search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.35k stars 7.98k forks source link

[Security Solution] [Attack discovery] Fixes zero connectors and zero alerts empty states #182904

Closed andrew-goldstein closed 1 week ago

andrew-goldstein commented 1 week ago

[Security Solution] [Attack discovery] Fixes zero connectors and zero alerts empty states

Summary

This PR fixes usability issues in Attack discovery by displaying an Empty prompt for the "zero connectors" and "zero alerts" states.

no_connectors_empty_prompt

no_alerts_to_analyze

The fix for the "no alerts" state required returning an additional stat, the number of alerts sent as context to the LLM:

alertsContextCount

The alertsContextCount stat is now included in telemetry.

Desk testing

The Test setup section describes how to reproduce the states necessary to desk test this PR in an existing environment.

The Steps to verify section updates the test environment from zero to one connector. The connector will then be used to test the zero alerts state.

Test setup

Testing this fix requires no alerts, and no connectors. This section describes how to reset an existing environment (both the deployment and the browser) to test these states.

  1. Navigate to Security > Alerts

  2. If there are alerts in the last 24 hours, create and login to a new space, because zero alerts are required.

  3. Navigate to Stack Management > Connectors

  4. Delete any OpenAI or Bedrock connectors (tagged with Generative AI for Security)

  5. Remove any pre-configured connectors from kibana.dev.yml

  6. Clear local storage (to remove any trace of previously selected connectors)

  7. Close all browser tabs with a current session to Kibana (to clear session storage)

  8. Restart Kibana server

Steps to verify

  1. Navigate to Security > Alerts

Expected result

  1. Navigate to Security > Attack discovery

Expected result

no_connectors_empty_prompt

  1. Click OpenAI

Expected result

  1. Enter the new connector details, and then click Save

Expected results

up_to_n_alerts_will_be_analyzed

  1. Click Generate

Expected result

no_alerts_to_analyze

  1. Generate some alerts

  2. Navigate to Security > Alerts

Expected result

  1. Once again, navigate to Security > Attack discovery

Expected result

  1. Once again, click Generate

Expected results

elasticmachine commented 1 week ago

Pinging @elastic/security-solution (Team: SecuritySolution)

kibana-ci commented 1 week ago

:green_heart: Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 5485 5490 +5

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 15.3MB 15.3MB +10.6KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 83.5KB 83.6KB +114.0B

History

To update your PR or re-run it, just comment with: @elasticmachine merge upstream

cc @andrew-goldstein

kibanamachine commented 1 week ago

💔 All backports failed

Status Branch Result
8.14 Backport failed because of merge conflicts

You might need to backport the following PRs to 8.14:
- [Security solution] Add additional properties to attack discovery telemetry (#182249)

Manual backport

To create the backport manually run:

node scripts/backport --pr 182904

Questions ?

Please refer to the Backport tool documentation

andrew-goldstein commented 1 week ago

💚 All backports created successfully

Status Branch Result
8.14

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation