[Security Solution][Alert details] - bring back last alert status change to flyout #205224
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PhilippeOberti
added
v9.0.0
release_note:feature
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
nastasha-solomon
approved these changes
Jan 2, 2025
michaelolo24
reviewed
Jan 2, 2025
| <FormattedMessage | ||
| id="xpack.securitySolution.flyout.right.about.status.statusHistoryDetails" | ||
| defaultMessage="Alert status updated by {user} on {date}" | ||
| values={{ |
There was a problem hiding this comment.
nit...since there isn't a whole nested tree of components here, but probably best to memoize this entire object or pull out the new Date(statusUpdatedAt) so it's not calculated in the render
There was a problem hiding this comment.
yeah, these are annoying because I have to do the memoization before the return null so I have to do the check there as well... done here!
michaelolo24
approved these changes
Jan 2, 2025
PhilippeOberti
force-pushed
the
alert-details-latest-status-change
branch
from
1a99cc5 to
6df2909
Compare
PhilippeOberti
force-pushed
the
alert-details-latest-status-change
branch
from
6df2909 to
5e8c28c
Compare
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
History
|
|
Starting backport for target branches: 8.x |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 8, 2025
…nge to flyout (elastic#205224) ## Summary Over a year ago, [this PR](elastic#171589) added some information to the alert details flyout, to show when an alert's status (`closed`, `open` or `aknowledged`) had been modified last and by which user. Shortly after, [this follow up PR](elastic#172888) removed the UI from the alert details flyout, as the information wasn't extremely important and was taking some valuable vertical space, pushing down below the `Highlighted fields` section, that users were finding very important. A few months later, we added the ability to persist which of the top sections (`About`, `Investigation`, `Visualizations`, `Insights` and `Response`) were collapsed or expanded. That way the user wouldn't have to always collapse or expand sections they would often don't need. This PR brings back the alert's last status changes to the `About` section, as the vertical space is no longer a big issues, because users can now collapse the entire `About` section. #### If data is not present, the last change UI is not shown  #### If the correct data is shown:  ### How to test - have a few alerts in the alerts table - open the alert details flyout for one alert and change the status (button in the header) - verify that the last status change section is shown in the `About` section ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit a4b1975)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Jan 8, 2025
…us change to flyout (#205224) (#205835) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution][Alert details] - bring back last alert status change to flyout (#205224)](#205224) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Philippe Oberti","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-01-08T04:50:44Z","message":"[Security Solution][Alert details] - bring back last alert status change to flyout (#205224)\n\n## Summary\r\n\r\nOver a year ago, [this\r\nPR](#171589) added some\r\ninformation to the alert details flyout, to show when an alert's status\r\n(`closed`, `open` or `aknowledged`) had been modified last and by which\r\nuser.\r\nShortly after, [this follow up\r\nPR](#172888) removed the UI from\r\nthe alert details flyout, as the information wasn't extremely important\r\nand was taking some valuable vertical space, pushing down below the\r\n`Highlighted fields` section, that users were finding very important.\r\n\r\nA few months later, we added the ability to persist which of the top\r\nsections (`About`, `Investigation`, `Visualizations`, `Insights` and\r\n`Response`) were collapsed or expanded. That way the user wouldn't have\r\nto always collapse or expand sections they would often don't need.\r\n\r\nThis PR brings back the alert's last status changes to the `About`\r\nsection, as the vertical space is no longer a big issues, because users\r\ncan now collapse the entire `About` section.\r\n\r\n#### If data is not present, the last change UI is not shown\r\n\r\n\r\n#### If the correct data is shown:\r\n\r\n\r\n### How to test\r\n\r\n- have a few alerts in the alerts table\r\n- open the alert details flyout for one alert and change the status\r\n(button in the header)\r\n- verify that the last status change section is shown in the `About`\r\nsection\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"a4b1975fced9f5fd6c408401d19b79650a4fc56d","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["v9.0.0","release_note:feature","Team:Threat Hunting:Investigations","backport:version","v8.18.0"],"title":"[Security Solution][Alert details] - bring back last alert status change to flyout","number":205224,"url":"https://github.com/elastic/kibana/pull/205224","mergeCommit":{"message":"[Security Solution][Alert details] - bring back last alert status change to flyout (#205224)\n\n## Summary\r\n\r\nOver a year ago, [this\r\nPR](#171589) added some\r\ninformation to the alert details flyout, to show when an alert's status\r\n(`closed`, `open` or `aknowledged`) had been modified last and by which\r\nuser.\r\nShortly after, [this follow up\r\nPR](#172888) removed the UI from\r\nthe alert details flyout, as the information wasn't extremely important\r\nand was taking some valuable vertical space, pushing down below the\r\n`Highlighted fields` section, that users were finding very important.\r\n\r\nA few months later, we added the ability to persist which of the top\r\nsections (`About`, `Investigation`, `Visualizations`, `Insights` and\r\n`Response`) were collapsed or expanded. That way the user wouldn't have\r\nto always collapse or expand sections they would often don't need.\r\n\r\nThis PR brings back the alert's last status changes to the `About`\r\nsection, as the vertical space is no longer a big issues, because users\r\ncan now collapse the entire `About` section.\r\n\r\n#### If data is not present, the last change UI is not shown\r\n\r\n\r\n#### If the correct data is shown:\r\n\r\n\r\n### How to test\r\n\r\n- have a few alerts in the alerts table\r\n- open the alert details flyout for one alert and change the status\r\n(button in the header)\r\n- verify that the last status change section is shown in the `About`\r\nsection\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"a4b1975fced9f5fd6c408401d19b79650a4fc56d"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/205224","number":205224,"mergeCommit":{"message":"[Security Solution][Alert details] - bring back last alert status change to flyout (#205224)\n\n## Summary\r\n\r\nOver a year ago, [this\r\nPR](#171589) added some\r\ninformation to the alert details flyout, to show when an alert's status\r\n(`closed`, `open` or `aknowledged`) had been modified last and by which\r\nuser.\r\nShortly after, [this follow up\r\nPR](#172888) removed the UI from\r\nthe alert details flyout, as the information wasn't extremely important\r\nand was taking some valuable vertical space, pushing down below the\r\n`Highlighted fields` section, that users were finding very important.\r\n\r\nA few months later, we added the ability to persist which of the top\r\nsections (`About`, `Investigation`, `Visualizations`, `Insights` and\r\n`Response`) were collapsed or expanded. That way the user wouldn't have\r\nto always collapse or expand sections they would often don't need.\r\n\r\nThis PR brings back the alert's last status changes to the `About`\r\nsection, as the vertical space is no longer a big issues, because users\r\ncan now collapse the entire `About` section.\r\n\r\n#### If data is not present, the last change UI is not shown\r\n\r\n\r\n#### If the correct data is shown:\r\n\r\n\r\n### How to test\r\n\r\n- have a few alerts in the alerts table\r\n- open the alert details flyout for one alert and change the status\r\n(button in the header)\r\n- verify that the last status change section is shown in the `About`\r\nsection\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"a4b1975fced9f5fd6c408401d19b79650a4fc56d"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Philippe Oberti <[email protected]>
crespocarlos
pushed a commit
to crespocarlos/kibana
that referenced
this pull request
Jan 8, 2025
…nge to flyout (elastic#205224) ## Summary Over a year ago, [this PR](elastic#171589) added some information to the alert details flyout, to show when an alert's status (`closed`, `open` or `aknowledged`) had been modified last and by which user. Shortly after, [this follow up PR](elastic#172888) removed the UI from the alert details flyout, as the information wasn't extremely important and was taking some valuable vertical space, pushing down below the `Highlighted fields` section, that users were finding very important. A few months later, we added the ability to persist which of the top sections (`About`, `Investigation`, `Visualizations`, `Insights` and `Response`) were collapsed or expanded. That way the user wouldn't have to always collapse or expand sections they would often don't need. This PR brings back the alert's last status changes to the `About` section, as the vertical space is no longer a big issues, because users can now collapse the entire `About` section. #### If data is not present, the last change UI is not shown  #### If the correct data is shown:  ### How to test - have a few alerts in the alerts table - open the alert details flyout for one alert and change the status (button in the header) - verify that the last status change section is shown in the `About` section ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Over a year ago, this PR added some information to the alert details flyout, to show when an alert's status (
closed,openoraknowledged) had been modified last and by which user.Shortly after, this follow up PR removed the UI from the alert details flyout, as the information wasn't extremely important and was taking some valuable vertical space, pushing down below the
Highlighted fieldssection, that users were finding very important.A few months later, we added the ability to persist which of the top sections (
About,Investigation,Visualizations,InsightsandResponse) were collapsed or expanded. That way the user wouldn't have to always collapse or expand sections they would often don't need.This PR brings back the alert's last status changes to the
Aboutsection, as the vertical space is no longer a big issues, because users can now collapse the entireAboutsection.If data is not present, the last change UI is not shown
If the correct data is shown:
How to test
AboutsectionChecklist