Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Alerts][Non-ECS] Improve alert flows non-ECS mapped field UX #171059

Open
yctercero opened this issue Nov 10, 2023 · 2 comments
Open

[Alerts][Non-ECS] Improve alert flows non-ECS mapped field UX #171059

yctercero opened this issue Nov 10, 2023 · 2 comments
Assignees
@lgestc
Labels
enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team

Comments

@yctercero
Copy link
Contributor

yctercero commented Nov 10, 2023
edited
Loading

Describe the feature:

There's been a number of issues filed around the user experience for interacting with non ECS fields in our flows. In the UI we allow users to filter and search using non-ECS fields, but doing so breaks the alerts table as our APIs do not support this.

Some issues that have been filed related to this issue - #136351, #166168.

After discussing our options, a proposed solution is as follows:

  • If a field is unmapped:
    • do not show action options to filter field in/out
    • show a new option to add the field as a runtime field

This way, we are guiding the user towards a solution, not simply blocking or taking away functionality.

Areas that would need updating:

  • Hover actions in alerts table, alerts details flyout
Screenshot 2023-11-10 at 10 38 42 AM Screenshot 2023-11-10 at 1 37 45 PM
@yctercero yctercero added enhancement New value added to drive a business result Team:Detections and Resp Security Detection Response Team Team:Threat Hunting Security Solution Threat Hunting Team Feature:Detection Alerts Security Solution Detection Alerts Feature Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Detection Engine Security Solution Detection Engine Area labels Nov 10, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

This was referenced Dec 20, 2023
Open
Open
Open
Open
@lgestc lgestc self-assigned this Apr 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lgestc lgestc

Labels
enhancement New value added to drive a business result Feature:Detection Alerts Security Solution Detection Alerts Feature Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team Team:Threat Hunting:Investigations Security Solution Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yctercero @lgestc @elasticmachine