github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-22 08:49:27 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/packages/kbn-rule-data-utils
History
Exact
Marshall Main 4a89208489
[Security Solution] Populate alert status auditing fields (#171589) 
This PR populates the existing `kibana.alert.workflow_user` field in the
alerts-as-data mappings with the `profile_uid` of the last user to
modify the status of the alert. It also adds a new field,
`kibana.alert.workflow_status_updated_at`, to track the last time the
workflow status was updated and populates it with a timestamp.

Similar to the alert assignment PR, `workflow_user` renders in the table
with a user avatar instead of the raw `profile_uid` value stored in the
alert. The filter in/out buttons on the row cell automatically add a
filter that uses the raw value so that filtering works correctly.

Due to limitations of Kibana's user profile implementation,
`workflow_user` is only populated if a user changes the alert status
using the alert status route (`POST
/api/detection_engine/signals/status`) within an interactive session,
i.e. logs in rather than passes credentials with each API request
([related issue](https://github.com/elastic/kibana/issues/167459)).

## Alerts table

![image](67239ac7-a04e-47ce-8991-d73c102c10f7)


## Alert details

![image](b1469592-27b0-452f-b0b3-28986d448d54)

### Checklist
- [ ] Functional changes are hidden behind a feature flag. If not
hidden, the PR explains why these changes are being implemented in a
long-living feature branch.
- [x] Functional changes are covered with a test plan and automated
tests.
- [x] Stability of new and changed tests is verified using the [Flaky
Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner).
- Flaky test run:
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4130
- [ ] Comprehensive manual testing is done by two engineers: the PR
author and one of the PR reviewers. Changes are tested in both ESS and
Serverless.
- [x] Mapping changes are accompanied by a technical design document. It
can be a GitHub issue or an RFC explaining the changes. The design
document is shared with and approved by the appropriate teams and
individual stakeholders.
  - https://github.com/elastic/security-team/issues/4820 
- [x] Functional changes are communicated to the Docs team. A ticket or
PR is opened in https://github.com/elastic/security-docs. The following
information is included: any feature flags used, affected environments
(Serverless, ESS, or both).
  - https://github.com/elastic/security-docs/issues/4325
2023-12-05 11:12:28 -08:00
..
src [Security Solution] Populate alert status auditing fields (#171589) 2023-12-05 11:12:28 -08:00
index.ts [RAM] .es-query and .observability.rules.threshold RBAC (#166032) 2023-09-21 15:10:28 -07:00
kibana.jsonc Update new codeowners for Obs team changes (#170182) 2023-11-08 14:30:17 +00:00
package.json Transpile packages on demand, validate all TS projects (#146212) 2022-12-22 19:00:29 -06:00
tsconfig.json [Response Ops][Alerting] Update common component template generation for framework alerts as data (#150384) 2023-02-27 14:24:44 -05:00