Implement functionality to add observables, procedures and custom fields to alerts for TheHive#207255
Merged
semd merged 29 commits intoelastic:mainfrom Jun 19, 2025
Merged
Conversation
Contributor
|
A documentation preview will be available soon. Request a new doc build by commenting
If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here. |
kcreddy
added
the
Team:ResponseOps
Contributor
|
Pinging @elastic/response-ops (Team:ResponseOps) |
kcreddy
added
Feature:Cases
Contributor
|
Pinging @elastic/response-ops-cases (Feature:Cases) |
adcoelho
approved these changes
Jan 27, 2025
Contributor
|
Shouldn't this also be reviewed by someone in security? I thought we do not own this connector |
semd
reviewed
Jan 27, 2025
|
|
||
| useEffect(() => { | ||
| if (!xJson && inputTargetValue) { | ||
| if ((!xJson && inputTargetValue) || (xJson && inputTargetValue && inputTargetValue !== xJson)) { |
Contributor
There was a problem hiding this comment.
This is a bit hard to understand, isn't it the same as:
Suggested change
| if ((!xJson && inputTargetValue) || (xJson && inputTargetValue && inputTargetValue !== xJson)) { | |
| if (inputTargetValue && (!xJson || xJson !== inputTargetValue)) { |
Member
There was a problem hiding this comment.
Instead of changing this useEffect what about using the key prop in JsonEditorWithMessageVariables component?
For example:
<JsonEditorWithMessageVariables key={subActionsParams.template} />
Contributor
Author
There was a problem hiding this comment.
I don't quite understand. Are you suggesting creating a new key prop? Regardless, we still need to change xJson (the internal state) to ensure it works properly.
cnasikas
requested changes
Jan 27, 2025
| severity: schema.nullable(schema.number({ defaultValue: TheHiveSeverity.MEDIUM })), | ||
| tlp: schema.nullable(schema.number({ defaultValue: TheHiveTLP.AMBER })), | ||
| tags: schema.nullable(schema.arrayOf(schema.string())), | ||
| template: schema.number(), |
Member
There was a problem hiding this comment.
This should be optional (nullable); otherwise, it may break rules with TheHive configured.
Member
There was a problem hiding this comment.
Also, I think it is better to have keys (strings) instead of numbers. For users, using the API directly would make it easier to figure out which template they can use.
| }, | ||
| ]; | ||
|
|
||
| export const bodyOptions = [ |
Member
There was a problem hiding this comment.
If it is only used for tests better to be moved to the test files or to a mock.ts file. Same for testBodyOptions.
Member
There was a problem hiding this comment.
Ok, I saw they are being used for the component. Better to use a record with key-value pairs. It is very hard to understand what each value means and how it is being used.
|
|
||
| useEffect(() => { | ||
| if (!xJson && inputTargetValue) { | ||
| if ((!xJson && inputTargetValue) || (xJson && inputTargetValue && inputTargetValue !== xJson)) { |
Member
There was a problem hiding this comment.
Instead of changing this useEffect what about using the key prop in JsonEditorWithMessageVariables component?
For example:
<JsonEditorWithMessageVariables key={subActionsParams.template} />
| connectorUsageCollector: ConnectorUsageCollector | ||
| ) { | ||
| const { body, template, ...restOfAlert } = alert; | ||
| const bodyJson = JSON.parse(body ?? '{}'); |
Member
There was a problem hiding this comment.
Better to move the logic on a function outside of the component and use a try/catch in case of an error.
cnasikas
reviewed
Jan 27, 2025
| } as unknown as ExecutorSubActionCreateAlertParams), | ||
| [actionParams.subActionParams] | ||
| ); | ||
| const isTest = useMemo(() => executionMode === ActionConnectorMode.Test, [executionMode]); |
Member
There was a problem hiding this comment.
nit: we can remove the useMemo.
cnasikas
reviewed
Jan 27, 2025
| { | ||
| ...alert, | ||
| body: isTest | ||
| ? testBodyOptions[parseInt(e.target.value, 10)] |
Member
There was a problem hiding this comment.
Why do we provide different values in test mode?
Contributor
Author
There was a problem hiding this comment.
Because we are using a Mustache template in the body textarea.
So, we are providing testBodyOption to ensure the test page functions correctly.
Member
There was a problem hiding this comment.
Is it a product decision, or does TheHive throw an error if you send mustache variables instead of proper observable values?
Contributor
Author
There was a problem hiding this comment.
Yes, it will throw an error.
cnasikas
reviewed
Jan 29, 2025
| RED = 4, | ||
| } | ||
| export enum TheHiveTemplate { | ||
| BUILD_YOUR_OWN = 'Build Your Own', |
Member
There was a problem hiding this comment.
Does this mean users must put Build Your Own when using the API? If yes, I think it is better for the keys to be:
build-your-owncompromised-user-account-investigationmalicious-file-analysissuspicious-network-activity
Maybe using an object instead of an enum would be easier to handle.
Contributor
Author
There was a problem hiding this comment.
No, its not necessary to provide template field in request body while using the API.
cnasikas
reviewed
Jun 17, 2025
| source: schema.string(), | ||
| sourceRef: schema.string(), | ||
| severity: schema.nullable(schema.number({ defaultValue: TheHiveSeverity.MEDIUM })), | ||
| isRuleSeverity: schema.boolean(), |
Member
There was a problem hiding this comment.
Suggested change
| isRuleSeverity: schema.boolean(), | |
| isRuleSeverity: schema.nullable(schema.boolean({ defaultValue: false })), |
| ({ | ||
| tlp: 2, | ||
| severity: 2, | ||
| isRuleSeverity: true, |
Member
There was a problem hiding this comment.
The value can be null. Better to remove it from here.
| }} | ||
| /> | ||
| </EuiFormRow> | ||
| {!isTest && isRuleSeverity && ( |
Member
There was a problem hiding this comment.
Suggested change
| {!isTest && isRuleSeverity && ( | |
| {!isTest && Boolean(isRuleSeverity) && ( |
| <EuiFormRow fullWidth> | ||
| <EuiSwitch | ||
| label={translations.IS_RULE_SEVERITY_LABEL} | ||
| checked={isRuleSeverity} |
Member
There was a problem hiding this comment.
Suggested change
| checked={isRuleSeverity} | |
| checked={Boolean(isRuleSeverity)} |
| /> | ||
| </EuiFormRow> | ||
| )} | ||
| {!isRuleSeverity && ( |
Member
There was a problem hiding this comment.
Suggested change
| {!isRuleSeverity && ( | |
| {!iBoolean(isRuleSeverity) && ( |
| const logger = loggingSystemMock.createLogger(); | ||
|
|
||
| describe('TheHive - renderParameterTemplates', () => { | ||
| it('should rendered subActionParams with variables', () => { |
Member
There was a problem hiding this comment.
Let's add a test where isRuleSeverity: false.
Contributor
Author
cnasikas
approved these changes
Jun 19, 2025
Member
cnasikas
left a comment
cnasikas
left a comment
There was a problem hiding this comment.
Thanks for addressing our feedback. Code review only as the testing done by Security solution. LGTM! Could you please add an integration test in x-pack/platform/test/alerting_api_integration/security_and_spaces/group2/tests/actions/connector_types/thehive.ts in your upcoming PR where you unhide the fields in the UI?
Contributor
Author
Yes, we'll add. |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
|
Contributor
|
Starting backport for target branches: 8.19 https://github.com/elastic/kibana/actions/runs/15759950221 |
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
semd
pushed a commit
to semd/kibana
that referenced
this pull request
Jun 19, 2025
…lds to alerts for TheHive (elastic#207255) ## Summary - Added a toggle to retain the severity from the rule. When enabled, alerts generated from the rule will inherit its severity; otherwise, users must manually select a severity level from the dropdown. - Added a template selection menu with predefined basic templates. These templates come with preset configurations, including observables and procedures, which automatically populate the Body field upon selection. Users also have the option to modify an existing template or create a custom one using the `Custom Template` option. ## Screenshots   ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit 884e51a) # Conflicts: # docs/reference/connectors-kibana/thehive-action-type.md
semd
added a commit
that referenced
this pull request
Jun 19, 2025
…tom fields to alerts for TheHive (#207255) (#224591) # Backport This will backport the following commits from `main` to `8.19`: - [Implement functionality to add observables, procedures and custom fields to alerts for TheHive (#207255)](#207255) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Brijesh Khunt","email":"123942796+brijesh-elastic@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-06-19T14:12:59Z","message":"Implement functionality to add observables, procedures and custom fields to alerts for TheHive (#207255)\n\n## Summary\n\n- Added a toggle to retain the severity from the rule. When enabled,\nalerts generated from the rule will inherit its severity; otherwise,\nusers must manually select a severity level from the dropdown.\n\n- Added a template selection menu with predefined basic templates. These\ntemplates come with preset configurations, including observables and\nprocedures, which automatically populate the Body field upon selection.\nUsers also have the option to modify an existing template or create a\ncustom one using the `Custom Template` option.\n\n## Screenshots\n\n\n\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [x] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"884e51ae492c7fd8d5e855fab27947d119bb2b5b","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:ResponseOps","Feature:Cases","Feature:Actions/ConnectorTypes","backport:version","v9.1.0","v8.19.0"],"title":"Implement functionality to add observables, procedures and custom fields to alerts for TheHive","number":207255,"url":"https://github.com/elastic/kibana/pull/207255","mergeCommit":{"message":"Implement functionality to add observables, procedures and custom fields to alerts for TheHive (#207255)\n\n## Summary\n\n- Added a toggle to retain the severity from the rule. When enabled,\nalerts generated from the rule will inherit its severity; otherwise,\nusers must manually select a severity level from the dropdown.\n\n- Added a template selection menu with predefined basic templates. These\ntemplates come with preset configurations, including observables and\nprocedures, which automatically populate the Body field upon selection.\nUsers also have the option to modify an existing template or create a\ncustom one using the `Custom Template` option.\n\n## Screenshots\n\n\n\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [x] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"884e51ae492c7fd8d5e855fab27947d119bb2b5b"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207255","number":207255,"mergeCommit":{"message":"Implement functionality to add observables, procedures and custom fields to alerts for TheHive (#207255)\n\n## Summary\n\n- Added a toggle to retain the severity from the rule. When enabled,\nalerts generated from the rule will inherit its severity; otherwise,\nusers must manually select a severity level from the dropdown.\n\n- Added a template selection menu with predefined basic templates. These\ntemplates come with preset configurations, including observables and\nprocedures, which automatically populate the Body field upon selection.\nUsers also have the option to modify an existing template or create a\ncustom one using the `Custom Template` option.\n\n## Screenshots\n\n\n\n\n\n### Checklist\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [x] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"884e51ae492c7fd8d5e855fab27947d119bb2b5b"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Brijesh Khunt <123942796+brijesh-elastic@users.noreply.github.com>
7 tasks
cnasikas
pushed a commit
that referenced
this pull request
Jun 24, 2025
… UI (#224669) ## Summary - This PR unhides rule severity toggle and body jsoneditor in UI. (kept hidden in PR : #207255 ) - Add functional test related to `createAlert` subaction. - Remove unused variables from `translations.ts`. - Remove the custom template description from documentation. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jun 24, 2025
… UI (elastic#224669) ## Summary - This PR unhides rule severity toggle and body jsoneditor in UI. (kept hidden in PR : elastic#207255 ) - Add functional test related to `createAlert` subaction. - Remove unused variables from `translations.ts`. - Remove the custom template description from documentation. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit de031df)
kibanamachine
added a commit
that referenced
this pull request
Jun 24, 2025
…itor in UI (#224669) (#225023) # Backport This will backport the following commits from `main` to `8.19`: - [[Connector][TheHive] Show rule severity toggle and body jsoneditor in UI (#224669)](#224669) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Brijesh Khunt","email":"123942796+brijesh-elastic@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-06-24T08:53:46Z","message":"[Connector][TheHive] Show rule severity toggle and body jsoneditor in UI (#224669)\n\n## Summary\n\n- This PR unhides rule severity toggle and body jsoneditor in UI. (kept\nhidden in PR : #207255 )\n- Add functional test related to `createAlert` subaction.\n- Remove unused variables from `translations.ts`.\n- Remove the custom template description from documentation. \n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"de031df3f60e0cc3e231091e1f918f4f391b6c48","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:version","v9.1.0","v8.19.0"],"title":"[Connector][TheHive] Show rule severity toggle and body jsoneditor in UI","number":224669,"url":"https://github.com/elastic/kibana/pull/224669","mergeCommit":{"message":"[Connector][TheHive] Show rule severity toggle and body jsoneditor in UI (#224669)\n\n## Summary\n\n- This PR unhides rule severity toggle and body jsoneditor in UI. (kept\nhidden in PR : #207255 )\n- Add functional test related to `createAlert` subaction.\n- Remove unused variables from `translations.ts`.\n- Remove the custom template description from documentation. \n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"de031df3f60e0cc3e231091e1f918f4f391b6c48"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/224669","number":224669,"mergeCommit":{"message":"[Connector][TheHive] Show rule severity toggle and body jsoneditor in UI (#224669)\n\n## Summary\n\n- This PR unhides rule severity toggle and body jsoneditor in UI. (kept\nhidden in PR : #207255 )\n- Add functional test related to `createAlert` subaction.\n- Remove unused variables from `translations.ts`.\n- Remove the custom template description from documentation. \n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [x] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"de031df3f60e0cc3e231091e1f918f4f391b6c48"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Brijesh Khunt <123942796+brijesh-elastic@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
Jun 25, 2025
…lds to alerts for TheHive (elastic#207255) ## Summary - Added a toggle to retain the severity from the rule. When enabled, alerts generated from the rule will inherit its severity; otherwise, users must manually select a severity level from the dropdown. - Added a template selection menu with predefined basic templates. These templates come with preset configurations, including observables and procedures, which automatically populate the Body field upon selection. Users also have the option to modify an existing template or create a custom one using the `Custom Template` option. ## Screenshots   ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
Jun 25, 2025
… UI (elastic#224669) ## Summary - This PR unhides rule severity toggle and body jsoneditor in UI. (kept hidden in PR : elastic#207255 ) - Add functional test related to `createAlert` subaction. - Remove unused variables from `translations.ts`. - Remove the custom template description from documentation. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [x] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
florent-leborgne
added a commit
to florent-leborgne/kibana
that referenced
this pull request
Jul 25, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Added a toggle to retain the severity from the rule. When enabled, alerts generated from the rule will inherit its severity; otherwise, users must manually select a severity level from the dropdown.
Added a textarea field for the body, in which users can add observables and procedures using Mustache templates.
Screenshots
Checklist
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelines