[SIEM] - Top countries by source/dest tables#48179
[SIEM] - Top countries by source/dest tables#48179stephmilovic merged 16 commits intoelastic:masterfrom
Conversation
|
Pinging @elastic/siem (Team:SIEM) |
💔 Build Failed |
💔 Build Failed |
💔 Build Failed |
|
On the IP Details page, we don't need I personally imagined the countries tables to be below the IP tables on the Network page as well - not in its own tab, but together in a |
@cwurm it is already filtered down, that was an old screenshot. please reference the updated screenshot ;) |
💔 Build Failed |
💚 Build Succeeded |
| sortable: true, | ||
| render: flows => { | ||
| if (flows != null) { | ||
| return numeral(flows).format('0,000'); |
There was a problem hiding this comment.
No change necessary since we're not doing it anywhere else, but I wonder if we should be using the format:number:defaultPattern Kibana advanced setting to format these numerals?
x-pack/legacy/plugins/siem/public/components/page/network/network_top_countries_table/index.tsx
Outdated
Show resolved
Hide resolved
...gacy/plugins/siem/public/components/page/network/network_top_countries_table/translations.ts
Outdated
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/server/graphql/network/schema.gql.ts
Outdated
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/public/components/page/network/network_top_countries_table/index.tsx
Outdated
Show resolved
Hide resolved
...gacy/plugins/siem/public/components/page/network/network_top_countries_table/translations.ts
Outdated
Show resolved
Hide resolved
...gacy/plugins/siem/public/components/page/network/network_top_countries_table/translations.ts
Outdated
Show resolved
Hide resolved
...gacy/plugins/siem/public/components/page/network/network_top_countries_table/translations.ts
Outdated
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/public/components/source_destination/country_flag.tsx
Show resolved
Hide resolved
| }>(({ countryCode, displayCountryNameOnHover = false }) => { | ||
| const [localesLoaded, setLocalesLoaded] = useState(false); | ||
| useEffect(() => { | ||
| if (isEmpty(countries.getNames('en'))) { |
There was a problem hiding this comment.
Should we be using the format:number:defaultLocale Kibana advanced setting for all these countries.getNames() calls?
e.g.
console.log("US (Alpha-2) => " + countries.getName("US", "en")); // United States of America
console.log("US (Alpha-2) => " + countries.getName("US", "de")); // Vereinigte Staaten von Amerikafrom the i18n-iso-countries docs.
There was a problem hiding this comment.
We then need to load all languages. I think we talked about this @cwurm but can't remember why we ended up with english only??
There was a problem hiding this comment.
Hmmm... If that's the case, we could use typescript's dynamic import to resolve that issue pretty easily.
As for not previously using it -- perhaps it was because country names are often stored as their English counterpart in Elasticsearch directly? Doesn't look like we're using the localized country name in any DnD/AddToKql components, so that should be fine too?
Either way, just something to note 🙂
| } | ||
|
|
||
| interface NetworkTopCountriesTableDispatchProps { | ||
| updateIpDetailsTableActivePage: ActionCreator<{ |
There was a problem hiding this comment.
I think by creating one updateNetworksTableActivePage and adding the networkType in your action as an attribute will simplify some type issue.
x-pack/legacy/plugins/siem/public/containers/network_top_countries/index.tsx
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/public/pages/network/translations.ts
Outdated
Show resolved
Hide resolved
spong
left a comment
spong
left a comment
There was a problem hiding this comment.
Checked out, performed code review, and tested locally -- from pagination, DnD, column sorting, Network vs IP Details, timefilter/refresh updates, KQL changes, tab changes, etc...
Fantastic work here @stephmilovic -- I officially declare you Champion of the Tables! I've left a few nits and cleanups that might be good to take care of now while you have a chance, but nothing major holding up this PR (you may want to open an issue to track the column sorts being persistent between pages though).
Thanks for the efficient introduction of the new Countries tables! 🎉 🚀 🙂
| L | G | T | M |
|---|---|---|---|
| o | o | o | e |
| o | o | ! | |
| k | d | ||
| s |
💔 Build Failed |
💚 Build Succeeded |
5 participants
Summary
Resolves https://github.com/elastic/siem-team/issues/464
Implements Top Countries table on both Network and IP Details page. This was largely a copy/pasta of the TopNFlow table/query.
The table is in a tab on the Network page:
And between IPs and Users on the IP Details page:
A good link that has a lengthy response of countries on the IP details page: http://localhost:5601/app/siem#/network/ip/10.142.0.7?_g=()&timerange=(global:(linkTo:!(timeline),timerange:(from:1570949998180,kind:absolute,to:1571093998180)),timeline:(linkTo:!(global),timerange:(from:1570949998180,kind:absolute,to:1571093998180)))
Checklist
Use
strikethroughsto remove checklist items you don't feel are applicable to this PR.This was checked for cross-browser compatibility, including a check against IE11Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n supportDocumentation was added for features that require explanation or tutorialsThis was checked for keyboard-only and screenreader accessibilityFor maintainers
This was checked for breaking API changes and was labeled appropriatelyThis includes a feature addition or change that requires a release note and was labeled appropriately