search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.69k stars 8.24k forks source link

[Actionable Observability] Add to new and existing cases bulk actions in Alerts page #132207

Closed mgiota closed 2 years ago

mgiota commented 2 years ago

Relates to https://github.com/elastic/kibana/issues/131122

📝 Summary

This PR adds bulk actions for cases in the timelines and security plugins. Currently in o11y Alerts page checkboxes and bulk actions are completely hidden.

Acceptance criteria

  1. Enable checkboxes in Alerts table by removing showCheckboxes prop

  2. Disable status bulk actions. Enabling checkboxes in Step 1 above will make Mark as Acknowledged and Mark as Closed options enabled by default. This PR introduces a new flag to turn status bulk actions off. Pass this prop to the tGrid table

bulkActions: {
        alertStatusActions: false,
}
  1. Pass a new customBulkActions prop that was introduced as part of this PR
bulkActions: {
        alertStatusActions: false,
        customBulkActions: [
          {
            label: ADD_TO_NEW_CASE,
            key: 'attach-new-case',
            'data-test-subj': 'attach-new-case',
            disableOnQuery: true,
            disabledLabel: ADD_TO_CASE_DISABLED,
            onClick: (items?) => {
              const caseAttachments = [];
              createCaseFlyout.open({ attachments: caseAttachments });
            },
          },
          {
            label: ADD_TO_EXISTING_CASE, 
            key: 'attach-existing-case',
            disableOnQuery: true,
            disabledLabel: ADD_TO_CASE_DISABLED,
            'data-test-subj': 'attach-existing-case',
            onClick: (items?) => {
              const caseAttachments = [];
              selectCaseModal.open({ attachments: caseAttachments });
            },
          },
        ],
       }
}

Suggestion

As a next step we could make add to new case and add to existing case bulk actions appear by default in the timelines plugin since both consumers, security_solution and observability, want to show these bulk actions by default. We could add a new flag to switch them off similar to how status bulk actions are built:

bulkActions: {
        caseActions: false,
}

This is the code that needs be moved inside the timelines plugin if we want to follow this approach. The introduction of customBulkActions could be used in case a consumer wants to add extra bulk actions.

mgiota commented 2 years ago

This commit https://github.com/elastic/kibana/pull/130958/commits/bd0042ee5da3e042c67cb265163d5701390ff72c adds case bulk actions in o11y. According to Response Ops their open PR (where I pushed the fix) will be merged end of this week / latest beginning next week. They are waiting for another feature, the alerts table, to be merged first, before they merge the bulk actions

https://user-images.githubusercontent.com/2852703/168565011-3564c192-e9a1-4b64-bcbd-01aa0d072549.mov