Skip to content

[Security solutions][Intelligence] Upgrade ioc flyout #230593

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 27 commits into from
Sep 23, 2025
Merged

[Security solutions][Intelligence] Upgrade ioc flyout #230593

merged 27 commits into from
Sep 23, 2025

Conversation

@NicholasPeretti
Copy link
Contributor

@NicholasPeretti NicholasPeretti commented Aug 5, 2025
edited by kibanamachine
Loading

Summary

Fixes #189870.

Upgrading intelligence flyout look-and-feel to be more like the alert's flyout.

Screenshots

Screenshot 2025-08-29 at 12 19 51 Screenshot 2025-08-29 at 12 20 05 Screenshot 2025-08-29 at 12 20 16

@NicholasPeretti NicholasPeretti requested a review from a team as a code owner August 5, 2025 14:00
PhilippeOberti
PhilippeOberti requested changes Aug 15, 2025
View reviewed changes
@NicholasPeretti NicholasPeretti self-assigned this Aug 19, 2025
@NicholasPeretti NicholasPeretti requested a review from a team as a code owner August 19, 2025 14:04
PhilippeOberti
PhilippeOberti requested changes Aug 21, 2025
View reviewed changes
Copy link
Contributor

@PhilippeOberti PhilippeOberti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making the changes for the JsonTab. I really like having that component now shared, it looks clean!

I left a few more minor comments, let me know if you want to discuss any of them!

PhilippeOberti
PhilippeOberti reviewed Aug 27, 2025
View reviewed changes
Copy link
Contributor

@PhilippeOberti PhilippeOberti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few more very minor comments, this is super close!

PhilippeOberti
PhilippeOberti approved these changes Aug 28, 2025
View reviewed changes
Copy link
Contributor

@PhilippeOberti PhilippeOberti left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this nice improvement! Code LGTM and desk tested.

Before merging though, you need to:

  • fix the translations issues: just run node scripts/i18n_check --fix locally then push the changes. This will fix your CI Quick Checks errors.
  • fix 2 wrong paths (I commented the correct ones) and remove the VisibleOnHover code that is now unused. This will fix your CI Linting and Checks Types errors (I made the changes locally and ran node scripts/type_check.js --project x-pack/solutions/security/plugins/security_solution/tsconfig.json with no errors).
  • add the proper labels: Team:Threat Hunting:Investigations, backport:skip, release_note:enhancement and v9.2.0 should be good.

We might want to let @natasha-moore-elastic about this change. It does not seem to me that it would be worth doing a doc update, but she will know more about it.

Also, if you have time (not mandatory) it'd be nice to update the screenshots in the PR description to reflect the latest changes.

I reached out to the @elastic/security-entity-analytics team for review :)

@NicholasPeretti NicholasPeretti added release_note:enhancement backport:version Backport to applied version labels v9.1.0 v8.19.0 v9.2.0 Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Threat Hunting Investigations Team labels Aug 29, 2025
@elasticmachine
Copy link
Contributor

elasticmachine commented Aug 29, 2025

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

@elasticmachine
Copy link
Contributor

elasticmachine commented Sep 22, 2025

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #78 / cases security and spaces enabled: trial Common migrations migrations 7.11.1 -> latest stack version "before all" hook for "adds rule info to only alert comments for 7.12"
  • [job] [logs] FTR Configs #73 / ESQL execution logic API @ess @serverless ES|QL rule type max alerts identical document ids across multiple indices should generate alerts over multiple pages from different indices but same event id for mv_expand when number alerts exceeds max signal

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 8027 8026 -1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 10.5MB 10.5MB -8.2KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 97.1KB 97.2KB +64.0B
Unknown metric groups

async chunk count

id before after diff
securitySolution 103 104 +1

History

cc @NicholasPeretti

@NicholasPeretti NicholasPeretti merged commit d4656bb into elastic:main Sep 23, 2025
13 checks passed
@kibanamachine
Copy link
Contributor

kibanamachine commented Sep 23, 2025

Starting backport for target branches: 8.19, 9.1

https://github.com/elastic/kibana/actions/runs/17941727877

@kibanamachine
Copy link
Contributor

kibanamachine commented Sep 23, 2025

💔 All backports failed

Status Branch Result
8.19 Backport failed because of merge conflicts

You might need to backport the following PRs to 8.19:
- [Security Solution] [SKA] Moved cypress folder (#230198)
9.1 Backport failed because of merge conflicts

You might need to backport the following PRs to 9.1:
- [Security Solution] [SKA] Moved cypress folder (#230198)

Manual backport

To create the backport manually run:

node scripts/backport --pr 230593

Questions ?

Please refer to the Backport tool documentation

CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Sep 24, 2025
@NicholasPeretti @kibanamachine @CAWilson94
[Security solutions][Intelligence] Upgrade ioc flyout (elastic#230593)
0ca804e 
## Summary

Fixes elastic#189870.

Upgrading intelligence flyout look-and-feel to be more like the alert's
flyout.

## Screenshots
<img width="1282" height="1222" alt="Screenshot 2025-08-29 at 12 19 51"
src="https://github.com/user-attachments/assets/6b9825ae-32a5-4dc7-9133-94c0cac770e2"
/>
<img width="1281" height="1222" alt="Screenshot 2025-08-29 at 12 20 05"
src="https://github.com/user-attachments/assets/4196e583-2d70-429b-9f83-655cd67cf00a"
/>
<img width="1281" height="1222" alt="Screenshot 2025-08-29 at 12 20 16"
src="https://github.com/user-attachments/assets/7fd7949d-1317-4437-919b-bdbe9585b750"
/>

---------

Co-authored-by: kibanamachine <[email protected]>
@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Sep 25, 2025
@kibanamachine
Copy link
Contributor

kibanamachine commented Sep 25, 2025

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 230593 locally
cc: @NicholasPeretti

@PhilippeOberti PhilippeOberti added backport:skip This PR does not require backporting and removed backport missing Added to PRs automatically when the are determined to be missing a backport. backport:version Backport to applied version labels v9.1.0 v8.19.0 labels Sep 25, 2025
niros1 pushed a commit that referenced this pull request Sep 30, 2025
@NicholasPeretti @kibanamachine @niros1
[Security solutions][Intelligence] Upgrade ioc flyout (#230593)
c9fe2ca 
## Summary

Fixes #189870.

Upgrading intelligence flyout look-and-feel to be more like the alert's
flyout.

## Screenshots
<img width="1282" height="1222" alt="Screenshot 2025-08-29 at 12 19 51"
src="https://github.com/user-attachments/assets/6b9825ae-32a5-4dc7-9133-94c0cac770e2"
/>
<img width="1281" height="1222" alt="Screenshot 2025-08-29 at 12 20 05"
src="https://github.com/user-attachments/assets/4196e583-2d70-429b-9f83-655cd67cf00a"
/>
<img width="1281" height="1222" alt="Screenshot 2025-08-29 at 12 20 16"
src="https://github.com/user-attachments/assets/7fd7949d-1317-4437-919b-bdbe9585b750"
/>

---------

Co-authored-by: kibanamachine <[email protected]>
rylnd pushed a commit to rylnd/kibana that referenced this pull request Oct 17, 2025
@NicholasPeretti @kibanamachine
[Security solutions][Intelligence] Upgrade ioc flyout (elastic#230593)
8e54bf4 
## Summary

Fixes elastic#189870.

Upgrading intelligence flyout look-and-feel to be more like the alert's
flyout.

## Screenshots
<img width="1282" height="1222" alt="Screenshot 2025-08-29 at 12 19 51"
src="https://github.com/user-attachments/assets/6b9825ae-32a5-4dc7-9133-94c0cac770e2"
/>
<img width="1281" height="1222" alt="Screenshot 2025-08-29 at 12 20 05"
src="https://github.com/user-attachments/assets/4196e583-2d70-429b-9f83-655cd67cf00a"
/>
<img width="1281" height="1222" alt="Screenshot 2025-08-29 at 12 20 16"
src="https://github.com/user-attachments/assets/7fd7949d-1317-4437-919b-bdbe9585b750"
/>

---------

Co-authored-by: kibanamachine <[email protected]>
@PhilippeOberti PhilippeOberti mentioned this pull request Nov 7, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hop-dev hop-dev hop-dev approved these changes

@CAWilson94 CAWilson94 CAWilson94 approved these changes

@PhilippeOberti PhilippeOberti PhilippeOberti approved these changes

Assignees

@NicholasPeretti NicholasPeretti

Labels

backport:skip This PR does not require backporting release_note:enhancement Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Threat Hunting Investigations Team v9.2.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security Solution][Expandable flyout] - convert the IOC (indicator of compromise) flyout to the expandable framework

6 participants

@NicholasPeretti @elasticmachine @kibanamachine @hop-dev @CAWilson94 @PhilippeOberti