Closed andrew-goldstein closed 1 week ago
Pinging @elastic/security-solution (Team: SecuritySolution)
Fewer modules leads to a faster build time
id | before | after | diff |
---|---|---|---|
securitySolution |
5485 | 5490 | +5 |
Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app
id | before | after | diff |
---|---|---|---|
securitySolution |
15.3MB | 15.3MB | +10.6KB |
Size of the bundles that are downloaded on every page load. Target size is below 100kb
id | before | after | diff |
---|---|---|---|
securitySolution |
83.5KB | 83.6KB | +114.0B |
To update your PR or re-run it, just comment with:
@elasticmachine merge upstream
cc @andrew-goldstein
Status | Branch | Result |
---|---|---|
❌ | 8.14 | Backport failed because of merge conflicts You might need to backport the following PRs to 8.14: - [Security solution] Add additional properties to attack discovery telemetry (#182249) |
To create the backport manually run:
node scripts/backport --pr 182904
Please refer to the Backport tool documentation
Status | Branch | Result |
---|---|---|
✅ | 8.14 |
Note: Successful backport PRs will be merged automatically after passing CI.
Please refer to the Backport tool documentation
[Security Solution] [Attack discovery] Fixes zero connectors and zero alerts empty states
Summary
This PR fixes usability issues in Attack discovery by displaying an Empty prompt for the "zero connectors" and "zero alerts" states.
The fix for the "no alerts" state required returning an additional stat, the number of alerts sent as context to the LLM:
The
alertsContextCount
stat is now included in telemetry.Desk testing
The
Test setup
section describes how to reproduce the states necessary to desk test this PR in an existing environment.The
Steps to verify
section updates the test environment from zero to one connector. The connector will then be used to test the zero alerts state.Test setup
Testing this fix requires no alerts, and no connectors. This section describes how to reset an existing environment (both the deployment and the browser) to test these states.
Navigate to Security > Alerts
If there are alerts in the last 24 hours, create and login to a new space, because zero alerts are required.
Navigate to Stack Management > Connectors
Delete any
OpenAI
orBedrock
connectors (tagged withGenerative AI for Security
)Remove any pre-configured connectors from
kibana.dev.yml
Clear local storage (to remove any trace of previously selected connectors)
Close all browser tabs with a current session to Kibana (to clear session storage)
Restart Kibana server
Steps to verify
Expected result
Expected result
OpenAI
Expected result
Save
Expected results
Up to 20 alerts will be analyzed
empty state in the following screenshot is displayed:Generate
Expected result
No alerts to analyze
empty state (for zero alerts sent as context to the LLM) is displayed:Generate some alerts
Navigate to Security > Alerts
Expected result
Expected result
Up to 20 alerts will be analyzed
empty state is displayedGenerate
Expected results
Attack discovery in progress
loading callout is displayed