[SIEM] Phase I - Add saved query in SIEM solution #47306

XavierM · 2019-10-04T02:43:52Z

Summary

Add the Kibana SearchBar component in SIEM with saved query functionality.
Include:

Add SearchBar from data pluggins
Update URL state
Update ML link, we need to talk to the ML team to follow our new URL standard who match discover
Update all unit testing
Update cypress tests
Remove dead code

Thanks @lizozom, @Bargs and @TinaHeiligers for your help on this PR, it was really appreciated.

Checklist

Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR.

This was checked for cross-browser compatibility, including a check against IE11
~~[ ] Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support~~
~~[ ] Documentation was added for features that require explanation or tutorials~~
Unit or functional tests were updated or added to match the most common scenarios
~~[ ] This was checked for keyboard-only and screenreader accessibility~~

For maintainers

~~[ ] This was checked for breaking API changes and was labeled appropriately~~
~~[ ] This includes a feature addition or change that requires a release note and was labeled appropriately~~

elasticmachine · 2019-10-04T02:43:54Z

Pinging @elastic/siem (Team:SIEM)

angorayc · 2019-10-14T13:18:14Z

Hey @XavierM ,
thanks for adding the functionality, this is really helpful! I played around with it and found a behaviour that are not exactly the same as discovery.

Input some query in the box
Save it
Open the save query list and apply the new query
Update the query and save it as new query
Open the save query list - Discovery's behaviour is ticking on the new query, but we are ticking on the old one.

XavierM · 2019-10-14T14:32:43Z

Hey @XavierM ,
thanks for adding the functionality, this is really helpful! I played around with it and found a behaviour that are not exactly the same as discovery.

Input some query in the box

Save it

Open the save query list and apply the new query

Update the query and save it as new query

Open the save query list - Discovery's behaviour is ticking on the new query, but we are ticking on the old one.

@angorayc Thank you, just fixed it

spong · 2019-10-14T16:04:53Z

Looks like the z-index is off in the SIEM app as the Saved Queries popover shows above the full page frosting. To be honest, I feel like the Saved Queries popover should just dismiss automatically as that's what it does on initial click within the active popover anyway. May want to open a core bug instead of fixing here?

Discover:

SIEM

x-pack/legacy/plugins/siem/public/components/embeddables/actions/apply_siem_filter_action.tsx

x-pack/legacy/plugins/siem/dev_tools/circular_deps/run_check_circular_deps_cli.js

x-pack/legacy/plugins/siem/public/components/ml/conditional_links/add_entities_to_kql.test.ts

x-pack/legacy/plugins/siem/public/components/ml/conditional_links/rison_helpers.test.ts

x-pack/legacy/plugins/siem/public/components/page/add_to_kql/index.tsx

x-pack/legacy/plugins/siem/public/components/page/hosts/hosts_table/columns.tsx

x-pack/legacy/plugins/siem/public/components/page/network/domains_table/index.test.tsx

elasticmachine · 2019-10-15T15:24:20Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: c0a0608

lizozom

Absoutely LGTM.
I'm going to build on these changes in 7.6.
Thank you for making them!

Integration of the Search Bar component in host and network page Fix state URL with new Search Bar

…+ fix cypress test

…lter

elasticmachine · 2019-10-15T22:17:28Z

💚 Build Succeeded

continuous-integration/kibana-ci/pull-request
Commit: 9359a4e

* Add Search Bar components Integration of the Search Bar component in host and network page Fix state URL with new Search Bar * update unit test * Fix URL state to match Discover + Fix ML to match with new url state + fix cypress test * fix behavior when save as new query * savedQuery - do not try to update date picker when there is no timefilter * fix refresh * some merge issue + fix back to active page to zero * review I * hack to remove lag * fix type

XavierM added release_note:enhancement WIP Work in progress Team:SIEM v8.0.0 v7.5.0 labels Oct 4, 2019

XavierM self-assigned this Oct 4, 2019

XavierM force-pushed the siem-saved-query branch 2 times, most recently from 6f6c9f4 to 890076c Compare October 11, 2019 15:58

XavierM changed the title ~~[SIEM] [skip-ci] Add saved query in SIEM solution~~ [SIEM] Add saved query in SIEM solution Oct 12, 2019

XavierM removed the WIP Work in progress label Oct 12, 2019

XavierM requested a review from lizozom October 13, 2019 02:22

XavierM changed the title ~~[SIEM] Add saved query in SIEM solution~~ [SIEM] Phase I - Add saved query in SIEM solution Oct 13, 2019

XavierM force-pushed the siem-saved-query branch from 8d743b6 to 73deb87 Compare October 14, 2019 14:30

XavierM mentioned this pull request Oct 14, 2019

[ML] [SIEM] update links #48123

Merged

XavierM mentioned this pull request Oct 14, 2019

Looks like the z-index is off In the Saved Queries #48124

Open