Open JordanSh opened 3 months ago
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security)
@JordanSh Can you elaborate more on the need for exposing our APIs? I was thinking if we could use the existing Security Data View to query this date, but not sure how the flyout works exactly and if that's feasible
@JordanSh Can you elaborate more on the need for exposing our APIs? I was thinking if we could use the existing Security Data View to query this date, but not sure how the flyout works exactly and if that's feasible
The idea was to use our latest findings APIs instead of manually querying the data view. Since the Alerts detail flyout suppose to display the latest findings table, filtered by the shown entity, my assumption was that we would have the exact same fetching for both the alerts findings table, and our findings table.
Meaning we could reuse our own APIs which are already tested and integrate with our table component (which we would like to explore the option of sharing it as well). This will save us the trouble of maintaining and testing duplicate code.
The main problem I anticipate is cyclic dependencies, though there are ways around it. I thought that making a POC and understanding the pros and cons for this approach is needed
ticket refactor looks great @maxcold. R Regarding cyclic dependencies, of course I trust you to do your own research, but if you want you can also take a look at this PR which i ended up closing because i managed to avoid a solution which revolved around cyclic deps, but it might be valuable for your research
Summary:
as a part of https://github.com/elastic/security-team/issues/9015 and https://github.com/elastic/security-team/issues/9137 we need to show components related to CSP in the context of
security_solution
plugin. Specifically, we have:host.name
anduser.name
host.name
anduser.name
Specific data that we are concerned for these epics:
status/
API. We also might need to cover 3rd party integrations and data stream/index statuses thereIn this issue
API
means any programmatic interface that can be shared: REST APIs over HTTP, services encapsulating data fetching, set of hooks or other components shared across plugins, etc.The strategic questions we want to answer in this ticket:
security_solution
andcloud_security_posture
plugins? The ideal state is that we reduce the number of places to update to a minimum. Situation to avoid: disconnected code path across multiple plugins doing things differentlysecurity_solution
andcloud_security_posture
plugins. See related PR where this challenge surfaced and explored for PLI componentMore specific questions to answer:
security_soltuion
andcloud_security_posture
pluginDefinition of Done: