Skip to content

[9.1] [SecuritySolution] Fix account switch visualisation and remove filter for multiple fields (#227574)#228249

Merged
machadoum merged 3 commits intoelastic:9.1from
machadoum:backport/9.1/pr-227574
Jul 16, 2025
Merged

[9.1] [SecuritySolution] Fix account switch visualisation and remove filter for multiple fields (#227574)#228249
machadoum merged 3 commits intoelastic:9.1from
machadoum:backport/9.1/pr-227574

Conversation

@machadoum
Copy link
Member

@machadoum machadoum commented Jul 16, 2025

Backport

This will backport the following commits from main to 9.1:

Questions ?

Please refer to the Backport tool documentation

@machadoum
[SecuritySolution] Fix account switch visualisation and remove filter…
6496187 
… for multiple fields (elastic#227574)

## Summary

* Update the account switch query to return data from non-endpoint logs
  * It adds a FORK
* Add `su .*` to the query filter for match commands like `su admin`
* Remove filter from the UI for columns represented by multiple fields
* This filter is removed to avoid bugs, since we can't filter by
multiple fields
* Update the new dataview to use the Explorer sourcerer

*** To test the new data view, you have to enable
`newDataViewPickerEnabled`

[ECS docs](https://www.elastic.co/docs/reference/ecs/ecs-user) ⬇️
Location | Field Set | Description
-- | -- | --
user.effective.* | user | User whose privileges were assumed

(cherry picked from commit 7e191f9)

# Conflicts:
#	x-pack/solutions/security/plugins/security_solution/public/entity_analytics/pages/entity_analytics_privileged_user_monitoring_page.tsx
@machadoum machadoum added the backport This PR is a backport of another PR label Jul 16, 2025
@machadoum machadoum requested a review from kibanamachine as a code owner July 16, 2025 15:27
@machadoum machadoum enabled auto-merge (squash) July 16, 2025 15:27
@machadoum machadoum mentioned this pull request Jul 16, 2025
Merged
@elasticmachine
Copy link
Contributor

elasticmachine commented Jul 16, 2025

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.8MB 9.8MB +259.0B

History

jaredburgettelastic
jaredburgettelastic approved these changes Jul 16, 2025
View reviewed changes
Copy link
Contributor

@jaredburgettelastic jaredburgettelastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed that backport code is the same as #227574, approving!

@machadoum machadoum merged commit 9bcaee8 into elastic:9.1 Jul 16, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jaredburgettelastic jaredburgettelastic jaredburgettelastic approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@machadoum @elasticmachine @jaredburgettelastic @kibanamachine