Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.x] [Security Solution] Full screen timeline, Collapse event (#71786) #71838

Merged
merged 1 commit into from
Jul 15, 2020
Merged

[7.x] [Security Solution] Full screen timeline, Collapse event (#71786) #71838

merged 1 commit into from
Jul 15, 2020

Conversation

andrew-goldstein
Copy link
Contributor

Backports the following commits to 7.x:

@andrew-goldstein
[Security Solution] Full screen timeline, Collapse event (elastic#71786)
2287579 
## Full screen Timeline & Timeline-based views

- Adds a _Full screen_ mode to Timeline, and all Timeline-based views, including:
  - Detections
  - Detections > Rule details
  - Hosts > Events
  - Hosts > External alerts
  - Network > External alerts
  - Timeline
- Enter full screen from any Resolver
- Adds a `Collapse event` action for quickly collapsing an expanded Timeline event
- Hides the `Add to case action` in timeline-based Resolver views, so those actions are only enabled in Timeline (a `TODO`  from elastic#70111)

### Full screen detections
![full-screen-detections](https://user-images.githubusercontent.com/4459398/87493332-d348f280-c609-11ea-9399-126d2259daa2.gif)

### Enter full screen from any Resolver
![full-screen-resolver](https://user-images.githubusercontent.com/4459398/87493348-de038780-c609-11ea-86a3-52ab24055e38.gif)

### Full screen Timeline
![full-screen-timeline](https://user-images.githubusercontent.com/4459398/87493394-f4114800-c609-11ea-8d62-4add291d937a.gif)

### Collapse event
![collapse-event](https://user-images.githubusercontent.com/4459398/87493408-fa9fbf80-c609-11ea-88c8-fa87d82d1eb1.gif)

### Sort tooltip
![sort-tooltip](https://user-images.githubusercontent.com/4459398/87493417-012e3700-c60a-11ea-9905-44e3b7cfe60f.gif)
@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / kibana-xpack-agent / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/basic/tests/add_prepackaged_rules·ts.detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should be possible to call the API twice and the second time the number of rules installed should be zero

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:00:00]           └-: add_prepackaged_rules
[00:00:00]             └-> "before all" hook
[00:00:00]             └-: creating prepackaged rules
[00:00:00]               └-> "before all" hook
[00:00:00]               └-> should contain two output keys of rules_installed and rules_updated
[00:00:00]                 └-> "before each" hook: global before each
[00:00:00]                 └-> "before each" hook
[00:00:00]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] adding index lifecycle policy [.siem-signals-default]
[00:00:01]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:01]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:01]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:01]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:01]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:02]                 │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] [.kibana_1/ONreyeelR56wj3IYjSFEtQ] update_mapping [_doc]
[00:00:04]                 └- ✓ pass  (2.9s) "detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should contain two output keys of rules_installed and rules_updated"
[00:00:04]               └-> "after each" hook
[00:00:04]                 │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] [.siem-signals-default-000001/_i5P91hWS8Sl-PNsgLJCAA] deleting index
[00:00:04]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] removing template [.siem-signals-default]
[00:00:04]               └-> should create the prepackaged rules and return a count greater than zero
[00:00:04]                 └-> "before each" hook: global before each
[00:00:04]                 └-> "before each" hook
[00:00:04]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] adding index lifecycle policy [.siem-signals-default]
[00:00:04]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:04]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:04]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:04]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:04]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:07]                 └- ✓ pass  (2.2s) "detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should create the prepackaged rules and return a count greater than zero"
[00:00:07]               └-> "after each" hook
[00:00:07]                 │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] [.siem-signals-default-000001/KM-PZ99PS7yuK_xdJ0gaTg] deleting index
[00:00:07]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] removing template [.siem-signals-default]
[00:00:07]               └-> should create the prepackaged rules that the rules_updated is of size zero
[00:00:07]                 └-> "before each" hook: global before each
[00:00:07]                 └-> "before each" hook
[00:00:07]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] adding index lifecycle policy [.siem-signals-default]
[00:00:07]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:07]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:07]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:07]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:07]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:09]                 └- ✓ pass  (1.7s) "detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should create the prepackaged rules that the rules_updated is of size zero"
[00:00:09]               └-> "after each" hook
[00:00:09]                 │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] [.siem-signals-default-000001/VTKhxKnNSWKgliRZgk5Cew] deleting index
[00:00:09]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] removing template [.siem-signals-default]
[00:00:09]               └-> should be possible to call the API twice and the second time the number of rules installed should be zero
[00:00:09]                 └-> "before each" hook: global before each
[00:00:09]                 └-> "before each" hook
[00:00:09]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] adding index lifecycle policy [.siem-signals-default]
[00:00:09]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:09]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:09]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:09]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:09]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-centos-tests-xl-1594808089370634367] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:11]                 └- ✖ fail: detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should be possible to call the API twice and the second time the number of rules installed should be zero
[00:00:11]                 │       Error: expected 1 to sort of equal 0
[00:00:11]                 │       + expected - actual
[00:00:11]                 │ 
[00:00:11]                 │       -1
[00:00:11]                 │       +0
[00:00:11]                 │       
[00:00:11]                 │       at Assertion.assert (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:100:11)
[00:00:11]                 │       at Assertion.eql (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:244:8)
[00:00:11]                 │       at Context.it (test/detection_engine_api_integration/basic/tests/add_prepackaged_rules.ts:99:41)
[00:00:11]                 │ 
[00:00:11]                 │

Stack Trace

{ Error: expected 1 to sort of equal 0
    at Assertion.assert (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:244:8)
    at Context.it (test/detection_engine_api_integration/basic/tests/add_prepackaged_rules.ts:99:41) actual: '1', expected: '0', showDiff: true }

Build metrics

@kbn/optimizer bundle module count

id value diff baseline
securitySolution 895 +131 764

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@angorayc angorayc merged commit 887cc12 into elastic:7.x Jul 15, 2020
@andrew-goldstein andrew-goldstein deleted the backport/7.x/pr-71786 branch January 9, 2021 03:13
@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@andrew-goldstein @kibanamachine @elasticmachine @MindyRS @angorayc @LeeDr