Skip to content

[Security Solution][OneDiscover] Migrate host flyout to v2#265893

Open
kelvtanv wants to merge 50 commits into
elastic:mainfrom
kelvtanv:migrate-main-content-for-host-flyout
Open

[Security Solution][OneDiscover] Migrate host flyout to v2#265893
kelvtanv wants to merge 50 commits into
elastic:mainfrom
kelvtanv:migrate-main-content-for-host-flyout

Conversation

@kelvtanv
Copy link
Copy Markdown
Contributor

@kelvtanv kelvtanv commented Apr 27, 2026
edited
Loading

Summary

Closes #265873
Includes #265876 , kelvtanv#3

  • alerts table host name column should conditionally open the old/new flyout
  • all existing sections within the (new) document flyout that can link to the host flyout should open a new host flyout
  • host name column within discover should open the host flyout
  • rework ChildLink to be OpenFlyoutLink to support the use case where we want to open a flyout that replaces the current one
  • take action should be disabled in discover
  • v1 flyout should be unchanged
Screen.Recording.2026-05-05.at.3.55.17.PM.mov

TODO as follow ups

  • tabs (migrate to unified v2)
  • history (ensure titles are updated)

Note

Some small bugs and organizational fixes are done in downstream PR (kelvtanv#4, kelvtanv#5)

Testing

Pre-req: have some rules and alerts

  1. Enable entitystorev2 feature flag (so that you can have entity store hosts to see sections like asset criticality):
uiSettings.overrides:
   securitySolution:entityStoreEnableV2: true
  1. Add vulnerabilities and misconfigurations via security-documents-generator (yarn start csp --data-sources all --findings-count 50)
  2. Go to stack management -> Alerts and Insights -> Entity analytics and configure Entity Risk Score so that some alerts shows the entity score section

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

@kelvtanv kelvtanv changed the title initial impl [Security Solution][OneDiscover] Migrate main host flyout skeleton May 4, 2026
@kelvtanv kelvtanv marked this pull request as ready for review May 5, 2026 19:57
@kelvtanv kelvtanv requested review from a team as code owners May 5, 2026 19:57
@kelvtanv kelvtanv requested a review from ymao1 May 5, 2026 19:57
@kelvtanv kelvtanv added Team:Threat Hunting Security Solution Threat Hunting Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. ci:use-selective-testing Turns on selective testing features for the PR CI run OneDiscover labels May 5, 2026
@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 5, 2026

Pinging @elastic/security-solution (Team: SecuritySolution)

@infra-vault-gh-plugin-prod
Copy link
Copy Markdown

infra-vault-gh-plugin-prod Bot commented May 5, 2026

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@kelvtanv kelvtanv added v9.5.0 backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes labels May 5, 2026
kelvtanv and others added 20 commits May 14, 2026 16:43
@kelvtanv
fix merge errors
cb543fd
@kelvtanv
hide icons using props
055f8bf
@kelvtanv
hide header icons
96367d4
@kelvtanv
rework tools flyout header
3d36812
@kelvtanv
hide add to timeline action in discover for risk_inputs_tab
c2de935
@kelvtanv @claude
replace csp_insights tool with three focused tools for v2 host flyout
4f1aa33 
Split the unified CspInsights tool (which wrapped InsightsTabCsp with a
tab strip) into three standalone tools — MisconfigurationInsights,
VulnerabilityInsights, AlertsInsights — each rendering a single table
component. openDetailsPanel in main/index.tsx now switches on path.subTab
within CSP_INSIGHTS to open the matching tool.

Added hideHeaderIcon to MisconfigurationsPreview and VulnerabilitiesPreview
(matching AlertsPreview's existing prop) so v2 callers can suppress the
chevron icon; EntityInsight threads hideMisconfigurationsHeaderIcon and
hideVulnerabilitiesHeaderIcon down to those previews.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@kelvtanv @claude
[dev] add mock data for misconfiguration and vulnerability tools
94cf444 
Adds hardcoded fixture rows to MisconfigurationInsights and
VulnerabilityInsights tools so the components render visibly without a
running Elasticsearch. Also wires mockMisconfigurationFindings /
mockVulnerabilitiesFindings flags through the v2 host flyout so the
EntityInsight previews show even when no real findings exist.

Revert this commit to strip all dev scaffolding before shipping.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@kelvtanv
link renderer for observed data
a12cc54
@kelvtanv
fix css + bug related to time filter
94cfb98
@kelvtanv
refactor
87be8c7
@kelvtanv
Merge branch 'main' into migrate-main-content-for-host-flyout
812bab3
@kelvtanv
Merge branch 'migrate-main-content-for-host-flyout' into migrate-host…
350b889 
…-risk-summary
@kelvtanv
wrapper for details
9d7c4a8
@kelvtanv
Revert "[dev] add mock data for misconfiguration and vulnerability to…
670ba52 
…ols"

This reverts commit 94cf444.
@kelvtanv
pass entity id
7fed915
@kelvtanv
ensure entity id is passed in
b7651bd
@kelvtanv
second pass
d4ba747
@kelvtanv
ai review comments
dfbaf68
@kelvtanv @claude
add unit tests for v2 host tool panels and csp details
297df77 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@kelvtanv
more ai review
f2963b4
seanrathier
seanrathier approved these changes May 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@seanrathier seanrathier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

kelvtanv and others added 8 commits May 26, 2026 15:56
@kelvtanv
address comments
6d7d320
@kelvtanv
Merge pull request #3 from kelvtanv/migrate-host-risk-summary
ec249f8 
[Security Solution][One Discover] Migrate host flyout subcomponents
@kelvtanv
Merge remote-tracking branch 'upstream/main' into migrate-main-conten…
7c558cb 
…t-for-host-flyout
@kibanamachine
Changes from node scripts/check
60d32a3
@kelvtanv
ci
f557183
@kibanamachine
Changes from node scripts/eslint_all_files --no-cache --fix
bacf93e
@kelvtanv
fix ci
7a3000e
@kelvtanv @claude
fix tests: use async findByTestId for lazy-loaded components in build…
144ffc0 
…FlyoutContent

React.lazy() components render asynchronously inside Suspense boundaries,
causing getByTestId to find the loading spinner fallback instead of the
mocked component. Switch to findByTestId (which waits for the element)
to properly handle the async resolution.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Jun 2, 2026

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] Scout Lane #3 - stateful-classic / default / local-stateful-classic - UptimeIntegrationDeprecation - returns true when non-managed synthetics policies exist

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 9585 9599 +14

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
discover 1.9MB 1.9MB +28.0B
securitySolution 12.1MB 12.1MB +18.3KB
total +18.4KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 159.8KB 159.8KB +1.0B

History

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seanrathier seanrathier seanrathier approved these changes

@davismcphee davismcphee davismcphee approved these changes

@PhilippeOberti PhilippeOberti Awaiting requested review from PhilippeOberti

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

backport:skip This PR does not require backporting ci:use-selective-testing Turns on selective testing features for the PR CI run OneDiscover release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team v9.5.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security Solution][OneDiscover] Main content for the host flyout

5 participants

@kelvtanv @PhilippeOberti @kibanamachine @seanrathier @davismcphee