[Security Solution] [Fix] Row Renderer + Notes in Flyout #186948

logeekal · 2024-06-26T06:47:30Z

Summary

This PR introduces below mentioned 3 changes:

Row Renderer Switch

A quick switch to switch on/off all the row-renderers without going into settings.

Caution

This is only available with feature flag unifiedComponentsInTimelineEnabled

row_renderer_switch.mp4

Notes in a separate Flyout

Notes do not appear inline anymore. They are now part of separate Flyout.
This Change also introduces a notification dot to highlight that existing notes are available.

notes_flyout_notification_dot.mp4

Color Distinction between enabled/disabled Row Renderers.

Previously it was difficult to see what row renderers are available and what are not. This change introduces a small color distinction.

row_renderer_enable_disable_color.mp4

Desk Testing

Please desk test following functionalities with AND without below feature flag:

Add Note
Cancel when adding note.
Create a new timeline
Load saved timeline
Change from one timeline to other
Open Timeline page directly with saved timeline in the address bar.

In all above scenarios row renders and notes should be shown as expected.

xpack.securitySolution.enableExperimental:
  - unifiedComponentsInTimelineEnabled

logeekal · 2024-06-27T12:14:42Z

/ci

elasticmachine · 2024-06-27T12:19:49Z

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

PhilippeOberti

code looks good overall! I left a few minor comments.

As you know we'll have a few conflicts once this PR is merged (I'm waiting on the build to finish) then will come back test this PR again

x-pack/plugins/security_solution/public/common/components/header_actions/add_note_icon_item.tsx

x-pack/plugins/security_solution/public/common/components/header_actions/translations.ts

PhilippeOberti · 2024-06-28T07:57:00Z

x-pack/plugins/security_solution/public/common/components/header_actions/translations.ts

+  'xpack.securitySolution.timeline.body.notes.addNote.singleNoteAvailableTooltip',
+  {
+    defaultMessage: '1 note available. Click to Add more.',
+  }
+);
+
+export const NOTES_TOOLTIP_ADD_NOTE_MULTIPLE_NOTES_AVAILABLE = ({
+  notesCount,
+}: {
+  notesCount: number;
+}) =>
+  i18n.translate(
+    'xpack.securitySolution.timeline.body.notes.addNote.multipleNotesAvailableTooltip',
+    {
+      values: { notesCount },
+      defaultMessage: '{notesCount} note available. Click to Add more.',
+    }


like I mentioned in a previous comment, you could have a single translation done like this one?

x-pack/plugins/security_solution/public/timelines/components/row_renderer_switch/index.tsx

x-pack/plugins/security_solution/public/timelines/components/timeline/properties/helpers.tsx

...k/plugins/security_solution/public/timelines/components/timeline/properties/notes_flyout.tsx

...y_solution/public/timelines/components/timeline/tabs/shared/use_timeline_control_columns.tsx

x-pack/plugins/security_solution/public/timelines/components/row_renderer_switch/index.tsx

...ecurity_solution/public/timelines/components/row_renderers_browser/row_renderers_browser.tsx

...lugins/security_solution/public/timelines/components/timeline/body/events/stateful_event.tsx

...ins/security_solution/public/timelines/components/timeline/properties/use_notes_in_flyout.ts

x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/pinned/index.tsx

...curity_solution/public/timelines/components/timeline/unified_components/data_table/index.tsx

logeekal · 2024-07-02T10:18:46Z

09eeb10 : @kqualters-elastic and @PhilippeOberti . Please take a look at this commit. I have changed document-id-1 to 1 so that it aligns with mockTimelineData

logeekal · 2024-07-02T11:24:37Z

@PhilippeOberti , here is a fix for the Pin issue that you mentioned : 82531c1. One issue I still see is that the width of action bar in explore table is not adjusted based on the securitySolutionNotesEnabled flag. Please take a look.

FYI @michaelolo24, I added a new flag for toggling pin action.

x-pack/plugins/security_solution/common/types/header_actions/index.ts

PhilippeOberti

thanks for making all the changes asked, the code LGTM now but maybe we should wait for @michaelolo24 's re-review before merging as he's been also focusing on the row renderers which I have not?

I pulled down the latest code and tested all possible combinations of the 3 feature flags (securitySolutionNotesEnabled, expandableFlyoutDisabled and unifiedComponentsInTimelineEnabled) and it all looks good to me now for the alerts page, timeline, the explore pages and the alerts table in cases!

Awesome job!

logeekal · 2024-07-02T12:28:32Z

...lution/public/timelines/components/timeline/tabs/query/query_tab_unified_components.test.tsx

+            /*
+             * Above event is alert and not an event but `getEventType` in
+             *x-pack/plugins/security_solution/public/timelines/components/timeline/body/helpers.tsx
+             * returns it has event and not an alert even though, it has event.kind as signal.
+             * Need to see if it is okay
+             *


@michaelolo24, need your opinion here. What do you think.

Hey, it's not ideal, but I'm not going to ask you to rebuild to update the mock to match the 8.0+ data since that might have unintended consequences elsewhere. Also, the getEventType helper could probably also check for the signal case, but once again...no idea what unintended consequences would happen elsewhere. Thanks for the comment though, will help if/when we get to updating all of this!

I'm not going to ask you to rebuild to update the mock to match the 8.0+ data

I thought about doing that but that does not help us much in test scenarios.

Also, the getEventType helper could probably also check for the signal case

that is the most strange thing. I think we should correct this function and then one of the test will fail. For now it is okay.

kibana-ci · 2024-07-02T12:58:54Z

💔 Build Failed

Failed CI Steps

Test Failures

[job] [logs] Jest Tests #1 / Actions Pin action should show pin Action by when disablePinAction = false
[job] [logs] Jest Tests #1 / Actions Pin action should show pin Action by when disablePinAction = false
[job] [logs] Jest Tests #1 / AddEventNoteAction display notes button should render button correctly when multiple notes exist
[job] [logs] Jest Tests #1 / AddEventNoteAction display notes button should render button correctly when multiple notes exist
[job] [logs] Jest Tests #1 / AddEventNoteAction display notes button should render button correctly when single note exists
[job] [logs] Jest Tests #1 / AddEventNoteAction display notes button should render button correctly when single note exists
[job] [logs] Jest Tests #9 / helpers getPinTooltip it indicates the alert is NOT pinned when isPinned is false and the alert has notes
[job] [logs] Jest Tests #9 / helpers getPinTooltip it indicates the alert is NOT pinned when isPinned is false and the alert has notes
[job] [logs] Jest Tests #9 / helpers getPinTooltip it indicates the event is NOT pinned when isPinned is false and the event has notes
[job] [logs] Jest Tests #9 / helpers getPinTooltip it indicates the event is NOT pinned when isPinned is false and the event has notes
[job] [logs] Jest Tests #9 / query tab with unified timeline Leading actions - notes securitySolutionNotesEnabled = false expandableFlyoutDisabled = false should have the notification dot & correct tooltip
[job] [logs] Jest Tests #9 / query tab with unified timeline Leading actions - notes securitySolutionNotesEnabled = false expandableFlyoutDisabled = false should have the notification dot & correct tooltip
[job] [logs] Jest Tests #9 / query tab with unified timeline Leading actions - notes securitySolutionNotesEnabled = false expandableFlyoutDisabled = true should have the notification dot & correct tooltip
[job] [logs] Jest Tests #9 / query tab with unified timeline Leading actions - notes securitySolutionNotesEnabled = false expandableFlyoutDisabled = true should have the notification dot & correct tooltip
[job] [logs] Jest Tests #9 / query tab with unified timeline Leading actions - notes securitySolutionNotesEnabled = true expandableFlyoutDisabled = false should have the notification dot & correct tooltip
[job] [logs] Jest Tests #9 / query tab with unified timeline Leading actions - notes securitySolutionNotesEnabled = true expandableFlyoutDisabled = false should have the notification dot & correct tooltip
[job] [logs] Jest Tests #9 / query tab with unified timeline Leading actions - notes securitySolutionNotesEnabled = true expandableFlyoutDisabled = true should have the notification dot & correct tooltip
[job] [logs] Jest Tests #9 / query tab with unified timeline Leading actions - notes securitySolutionNotesEnabled = true expandableFlyoutDisabled = true should have the notification dot & correct tooltip
[job] [logs] Jest Tests #9 / Timeline note middleware should persist a note on an event of a timeline
[job] [logs] Jest Tests #9 / Timeline note middleware should persist a note on an event of a timeline

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
`securitySolution`	5588	5592	+4

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
`securitySolution`	15.6MB	15.6MB	+8.0KB

History

💛 Build #218981 was flaky 801c314
💚 Build #218809 succeeded 78662ba
💛 Build #218759 was flaky a5aea78
💛 Build #218733 was flaky b22a155

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

michaelolo24 · 2024-07-02T13:08:19Z

One thing I noticed... you can open the expandable flyout and the investigation query modal for the alert from the note and this happened:

Expandable flyout:

Investigation query:

@PhilippeOberti thoughts on closing the notes flyout when the alert/event is opened from the note? We will need to show the investigation query modal though as that adds to the note

PhilippeOberti · 2024-07-02T13:15:45Z

One thing I noticed... you can open the expandable flyout and the investigation query modal for the alert from the note and this happened:

@PhilippeOberti thoughts on closing the notes flyout when the alert/event is opened from the note? We will need to show the investigation query modal though as that adds to the note

it can be a bit annoying, but I'm also worried about building some fancy logic to check if the flyout is open and close it, but some pretty unlikely scenario where users would do this...
I don't really have strong opinions on it yet, but I'm tempted to say let's not fix this... it's easy for the users to just the notes flyout...

logeekal · 2024-07-02T13:17:17Z

I don't really have strong opinions on it yet, but I'm tempted to say let's not fix this... it's easy for the users to just the notes flyout...

I agree. It might make sense for users to decide if they want to close notes flyout andgot working on a new workflow.

But great catch.

michaelolo24 · 2024-07-02T13:57:48Z

Yea, I agree, just note that for the alerts flyout that's fine, but for the investigation query, if you close the notes flyout, it also closes the investigation query modal. How many people use that workflow, I'm not sure, but it's not really usable while the notes flyout is open.

logeekal · 2024-07-02T15:15:29Z

Ohh that is a bummer...

Yea, I agree, just note that for the alerts flyout that's fine, but for the investigation query, if you close the notes flyout, it also closes the investigation query modal. How many people use that workflow, I'm not sure, but it's not really usable while the notes flyout is open.

Do you mind creating an issue where we can have more discussion on what should we do?

michaelolo24

Really nice work with these changes! Excited for users to get their hands on it 👍🏾

logeekal added 8 commits June 18, 2024 15:21

incremental save - POC working

4d7910e

fix: switch complete

2d42fd6

add notes notification badge

87872b8

notes incremental. Tests remaining

5f3e069

notes refactoring

c8f1e72

regorg: note action

2c7d0c4

Merge branch 'main' into feat/switch_row_renderer

9dce6df

fix: tests and types

5e749be

logeekal added Team:Threat Hunting:Investigations Security Solution Investigations Team release_note:feature Makes this part of the condensed release notes backport:skip This commit does not require backporting labels Jun 27, 2024

logeekal marked this pull request as ready for review June 27, 2024 12:19

logeekal requested review from a team as code owners June 27, 2024 12:19

logeekal added 4 commits June 27, 2024 14:20

tests: showNotes

c58b725

fix: remove inline notes old timeline|

27678bc

translation: fix

611e828

translation: fix

40483b3

PhilippeOberti reviewed Jun 28, 2024

View reviewed changes

logeekal added 7 commits June 28, 2024 10:32

some tests + grooming

b4a4723

fix: jest tests + types

cc5a808

fix: default row renderer IDs

47c6ad2

Merge branch 'main' into feat/switch_row_renderer

857cf7d

fix: remove callback in favor of dispatch

a47d280

fix: notes flyout with global scope

04b1e92

add notes flyout to all tabs

5e78572

michaelolo24 reviewed Jun 28, 2024

View reviewed changes

...y_solution/public/timelines/components/timeline/tabs/shared/use_timeline_control_columns.tsx Show resolved Hide resolved

fix + housekeeping

67d3e64