCE_TABLE_FIELD_COLUMN_TITLE,
|
||||
USER_TITLE,
|
||||
PREVALENCE_NO_DATA_MESSAGE,
|
||||
PREVALENCE_TABLE_ALERT_COUNT_COLUMN_TITLE_TOOLTIP,
|
||||
PREVALENCE_TABLE_DOC_COUNT_COLUMN_TITLE_TOOLTIP,
|
||||
HOST_PREVALENCE_COLUMN_TITLE_TOOLTIP,
|
||||
USER_PREVALENCE_COLUMN_TITLE_TOOLTIP,
|
||||
} from './translations';
|
||||
import {
|
||||
PREVALENCE_DETAILS_LOADING_TEST_ID,
|
||||
|
|
@ -71,10 +76,12 @@ const columns: Array<EuiBasicTableColumn<PrevalenceData>> = [
|
|||
},
|
||||
{
|
||||
name: (
|
||||
<EuiFlexGroup direction="column" gutterSize="none">
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_ALERT_COUNT_COLUMN_TITLE}</EuiFlexItem>
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_COUNT_COLUMN_TITLE}</EuiFlexItem>
|
||||
</EuiFlexGroup>
|
||||
<EuiToolTip content={PREVALENCE_TABLE_ALERT_COUNT_COLUMN_TITLE_TOOLTIP}>
|
||||
<EuiFlexGroup direction="column" gutterSize="none">
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_ALERT_COUNT_COLUMN_TITLE}</EuiFlexItem>
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_COUNT_COLUMN_TITLE}</EuiFlexItem>
|
||||
</EuiFlexGroup>
|
||||
</EuiToolTip>
|
||||
),
|
||||
'data-test-subj': PREVALENCE_DETAILS_TABLE_ALERT_COUNT_CELL_TEST_ID,
|
||||
render: (data: PrevalenceData) => {
|
||||
|
|
@ -97,10 +104,12 @@ const columns: Array<EuiBasicTableColumn<PrevalenceData>> = [
|
|||
},
|
||||
{
|
||||
name: (
|
||||
<EuiFlexGroup direction="column" gutterSize="none">
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_DOC_COUNT_COLUMN_TITLE}</EuiFlexItem>
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_COUNT_COLUMN_TITLE}</EuiFlexItem>
|
||||
</EuiFlexGroup>
|
||||
<EuiToolTip content={PREVALENCE_TABLE_DOC_COUNT_COLUMN_TITLE_TOOLTIP}>
|
||||
<EuiFlexGroup direction="column" gutterSize="none">
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_DOC_COUNT_COLUMN_TITLE}</EuiFlexItem>
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_COUNT_COLUMN_TITLE}</EuiFlexItem>
|
||||
</EuiFlexGroup>
|
||||
</EuiToolTip>
|
||||
),
|
||||
'data-test-subj': PREVALENCE_DETAILS_TABLE_DOC_COUNT_CELL_TEST_ID,
|
||||
render: (data: PrevalenceData) => {
|
||||
|
|
@ -140,10 +149,12 @@ const columns: Array<EuiBasicTableColumn<PrevalenceData>> = [
|
|||
{
|
||||
field: 'hostPrevalence',
|
||||
name: (
|
||||
<EuiFlexGroup direction="column" gutterSize="none">
|
||||
<EuiFlexItem>{HOST_TITLE}</EuiFlexItem>
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_PREVALENCE_COLUMN_TITLE}</EuiFlexItem>
|
||||
</EuiFlexGroup>
|
||||
<EuiToolTip content={HOST_PREVALENCE_COLUMN_TITLE_TOOLTIP}>
|
||||
<EuiFlexGroup direction="column" gutterSize="none">
|
||||
<EuiFlexItem>{HOST_TITLE}</EuiFlexItem>
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_PREVALENCE_COLUMN_TITLE}</EuiFlexItem>
|
||||
</EuiFlexGroup>
|
||||
</EuiToolTip>
|
||||
),
|
||||
'data-test-subj': PREVALENCE_DETAILS_TABLE_HOST_PREVALENCE_CELL_TEST_ID,
|
||||
render: (hostPrevalence: number) => (
|
||||
|
|
@ -157,10 +168,12 @@ const columns: Array<EuiBasicTableColumn<PrevalenceData>> = [
|
|||
{
|
||||
field: 'userPrevalence',
|
||||
name: (
|
||||
<EuiFlexGroup direction="column" gutterSize="none">
|
||||
<EuiFlexItem>{USER_TITLE}</EuiFlexItem>
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_PREVALENCE_COLUMN_TITLE}</EuiFlexItem>
|
||||
</EuiFlexGroup>
|
||||
<EuiToolTip content={USER_PREVALENCE_COLUMN_TITLE_TOOLTIP}>
|
||||
<EuiFlexGroup direction="column" gutterSize="none">
|
||||
<EuiFlexItem>{USER_TITLE}</EuiFlexItem>
|
||||
<EuiFlexItem>{PREVALENCE_TABLE_PREVALENCE_COLUMN_TITLE}</EuiFlexItem>
|
||||
</EuiFlexGroup>
|
||||
</EuiToolTip>
|
||||
),
|
||||
'data-test-subj': PREVALENCE_DETAILS_TABLE_USER_PREVALENCE_CELL_TEST_ID,
|
||||
render: (userPrevalence: number) => (
|
||||
|
|
@ -237,7 +250,6 @@ export const PrevalenceDetails: React.FC = () => {
|
|||
items={data}
|
||||
columns={columns}
|
||||
data-test-subj={PREVALENCE_DETAILS_TABLE_TEST_ID}
|
||||
tableLayout="auto"
|
||||
/>
|
||||
) : (
|
||||
<div data-test-subj={`${PREVALENCE_DETAILS_TABLE_NO_DATA_TEST_ID}Error`}>
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
*/
|
||||
|
||||
import React from 'react';
|
||||
import { RELATED_ALERTS_BY_ANCESTRY_NO_DATA } from './translations';
|
||||
import { CorrelationsDetailsAlertsTable } from './correlations_details_alerts_table';
|
||||
import { CORRELATIONS_ANCESTRY_ALERTS } from '../../shared/translations';
|
||||
import { useFetchRelatedAlertsByAncestry } from '../../shared/hooks/use_fetch_related_alerts_by_ancestry';
|
||||
|
|
@ -57,6 +58,7 @@ export const RelatedAlertsByAncestry: React.VFC<RelatedAlertsByAncestryProps> =
|
|||
alertIds={data}
|
||||
scopeId={scopeId}
|
||||
eventId={eventId}
|
||||
noItemsMessage={RELATED_ALERTS_BY_ANCESTRY_NO_DATA}
|
||||
data-test-subj={CORRELATIONS_DETAILS_BY_ANCESTRY_SECTION_TEST_ID}
|
||||
/>
|
||||
);
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
*/
|
||||
|
||||
import React from 'react';
|
||||
import { RELATED_ALERTS_BY_SOURCE_EVENT_NO_DATA } from './translations';
|
||||
import { CORRELATIONS_SAME_SOURCE_ALERTS } from '../../shared/translations';
|
||||
import { useFetchRelatedAlertsBySameSourceEvent } from '../../shared/hooks/use_fetch_related_alerts_by_same_source_event';
|
||||
import { CORRELATIONS_DETAILS_BY_SOURCE_SECTION_TEST_ID } from './test_ids';
|
||||
|
|
@ -51,6 +52,7 @@ export const RelatedAlertsBySameSourceEvent: React.VFC<RelatedAlertsBySameSource
|
|||
alertIds={data}
|
||||
scopeId={scopeId}
|
||||
eventId={eventId}
|
||||
noItemsMessage={RELATED_ALERTS_BY_SOURCE_EVENT_NO_DATA}
|
||||
data-test-subj={CORRELATIONS_DETAILS_BY_SOURCE_SECTION_TEST_ID}
|
||||
/>
|
||||
);
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
*/
|
||||
|
||||
import React from 'react';
|
||||
import { RELATED_ALERTS_BY_SESSION_NO_DATA } from './translations';
|
||||
import { CORRELATIONS_SESSION_ALERTS } from '../../shared/translations';
|
||||
import { CorrelationsDetailsAlertsTable } from './correlations_details_alerts_table';
|
||||
import { useFetchRelatedAlertsBySession } from '../../shared/hooks/use_fetch_related_alerts_by_session';
|
||||
|
|
@ -51,6 +52,7 @@ export const RelatedAlertsBySession: React.VFC<RelatedAlertsBySessionProps> = ({
|
|||
alertIds={data}
|
||||
scopeId={scopeId}
|
||||
eventId={eventId}
|
||||
noItemsMessage={RELATED_ALERTS_BY_SESSION_NO_DATA}
|
||||
data-test-subj={CORRELATIONS_DETAILS_BY_SESSION_SECTION_TEST_ID}
|
||||
/>
|
||||
);
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import { ExpandablePanel } from '../../shared/components/expandable_panel';
|
|||
import {
|
||||
CORRELATIONS_CASE_NAME_COLUMN_TITLE,
|
||||
CORRELATIONS_CASE_STATUS_COLUMN_TITLE,
|
||||
RELATED_CASES_NO_DATA,
|
||||
} from './translations';
|
||||
|
||||
const ICON = 'warning';
|
||||
|
|
@ -82,6 +83,7 @@ export const RelatedCases: React.VFC<RelatedCasesProps> = ({ eventId }) => {
|
|||
items={data}
|
||||
columns={columns}
|
||||
pagination={true}
|
||||
message={RELATED_CASES_NO_DATA}
|
||||
data-test-subj={CORRELATIONS_DETAILS_CASES_SECTION_TABLE_TEST_ID}
|
||||
/>
|
||||
</ExpandablePanel>
|
||||
|
|
|
|||
|
|
@ -6,8 +6,9 @@
|
|||
*/
|
||||
|
||||
import React from 'react';
|
||||
import { EuiSpacer, EuiTitle } from '@elastic/eui';
|
||||
import { EuiLink, EuiSpacer, EuiTitle } from '@elastic/eui';
|
||||
import styled from 'styled-components';
|
||||
import { FormattedMessage } from '@kbn/i18n-react';
|
||||
import { RESPONSE_DETAILS_TEST_ID, RESPONSE_EMPTY_TEST_ID } from './test_ids';
|
||||
import { expandDottedObject } from '../../../../common/utils/expand_dotted';
|
||||
import type {
|
||||
|
|
@ -61,7 +62,25 @@ export const ResponseDetails: React.FC = () => {
|
|||
</EuiTitle>
|
||||
<EuiSpacer size="s" />
|
||||
{!responseActions ? (
|
||||
<InlineBlock data-test-subj={RESPONSE_EMPTY_TEST_ID}>{i18n.RESPONSE_EMPTY}</InlineBlock>
|
||||
<InlineBlock data-test-subj={RESPONSE_EMPTY_TEST_ID}>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.flyout.documentDetails.response.emptyMessage"
|
||||
defaultMessage="This alert did not generate an external notification. {editRuleLink} to set up notification actions."
|
||||
values={{
|
||||
editRuleLink: (
|
||||
<EuiLink
|
||||
href="https://www.elastic.co/guide/en/security/master/rules-ui-management.html#edit-rules-settings"
|
||||
target="_blank"
|
||||
>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.flyout.documentDetails.response.editRuleLink"
|
||||
defaultMessage="Edit your rule"
|
||||
/>
|
||||
</EuiLink>
|
||||
),
|
||||
}}
|
||||
/>
|
||||
</InlineBlock>
|
||||
) : (
|
||||
<ExtendedFlyoutWrapper>
|
||||
{endpointResponseActionsEnabled ? responseActionsView?.content : osqueryView?.content}
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import { i18n } from '@kbn/i18n';
|
|||
export const ENTITIES_NO_DATA_MESSAGE = i18n.translate(
|
||||
'xpack.securitySolution.flyout.entitiesNoDataMessage',
|
||||
{
|
||||
defaultMessage: 'No user or host data available',
|
||||
defaultMessage: 'Host and user information are unavailable for this alert.',
|
||||
}
|
||||
);
|
||||
|
||||
|
|
@ -39,10 +39,17 @@ export const USER_TITLE = i18n.translate('xpack.securitySolution.flyout.entities
|
|||
defaultMessage: 'User',
|
||||
});
|
||||
|
||||
export const USER_PREVALENCE_COLUMN_TITLE_TOOLTIP = i18n.translate(
|
||||
'xpack.securitySolution.flyout.entities.userPrevalenceColumTitleTooltip',
|
||||
{
|
||||
defaultMessage: 'Percentage of unique users with identical field value pairs',
|
||||
}
|
||||
);
|
||||
|
||||
export const USERS_INFO_TITLE = i18n.translate(
|
||||
'xpack.securitySolution.flyout.entities.usersInfoTitle',
|
||||
{
|
||||
defaultMessage: 'User info',
|
||||
defaultMessage: 'User information',
|
||||
}
|
||||
);
|
||||
|
||||
|
|
@ -53,13 +60,20 @@ export const RELATED_HOSTS_TITLE = i18n.translate(
|
|||
}
|
||||
);
|
||||
|
||||
export const RELATED_HOSTS_TOOL_TIP = i18n.translate(
|
||||
'xpack.securitySolution.flyout.entities.relatedHostsToolTip',
|
||||
export const RELATED_HOSTS_TABLE_NO_DATA = i18n.translate(
|
||||
'xpack.securitySolution.flyout.entities.relatedHostsTableNoData',
|
||||
{
|
||||
defaultMessage: 'The user successfully authenticated to these hosts after the alert.',
|
||||
defaultMessage: 'No hosts identified',
|
||||
}
|
||||
);
|
||||
|
||||
export const RELATED_HOSTS_TOOL_TIP = (userName: string) =>
|
||||
i18n.translate('xpack.securitySolution.flyout.entities.relatedHostsToolTip', {
|
||||
defaultMessage:
|
||||
'After this alert was generated, {userName} logged into these hosts. Check if this activity is normal.',
|
||||
values: { userName },
|
||||
});
|
||||
|
||||
export const RELATED_ENTITIES_NAME_COLUMN_TITLE = i18n.translate(
|
||||
'xpack.securitySolution.flyout.entities.relatedEntitiesNameColumn',
|
||||
{
|
||||
|
|
@ -78,10 +92,17 @@ export const HOST_TITLE = i18n.translate('xpack.securitySolution.flyout.entities
|
|||
defaultMessage: 'Host',
|
||||
});
|
||||
|
||||
export const HOST_PREVALENCE_COLUMN_TITLE_TOOLTIP = i18n.translate(
|
||||
'xpack.securitySolution.flyout.entities.hostPrevalenceColumTitleTooltip',
|
||||
{
|
||||
defaultMessage: 'Percentage of unique hosts with identical field value pairs',
|
||||
}
|
||||
);
|
||||
|
||||
export const HOSTS_INFO_TITLE = i18n.translate(
|
||||
'xpack.securitySolution.flyout.entities.hostsInfoTitle',
|
||||
{
|
||||
defaultMessage: 'Host info',
|
||||
defaultMessage: 'Host information',
|
||||
}
|
||||
);
|
||||
|
||||
|
|
@ -92,13 +113,20 @@ export const RELATED_USERS_TITLE = i18n.translate(
|
|||
}
|
||||
);
|
||||
|
||||
export const RELATED_USERS_TOOL_TIP = i18n.translate(
|
||||
'xpack.securitySolution.flyout.entities.relatedUsersToolTip',
|
||||
export const RELATED_USERS_TABLE_NO_DATA = i18n.translate(
|
||||
'xpack.securitySolution.flyout.entities.relatedUsersTableNoData',
|
||||
{
|
||||
defaultMessage: 'These users successfully authenticated to the affected host after the alert.',
|
||||
defaultMessage: 'No users identified',
|
||||
}
|
||||
);
|
||||
|
||||
export const RELATED_USERS_TOOL_TIP = (hostName: string) =>
|
||||
i18n.translate('xpack.securitySolution.flyout.entities.relatedUsersToolTip', {
|
||||
defaultMessage:
|
||||
'After this alert was generated, these users logged into {hostName}. Check if this activity is normal.',
|
||||
values: { hostName },
|
||||
});
|
||||
|
||||
export const PREVALENCE_ERROR_MESSAGE = i18n.translate(
|
||||
'xpack.securitySolution.flyout.prevalenceErrorMessage',
|
||||
{
|
||||
|
|
@ -134,6 +162,13 @@ export const PREVALENCE_TABLE_ALERT_COUNT_COLUMN_TITLE = i18n.translate(
|
|||
}
|
||||
);
|
||||
|
||||
export const PREVALENCE_TABLE_ALERT_COUNT_COLUMN_TITLE_TOOLTIP = i18n.translate(
|
||||
'xpack.securitySolution.flyout.prevalenceTableAlertCountColumnTitleTooltip',
|
||||
{
|
||||
defaultMessage: 'Total number of alerts with identical field value pairs',
|
||||
}
|
||||
);
|
||||
|
||||
export const PREVALENCE_TABLE_DOC_COUNT_COLUMN_TITLE = i18n.translate(
|
||||
'xpack.securitySolution.flyout.prevalenceTableDocCountColumnTitle',
|
||||
{
|
||||
|
|
@ -141,6 +176,13 @@ export const PREVALENCE_TABLE_DOC_COUNT_COLUMN_TITLE = i18n.translate(
|
|||
}
|
||||
);
|
||||
|
||||
export const PREVALENCE_TABLE_DOC_COUNT_COLUMN_TITLE_TOOLTIP = i18n.translate(
|
||||
'xpack.securitySolution.flyout.prevalenceTableDocCountColumnTitleTooltip',
|
||||
{
|
||||
defaultMessage: 'Total number of event documents with identical field value pairs',
|
||||
}
|
||||
);
|
||||
|
||||
export const PREVALENCE_TABLE_COUNT_COLUMN_TITLE = i18n.translate(
|
||||
'xpack.securitySolution.flyout.prevalenceTableCountColumnTitle',
|
||||
{
|
||||
|
|
@ -159,10 +201,6 @@ export const RESPONSE_TITLE = i18n.translate('xpack.securitySolution.flyout.resp
|
|||
defaultMessage: 'Responses',
|
||||
});
|
||||
|
||||
export const RESPONSE_EMPTY = i18n.translate('xpack.securitySolution.flyout.response.empty', {
|
||||
defaultMessage: 'There are no response actions defined for this event.',
|
||||
});
|
||||
|
||||
export const CORRELATIONS_TIMESTAMP_COLUMN_TITLE = i18n.translate(
|
||||
'xpack.securitySolution.flyout.correlations.timestampColumnTitle',
|
||||
{
|
||||
|
|
@ -211,3 +249,31 @@ export const CORRELATIONS_DETAILS_TABLE_FILTER = i18n.translate(
|
|||
defaultMessage: 'Correlations Details Table Alert IDs',
|
||||
}
|
||||
);
|
||||
|
||||
export const RELATED_ALERTS_BY_ANCESTRY_NO_DATA = i18n.translate(
|
||||
'xpack.securitySolution.flyout.correlations.relatedAlertsByAncestryNoData',
|
||||
{
|
||||
defaultMessage: 'No alerts related by ancestry',
|
||||
}
|
||||
);
|
||||
|
||||
export const RELATED_ALERTS_BY_SOURCE_EVENT_NO_DATA = i18n.translate(
|
||||
'xpack.securitySolution.flyout.correlations.relatedAlertsBySourceEventNoData',
|
||||
{
|
||||
defaultMessage: 'No related source events',
|
||||
}
|
||||
);
|
||||
|
||||
export const RELATED_ALERTS_BY_SESSION_NO_DATA = i18n.translate(
|
||||
'xpack.securitySolution.flyout.correlations.relatedAlertsBySessionNoData',
|
||||
{
|
||||
defaultMessage: 'No alerts related by session',
|
||||
}
|
||||
);
|
||||
|
||||
export const RELATED_CASES_NO_DATA = i18n.translate(
|
||||
'xpack.securitySolution.flyout.correlations.relatedCasesNoData',
|
||||
{
|
||||
defaultMessage: 'No related cases',
|
||||
}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -233,7 +233,7 @@ describe('<HostDetails />', () => {
|
|||
</TestProviders>
|
||||
);
|
||||
expect(getByTestId(USER_DETAILS_RELATED_HOSTS_TABLE_TEST_ID).textContent).toContain(
|
||||
'No items found'
|
||||
'No hosts identified'
|
||||
);
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -270,7 +270,7 @@ export const UserDetails: React.FC<UserDetailsProps> = ({ userName, timestamp, s
|
|||
</EuiTitle>
|
||||
</EuiFlexItem>
|
||||
<EuiFlexItem grow={false}>
|
||||
<EuiToolTip content={i18n.RELATED_HOSTS_TOOL_TIP}>
|
||||
<EuiToolTip content={i18n.RELATED_HOSTS_TOOL_TIP(userName)}>
|
||||
<EuiIcon color="subdued" type="iInCircle" className="eui-alignTop" />
|
||||
</EuiToolTip>
|
||||
</EuiFlexItem>
|
||||
|
|
@ -290,6 +290,7 @@ export const UserDetails: React.FC<UserDetailsProps> = ({ userName, timestamp, s
|
|||
loading={isRelatedHostLoading}
|
||||
data-test-subj={USER_DETAILS_RELATED_HOSTS_TABLE_TEST_ID}
|
||||
pagination={pagination}
|
||||
message={i18n.RELATED_HOSTS_TABLE_NO_DATA}
|
||||
/>
|
||||
<InspectButton
|
||||
queryId={relatedHostsQueryId}
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ export const ENTITIES_BUTTON = i18n.translate(
|
|||
export const THREAT_INTELLIGENCE_BUTTON = i18n.translate(
|
||||
'xpack.securitySolution.flyout.documentDetails.threatIntelligenceButton',
|
||||
{
|
||||
defaultMessage: 'Threat Intelligence',
|
||||
defaultMessage: 'Threat intelligence',
|
||||
}
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@
|
|||
import React, { useCallback } from 'react';
|
||||
import { useDispatch } from 'react-redux';
|
||||
import { TimelineTabs } from '@kbn/securitysolution-data-table';
|
||||
import { EuiLink, EuiMark } from '@elastic/eui';
|
||||
import { FormattedMessage } from '@kbn/i18n-react';
|
||||
import { useStartTransaction } from '../../../common/lib/apm/use_start_transaction';
|
||||
import { useInvestigateInTimeline } from '../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline';
|
||||
import { ALERTS_ACTIONS } from '../../../common/lib/apm/user_actions';
|
||||
|
|
@ -17,7 +19,7 @@ import { useRightPanelContext } from '../context';
|
|||
import { isInvestigateInResolverActionEnabled } from '../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver';
|
||||
import { AnalyzerPreview } from './analyzer_preview';
|
||||
import { ANALYZER_PREVIEW_TEST_ID } from './test_ids';
|
||||
import { ANALYZER_PREVIEW_ERROR, ANALYZER_PREVIEW_TITLE } from './translations';
|
||||
import { ANALYZER_PREVIEW_TITLE } from './translations';
|
||||
import { ExpandablePanel } from '../../shared/components/expandable_panel';
|
||||
|
||||
const timelineId = 'timeline-1';
|
||||
|
|
@ -65,7 +67,27 @@ export const AnalyzerPreviewContainer: React.FC = () => {
|
|||
{isEnabled ? (
|
||||
<AnalyzerPreview />
|
||||
) : (
|
||||
<div data-test-subj={`${ANALYZER_PREVIEW_TEST_ID}Error`}>{ANALYZER_PREVIEW_ERROR}</div>
|
||||
<div data-test-subj={`${ANALYZER_PREVIEW_TEST_ID}Error`}>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.flyout.analyzerPreviewError"
|
||||
defaultMessage="You can only visualize events triggered by hosts configured with the Elastic Defend integration or any {sysmon} data from {winlogbeat}. Refer to {link} for more information."
|
||||
values={{
|
||||
sysmon: <EuiMark>{'sysmon'}</EuiMark>,
|
||||
winlogbeat: <EuiMark>{'winlogbeat'}</EuiMark>,
|
||||
link: (
|
||||
<EuiLink
|
||||
href="https://www.elastic.co/guide/en/security/current/visual-event-analyzer.html"
|
||||
target="_blank"
|
||||
>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.flyout.documentDetails.analyzerPreviewErrorLink"
|
||||
defaultMessage="Visual event analyzer"
|
||||
/>
|
||||
</EuiLink>
|
||||
),
|
||||
}}
|
||||
/>
|
||||
</div>
|
||||
)}
|
||||
</ExpandablePanel>
|
||||
);
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ export const HighlightedFields: FC = () => {
|
|||
</EuiFlexItem>
|
||||
<EuiFlexItem data-test-subj={HIGHLIGHTED_FIELDS_DETAILS_TEST_ID}>
|
||||
<EuiPanel hasBorder hasShadow={false}>
|
||||
<EuiInMemoryTable items={items} columns={columns} compressed tableLayout="auto" />
|
||||
<EuiInMemoryTable items={items} columns={columns} compressed />
|
||||
</EuiPanel>
|
||||
</EuiFlexItem>
|
||||
</EuiFlexGroup>
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ export interface InsightsSummaryRowProps {
|
|||
|
||||
/**
|
||||
* Panel showing summary information as an icon, a count and text as well as a severity colored dot.
|
||||
* Should be used for Entities, Threat Intelligence, Prevalence, Correlations and Results components under the Insights section.
|
||||
* Should be used for Entities, Threat intelligence, Prevalence, Correlations and Results components under the Insights section.
|
||||
* The colored dot is currently optional but will ultimately be mandatory (waiting on PM and UIUX).
|
||||
*/
|
||||
export const InsightsSummaryRow: VFC<InsightsSummaryRowProps> = ({
|
||||
|
|
|
|||
|
|
@ -42,16 +42,20 @@ export const ResponseButton: React.FC = () => {
|
|||
});
|
||||
}, [eventId, indexName, openLeftPanel, scopeId]);
|
||||
|
||||
if (!responseActions) return <div data-test-subj={RESPONSE_EMPTY_TEST_ID}>{RESPONSE_EMPTY}</div>;
|
||||
|
||||
return (
|
||||
<EuiButton
|
||||
onClick={goToResponseTab}
|
||||
iconType="documentation"
|
||||
data-test-subj={RESPONSE_BUTTON_TEST_ID}
|
||||
>
|
||||
{RESPONSE_TITLE}
|
||||
</EuiButton>
|
||||
<>
|
||||
{!responseActions ? (
|
||||
<div data-test-subj={RESPONSE_EMPTY_TEST_ID}>{RESPONSE_EMPTY}</div>
|
||||
) : (
|
||||
<EuiButton
|
||||
onClick={goToResponseTab}
|
||||
iconType="documentation"
|
||||
data-test-subj={RESPONSE_BUTTON_TEST_ID}
|
||||
>
|
||||
{RESPONSE_TITLE}
|
||||
</EuiButton>
|
||||
)}
|
||||
</>
|
||||
);
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,9 @@
|
|||
import React, { type FC, useCallback } from 'react';
|
||||
import { TimelineTabs } from '@kbn/securitysolution-data-table';
|
||||
import { useDispatch } from 'react-redux';
|
||||
import { EuiLink, useEuiTheme } from '@elastic/eui';
|
||||
import { FormattedMessage } from '@kbn/i18n-react';
|
||||
import { css } from '@emotion/css/dist/emotion-css.cjs';
|
||||
import { useLicense } from '../../../common/hooks/use_license';
|
||||
import { SessionPreview } from './session_preview';
|
||||
import { useSessionPreview } from '../hooks/use_session_preview';
|
||||
|
|
@ -16,11 +19,7 @@ import { useRightPanelContext } from '../context';
|
|||
import { ALERTS_ACTIONS } from '../../../common/lib/apm/user_actions';
|
||||
import { ExpandablePanel } from '../../shared/components/expandable_panel';
|
||||
import { SESSION_PREVIEW_TEST_ID } from './test_ids';
|
||||
import {
|
||||
SESSION_PREVIEW_ERROR,
|
||||
SESSION_PREVIEW_TITLE,
|
||||
SESSION_PREVIEW_UPSELL,
|
||||
} from './translations';
|
||||
import { SESSION_PREVIEW_TITLE } from './translations';
|
||||
import { useStartTransaction } from '../../../common/lib/apm/use_start_transaction';
|
||||
import { setActiveTabTimeline } from '../../../timelines/store/timeline/actions';
|
||||
import { getScopedActions } from '../../../helpers';
|
||||
|
|
@ -65,10 +64,57 @@ export const SessionPreviewContainer: FC = () => {
|
|||
startTransaction,
|
||||
]);
|
||||
|
||||
const { euiTheme } = useEuiTheme();
|
||||
|
||||
const noSessionMessage = !isEnterprisePlus ? (
|
||||
<div data-test-subj={`${SESSION_PREVIEW_TEST_ID}UpSell`}>{SESSION_PREVIEW_UPSELL}</div>
|
||||
<div data-test-subj={`${SESSION_PREVIEW_TEST_ID}UpSell`}>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.flyout.sessionPreviewUpsell"
|
||||
defaultMessage="This feature requires an {subscription}"
|
||||
values={{
|
||||
subscription: (
|
||||
<EuiLink href="https://www.elastic.co/pricing/" target="_blank">
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.flyout.documentDetails.sessionPreviewUpsellLink"
|
||||
defaultMessage="Enterprise subscription"
|
||||
/>
|
||||
</EuiLink>
|
||||
),
|
||||
}}
|
||||
/>
|
||||
</div>
|
||||
) : !sessionViewConfig ? (
|
||||
<div data-test-subj={`${SESSION_PREVIEW_TEST_ID}Error`}>{SESSION_PREVIEW_ERROR}</div>
|
||||
<div data-test-subj={`${SESSION_PREVIEW_TEST_ID}Error`}>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.flyout.sessionPreviewError"
|
||||
defaultMessage="You can only view Linux session details if you’ve enabled the {setting} setting in your Elastic Defend integration policy. Refer to {link} for more information."
|
||||
values={{
|
||||
setting: (
|
||||
<span
|
||||
css={css`
|
||||
font-weight: ${euiTheme.font.weight.bold};
|
||||
`}
|
||||
>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.flyout.documentDetails.sessionPreviewErrorSetting"
|
||||
defaultMessage="Include session data"
|
||||
/>
|
||||
</span>
|
||||
),
|
||||
link: (
|
||||
<EuiLink
|
||||
href="https://www.elastic.co/guide/en/security/current/session-view.html#enable-session-view"
|
||||
target="_blank"
|
||||
>
|
||||
<FormattedMessage
|
||||
id="xpack.securitySolution.flyout.documentDetails.sessionPreviewErrorLink"
|
||||
defaultMessage="Enable Session View data"
|
||||
/>
|
||||
</EuiLink>
|
||||
),
|
||||
}}
|
||||
/>
|
||||
</div>
|
||||
) : null;
|
||||
|
||||
return (
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ export const ENTITIES_HOST_OVERVIEW_RISK_LEVEL_TEST_ID = `${ENTITIES_HOST_OVERVI
|
|||
export const TECHNICAL_PREVIEW_ICON_TEST_ID =
|
||||
'securitySolutionDocumentDetailsFlyoutTechnicalPreviewIcon';
|
||||
|
||||
/* Insights Threat Intelligence */
|
||||
/* Insights Threat intelligence */
|
||||
|
||||
export const INSIGHTS_THREAT_INTELLIGENCE_TEST_ID =
|
||||
'securitySolutionDocumentDetailsFlyoutInsightsThreatIntelligence';
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ describe('<ThreatIntelligenceOverview />', () => {
|
|||
|
||||
const { getByTestId } = render(renderThreatIntelligenceOverview(panelContextValue));
|
||||
|
||||
expect(getByTestId(TITLE_LINK_TEST_ID)).toHaveTextContent('Threat Intelligence');
|
||||
expect(getByTestId(TITLE_LINK_TEST_ID)).toHaveTextContent('Threat intelligence');
|
||||
expect(getByTestId(CONTENT_TEST_ID)).toHaveTextContent('1 threat match detected');
|
||||
expect(getByTestId(CONTENT_TEST_ID)).toHaveTextContent(
|
||||
'1 field enriched with threat intelligence'
|
||||
|
|
@ -99,7 +99,7 @@ describe('<ThreatIntelligenceOverview />', () => {
|
|||
|
||||
const { getByTestId } = render(renderThreatIntelligenceOverview(panelContextValue));
|
||||
|
||||
expect(getByTestId(TITLE_LINK_TEST_ID)).toHaveTextContent('Threat Intelligence');
|
||||
expect(getByTestId(TITLE_LINK_TEST_ID)).toHaveTextContent('Threat intelligence');
|
||||
expect(getByTestId(CONTENT_TEST_ID)).toHaveTextContent('2 threat matches detected');
|
||||
expect(getByTestId(CONTENT_TEST_ID)).toHaveTextContent(
|
||||
'2 fields enriched with threat intelligence'
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ import { LeftPanelKey, LeftPanelInsightsTab } from '../../left';
|
|||
import { THREAT_INTELLIGENCE_TAB_ID } from '../../left/components/threat_intelligence_details';
|
||||
|
||||
/**
|
||||
* Threat Intelligence section under Insights section, overview tab.
|
||||
* Threat intelligence section under Insights section, overview tab.
|
||||
* The component fetches the necessary data, then pass it down to the InsightsSubSection component for loading and error state,
|
||||
* and the SummaryPanel component for data rendering.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ export const RISK_SCORE_TITLE = i18n.translate(
|
|||
export const RULE_SUMMARY_TEXT = i18n.translate(
|
||||
'xpack.securitySolution.flyout.documentDetails.ruleSummaryText',
|
||||
{
|
||||
defaultMessage: 'Rule summary',
|
||||
defaultMessage: 'Show rule summary',
|
||||
}
|
||||
);
|
||||
|
||||
|
|
@ -133,13 +133,13 @@ export const ENTITIES_TITLE = i18n.translate(
|
|||
export const ENTITIES_NO_DATA_MESSAGE = i18n.translate(
|
||||
'xpack.securitySolution.flyout.documentDetails.entitiesNoDataMessage',
|
||||
{
|
||||
defaultMessage: 'No user or host data available',
|
||||
defaultMessage: 'Host and user information are unavailable for this alert',
|
||||
}
|
||||
);
|
||||
|
||||
export const THREAT_INTELLIGENCE_TITLE = i18n.translate(
|
||||
'xpack.securitySolution.flyout.documentDetails.threatIntelligenceTitle',
|
||||
{ defaultMessage: 'Threat Intelligence' }
|
||||
{ defaultMessage: 'Threat intelligence' }
|
||||
);
|
||||
|
||||
export const INSIGHTS_TITLE = i18n.translate(
|
||||
|
|
@ -166,7 +166,10 @@ export const PREVALENCE_TITLE = i18n.translate(
|
|||
|
||||
export const PREVALENCE_NO_DATA = i18n.translate(
|
||||
'xpack.securitySolution.flyout.documentDetails.prevalenceNoData',
|
||||
{ defaultMessage: 'No field/value pairs are uncommon' }
|
||||
{
|
||||
defaultMessage:
|
||||
'Over the last 30 days, the highlighted fields for this alert were observed frequently on other host and user events.',
|
||||
}
|
||||
);
|
||||
|
||||
export const THREAT_MATCH_DETECTED = i18n.translate(
|
||||
|
|
@ -214,13 +217,6 @@ export const ANALYZER_PREVIEW_TITLE = i18n.translate(
|
|||
{ defaultMessage: 'Analyzer preview' }
|
||||
);
|
||||
|
||||
export const ANALYZER_PREVIEW_ERROR = i18n.translate(
|
||||
'xpack.securitySolution.flyout.documentDetails.analyzerPreview.error',
|
||||
{
|
||||
defaultMessage: 'No analyzer graph data available',
|
||||
}
|
||||
);
|
||||
|
||||
export const SHARE = i18n.translate('xpack.securitySolution.flyout.documentDetails.share', {
|
||||
defaultMessage: 'Share Alert',
|
||||
});
|
||||
|
|
@ -242,7 +238,7 @@ export const INVESTIGATION_GUIDE_BUTTON = i18n.translate(
|
|||
export const INVESTIGATION_GUIDE_NO_DATA = i18n.translate(
|
||||
'xpack.securitySolution.flyout.documentDetails.investigationGuideNoData',
|
||||
{
|
||||
defaultMessage: 'An investigation guide has not been created for this rule.',
|
||||
defaultMessage: 'There’s no investigation guide for this rule.',
|
||||
}
|
||||
);
|
||||
|
||||
|
|
@ -253,21 +249,6 @@ export const SESSION_PREVIEW_TITLE = i18n.translate(
|
|||
}
|
||||
);
|
||||
|
||||
export const SESSION_PREVIEW_UPSELL = i18n.translate(
|
||||
'xpack.securitySolution.flyout.documentDetails.sessionPreview.upsell',
|
||||
{
|
||||
defaultMessage:
|
||||
'Session preview is disabled because your license does not support it. Please upgrade your license.',
|
||||
}
|
||||
);
|
||||
|
||||
export const SESSION_PREVIEW_ERROR = i18n.translate(
|
||||
'xpack.securitySolution.flyout.documentDetails.sessionPreview.error',
|
||||
{
|
||||
defaultMessage: 'No session view data available',
|
||||
}
|
||||
);
|
||||
|
||||
export const SESSION_PREVIEW_PROCESS_TEXT = i18n.translate(
|
||||
'xpack.securitySolution.flyout.documentDetails.sessionPreview.processText',
|
||||
{
|
||||
|
|
@ -304,7 +285,7 @@ export const RESPONSE_TITLE = i18n.translate(
|
|||
);
|
||||
|
||||
export const RESPONSE_EMPTY = i18n.translate('xpack.securitySolution.flyout.response.empty', {
|
||||
defaultMessage: 'There are no response actions defined for this event.',
|
||||
defaultMessage: 'This alert did not generate an external notification.',
|
||||
});
|
||||
|
||||
export const TECHNICAL_PREVIEW_TITLE = i18n.translate(
|
||||
|
|
|
|||
|
|
@ -33344,14 +33344,11 @@
|
|||
"xpack.securitySolution.flyout.entities.relatedEntitiesIpColumn": "Adresses IP",
|
||||
"xpack.securitySolution.flyout.entities.relatedEntitiesNameColumn": "Nom",
|
||||
"xpack.securitySolution.flyout.entities.relatedHostsTitle": "Hôtes associés",
|
||||
"xpack.securitySolution.flyout.entities.relatedHostsToolTip": "L’utilisateur a été authentifié avec succès sur ces hôtes après l’alerte.",
|
||||
"xpack.securitySolution.flyout.entities.relatedUsersTitle": "Utilisateurs associés",
|
||||
"xpack.securitySolution.flyout.entities.relatedUsersToolTip": "Ces utilisateurs ont été authentifiés avec succès sur l’hôte concerné après l’alerte.",
|
||||
"xpack.securitySolution.flyout.entities.usersInfoTitle": "Informations sur l’utilisateur",
|
||||
"xpack.securitySolution.flyout.prevalenceErrorMessage": "prévalence",
|
||||
"xpack.securitySolution.flyout.prevalenceTableAlertCountColumnTitle": "Nombre d'alertes",
|
||||
"xpack.securitySolution.flyout.prevalenceTableDocCountColumnTitle": "Compte du document",
|
||||
"xpack.securitySolution.flyout.response.empty": "Il n’y a pas d’actions de réponse définies pour cet évènement.",
|
||||
"xpack.securitySolution.flyout.response.title": "Réponses",
|
||||
"xpack.securitySolution.flyout.sessionViewErrorMessage": "vue de session",
|
||||
"xpack.securitySolution.footer.autoRefreshActiveDescription": "Actualisation automatique active",
|
||||
|
|
|
|||
|
|
@ -33343,14 +33343,11 @@
|
|||
"xpack.securitySolution.flyout.entities.relatedEntitiesIpColumn": "IPアドレス",
|
||||
"xpack.securitySolution.flyout.entities.relatedEntitiesNameColumn": "名前",
|
||||
"xpack.securitySolution.flyout.entities.relatedHostsTitle": "関連するホスト",
|
||||
"xpack.securitySolution.flyout.entities.relatedHostsToolTip": "アラート後、ユーザーはこれらのホストへの認証に成功しました。",
|
||||
"xpack.securitySolution.flyout.entities.relatedUsersTitle": "関連するユーザー",
|
||||
"xpack.securitySolution.flyout.entities.relatedUsersToolTip": "アラート後、ユーザーは影響を受けるホストへの認証に成功しました。",
|
||||
"xpack.securitySolution.flyout.entities.usersInfoTitle": "ユーザー情報",
|
||||
"xpack.securitySolution.flyout.prevalenceErrorMessage": "発生率",
|
||||
"xpack.securitySolution.flyout.prevalenceTableAlertCountColumnTitle": "アラート件数",
|
||||
"xpack.securitySolution.flyout.prevalenceTableDocCountColumnTitle": "ドキュメントカウント",
|
||||
"xpack.securitySolution.flyout.response.empty": "このイベントに対する対応アクションは定義されていません。",
|
||||
"xpack.securitySolution.flyout.response.title": "対応",
|
||||
"xpack.securitySolution.flyout.sessionViewErrorMessage": "セッションビュー",
|
||||
"xpack.securitySolution.footer.autoRefreshActiveDescription": "自動更新アクション",
|
||||
|
|
|
|||
|
|
@ -33339,14 +33339,11 @@
|
|||
"xpack.securitySolution.flyout.entities.relatedEntitiesIpColumn": "IP 地址",
|
||||
"xpack.securitySolution.flyout.entities.relatedEntitiesNameColumn": "名称",
|
||||
"xpack.securitySolution.flyout.entities.relatedHostsTitle": "相关主机",
|
||||
"xpack.securitySolution.flyout.entities.relatedHostsToolTip": "告警后,用户已成功通过这些主机的身份验证。",
|
||||
"xpack.securitySolution.flyout.entities.relatedUsersTitle": "相关用户",
|
||||
"xpack.securitySolution.flyout.entities.relatedUsersToolTip": "告警后,这些用户已成功通过受影响主机的身份验证。",
|
||||
"xpack.securitySolution.flyout.entities.usersInfoTitle": "用户信息",
|
||||
"xpack.securitySolution.flyout.prevalenceErrorMessage": "普及率",
|
||||
"xpack.securitySolution.flyout.prevalenceTableAlertCountColumnTitle": "告警计数",
|
||||
"xpack.securitySolution.flyout.prevalenceTableDocCountColumnTitle": "文档计数",
|
||||
"xpack.securitySolution.flyout.response.empty": "没有为此事件定义响应操作。",
|
||||
"xpack.securitySolution.flyout.response.title": "响应",
|
||||
"xpack.securitySolution.flyout.sessionViewErrorMessage": "会话视图",
|
||||
"xpack.securitySolution.footer.autoRefreshActiveDescription": "自动刷新已启用",
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ describe(
|
|||
|
||||
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON)
|
||||
.should('be.visible')
|
||||
.and('have.text', 'Threat Intelligence');
|
||||
.and('have.text', 'Threat intelligence');
|
||||
|
||||
cy.get(INDICATOR_MATCH_ENRICHMENT_SECTION).should('be.visible');
|
||||
});
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ describe(
|
|||
.within(() => {
|
||||
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_OPEN_RULE_PREVIEW_BUTTON)
|
||||
.should('be.visible')
|
||||
.and('have.text', 'Rule summary');
|
||||
.and('have.text', 'Show rule summary');
|
||||
});
|
||||
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_DETAILS)
|
||||
.should('be.visible')
|
||||
|
|
@ -248,7 +248,7 @@ describe(
|
|||
).scrollIntoView();
|
||||
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_HEADER)
|
||||
.should('be.visible')
|
||||
.and('have.text', 'Threat Intelligence');
|
||||
.and('have.text', 'Threat intelligence');
|
||||
cy.get(
|
||||
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_CONTENT
|
||||
).scrollIntoView();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue