Skip to content

[8.19] [AI4DSOC][Security Solution] Extract takeActions logic outside the detections grouping alerts table (#219878)#220001

Merged
PhilippeOberti merged 1 commit intoelastic:8.19from
PhilippeOberti:backport/8.19/pr-219878
May 2, 2025
Merged

[8.19] [AI4DSOC][Security Solution] Extract takeActions logic outside the detections grouping alerts table (#219878)#220001
PhilippeOberti merged 1 commit intoelastic:8.19from
PhilippeOberti:backport/8.19/pr-219878

Conversation

@PhilippeOberti
Copy link
Contributor

Backport

This will backport the following commits from main to 8.19:

Questions ?

Please refer to the Backport tool documentation

…tections grouping alerts table (elastic#219878)

## Summary

This PR continues the effort started in [this previous
PR](elastic#216572). The AI4DSOC effort
revealed a limitation with the current GroupedAlertsTable: it currently
always displays the `Take actions` button at each group level, and the
available actions are
- Mark as opened
- Mark as acknowledged
- Marck as closed

In AI4DSOC though those actions are not available.

While it would have been easy and simple to just disable the actions
somehow internally to the GroupedAlertsTable, this is not the correct
approach. Like done in the prior PR mentioned above, the approach here
consists of making this an opt-in prop to the component. This means that
we now have a new `groupTakeActionItems` prop that developers have to
provide if they want the `Take actions` button to be displayed. This
`groupTakeActionItems` will return n array of `EuiContextMenuItem`
components that will be rendered in the menu

**_The 3 places where this `Take actions` exist today have been updated
accordingly, to ensure to change in the logic or UI:_**
- alerts table
- rule details page
- entity analytis risk score

https://github.com/user-attachments/assets/24ff489d-ca66-457d-bd03-f09a04f67d2a

https://github.com/user-attachments/assets/9324029d-f653-42bd-bca1-73a25d46c476

**_The Alert summary page visible in AI4DSOC (`searchAiLake` tier) no
longer displays the `Take actions` button._**

![Screenshot 2025-05-01 at 3 14
28 PM](https://github.com/user-attachments/assets/c8b74731-8685-483d-aff3-237df8c66823)

### Notes

Some code documentation and very minor cleanup was also performed.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

Relates to elastic/security-team#11973

(cherry picked from commit 22fbe00)

# Conflicts:
#	x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx
#	x-pack/solutions/security/plugins/security_solution/public/detections/components/alert_summary/table/table_section.tsx
#	x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx
#	x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx
@PhilippeOberti PhilippeOberti merged commit 7b91a7e into elastic:8.19 May 2, 2025
11 checks passed
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.2MB 9.2MB -923.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 86.3KB 86.3KB +1.0B

@PhilippeOberti PhilippeOberti deleted the backport/8.19/pr-219878 branch May 19, 2025 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport This PR is a backport of another PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants