opensearch-project / security-analytics-dashboards-plugin

Front end (UI) plugin to support security-analytics
Apache License 2.0
10 stars 47 forks source link

[UX] First time user experience improvements in Security Analytics #740

Open xeniatup opened 1 year ago

xeniatup commented 1 year ago

Is your feature request related to a problem? Based on the findings from the usability study on First time user experience with Security Analytics we propose a number of improvements to help users to onboard the plugin. The definition of "onboard" is having a threat detector for a data source. User navigates to “Create detector” page from the Overview page or by using the plugin navigation menu (Detectors → Create detector).

  1. The plugin landing page (Overview) doesn’t provide the guidance clear enough on how to proceed in order of priority.
  2. The “Create detector” flow is very complex and users might not know what fields they are supposed to fill and how.
  3. The “Field mappings” part is confusing.
  4. It might be difficult to find the end of the flow and figure out the status of the detector that has been just created.

Update in User Experience

Overview page

  1. We propose to improve the visibility of “Create detector” CTA on the page by adding it as a primary button to the header and to the empty state of the "Findings and alert count" section. (OuiPageHeader, OuiEmptyPrompt).
  2. The content of the “Getting started” popover is updated to provide the hierarchy of the buttons and emphasize the “Create detector".
Screenshot 2023-10-04 at 12 30 40 PM Screenshot 2023-10-04 at 12 32 10 PM

Create threat detector flow

Step 1 - Define detector

Screenshot 2023-10-04 at 12 38 39 PM Screenshot 2023-10-04 at 12 42 07 PM Screenshot 2023-10-04 at 12 41 29 PM Screenshot 2023-10-04 at 12 42 58 PM

Step 2 - Alert trigger

Screenshot 2023-10-04 at 12 44 44 PM Screenshot 2023-10-02 at 4 59 18 PM Screenshot 2023-10-02 at 4 59 48 PM

Step 3 - Review detector

We propose to remove the review step for the detector to address the potential point for confusion and reduce complexity of the flow.

Messaging on detector creation

Screenshot 2023-10-04 at 12 48 18 PM Screenshot 2023-10-03 at 9 38 04 AM
kgcreative commented 1 year ago

@xeniatup -- do we have a target release for this? Can we link it to any ongoing PRs?

xeniatup commented 1 year ago

@kgcreative I believe we're targeting 2.11 with this. Here is the corresponding PR: https://github.com/opensearch-project/security-analytics-dashboards-plugin/pull/738

dblock commented 4 months ago

Did this ship in 2.11? Can we close it?

Catch All Triage - 1 2 3 4 5

xeniatup commented 4 months ago

cc @amsiglan