Skip to content

[Security Solution][Entity Analytics] Adding alert contribution score in risk summary#174443

Closed
tiansivive wants to merge 3 commits intoelastic:mainfrom
tiansivive:siem-ea-8357
Closed

[Security Solution][Entity Analytics] Adding alert contribution score in risk summary#174443
tiansivive wants to merge 3 commits intoelastic:mainfrom
tiansivive:siem-ea-8357

Conversation

@tiansivive
Copy link
Contributor

@tiansivive tiansivive commented Jan 8, 2024

Adding alert cumulative contribution to risk score in #8357

Screenshot 2024-01-08 at 13 29 52

@tiansivive tiansivive added release_note:skip Skip the PR/issue when compiling release notes 8.13 candidate Team:Entity Analytics Security Entity Analytics Team labels Jan 8, 2024
@tiansivive tiansivive requested a review from a team as a code owner January 8, 2024 11:30
@elasticmachine
Copy link
Contributor

elasticmachine commented Jan 8, 2024

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

@tiansivive tiansivive marked this pull request as draft January 8, 2024 12:15
@kibana-ci
Copy link

kibana-ci commented Jan 8, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #33 / cases security and spaces enabled: trial push_case memoryless server user profile uid falls back to authc to get the user information when the profile uid is not available
  • [job] [logs] Jest Tests #7 / RiskSummary renders risk summary table
  • [job] [logs] Jest Tests #7 / RiskSummary renders risk summary table

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 4861 4862 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 11.4MB 11.4MB +224.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

tiansivive
tiansivive commented Jan 8, 2024
View reviewed changes
...k/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts Outdated
Comment on lines +34 to +35
Copy link
Contributor Author

@tiansivive tiansivive Jan 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the best way to do this? @machadoum

@nkhristinin
Copy link
Contributor

nkhristinin commented Jan 8, 2024

I am confused with the number 375 from your screenshot.

I think the original idea, was to show the number related to how much alerts contributed as part of the final risk score.

So final risk score - is 63

Alert contributing - should be <= 63. My understanding, that it should be always equal final risk score, until we have asset enrichment multiplier

@tiansivive tiansivive mentioned this pull request Jan 10, 2024
Merged
@tiansivive tiansivive closed this Jan 10, 2024
tiansivive added a commit that referenced this pull request Jan 16, 2024
@tiansivive @kibanamachine
[Security Solution][Entity Analytics] Adding Context information in R…
b1e8379 
…isk Summary (#174574)

Adding context in Risk Summary, part of
[#8207](elastic/security-team#8207) Meta
This PR handles both
[#8357](elastic/security-team#8357) and
[#8359](elastic/security-team#8359)


<img width="609" alt="Screenshot 2024-01-10 at 12 06 00"
src="https://github.com/elastic/kibana/assets/2423976/1f516eb9-1723-4c88-80b9-b61905a59f6a">


Closing #174443 since this PR includes those changes as well

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

8.13 candidate release_note:skip Skip the PR/issue when compiling release notes Team:Entity Analytics Security Entity Analytics Team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tiansivive @elasticmachine @kibana-ci @nkhristinin