[RAC][Alert Triage] Alert Details

spong commented 3 years ago

Description

This issue is for the generification of the Alert Details component used within the Alert Triage workflow on the main Security Detections page and Rule Details page. The Alert Details component is displays

Icon on Alerts Table

Summary

Table

JSON View

Note: Current bug with syntax highlighting

Re-usable implementation with custom renderer as leveraged within Observability

Note: This mock leverages both the custom renderer and a Previous/Next Alert functionality for quick switching between remaining alerts within the Alerts table (captured as Interface Outputs below).

Interface

Inputs

Source alert
.alerts index
Summary renderer (for custom rendering)
Configuration
- Selected view
- Filter for table view
  Outputs
Next alert selection
Previous alert selection
Add column to alerts table
Page-level KQL query, filters, and daterange (filters + histogram scrub from hover actions)

API Requirements

Generic query API for fetching documents from the .alerts index for Top-N feature.

Destination Plugin/Package 🏠

Perhaps generic shared component package or dedicated timeline plugin/package.

Existing Source

Exists as EventDetailsPanelComponent within the Security Solution, and to be integrated alongside the Alerts Table https://github.com/elastic/kibana/issues/93873.

elasticmachine commented 3 years ago

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

elasticmachine commented 3 years ago

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

elasticmachine commented 3 years ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 3 years ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

katrin-freihofner commented 3 years ago

Here is an update of the details flyout for Observability Observability Alerting - User journeys@2x

Wireframes

elastic / kibana