[Security Solution][Sourcerer] Add dedicated scope for explore pages#226545
Merged
lgestc merged 12 commits intoelastic:mainfrom Jul 9, 2025
Merged
[Security Solution][Sourcerer] Add dedicated scope for explore pages#226545lgestc merged 12 commits intoelastic:mainfrom
lgestc merged 12 commits intoelastic:mainfrom
Conversation
lgestc
added
v9.0.0
Team:Threat Hunting:Investigations
Contributor
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
...ck/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx
Outdated
Show resolved
Hide resolved
Contributor
PhilippeOberti
left a comment
PhilippeOberti
left a comment
There was a problem hiding this comment.
Desk tested and everything looks to be working well. I left a couple of comments in the code.
...ions/security/plugins/security_solution/public/data_view_manager/hooks/use_browser_fields.ts
Show resolved
Hide resolved
...ck/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx
Outdated
Show resolved
Hide resolved
PhilippeOberti
approved these changes
Jul 9, 2025
Contributor
PhilippeOberti
left a comment
PhilippeOberti
left a comment
There was a problem hiding this comment.
Desk tested and code LGTM. Nice work!
One small thing I noticed is that we show a Temporary label next to this new dataView. We briefly talked about it on Slack and we should probably show Managed instead.
This will be tackled in a follow-up PR (as this code is still behind a disabled feature flag).
Contributor
|
@lgestc shouldn't we remove the |
Contributor
|
Starting backport for target branches: 8.19, 9.0, 9.1 https://github.com/elastic/kibana/actions/runs/16169111516 |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
History
|
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
kibanamachine
added
the
backport missing
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
1 similar comment
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
lgestc
added
backport:version
Contributor
|
Starting backport for target branches: 8.19, 9.1 https://github.com/elastic/kibana/actions/runs/16266286636 |
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
lgestc
added a commit
to lgestc/kibana
that referenced
this pull request
Jul 14, 2025
…lastic#226545) This PR adds dedicated ad-hoc data view and scope for explore pages. Flip the flag, then navigate to Explore section of the security plugin. ``` xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled'] ``` You should see "Explore Data View" in the new picker on top of the page. Using `inspector` widget on every visualisation / table should show the updated index pattern that does not hit the alerts. You can try going back and forth between the default security data view and the explore one and compare the pattern rendered in the inspector to confirm that. Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 9a45666)
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
lgestc
added a commit
to lgestc/kibana
that referenced
this pull request
Jul 14, 2025
…lastic#226545) ## Summary This PR adds dedicated ad-hoc data view and scope for explore pages. ## Testing Flip the flag, then navigate to Explore section of the security plugin. ``` xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled'] ``` You should see "Explore Data View" in the new picker on top of the page. Using `inspector` widget on every visualisation / table should show the updated index pattern that does not hit the alerts. You can try going back and forth between the default security data view and the explore one and compare the pattern rendered in the inspector to confirm that. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 9a45666) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx # x-pack/solutions/security/plugins/security_solution/public/explore/network/pages/network.tsx
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
1 similar comment
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
lgestc
added a commit
that referenced
this pull request
Jul 16, 2025
… pages (#226545) (#227813) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution][Sourcerer] Add dedicated scope for explore pages (#226545)](#226545) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Luke Gmys","email":"11671118+lgestc@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-07-09T12:18:50Z","message":"[Security Solution][Sourcerer] Add dedicated scope for explore pages (#226545)\n\n## Summary\n\nThis PR adds dedicated ad-hoc data view and scope for explore pages.\n\n## Testing\nFlip the flag, then navigate to Explore section of the security plugin.\n\n```\nxpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n```\n\nYou should see \"Explore Data View\" in the new picker on top of the page.\nUsing `inspector` widget on every visualisation / table should show the\nupdated index pattern that does not hit the alerts. You can try going\nback and forth between the default security data view and the explore\none and compare the pattern rendered in the inspector to confirm that.\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"9a45666aff2611a459faf6f03e1741ba6e0ad24a","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport missing","Team:Threat Hunting:Investigations","backport:version","v9.1.0","v8.19.0","v9.2.0"],"title":"[Security Solution][Sourcerer] Add dedicated scope for explore pages","number":226545,"url":"https://github.com/elastic/kibana/pull/226545","mergeCommit":{"message":"[Security Solution][Sourcerer] Add dedicated scope for explore pages (#226545)\n\n## Summary\n\nThis PR adds dedicated ad-hoc data view and scope for explore pages.\n\n## Testing\nFlip the flag, then navigate to Explore section of the security plugin.\n\n```\nxpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n```\n\nYou should see \"Explore Data View\" in the new picker on top of the page.\nUsing `inspector` widget on every visualisation / table should show the\nupdated index pattern that does not hit the alerts. You can try going\nback and forth between the default security data view and the explore\none and compare the pattern rendered in the inspector to confirm that.\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"9a45666aff2611a459faf6f03e1741ba6e0ad24a"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/226545","number":226545,"mergeCommit":{"message":"[Security Solution][Sourcerer] Add dedicated scope for explore pages (#226545)\n\n## Summary\n\nThis PR adds dedicated ad-hoc data view and scope for explore pages.\n\n## Testing\nFlip the flag, then navigate to Explore section of the security plugin.\n\n```\nxpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n```\n\nYou should see \"Explore Data View\" in the new picker on top of the page.\nUsing `inspector` widget on every visualisation / table should show the\nupdated index pattern that does not hit the alerts. You can try going\nback and forth between the default security data view and the explore\none and compare the pattern rendered in the inspector to confirm that.\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"9a45666aff2611a459faf6f03e1741ba6e0ad24a"}}]}] BACKPORT-->
lgestc
added a commit
that referenced
this pull request
Jul 16, 2025
…pages (#226545) (#227811) # Backport This will backport the following commits from `main` to `9.1`: - [[Security Solution][Sourcerer] Add dedicated scope for explore pages (#226545)](#226545) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Luke Gmys","email":"11671118+lgestc@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-07-09T12:18:50Z","message":"[Security Solution][Sourcerer] Add dedicated scope for explore pages (#226545)\n\n## Summary\n\nThis PR adds dedicated ad-hoc data view and scope for explore pages.\n\n## Testing\nFlip the flag, then navigate to Explore section of the security plugin.\n\n```\nxpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n```\n\nYou should see \"Explore Data View\" in the new picker on top of the page.\nUsing `inspector` widget on every visualisation / table should show the\nupdated index pattern that does not hit the alerts. You can try going\nback and forth between the default security data view and the explore\none and compare the pattern rendered in the inspector to confirm that.\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"9a45666aff2611a459faf6f03e1741ba6e0ad24a","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport missing","Team:Threat Hunting:Investigations","backport:version","v9.1.0","v8.19.0","v9.2.0"],"title":"[Security Solution][Sourcerer] Add dedicated scope for explore pages","number":226545,"url":"https://github.com/elastic/kibana/pull/226545","mergeCommit":{"message":"[Security Solution][Sourcerer] Add dedicated scope for explore pages (#226545)\n\n## Summary\n\nThis PR adds dedicated ad-hoc data view and scope for explore pages.\n\n## Testing\nFlip the flag, then navigate to Explore section of the security plugin.\n\n```\nxpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n```\n\nYou should see \"Explore Data View\" in the new picker on top of the page.\nUsing `inspector` widget on every visualisation / table should show the\nupdated index pattern that does not hit the alerts. You can try going\nback and forth between the default security data view and the explore\none and compare the pattern rendered in the inspector to confirm that.\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"9a45666aff2611a459faf6f03e1741ba6e0ad24a"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/226545","number":226545,"mergeCommit":{"message":"[Security Solution][Sourcerer] Add dedicated scope for explore pages (#226545)\n\n## Summary\n\nThis PR adds dedicated ad-hoc data view and scope for explore pages.\n\n## Testing\nFlip the flag, then navigate to Explore section of the security plugin.\n\n```\nxpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled']\n```\n\nYou should see \"Explore Data View\" in the new picker on top of the page.\nUsing `inspector` widget on every visualisation / table should show the\nupdated index pattern that does not hit the alerts. You can try going\nback and forth between the default security data view and the explore\none and compare the pattern rendered in the inspector to confirm that.\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios","sha":"9a45666aff2611a459faf6f03e1741ba6e0ad24a"}}]}] BACKPORT-->
kibanamachine
removed
the
backport missing
kertal
pushed a commit
to kertal/kibana
that referenced
this pull request
Jul 25, 2025
…lastic#226545) ## Summary This PR adds dedicated ad-hoc data view and scope for explore pages. ## Testing Flip the flag, then navigate to Explore section of the security plugin. ``` xpack.securitySolution.enableExperimental: ['newDataViewPickerEnabled'] ``` You should see "Explore Data View" in the new picker on top of the page. Using `inspector` widget on every visualisation / table should show the updated index pattern that does not hit the alerts. You can try going back and forth between the default security data view and the explore one and compare the pattern rendered in the inspector to confirm that. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds dedicated ad-hoc data view and scope for explore pages.
Testing
Flip the flag, then navigate to Explore section of the security plugin.
You should see "Explore Data View" in the new picker on top of the page. Using
inspectorwidget on every visualisation / table should show the updated index pattern that does not hit the alerts. You can try going back and forth between the default security data view and the explore one and compare the pattern rendered in the inspector to confirm that.Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.