[SECURITY SOLEIL] Fix selection of event type when no siem index signal created#68291
Merged
XavierM merged 10 commits intoelastic:masterfrom Jun 5, 2020
Merged
Conversation
XavierM
added
release_note:skip
Contributor
|
Pinging @elastic/siem (Team:SIEM) |
Contributor
andrew-goldstein
left a comment
andrew-goldstein
left a comment
There was a problem hiding this comment.
I'm wondering if the Inspect view shown in the screenshot below should display the non-existent index/sentinel value:
Pro
- that's really the index being queried
Con
- users may be confused when they see this unknown index
What do you think?
Contributor
Author
Can we say there is
|
Contributor
andrew-goldstein
left a comment
andrew-goldstein
left a comment
There was a problem hiding this comment.
When I exported a timeline from a 7.8 cloud instance with "eventType":"signal", and imported it in this branch, the events filter is blank, per the following screenshot:
I think this is a product of the rename to alerts and not the code in this PR.
Contributor
I like the suggestion of |
…e-without-signal-index
Contributor
Author
|
@elasticmachine merge upstream |
…erM/kibana into bug-event-type-without-signal-index
Contributor
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
andrew-goldstein
approved these changes
Jun 5, 2020
Contributor
andrew-goldstein
left a comment
andrew-goldstein
left a comment
There was a problem hiding this comment.
Thanks for these fixes @XavierM! 🙏
Desk-tested locally:
- against the repro steps in the issue (when no signals index exists in a space)
- against the repro steps in a space where the signals index does exist
- while toggling between
All events/Raw events/Signal eventsfor the two variants above - with an imported timeline that was exported from a
7.8BC where the filter was set to"eventType":"signal" - when navigating from an alert on the detections page to the timeline via the
Investigate in timelineaction
LGTM 🚀
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jun 8, 2020
* master: (57 commits) Add app arch team as owner of datemath package (elastic#66880) [Observability] Landing page for Observability (elastic#67467) [SIEM] Fix timeline buildGlobalQuery (elastic#68320) Optimize saved objects getScopedClient and HTTP API (elastic#68221) [Maps] Fix mb-style interpolate style rule (elastic#68413) update script to always download node (elastic#68421) [SECURITY SOLEIL] Fix selection of event type when no siem index signal created (elastic#68291) [DOCS] Adds note about configuring File Data Visualizer (elastic#68407) [DOCS] Adds link from remote clusters to index patterns (elastic#68406) [QA] slack notify on failure (elastic#68126) upgrade eslint-plugin-react-hooks from 2.3.0 to 4.0.4 (elastic#68295) moving to jira to a gold license (elastic#67178) [DOCS] Revises doc on adding data (elastic#68038) [APM] Add ThemeProvider to support dark mode (elastic#68242) Make welcome screen disabling first action in loginIfPrompted (elastic#68238) [QA] Code coverage: unskip tests, collect tests results, exclude bundles from report (elastic#64477) [ML] Functional tests - disable flaky regression and classification creation test [Alerting] change eventLog ILM requests to absolute URLs (elastic#68331) Report page load asset size (elastic#66224) [SIEM][CASE] Change SIEM to Security (elastic#68365) ...
XavierM
added a commit
to XavierM/kibana
that referenced
this pull request
Jun 8, 2020
…al created (elastic#68291) * fix selection of event type when no siem index signal created * including the term signal for the old timeline * fix import path * Add a specific msg in the inspect modal if we do not have the alert index created * fix import if eventType is siganl to match it to alert * forget to update test * fix signal view Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
XavierM
added a commit
to XavierM/kibana
that referenced
this pull request
Jun 8, 2020
…al created (elastic#68291) * fix selection of event type when no siem index signal created * including the term signal for the old timeline * fix import path * Add a specific msg in the inspect modal if we do not have the alert index created * fix import if eventType is siganl to match it to alert * forget to update test * fix signal view Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
XavierM
added a commit
that referenced
this pull request
Jun 9, 2020
…x signal created (#68291) (#68557) * [SECURITY SOLEIL] Fix selection of event type when no siem index signal created (#68291) * fix selection of event type when no siem index signal created * including the term signal for the old timeline * fix import path * Add a specific msg in the inspect modal if we do not have the alert index created * fix import if eventType is siganl to match it to alert * forget to update test * fix signal view Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> * update translation Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
XavierM
added a commit
that referenced
this pull request
Jun 9, 2020
…al created (#68291) (#68551) * fix selection of event type when no siem index signal created * including the term signal for the old timeline * fix import path * Add a specific msg in the inspect modal if we do not have the alert index created * fix import if eventType is siganl to match it to alert * forget to update test * fix signal view Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
MindyRS
added
the
Team: SecuritySolution
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes an issue where the events filter in Timeline is not filtering-out non signal events.
To reproduce:
All eventstoAlert eventsExpected result
Actual result
Checklist