Skip to content

[SIEM] New Overview Page #54783

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
andrew-goldstein merged 3 commits into from
Jan 15, 2020
Merged

[SIEM] New Overview Page #54783

andrew-goldstein merged 3 commits into from
Jan 15, 2020

Conversation

@andrew-goldstein
Copy link
Contributor

@andrew-goldstein andrew-goldstein commented Jan 14, 2020
edited
Loading

[SIEM] Overview Page "1.5"

A redesigned SIEM Overview page that includes Recent timelines, a Security news feed, visualizations, and rolled-up event counts

overview-day

overview-night

Overview enhancements

  • Added the global Search bar and Date picker to the Overview page
  • New Recent timelines widget affords quick access to favorite and recently modified timelines
  • New Security news widget
  • New Kibana advanced settings (toggle switch) for enabling or disabling the news widget and configuring the news URL
    news-settings
  • New Events count by dataset widget
  • Updated the Host Events and Network Events widgets to integrate with the Search bar and date picker input
  • Enhanced the Host Events and Network Events widgets to use an accordion paradigm that summarizes stats by source (e.g. Auditbeat, Endgame)
  • Enhanced the Host Events and Network Events widgets to visualize relative percentages of events collected as progress bars
  • New Alerts count by category widget
  • New Signals count by MITRE ATT&CK™ category widget
  • New View events, View alerts, and View signals navigation buttons for their respective visualizations

FTUE enhancements

  • FTUE "no data" view design refresh
    ftue

  • When the FTUE "no data" page is displayed, hide all global navigation links (i.e. Hosts, Network, Detection engine), such that only Overview appears in the global nav

  • App Help popover design refresh
    help

  • Removed the Beta badge and Security Information & Event Management with the Elastic Stack from the Overview header

  • Tested in Chrome 79.0.3945.117, Firefox 72.0.1, and Safari 13.0.4

Known issues

  • The siem:newsFeedUrl advanced setting is defaulted to https://feeds.elastic.co/kibana
  • The Signals count by MITRE ATT&CK™ category visualization does not display all categories
  • The Signals count by MITRE ATT&CK™ category visualization may require a different index pattern
  • EuiButtonGroup throwing a Can't perform a React state update on an unmounted component warning when switching from the Overview tab

https://github.com/elastic/siem-team/issues/484

@andrew-goldstein andrew-goldstein requested a review from a team as a code owner January 14, 2020 18:28
@andrew-goldstein andrew-goldstein self-assigned this Jan 14, 2020
@elasticmachine
Copy link
Contributor

elasticmachine commented Jan 14, 2020

Pinging @elastic/siem (Team:SIEM)

joshdover
joshdover approved these changes Jan 14, 2020
View reviewed changes
Copy link
Contributor

@joshdover joshdover left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Platform changes LGTM

@angorayc
Copy link
Contributor

angorayc commented Jan 14, 2020

Found that View alerts lands at incorrect page, but it is nothing wrong with the code in this PR.
It is in link-to component I forgot to add alerts page into the route, sorry for the inconvenience.
Please update components/link_to/link_to.tsx line 39 - 46

<Route
      component={RedirectToHostsPage}
      path={`${match.url}/:pageName(${SiemPageName.hosts})/:tabName(${HostsTableType.hosts}|${HostsTableType.authentications}|${HostsTableType.uncommonProcesses}|${HostsTableType.anomalies}|${HostsTableType.events}|${HostsTableType.alerts})`}
    />
    <Route
      component={RedirectToHostDetailsPage}
      path={`${match.url}/:pageName(${SiemPageName.hosts})/:detailName/:tabName(${HostsTableType.authentications}|${HostsTableType.uncommonProcesses}|${HostsTableType.anomalies}|${HostsTableType.events}|${HostsTableType.alerts})`}
    />

angorayc
angorayc reviewed Jan 14, 2020
View reviewed changes
x-pack/legacy/plugins/siem/public/components/page/overview/overview_network/index.tsx Outdated
Copy link
Contributor

@angorayc angorayc Jan 14, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

angorayc
angorayc reviewed Jan 14, 2020
View reviewed changes
angorayc
angorayc approved these changes Jan 15, 2020
View reviewed changes
Copy link
Contributor

@angorayc angorayc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ran it on my dev, all works well! Looks really beautiful, thanks a lot!!

@andrew-goldstein
A redesigned SIEM Overview page that includes Recent timelines, a `…
c36fd66 
…Security news` feed, visualizations, and rolled-up event counts

![overview-day](https://user-images.githubusercontent.com/4459398/72394573-f7c42080-36f3-11ea-93a1-57c52152cfdd.png)

![overview-night](https://user-images.githubusercontent.com/4459398/72394575-fb57a780-36f3-11ea-868e-8fcd2c5c4543.png)

- Added the global Search bar and Date picker to the Overview page
- New `Recent timelines` widget affords quick access to favorite and recently modified timelines
- New `Security news` widget
- New Kibana advanced settings (toggle switch) for enabling or disabling the news widget and configuring the news URL
![news-settings](https://user-images.githubusercontent.com/4459398/72362776-fd4c4700-36b0-11ea-805b-3c7353f2c1cd.png)
- New `Events count by dataset` widget
- Updated the `Host Events` and `Network Events` widgets to integrate with the Search bar and date picker input
- Enhanced the `Host Events` and `Network Events` widgets to use an accordion paradigm that summarizes stats by source (e.g. `Auditbeat`, `Endgame`)
- Enhanced the `Host Events` and `Network Events` widgets to visualize relative percentages of events collected as progress bars
- New `Alerts count by category` widget
- New `Signals count by MITRE ATT&CK™ category` widget
- New `View events`, `View alerts`, and `View signals` navigation buttons for their respective visualizations

- FTUE "no data" view design refresh
![ftue](https://user-images.githubusercontent.com/4459398/72361771-43a0a680-36af-11ea-969f-5872ac4a01a1.png)
- When the FTUE "no data" page is displayed, hide all global navigation links (i.e. `Hosts`, `Network`, `Detection engine`), such that only `Overview` appears in the global nav
- App Help popover design refresh
![help](https://user-images.githubusercontent.com/4459398/72362132-d80b0900-36af-11ea-9b58-1fd3b923b7c8.png)
- Removed the `Beta` badge and `Security Information & Event Management with the Elastic Stack` from the Overview header

- Tested in Chrome `79.0.3945.117`, Firefox `72.0.1`, and Safari `13.0.4`

- The `siem:newsFeedUrl` advanced setting is defaulted to `https://feeds.elastic.co/kibana`
- The `Signals count by MITRE ATT&CK™ category` visualization does not display all categories
- The `Signals count by MITRE ATT&CK™ category` visualization may require a different index pattern
- `EuiButtonGroup` throwing a `Can't perform a React state update on an unmounted component` warning when switching from the Overview tab

elastic/siem-team#484
@andrew-goldstein andrew-goldstein requested a review from a team as a code owner January 15, 2020 02:49
@kibanamachine
Copy link
Contributor

kibanamachine commented Jan 15, 2020

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@andrew-goldstein andrew-goldstein merged commit 56ff721 into elastic:master Jan 15, 2020
@andrew-goldstein andrew-goldstein deleted the overview-page-1-5 branch January 15, 2020 04:04
@andrew-goldstein andrew-goldstein mentioned this pull request Jan 15, 2020
Merged
andrew-goldstein added a commit that referenced this pull request Jan 15, 2020
@andrew-goldstein @elasticmachine
[SIEM] New Overview Page (#54783) (#54873)
fd2e7b1 
## [SIEM] Overview Page "1.5"

A redesigned SIEM Overview page that includes `Recent timelines`, a `Security news` feed, visualizations, and rolled-up event counts

![overview-day](https://user-images.githubusercontent.com/4459398/72396016-90f53600-36f8-11ea-9b41-6d54d09de589.png)

![overview-night](https://user-images.githubusercontent.com/4459398/72394575-fb57a780-36f3-11ea-868e-8fcd2c5c4543.png)

### Overview enhancements
- Added the global Search bar and Date picker to the Overview page
- New `Recent timelines` widget affords quick access to favorite and recently modified timelines
- New `Security news` widget
- New Kibana advanced settings (toggle switch) for enabling or disabling the news widget and configuring the news URL
![news-settings](https://user-images.githubusercontent.com/4459398/72362776-fd4c4700-36b0-11ea-805b-3c7353f2c1cd.png)
- New `Events count by dataset` widget
- Updated the `Host Events` and `Network Events` widgets to integrate with the Search bar and date picker input
- Enhanced the `Host Events` and `Network Events` widgets to use an accordion paradigm that summarizes stats by source (e.g. `Auditbeat`, `Endgame`)
- Enhanced the `Host Events` and `Network Events` widgets to visualize relative percentages of events collected as progress bars
- New `Alerts count by category` widget
- New `Signals count by MITRE ATT&CK™ category` widget
- New `View events`, `View alerts`, and `View signals` navigation buttons for their respective visualizations


### FTUE enhancements
- FTUE "no data" view design refresh
![ftue](https://user-images.githubusercontent.com/4459398/72361771-43a0a680-36af-11ea-969f-5872ac4a01a1.png)
- When the FTUE "no data" page is displayed, hide all global navigation links (i.e. `Hosts`, `Network`, `Detection engine`), such that only `Overview` appears in the global nav
- App Help popover design refresh
![help](https://user-images.githubusercontent.com/4459398/72362132-d80b0900-36af-11ea-9b58-1fd3b923b7c8.png)
- Removed the `Beta` badge and `Security Information & Event Management with the Elastic Stack` from the Overview header

- Tested in Chrome `79.0.3945.117`, Firefox `72.0.1`, and Safari `13.0.4`

## Known issues

- The `siem:newsFeedUrl` advanced setting is defaulted to `https://feeds.elastic.co/kibana`
- The `Signals count by MITRE ATT&CK™ category` visualization does not display all categories
- The `Signals count by MITRE ATT&CK™ category` visualization may require a different index pattern
- `EuiButtonGroup` throwing a `Can't perform a React state update on an unmounted component` warning when switching from the Overview tab

elastic/siem-team#484

Co-authored-by: Elastic Machine <[email protected]>
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jan 15, 2020
@gmmorris
Merge remote-tracking branch 'upstream/master'
bfdb1ea 
* upstream/master: (72 commits)
  [ML] Calculate model memory limit API integration tests (elastic#54557)
  Skip flakey index template component integration tests. (elastic#54878)
  Add label and icon to nested fields in the doc table (elastic#54199)
  Reverse dependency of home plugin and apm/ml/cloud (elastic#52883)
  [SIEM][Detection Engine] Order JSON keys, fix scripts, update pre-packaged rules
  update invalid snapshot
  add readme note about alerting / manage_api_key cluster privilege (elastic#54639)
  [SIEM] New Overview Page (elastic#54783)
  [Uptime] Feature/refactor context initialization (elastic#54494)
  Upgrade EUI to v18.2.0 (elastic#54786)
  [SIEM] [Detection engine] from signals to timeline (elastic#54769)
  [Index Management] Add Mappings Editor to Index Template Wizard (elastic#47562)
  [SIEM][Detection Engine] Removes deprecated filter from mapping
  [Maps] Add categorical styling (elastic#54408)
  Add mapbox-gl-rtl-text library (elastic#54842)
  [SIEM][Detection Engine] Adds actions to Rule Details (elastic#54828)
  Lexicographically sort location tags (elastic#54832)
  [Maps] expand extent filter to tile boundaries (elastic#54276)
  [Maps] Use v7.6 Elastic Maps Service API (elastic#54399)
  [DOCS] Adds monitoring setting (elastic#54819)
  ...
jkelastic pushed a commit to jkelastic/kibana that referenced this pull request Jan 17, 2020
@andrew-goldstein @jkelastic
[SIEM] New Overview Page (elastic#54783)
67ca64a 
## [SIEM] Overview Page "1.5"

A redesigned SIEM Overview page that includes `Recent timelines`, a `Security news` feed, visualizations, and rolled-up event counts

![overview-day](https://user-images.githubusercontent.com/4459398/72396016-90f53600-36f8-11ea-9b41-6d54d09de589.png)

![overview-night](https://user-images.githubusercontent.com/4459398/72394575-fb57a780-36f3-11ea-868e-8fcd2c5c4543.png)

### Overview enhancements
- Added the global Search bar and Date picker to the Overview page
- New `Recent timelines` widget affords quick access to favorite and recently modified timelines
- New `Security news` widget
- New Kibana advanced settings (toggle switch) for enabling or disabling the news widget and configuring the news URL
![news-settings](https://user-images.githubusercontent.com/4459398/72362776-fd4c4700-36b0-11ea-805b-3c7353f2c1cd.png)
- New `Events count by dataset` widget
- Updated the `Host Events` and `Network Events` widgets to integrate with the Search bar and date picker input
- Enhanced the `Host Events` and `Network Events` widgets to use an accordion paradigm that summarizes stats by source (e.g. `Auditbeat`, `Endgame`)
- Enhanced the `Host Events` and `Network Events` widgets to visualize relative percentages of events collected as progress bars
- New `Alerts count by category` widget
- New `Signals count by MITRE ATT&CK™ category` widget
- New `View events`, `View alerts`, and `View signals` navigation buttons for their respective visualizations


### FTUE enhancements
- FTUE "no data" view design refresh
![ftue](https://user-images.githubusercontent.com/4459398/72361771-43a0a680-36af-11ea-969f-5872ac4a01a1.png)
- When the FTUE "no data" page is displayed, hide all global navigation links (i.e. `Hosts`, `Network`, `Detection engine`), such that only `Overview` appears in the global nav
- App Help popover design refresh
![help](https://user-images.githubusercontent.com/4459398/72362132-d80b0900-36af-11ea-9b58-1fd3b923b7c8.png)
- Removed the `Beta` badge and `Security Information & Event Management with the Elastic Stack` from the Overview header

- Tested in Chrome `79.0.3945.117`, Firefox `72.0.1`, and Safari `13.0.4`

## Known issues

- The `siem:newsFeedUrl` advanced setting is defaulted to `https://feeds.elastic.co/kibana`
- The `Signals count by MITRE ATT&CK™ category` visualization does not display all categories
- The `Signals count by MITRE ATT&CK™ category` visualization may require a different index pattern
- `EuiButtonGroup` throwing a `Can't perform a React state update on an unmounted component` warning when switching from the Overview tab

https://github.com/elastic/siem-team/issues/484
@benskelker benskelker mentioned this pull request Feb 9, 2020
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattkime mattkime mattkime approved these changes

@angorayc angorayc angorayc approved these changes

+1 more reviewer

@joshdover joshdover joshdover approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@andrew-goldstein andrew-goldstein

Labels

release_note:enhancement Team:SIEM v7.6.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@andrew-goldstein @elasticmachine @angorayc @kibanamachine @mattkime @joshdover