kibana icon indicating copy to clipboard operation
kibana copied to clipboard

Published 20 hours ago verified publisher icon elastic

Update Users/Hosts risk score to useSearchStrategy

Open angorayc opened this issue 3 years ago • 13 comments

Summary

This is part of issue https://github.com/elastic/kibana/issues/129054

This PR enhances the search strategy for Hosts / Users risk score, this saves a lot of re-render for the module and enhance the performance on the client side.

How to verify

  • Enable the feature flag for hosts / users risk score by adding this in kibana.dev.yml xpack.securitySolution.enableExperimental: ['riskyHostsEnabled', 'riskyUsersEnabled']

  • Go to /overview page, scroll to the bottom and find the Host risk score module.

  • Go to rules creation page, create a rule and generate some alerts, and back to overview page.

  • Click on the Enable via Dev Tools button, it takes you to the dev tools

  • Click on all the steps in dev tools and back to the overview page

  • Observe that the data should be displayed in the module (If not please go back to the dev tools and do the restart transform steps after step 11)

  • Click on hosts, host details, users, user details page, clicking around tabs and links with the console opened, no error appears

  • Click a host name from an events table, and check the host flyout can be open and closed

Hosts Risk Score Scenarios

Initial state (with alerts data), Means the module hasn't been activated, so indices of Transform hasn't been available yet.

  • Enable via Dev Tools button should be enabled.
  • Import Dashboard button should be hidden.
  • It should swallow the index not found error.
Screenshot 2022-07-28 at 16 24 46

Module enabled but no data found - show display the wordings as below

Screenshot 2022-07-29 at 17 49 42

Module enabled - import dashboard button should be enabled

Screenshot 2022-07-28 at 16 30 40

Checklist

Delete any items that are not applicable to this PR.

angorayc avatar Jul 27 '22 15:07 angorayc

@elasticmachine merge upstream

angorayc avatar Aug 02 '22 08:08 angorayc

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

elasticmachine avatar Aug 02 '22 08:08 elasticmachine

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine avatar Aug 02 '22 08:08 elasticmachine

@elasticmachine merge upstream

angorayc avatar Aug 02 '22 09:08 angorayc

@elasticmachine merge upstream

angorayc avatar Aug 02 '22 10:08 angorayc

@elasticmachine merge upstream

angorayc avatar Aug 02 '22 13:08 angorayc

@elasticmachine merge upstream

angorayc avatar Aug 02 '22 14:08 angorayc

@elasticmachine merge upstream

angorayc avatar Aug 02 '22 15:08 angorayc

@elasticmachine merge upstream

angorayc avatar Aug 03 '22 15:08 angorayc

@elasticmachine merge upstream

angorayc avatar Aug 03 '22 17:08 angorayc

@elasticmachine merge upstream

angorayc avatar Aug 04 '22 09:08 angorayc

@elasticmachine merge upstream

angorayc avatar Aug 08 '22 08:08 angorayc

:green_heart: Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 6.4MB 6.4MB -2.5KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 261.0KB 261.0KB +44.0B

History

  • :green_heart: Build #65847 succeeded 3a8d819898fa44beb36f484b09c448ffe8eb49a8
  • :broken_heart: Build #65826 failed 4a5d12b398c85a1aa6db2aa559145df379377cbf
  • :broken_heart: Build #65738 failed f707adeeb05af95322c8f1df98c9bf890491afff
  • :green_heart: Build #65032 succeeded d40efa5f8a9f75f53c97e5def35e4765c97a94b0
  • :yellow_heart: Build #64764 was flaky fd114b4229468734b3ed536ef8e7ad5c7314f64c
  • :yellow_heart: Build #64165 was flaky 20d98c91c65b380be0a90a42b220cd462279fd23

To update your PR or re-run it, just comment with: @elasticmachine merge upstream

kibana-ci avatar Sep 05 '22 12:09 kibana-ci