Skip to content

SIEM Readiness V2 init#245776

Merged
JordanSh merged 21 commits intoelastic:mainfrom
JordanSh:siem-readiness-with-author
Dec 22, 2025
Merged

SIEM Readiness V2 init#245776
JordanSh merged 21 commits intoelastic:mainfrom
JordanSh:siem-readiness-with-author

Conversation

@JordanSh
Copy link
Contributor

@JordanSh JordanSh commented Dec 10, 2025
edited
Loading

Resolves #242654
Resolves #242657
Resolves #242668
Resolves #242864

Summary

This pull request refactors and simplifies the SIEM readiness package to focus on API endpoints related to readiness categories and installed integrations, removing legacy readiness task logic and related types. It also updates the constants and types to reflect the new data structures and removes outdated tests.

API and Data Model Refactor:

  • Removed all readiness task logic, types, and exports from the package, including the readiness_tasks.ts file and related exports in index.ts. The code now focuses on readiness categories and integrations instead of individual tasks.
  • Updated the API constants to remove task-related endpoints and add the new GET_SIEM_READINESS_CATEGORIES_API_PATH for fetching readiness categories.
  • Replaced legacy task types with new types for readiness categories and integrations, including IndexInfo, CategoryGroup, and CategoriesResponse in types.ts.

Hooks and Query Updates:

  • Refactored the main hook to useSiemReadinessApi, which now exposes queries for readiness categories and installed integrations, removing mutation and query logic for readiness tasks.

@JordanSh JordanSh self-assigned this Dec 10, 2025
@JordanSh JordanSh added release_note:skip Skip the PR/issue when compiling release notes backport:skip This PR does not require backporting Team:Cloud Security Cloud Security team related v9.4.0 labels Dec 10, 2025
@JordanSh JordanSh marked this pull request as ready for review December 10, 2025 11:32
@JordanSh JordanSh requested review from a team as code owners December 10, 2025 11:32
@elasticmachine
Copy link
Contributor

elasticmachine commented Dec 10, 2025

Pinging @elastic/contextual-security-apps (Team:Cloud Security)

@JordanSh JordanSh requested a review from animehart December 10, 2025 11:32
animehart
animehart reviewed Dec 11, 2025
View reviewed changes
...gins/security_solution/public/siem_readiness/pages/tabs/coverage_tab/data_coverage_panel.tsx Outdated
<p>
<FormattedMessage
id="xpack.securitySolution.siemReadiness.coverage.dataCoverage.warningDescription"
defaultMessage="Some log categories are missing integrations, limiting your visibility and detection coverage. Create a case to install the missing {count, plural, one {integration} other {integrations}} or view missing integrations to restore full visibility. Learn more about installing integrations in our {docs}."
Copy link
Contributor

@animehart animehart Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
defaultMessage="Some log categories are missing integrations, limiting your visibility and detection coverage. Create a case to install the missing {count, plural, one {integration} other {integrations}} or view missing integrations to restore full visibility. Learn more about installing integrations in our {docs}."
defaultMessage="Some log categories are missing integrations, limiting your visibility and detection coverage. Create a case to install the missing integrations for {count, plural, one {# category} other {# categories}} or view missing integrations to restore full visibility. Learn more about installing integrations in our {docs}."

to fix the number counter

@elasticmachine
Copy link
Contributor

elasticmachine commented Dec 15, 2025

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #114 / integrations When on the Endpoint Policy List Page with no policies shows the empty page
  • [job] [logs] Scout: [ platform / discover_enhanced ] plugin / serverless-security - Discover app - value suggestions: useTimeRange disabled - show up if in range
  • [job] [logs] Scout: [ platform / discover_enhanced ] plugin / show up if in range

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 8541 8528 -13

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/siem-readiness 19 11 -8

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 10.7MB 10.6MB -99.8KB
Unknown metric groups

API count

id before after diff
@kbn/siem-readiness 19 11 -8

ESLint disabled line counts

id before after diff
securitySolution 700 701 +1

Total ESLint disabled count

id before after diff
securitySolution 808 809 +1

History

cc @JordanSh

@JordanSh JordanSh requested a review from animehart December 15, 2025 12:27
animehart
animehart reviewed Dec 16, 2025
View reviewed changes
...gins/security_solution/public/siem_readiness/pages/tabs/coverage_tab/data_coverage_panel.tsx
export const DataCoveragePanel: React.FC = () => {
const basePath = useBasePath();
const { getReadinessCategories } = useSiemReadinessApi();
const { openNewCaseFlyout } = useSiemReadinessCases();
Copy link
Contributor

@animehart animehart Dec 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

considering other panels will also have Create Case option, won't it be better to have all the Create Case related stuff in 1 file and just export it

Copy link
Contributor Author

@JordanSh JordanSh Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since each component that shows this "create case button" needs to pass some kind of specific data in order to populate the flyout fields properly, it ends up a bunch of getter components with very random arguments. I considered this approach but found it a bit too messy, we can reconsider later in development after we will have a few more of those and we can try to see if we have some common fields that we can reduce into

animehart
animehart approved these changes Dec 16, 2025
View reviewed changes
Copy link
Contributor

@animehart animehart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@JordanSh
Copy link
Contributor Author

JordanSh commented Dec 22, 2025

@elasticmachine merge upstream

@JordanSh JordanSh merged commit ae52f91 into elastic:main Dec 22, 2025
13 checks passed
mbondyra added a commit to mbondyra/kibana that referenced this pull request Dec 22, 2025
@mbondyra
Merge commit '51756d2722200a991607658d48ecda50aeb04a7d' into dashboar…
7f313c1 
…d_step_back

* commit '51756d2722200a991607658d48ecda50aeb04a7d': (76 commits)
  [Synthetics] Fix SyncGlobalParamsSpaces flaky test (elastic#246487)
  [Synthetics] Fix useSyntheticsRules test (elastic#247259)
  [ES|QL] Fix index editor flaky test (elastic#247233)
  [ResponseOps][Reporting] Fix "failed to decrypt apiKey" error while disabling/enabling scheduled reports (elastic#247236)
  [Console] Update console definitions (main) (elastic#247214)
  [ES|QL] Esql indentation shortcut on the editor (elastic#247234)
  [Streams] Use original request for rules client when in default space (elastic#247014)
  Consolidate and improve unflattenObject (elastic#246725)
  [scout] use svl mode to run api-int tests (elastic#247223)
  SIEM Readiness V2 (elastic#245776)
  [ObsPresentation][A11y] Fix asset details flyout header announcement (elastic#246872)
  [Streams] Add abort support and silent mode for stream description generation (elastic#247082)
  [SLO] Add environment context to SLO feedback button (elastic#247221)
  Ignore the reason and retry systematically (elastic#246830)
  Update dependency @types/moment-duration-format to ^2.2.7 (main) (elastic#242221)
  [Streams 🌊 ] Add explicit waits for data grid rows before clicking expand button (elastic#246919)
  [Security Solution][Entity Analytics][Risk Scoring] Handle special characters in ESQL query for risk scoring (elastic#247060)
  [ML] Data frame analytics: Updates page headers (elastic#247097)
  [ES|QL] Build function arguments suggestions from hints (elastic#246736)
  Update dependency @hey-api/openapi-ts to v0.88.1 (main) (elastic#247210)
  ...
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Jan 6, 2026
@JordanSh @CAWilson94
SIEM Readiness V2 (elastic#245776)
5a94618
dej611 pushed a commit to dej611/kibana that referenced this pull request Jan 8, 2026
@JordanSh @dej611
SIEM Readiness V2 (elastic#245776)
7788ec2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@animehart animehart Awaiting requested review from animehart

Assignees

@JordanSh JordanSh

Labels

backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Cloud Security Cloud Security team related v9.4.0

Projects

None yet

Milestone

No milestone

4 participants

@JordanSh @elasticmachine @animehart @kibanamachine