[Security Solution] Coverage Overview follow-up #164613
Conversation
dplumlee
added
release_note:skip
banderror
added
bug
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
banderror
force-pushed
the
coverage-overview-follow-up
branch
from
563331b to
e76f800
Compare
|
I started testing the PR, so far:
Will be updating this comment with more findings during review and testing. |
💚 Build Succeeded
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: cc @dplumlee |
There was a problem hiding this comment.
Reviewed the diff and tested the app locally. Can confirm that all the fixes work as expected:
- The "enable rules" button is disabled for read-only users
- The page now has the initial filter of enabled rules and all rule source types
- It looks good in both dark and normal modes, the tile coloring corresponds to the design
- The Nav menu link is now under the "Rules" menu and on the corresponding page, it's not under "Dashboards" anymore
The changes look good, I left a few minor comments but don't want to block the PR from being merged. Feel free to address them in a follow-up PR.
In a comment above I also left a couple of links to the tickets I opened while testing. We will chat if we should include them in the 8.11 scope.
Overall, great PR, thank you @dplumlee for all your efforts! I also took a brief look at the whole implementation and I think it's well done, so a separate thank you for that 👍
| import { | ||
| CoverageOverviewRuleActivity, | ||
| CoverageOverviewRuleSource, | ||
| } from '../../../../../common/api/detection_engine'; | ||
| import * as i18n from './translations'; | ||
|
|
||
| export const coverageOverviewPaletteColors = euiPalettePositive(5); | ||
| export const coverageOverviewPaletteColors = ['#00BFB326', '#00BFB34D', '#00BFB399', '#00BFB3']; |
There was a problem hiding this comment.
Nit: why do we need this as a separate array and why it is exported? It looks like magic numbers in an array.
I think this would be sufficient:
/**
* Rules count -> color map
*
* A corresponding color is applied if rules count >= a specific threshold
*/
export const coverageOverviewCardColorThresholds = [
{ threshold: 10, color: '#00BFB3' },
{ threshold: 7, color: '#00BFB399' },
{ threshold: 3, color: '#00BFB34D' },
{ threshold: 1, color: '#00BFB326' },
];| const subtitle = ( | ||
| <EuiText color="subdued" size="s"> | ||
| <span>{i18n.CoverageOverviewDashboardInformation}</span>{' '} | ||
| <EuiLink | ||
| external={true} | ||
| href={'https://www.elastic.co/'} // TODO: change to actual docs link before release | ||
| rel="noopener noreferrer" | ||
| target="_blank" | ||
| > | ||
| {i18n.CoverageOverviewDashboardInformationLink} | ||
| </EuiLink> | ||
| </EuiText> | ||
| ); |
There was a problem hiding this comment.
Let's extract this to a separate component and memoize it. It's a static component w/o parameters that should be rendered only once.
| <span>{i18n.CoverageOverviewDashboardInformation}</span>{' '} | ||
| <EuiLink | ||
| external={true} | ||
| href={'https://www.elastic.co/'} // TODO: change to actual docs link before release |
There was a problem hiding this comment.
I think it's time to ask the @elastic/security-docs team more actively to provide the URL. Meanwhile, let's change the link to a more specific one, such as https://www.elastic.co/guide/en/security/current/index.html.
Also, let's render the link itself using x-pack/plugins/security_solution/public/common/components/links_to_docs/links_components.tsx - we'd need to add a new link component to this file.
Also, there's packages/kbn-doc-links/src/get_doc_links.ts but I'm not sure if we've ever used it.
| export const getTotalRuleCount = ( | ||
| technique: CoverageOverviewMitreTechnique, | ||
| activity?: CoverageOverviewRuleActivity[] | ||
| ): number => { | ||
| if (!activity) { | ||
| return technique.enabledRules.length + technique.disabledRules.length; | ||
| } | ||
| let totalRuleCount = 0; | ||
| if (activity.includes(CoverageOverviewRuleActivity.Enabled)) { | ||
| totalRuleCount += technique.enabledRules.length; | ||
| } | ||
| if (activity.includes(CoverageOverviewRuleActivity.Disabled)) { | ||
| totalRuleCount += technique.disabledRules.length; | ||
| } | ||
| return totalRuleCount; | ||
| }; |
There was a problem hiding this comment.
This is actually our domain model, it's not just a helper. It's a primitive calculation on CoverageOverviewMitreTechnique, or you could say its "behavior". Since it's highly coupled with CoverageOverviewMitreTechnique, it should be placed closer to this type under x-pack/plugins/security_solution/public/detection_engine/rule_management/model/coverage_overview, or even to the same file.
| export const CoverageOverviewDashboardInformationLink = i18n.translate( | ||
| 'xpack.securitySolution.coverageOverviewDashboard.dashboardInformationLink', | ||
| { | ||
| defaultMessage: 'docs.', |
There was a problem hiding this comment.
Nit: We could reword the sentence so that we don't have to include punctuation in our localization dictionary.
|
@banderror these are good comments, since we're doing a follow-up anyways for the column order I can address them there just to get this merged today 👍 |
(cherry picked from commit 168e3dc)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…4885) # Backport This will backport the following commits from `main` to `8.10`: - [[Security Solution] Coverage Overview follow-up (#164613)](#164613) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-08-25T17:56:55Z","message":"[Security Solution] Coverage Overview follow-up (#164613)","sha":"168e3dc5e979a677186a99d624b3bff0b6cd0545","branchLabelMapping":{"^v8.11.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Feature:Rule Management","Team:Detection Rule Management","v8.10.0","v8.11.0"],"number":164613,"url":"https://github.com/elastic/kibana/pull/164613","mergeCommit":{"message":"[Security Solution] Coverage Overview follow-up (#164613)","sha":"168e3dc5e979a677186a99d624b3bff0b6cd0545"}},"sourceBranch":"main","suggestedTargetBranches":["8.10"],"targetPullRequestStates":[{"branch":"8.10","label":"v8.10.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.11.0","labelRegex":"^v8.11.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/164613","number":164613,"mergeCommit":{"message":"[Security Solution] Coverage Overview follow-up (#164613)","sha":"168e3dc5e979a677186a99d624b3bff0b6cd0545"}}]}] BACKPORT--> Co-authored-by: Davis Plumlee <[email protected]>
|
@dplumlee My UI copy suggestions (note the title has lowercase "coverage" for consistency with other pages in the Rules section of the app, which follow sentence case): MITRE ATT&CK® coverage For the doc link's target, I just created a stub page at https://www.elastic.co/guide/en/security/master/rules-coverage.html. |
banderror
added
release_note:feature
Fixes: #164536
Fixes: #164816
Fixes: #164866
Summary
As well as some other housekeeping items like color and text changes for overall usability and design.
enabledrules and all rule source typesScreenshots
Checklist
Delete any items that are not applicable to this PR.
For maintainers