[Security Solution][Atack/Alerts] Flyout header: Assignees #252190
Merged
agusruidiazgd merged 8 commits intoelastic:mainfrom Feb 10, 2026
Merged
[Security Solution][Atack/Alerts] Flyout header: Assignees #252190agusruidiazgd merged 8 commits intoelastic:mainfrom
agusruidiazgd merged 8 commits intoelastic:mainfrom
Conversation
agusruidiazgd
added
release_note:skip
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
NicholasPeretti
approved these changes
Feb 9, 2026
Contributor
⏳ Build in-progress
History
|
e40pud
reviewed
Feb 10, 2026
| * Assignees block for the Attack details flyout header. | ||
| * Matches the look of document_details assignees (avatars + popover with AssigneesApplyPanel). | ||
| */ | ||
| export const Assignees = memo(() => { |
Contributor
There was a problem hiding this comment.
I'm wondering if we could follow the pattern that we have in the https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/public/flyout/attack_details/components/status_popover_button.tsx
There we:
- Pass
enrichedFieldInfowhich from my understanding holds needed info (status) - Call
useAttackWorkflowStatusContextMenuItemswhich returns context menu items - Show popover with the context menu items from prev step
The useAttackWorkflowStatusContextMenuItems handles all logic that updates status for the attack and related alerts (showing modal etc.).
Following it will allow us to get rid of this new hook x-pack/solutions/security/plugins/security_solution/public/flyout/attack_details/hooks/use_attack_details_assignees.ts and just use existing useAttackDetailsContext.
mbondyra
added a commit
to mbondyra/kibana
that referenced
this pull request
Feb 10, 2026
* commit '7dcc1fe3c205d2de0c3ca3f65804f21de09013c3': (285 commits) Enrich kbn-check-saved-objects-cli README with CI and manual usage docs (elastic#252557) [Discover] Add feature flag to make ESQL the default query mode (elastic#252268) Add maskProps.headerZindexLocation above to inspect component flyout (elastic#252543) [Security Solution][Atack/Alerts] Flyout header: Assignees (elastic#252190) Upgrade EUI to v112.3.0 (elastic#252315) [Fleet] Make save_knowledge_base async in streaming state machine (elastic#252328) Upgrade @smithy/config-resolver 4.3.0 → 4.4.6 (elastic#252457) [Lens as API] Add colorMapping support for XY charts (ES|QL data layers) (elastic#252051) [WorkplaceAI] Add Google Drive data source and connector (elastic#250677) [Scout] Move GlobalSearch FTR tests to Scout (elastic#252201) [EDR Workflows] Fix osquery pack results display when agent clock is skewed (elastic#251417) [Observability Onboarding] Apply integrations limit after dedup in parseIntegrationsTSV (elastic#252486) [Entity Analytics] Update `host.ip` aggregation to remove painless script (elastic#252426) Address `@elastic/eui/require-table-caption` lint violations across `@elastic/obs-presentation-team` files (elastic#251050) Consolidate JSON stringify dependencies (elastic#251890) [index mgmt] Use esql instead of query dsl to get the index count (elastic#252422) Add Usage API Plugin (elastic#252434) Cases All Templates page (elastic#250372) [Agent Builder] Default value for optional params in ESQL tools (elastic#238472) [Fleet] Add upgrade_details.metadata.reason to AgentResponseSchema (elastic#252485) ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes: #242344
Adds assignees to the Attack details flyout header, next to the Alerts count. Users can view and update assignees from the flyout with the same behavior as the Take action assignees on the attacks table (including the confirmation modal for attack-only vs attack + related alerts).
What's changed
Data & context
use_header_data.ts– ReadsALERT_WORKFLOW_ASSIGNEE_IDSfrom the attack document and exposesassignees.use_attack_details.ts– ReturnsrefetchfromuseTimelineEventsDetailsso the flyout can reload after assignee updates.context.tsx– AddsrefetchtoAttackDetailsContextso components can refresh flyout data after updating assignees.New hook
use_attack_details_assignees.ts– Hook that:useApplyAttackAssignees(same apply flow as attacks table, including modal).useBulkGetUserProfiles,useAttacksPrivileges,useLicense, anduseUpsellingMessage.refetch()andinvalidateFindAttackDiscoveries()so the flyout and attacks list stay in sync.How to test
Checklist
Screen.Recording.2026-02-09.at.07.51.53.mov