github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.8] [Security Solution] [Fix] Leading Action column width: session viewer not visible (#156521) (#156679)

Browse source 
# Backport

This will backport the following commits from `main` to `8.8`:
- [[Security Solution] [Fix] Leading Action column width: session viewer
not visible (#156521)](https://github.com/elastic/kibana/pull/156521)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jatin
Kathuria","email":"jatin.kathuria@elastic.co"},"sourceCommit":{"committedDate":"2023-05-04T12:08:58Z","message":"[Security
Solution] [Fix] Leading Action column width: session viewer not visible
(#156521)\n\n## Summary\r\n\r\nThis PR handles #156450. below tasks has
been carried out in this PR\r\n\r\n- Modified resolver generator script
to add process ancestry (\r\n`process.entry_leader.start` was
missing)\r\n- Added cypress test to make sure buttons are visible. \r\n-
Added a new dummy minimal dataset called `process_ancestry`
which\r\nenabled analyzer and session viewer buttons.\r\n- Width is
being calculated automatically. Please see below video for\r\nthe
demo.\r\n\r\n\r\nhttps://user-images.githubusercontent.com/7485038/235917406-8d77f0c9-7c44-4c29-a79a-90b99f117e0d.mov\r\n\r\n
\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"6a85012951139ac9353fad63a24b1c43e4c7aabf","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat
Hunting:Investigations","v8.8.0","v8.9.0"],"number":156521,"url":"https://github.com/elastic/kibana/pull/156521","mergeCommit":{"message":"[Security
Solution] [Fix] Leading Action column width: session viewer not visible
(#156521)\n\n## Summary\r\n\r\nThis PR handles #156450. below tasks has
been carried out in this PR\r\n\r\n- Modified resolver generator script
to add process ancestry (\r\n`process.entry_leader.start` was
missing)\r\n- Added cypress test to make sure buttons are visible. \r\n-
Added a new dummy minimal dataset called `process_ancestry`
which\r\nenabled analyzer and session viewer buttons.\r\n- Width is
being calculated automatically. Please see below video for\r\nthe
demo.\r\n\r\n\r\nhttps://user-images.githubusercontent.com/7485038/235917406-8d77f0c9-7c44-4c29-a79a-90b99f117e0d.mov\r\n\r\n
\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"6a85012951139ac9353fad63a24b1c43e4c7aabf"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/156521","number":156521,"mergeCommit":{"message":"[Security
Solution] [Fix] Leading Action column width: session viewer not visible
(#156521)\n\n## Summary\r\n\r\nThis PR handles #156450. below tasks has
been carried out in this PR\r\n\r\n- Modified resolver generator script
to add process ancestry (\r\n`process.entry_leader.start` was
missing)\r\n- Added cypress test to make sure buttons are visible. \r\n-
Added a new dummy minimal dataset called `process_ancestry`
which\r\nenabled analyzer and session viewer buttons.\r\n- Width is
being calculated automatically. Please see below video for\r\nthe
demo.\r\n\r\n\r\nhttps://user-images.githubusercontent.com/7485038/235917406-8d77f0c9-7c44-4c29-a79a-90b99f117e0d.mov\r\n\r\n
\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"6a85012951139ac9353fad63a24b1c43e4c7aabf"}}]}]
BACKPORT-->

Co-authored-by: Jatin Kathuria <jatin.kathuria@elastic.co>
This commit is contained in:
Kibana Machine 2023-05-04 09:55:10 -04:00 committed by GitHub
parent ea74fc38e1
commit a8000223c1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 5677 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
x-pack/plugins/security_solution/common/endpoint/generate_data.ts
View file

@ -523,6 +523,7 @@ export class EndpointDocGenerator extends BaseDataGenerator {
entity_id: sessionEntryLeader,
name: 'fake entry',
pid: Math.floor(Math.random() * 1000),
start: [new Date(0).toISOString()],
},
session_leader: {
entity_id: sessionEntryLeader,
@ -973,6 +974,7 @@ export class EndpointDocGenerator extends BaseDataGenerator {
entity_id: sessionEntryLeader,
name: 'fake entry',
pid: Math.floor(Math.random() * 1000),
start: [new Date(0).toISOString()],
},
session_leader: {
entity_id: sessionEntryLeader,

1
x-pack/plugins/security_solution/common/endpoint/types/index.ts
View file

@ -771,6 +771,7 @@ export type SafeEndpointEvent = Partial<{
entity_id: ECSField<string>;
name: ECSField<string>;
pid: ECSField<number>;
start: ECSField<string[]>;
}>;
group_leader: Partial<{
entity_id: ECSField<string>;

47
x-pack/plugins/security_solution/cypress/e2e/detection_alerts/alert_table_action_column.cy.ts Normal file
View file

@ -0,0 +1,47 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { OVERLAY_CONTAINER } from '../../screens/alerts';
import {
closeAnalyzer,
closeSessionViewerFromAlertTable,
openAnalyzerForFirstAlertInTimeline,
openSessionViewerFromAlertTable,
} from '../../tasks/alerts';
import { cleanKibana } from '../../tasks/common';
import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
import { esArchiverLoad, esArchiverUnload } from '../../tasks/es_archiver';
import { login, visit } from '../../tasks/login';
import { ALERTS_URL } from '../../urls/navigation';
describe('Alerts Table Action column', { testIsolation: false }, () => {
before(() => {
cleanKibana();
esArchiverLoad('process_ancestry');
login();
visit(ALERTS_URL);
waitForAlertsToPopulate();
});
after(() => {
esArchiverUnload('process_ancestry');
});
it('should have session viewer button visible & open session viewer on click', () => {
openSessionViewerFromAlertTable();
cy.get(OVERLAY_CONTAINER).should('be.visible');
// cleanup
closeSessionViewerFromAlertTable();
});
it('should have analyzer button visible & open analyzer on click', () => {
openAnalyzerForFirstAlertInTimeline();
cy.get(OVERLAY_CONTAINER).should('be.visible');
// cleanup
closeAnalyzer();
});
});

6
x-pack/plugins/security_solution/cypress/screens/alerts.ts
View file

@ -171,3 +171,9 @@ export const LEGEND_ACTIONS = {
FILTER_OUT: (ruleName: string) => `[data-test-subj="legend-${ruleName}-filterOut"]`,
COPY: (ruleName: string) => `[data-test-subj="legend-${ruleName}-embeddable_copyToClipboard"]`,
};
export const SESSION_VIEWER_BUTTON = '[data-test-subj="session-view-button"]';
export const OVERLAY_CONTAINER = '[data-test-subj="overlayContainer"]';
export const CLOSE_OVERLAY = '[data-test-subj="close-overlay"]';

15
x-pack/plugins/security_solution/cypress/tasks/alerts.ts
View file

@ -44,6 +44,8 @@ import {
SHOW_TOP_N_CLOSE_BUTTON,
ALERTS_HISTOGRAM_LEGEND,
LEGEND_ACTIONS,
SESSION_VIEWER_BUTTON,
CLOSE_OVERLAY,
} from '../screens/alerts';
import { LOADING_INDICATOR, REFRESH_BUTTON } from '../screens/security_header';
import { TIMELINE_COLUMN_SPINNER } from '../screens/timeline';
@ -364,6 +366,10 @@ export const openAnalyzerForFirstAlertInTimeline = () => {
cy.get(OPEN_ANALYZER_BTN).first().click({ force: true });
};
export const closeAnalyzer = () => {
cy.get(CLOSE_OVERLAY).should('be.visible').trigger('click');
};
export const clickAlertsHistogramLegend = () => {
cy.get(ALERTS_HISTOGRAM_LEGEND).click();
};
@ -496,3 +502,12 @@ export const visitAlertsPageWithCustomFilters = (pageFilters: FilterItemObj[]) =
const newURL = `${ALERTS_URL}?pageFilters=${pageFilterUrlVal}`;
visit(newURL);
};
export const openSessionViewerFromAlertTable = (rowIndex: number = 0) => {
cy.get(SESSION_VIEWER_BUTTON).eq(rowIndex).should('be.visible');
cy.get(SESSION_VIEWER_BUTTON).eq(rowIndex).trigger('click');
};
export const closeSessionViewerFromAlertTable = () => {
cy.get(CLOSE_OVERLAY).trigger('click');
};

10
x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/use_actions_column.tsx
View file

@ -28,8 +28,8 @@ export const getUseActionColumnHook =
const eventContext = useContext(StatefulEventContext);
const leadingControlColumns = useMemo(
() => [...getDefaultControlColumn(ACTION_BUTTON_COUNT)],
const leadingControlColumn = useMemo(
() => getDefaultControlColumn(ACTION_BUTTON_COUNT)[0],
[ACTION_BUTTON_COUNT]
);
@ -65,7 +65,7 @@ export const getUseActionColumnHook =
<RowAction
columnId={`actions-${rowIndex}`}
columnHeaders={columnHeaders}
controlColumn={leadingControlColumns[0]}
controlColumn={leadingControlColumn}
data={timelineItem}
disabled={false}
index={rowIndex}
@ -101,7 +101,7 @@ export const getUseActionColumnHook =
columnHeaders,
loadingEventIds,
showCheckboxes,
leadingControlColumns,
leadingControlColumn,
selectedEventIds,
eventContext,
]
@ -109,6 +109,6 @@ export const getUseActionColumnHook =
return {
renderCustomActionsRow,
width: 124,
width: leadingControlColumn.width,
};
};

7
x-pack/plugins/security_solution/public/timelines/components/timeline/session_tab_content/use_session_view.tsx
View file

@ -75,7 +75,12 @@ const NavigationComponent: React.FC<NavigationProps> = ({
return (
<EuiFlexGroup alignItems="center" gutterSize="none">
<EuiFlexItem grow={false}>
<EuiButtonEmpty iconType="cross" onClick={onCloseOverlay} size="xs">
<EuiButtonEmpty
iconType="cross"
onClick={onCloseOverlay}
size="xs"
data-test-subj="close-overlay"
>
{title()}
</EuiButtonEmpty>
</EuiFlexItem>

277
x-pack/test/security_solution_cypress/es_archives/process_ancestry/data.json Normal file
View file

@ -0,0 +1,277 @@
{
"type": "doc",
"value": {
"id": "26d2d9935c51f506b7b236984491999f3f6847f2e29fc7147745bdd6de2d775a",
"index": ".alerts-security.alerts-default",
"source": {
"kibana.version": "8.5.0-SNAPSHOT",
"kibana.alert.rule.category": "Custom Query Rule",
"kibana.alert.rule.consumer": "siem",
"kibana.alert.rule.execution.uuid": "79694f5c-30e4-4979-83e3-87193f51e3e6",
"kibana.alert.rule.name": "Testing Process Rule",
"kibana.alert.rule.producer": "siem",
"kibana.alert.rule.rule_type_id": "siem.queryRule",
"kibana.alert.rule.uuid": "532e0020-4a0c-11ed-9aa3-574e520c127d",
"kibana.space_ids": [
"default"
],
"kibana.alert.rule.tags": [],
"@timestamp": 1666873459714,
"agent": {
"id": "2ea4b363-6a3f-449e-9d4e-c73ccf28f693",
"type": "endpoint",
"version": "8.5.0-SNAPSHOT"
},
"process": {
"Ext": {
"ancestry": [
"MmVhNGIzNjMtNmEzZi00NDllLTlkNGUtYzczY2NmMjhmNjkzLTY1Mi0xNjY0ODA2NTI4Ljc4NTg5NTAw",
"MmVhNGIzNjMtNmEzZi00NDllLTlkNGUtYzczY2NmMjhmNjkzLTUzNi0xNjY0ODA2NTI3LjEwNDI2NTQwMA=="
],
"code_signature": [
{
"trusted": true,
"subject_name": "Elasticsearch, Inc.",
"exists": true,
"status": "trusted"
}
]
},
"parent": {
"pid": 652
},
"code_signature": {
"trusted": true,
"subject_name": "Elasticsearch, Inc.",
"exists": true,
"status": "trusted"
},
"name": "winlogbeat.exe",
"pid": 1704,
"thread": {
"id": 4100
},
"entity_id": "MmVhNGIzNjMtNmEzZi00NDllLTlkNGUtYzczY2NmMjhmNjkzLTE3MDQtMTY2NDgwNjcwNi4yODUzODk4MDA=",
"executable": "C:\\\\Program Files\\\\Winlogbeat\\\\winlogbeat.exe",
"entry_leader": {
"entity_id": "some97",
"start": "2022-10-03T12:13:23.560Z"
}
},
"file": {
"Ext": {
"header_data": [],
"entropy": 5.273971112252894,
"original": {
"path": "C:\\\\ProgramData\\\\winlogbeat\\\\.winlogbeat.yml.new",
"name": ".winlogbeat.yml.new"
},
"header_bytes": "7570646174655f74696d653a20323032",
"monotonic_id": 157728
},
"path": "C:\\\\ProgramData\\\\winlogbeat\\\\.winlogbeat.yml",
"extension": "yml",
"size": 1408,
"name": ".winlogbeat.yml"
},
"ecs": {
"version": "1.11.0"
},
"data_stream": {
"namespace": "default",
"type": "logs",
"dataset": "endpoint.events.file"
},
"elastic": {
"agent": {
"id": "2ea4b363-6a3f-449e-9d4e-c73ccf28f693"
}
},
"host": {
"hostname": "siem-windows-endpoint",
"os": {
"Ext": {
"variant": "Windows Server 2019 Datacenter"
},
"kernel": "1809 (10.0.17763.3406)",
"name": "Windows",
"family": "windows",
"type": "windows",
"version": "1809 (10.0.17763.3406)",
"platform": "windows",
"full": "Windows Server 2019 Datacenter 1809 (10.0.17763.3406)"
},
"ip": [
"10.200.0.223",
"fe80::eda9:848c:24ae:431d",
"127.0.0.1",
"::1"
],
"name": "siem-windows-endpoint",
"id": "526e76a2-1c82-4245-a179-4fcde1e608fc",
"mac": [
"42:01:0a:c8:00:df"
],
"architecture": "x86_64",
"risk": {
"calculated_level": "Low",
"calculated_score_norm": 31.092354
}
},
"message": "Endpoint file event",
"user": {
"domain": "NT AUTHORITY",
"name": "SYSTEM",
"id": "S-1-5-18",
"risk": {
"calculated_level": "High",
"calculated_score_norm": 75.22127
}
},
"event.agent_id_status": "verified",
"event.sequence": 940444,
"event.ingested": "2022-10-14T14:00:50Z",
"event.created": "2022-10-14T14:00:27.2646226Z",
"event.kind": "signal",
"event.module": "endpoint",
"event.action": "exec",
"event.id": "MnfiZLkz1DywMGBf++++9ApE",
"event.category": [
"file"
],
"event.type": [
"change"
],
"event.dataset": "endpoint.events.file",
"kibana.alert.original_time": "2022-10-14T14:00:27.264Z",
"kibana.alert.ancestors": [
{
"id": "dCjM1oMBw7Pvz6uQMxM4",
"type": "event",
"index": ".ds-logs-endpoint.events.file-default-2022.10.08-000003",
"depth": 0
}
],
"kibana.alert.status": "active",
"kibana.alert.workflow_status": "open",
"kibana.alert.depth": 1,
"kibana.alert.reason": "file event with process winlogbeat.exe, file .winlogbeat.yml, by SYSTEM on siem-windows-endpoint created low alert Testing Process Rule.",
"kibana.alert.severity": "low",
"kibana.alert.risk_score": 21,
"kibana.alert.rule.parameters": {
"description": "Testing Process Rule",
"risk_score": 21,
"severity": "low",
"license": "",
"timeline_id": "76e52245-7519-4251-91ab-262fb1a1728c",
"timeline_title": "Generic Process Timeline",
"meta": {
"from": "1h",
"kibana_siem_app_url": "https://kibana.siem.estc.dev/app/security"
},
"author": [],
"false_positives": [],
"from": "now-3900s",
"rule_id": "1e505276-9f3e-4b7e-aeb3-8fe96a16dc08",
"max_signals": 100,
"risk_score_mapping": [],
"severity_mapping": [],
"threat": [],
"to": "now",
"references": [],
"version": 7,
"exceptions_list": [
{
"id": "0f917120-4b20-11ed-b1c3-c7b6b88e8883",
"list_id": "5d68ab0c-0424-42eb-bb60-ed161e2b34ac",
"type": "detection",
"namespace_type": "single"
}
],
"immutable": false,
"related_integrations": [],
"required_fields": [],
"setup": "",
"type": "query",
"language": "kuery",
"index": [
"apm-*-transaction*",
"auditbeat-*",
"endgame-*",
"filebeat-*",
"logs-*",
"packetbeat-*",
"traces-apm*",
"winlogbeat-*",
"-*elastic-cloud-logs-*"
],
"query": "_id :*",
"filters": []
},
"kibana.alert.rule.actions": [],
"kibana.alert.rule.author": [],
"kibana.alert.rule.created_at": "2022-10-12T09:00:32.322Z",
"kibana.alert.rule.created_by": "testing@elastic.co",
"kibana.alert.rule.description": "Testing Process Rule",
"kibana.alert.rule.enabled": true,
"kibana.alert.rule.exceptions_list": [
{
"id": "0f917120-4b20-11ed-b1c3-c7b6b88e8883",
"list_id": "5d68ab0c-0424-42eb-bb60-ed161e2b34ac",
"type": "detection",
"namespace_type": "single"
}
],
"kibana.alert.rule.false_positives": [],
"kibana.alert.rule.from": "now-3900s",
"kibana.alert.rule.immutable": false,
"kibana.alert.rule.interval": "5m",
"kibana.alert.rule.indices": [
"apm-*-transaction*",
"auditbeat-*",
"endgame-*",
"filebeat-*",
"logs-*",
"packetbeat-*",
"traces-apm*",
"winlogbeat-*",
"-*elastic-cloud-logs-*"
],
"kibana.alert.rule.license": "",
"kibana.alert.rule.max_signals": 100,
"kibana.alert.rule.references": [],
"kibana.alert.rule.risk_score_mapping": [],
"kibana.alert.rule.rule_id": "1e505276-9f3e-4b7e-aeb3-8fe96a16dc08",
"kibana.alert.rule.severity_mapping": [],
"kibana.alert.rule.threat": [],
"kibana.alert.rule.timeline_id": "76e52245-7519-4251-91ab-262fb1a1728c",
"kibana.alert.rule.timeline_title": "Generic Process Timeline",
"kibana.alert.rule.to": "now",
"kibana.alert.rule.type": "query",
"kibana.alert.rule.updated_at": "2022-10-13T17:54:20.323Z",
"kibana.alert.rule.updated_by": "testing@elastic.co",
"kibana.alert.rule.version": 7,
"kibana.alert.rule.meta.from": "1h",
"kibana.alert.rule.meta.kibana_siem_app_url": "https://kibana.siem.estc.dev/app/security",
"kibana.alert.rule.risk_score": 21,
"kibana.alert.rule.severity": "low",
"kibana.alert.original_event.agent_id_status": "verified",
"kibana.alert.original_event.sequence": 940444,
"kibana.alert.original_event.ingested": "2022-10-14T14:00:50Z",
"kibana.alert.original_event.created": "2022-10-14T14:00:27.2646226Z",
"kibana.alert.original_event.kind": "event",
"kibana.alert.original_event.module": "endpoint",
"kibana.alert.original_event.action": "rename",
"kibana.alert.original_event.id": "MnfiZLkz1DywMGBf++++9ApE",
"kibana.alert.original_event.category": [
"file"
],
"kibana.alert.original_event.type": [
"change"
],
"kibana.alert.original_event.dataset": "endpoint.events.file",
"kibana.alert.uuid": "26d2d9935c51f506b7b236984491999f3f6847f2e29fc7147745bdd6de2d775a",
"timestamp": 1666873459714
}
}
}

5318
x-pack/test/security_solution_cypress/es_archives/process_ancestry/mappings.json Normal file
View file

File diff suppressed because it is too large Load diff