Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solutions] Update risk score tables to filter by timerange #168826

Merged
merged 9 commits into from
Oct 19, 2023
Merged

[Security Solutions] Update risk score tables to filter by timerange #168826

merged 9 commits into from
Oct 19, 2023

Conversation

machadoum
Copy link
Member

@machadoum machadoum commented Oct 13, 2023
edited
Loading

issue: #162451

Summary

  • Update Entity analytics dashboard to filter by timerange and to display timestamp field
  • Update Users risk score tab to filter by timerange and to display timestamp field
  • Update Hosts risk score tab to filter by timerange and to display timestamp field
  • Delete tooltip that used to warn users that risk tables din't filter by timerange
Screenshot 2023-10-13 at 11 54 19 Screenshot 2023-10-13 at 11 54 38 Screenshot 2023-10-13 at 11 54 53

How to test

  • Create alerts and enable the risk engine
  • Check if the Entity analytics dashboard filters by timerange
  • Check if the Users risk score tab filters by timerange
  • Check if the Hosts risk score tab filters by timerange
  • Check if the risk score on top of the user details page does NOT filter by timerange
  • Check if the risk score inside flyouts (Alerts, users and hosts) does NOT filter by timerange
  • Check if the info tooltips about the timerange filter were removed

Checklist

@machadoum machadoum self-assigned this Oct 13, 2023
@machadoum machadoum added release_note:enhancement Theme: entity_analytics Feature:Entity Analytics Security Solution Entity Analytics features Team:Threat Hunting Security Solution Threat Hunting Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.12.0 labels Oct 13, 2023
@machadoum machadoum marked this pull request as ready for review October 13, 2023 10:16
@machadoum machadoum requested review from a team as code owners October 13, 2023 10:16
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@machadoum
Copy link
Member Author

@elasticmachine merge upstream

rylnd
rylnd reviewed Oct 13, 2023
View reviewed changes
Copy link
Contributor

@rylnd rylnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had one brief question about the code changes that I didn't quite understand; apologies if it's obvious.

I reviewed the code and it looks good; I am holding off on approving because I haven't had a chance to smoke test this myself. I will do so Monday if this still needs review, then.

x-pack/plugins/security_solution/public/overview/components/user_overview/index.tsx Show resolved Hide resolved
@rylnd rylnd requested review from nkhristinin and angorayc October 17, 2023 16:27
rylnd
rylnd approved these changes Oct 18, 2023
View reviewed changes
Copy link
Contributor

@rylnd rylnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed code last week; smoke tested and read through cypress tests today. LGTM.

@angorayc
Copy link
Contributor

angorayc commented Oct 18, 2023
edited
Loading

I've tested locally and verified that the risk score respects selected time range. 👍

Screenshot 2023-10-18 at 21 45 30
Screen.Recording.2023-10-18.at.21.45.50.mov

Some observation is that in host details page, I could see host.risk.caculated_level instead of Host Risk Level in the column title. I'd expect to see Unknown in the cell values. Please check if this is expected behaviour.

Screenshot 2023-10-18 at 21 46 13

@machadoum
Copy link
Member Author

Screenshot 2023-10-18 at 21 46 13

Hey Angela, thank you for the careful review!

I understand that this feature might be confusing. The risk engine enhances the alert document with the current user/host risk score on alert creation. It means that the first alerts won't have the user/host risk score because the risk score is calculated later. The alert document also stores the field with its original name "user.risk.calculated_level" and has no descriptive label. Here is the ticket that implemented the feature #139478

@machadoum machadoum enabled auto-merge (squash) October 19, 2023 09:15
@kibana-ci
Copy link
Collaborator

kibana-ci commented Oct 19, 2023
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] Serverless Osquery Cypress Tests #3 / ALL - Live Query should run multiline query should run multiline query

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.0MB 13.0MB -1.3KB
Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 456 454 -2

Total ESLint disabled count

id before after diff
securitySolution 523 521 -2

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @machadoum

@machadoum machadoum merged commit e12cfc1 into elastic:main Oct 19, 2023
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Oct 19, 2023
@machadoum machadoum mentioned this pull request Oct 23, 2023
Merged
machadoum added a commit to machadoum/kibana that referenced this pull request Oct 23, 2023
@machadoum
[Security Solutions] Update risk score tables to filter by timerange (e…
08680f7 
…lastic#168826)

issue: elastic#162451

## Summary

* Update Entity analytics dashboard to filter by timerange and to
display timestamp field
* Update Users risk score tab to filter by timerange and to display
timestamp field
* Update Hosts risk score tab to filter by timerange and to display
timestamp field
* Delete tooltip that used to warn users that risk tables din't filter
by timerange

<img width="1501" alt="Screenshot 2023-10-13 at 11 54 19"
src="https://github.com/elastic/kibana/assets/1490444/a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf">
<img width="1506" alt="Screenshot 2023-10-13 at 11 54 38"
src="https://github.com/elastic/kibana/assets/1490444/78f59c54-9210-4d09-8e22-bdab1b2103c5">
<img width="1497" alt="Screenshot 2023-10-13 at 11 54 53"
src="https://github.com/elastic/kibana/assets/1490444/35c19ee4-3cbc-42f5-96c1-1c63dc47300b">

### How to test
* Create alerts and enable the risk engine
* Check if the Entity analytics dashboard filters by timerange
* Check if the Users risk score tab filters by timerange
* Check if the Hosts risk score tab filters by timerange
* Check if the risk score on top of the user details page does NOT
filter by timerange
* Check if the risk score inside flyouts (Alerts, users and hosts) does
NOT filter by timerange
* Check if the info tooltips about the timerange filter were removed

### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

(cherry picked from commit e12cfc1)

# Conflicts:
#	x-pack/plugins/security_solution/public/explore/containers/risk_score/kpi/index.tsx
#	x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts
machadoum added a commit that referenced this pull request Oct 25, 2023
@machadoum
[8.11] [Security Solutions] Update risk score tables to filter by tim…
0fea774 
…erange (#168826) (#169502)

# Backport

This will backport the following commits from `main` to `8.11`:
- [[Security Solutions] Update risk score tables to filter by timerange
(#168826)](#168826)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Pablo
Machado","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-10-19T10:30:28Z","message":"[Security
Solutions] Update risk score tables to filter by timerange
(#168826)\n\nissue:
https://github.com/elastic/kibana/issues/162451\r\n\r\n##
Summary\r\n\r\n* Update Entity analytics dashboard to filter by
timerange and to\r\ndisplay timestamp field\r\n* Update Users risk score
tab to filter by timerange and to display\r\ntimestamp field\r\n* Update
Hosts risk score tab to filter by timerange and to display\r\ntimestamp
field\r\n* Delete tooltip that used to warn users that risk tables din't
filter\r\nby timerange\r\n\r\n\r\n<img width=\"1501\" alt=\"Screenshot
2023-10-13 at 11 54
19\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\">\r\n<img
width=\"1506\" alt=\"Screenshot 2023-10-13 at 11 54
38\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/78f59c54-9210-4d09-8e22-bdab1b2103c5\">\r\n<img
width=\"1497\" alt=\"Screenshot 2023-10-13 at 11 54
53\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/35c19ee4-3cbc-42f5-96c1-1c63dc47300b\">\r\n\r\n\r\n\r\n###
How to test\r\n* Create alerts and enable the risk engine\r\n* Check if
the Entity analytics dashboard filters by timerange\r\n* Check if the
Users risk score tab filters by timerange\r\n* Check if the Hosts risk
score tab filters by timerange\r\n* Check if the risk score on top of
the user details page does NOT\r\nfilter by timerange\r\n* Check if the
risk score inside flyouts (Alerts, users and hosts) does\r\nNOT filter
by timerange\r\n* Check if the info tooltips about the timerange filter
were removed\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added
follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"e12cfc157ec255a2d3655168c0ec0a08182ac444","branchLabelMapping":{"^v8.12.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","backport:skip","Team:Threat
Hunting","Team: SecuritySolution","Theme:
entity_analytics","Feature:Entity
Analytics","v8.12.0"],"number":168826,"url":"https://github.com/elastic/kibana/pull/168826","mergeCommit":{"message":"[Security
Solutions] Update risk score tables to filter by timerange
(#168826)\n\nissue:
https://github.com/elastic/kibana/issues/162451\r\n\r\n##
Summary\r\n\r\n* Update Entity analytics dashboard to filter by
timerange and to\r\ndisplay timestamp field\r\n* Update Users risk score
tab to filter by timerange and to display\r\ntimestamp field\r\n* Update
Hosts risk score tab to filter by timerange and to display\r\ntimestamp
field\r\n* Delete tooltip that used to warn users that risk tables din't
filter\r\nby timerange\r\n\r\n\r\n<img width=\"1501\" alt=\"Screenshot
2023-10-13 at 11 54
19\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\">\r\n<img
width=\"1506\" alt=\"Screenshot 2023-10-13 at 11 54
38\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/78f59c54-9210-4d09-8e22-bdab1b2103c5\">\r\n<img
width=\"1497\" alt=\"Screenshot 2023-10-13 at 11 54
53\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/35c19ee4-3cbc-42f5-96c1-1c63dc47300b\">\r\n\r\n\r\n\r\n###
How to test\r\n* Create alerts and enable the risk engine\r\n* Check if
the Entity analytics dashboard filters by timerange\r\n* Check if the
Users risk score tab filters by timerange\r\n* Check if the Hosts risk
score tab filters by timerange\r\n* Check if the risk score on top of
the user details page does NOT\r\nfilter by timerange\r\n* Check if the
risk score inside flyouts (Alerts, users and hosts) does\r\nNOT filter
by timerange\r\n* Check if the info tooltips about the timerange filter
were removed\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added
follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"e12cfc157ec255a2d3655168c0ec0a08182ac444"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.12.0","labelRegex":"^v8.12.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/168826","number":168826,"mergeCommit":{"message":"[Security
Solutions] Update risk score tables to filter by timerange
(#168826)\n\nissue:
https://github.com/elastic/kibana/issues/162451\r\n\r\n##
Summary\r\n\r\n* Update Entity analytics dashboard to filter by
timerange and to\r\ndisplay timestamp field\r\n* Update Users risk score
tab to filter by timerange and to display\r\ntimestamp field\r\n* Update
Hosts risk score tab to filter by timerange and to display\r\ntimestamp
field\r\n* Delete tooltip that used to warn users that risk tables din't
filter\r\nby timerange\r\n\r\n\r\n<img width=\"1501\" alt=\"Screenshot
2023-10-13 at 11 54
19\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\">\r\n<img
width=\"1506\" alt=\"Screenshot 2023-10-13 at 11 54
38\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/78f59c54-9210-4d09-8e22-bdab1b2103c5\">\r\n<img
width=\"1497\" alt=\"Screenshot 2023-10-13 at 11 54
53\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/35c19ee4-3cbc-42f5-96c1-1c63dc47300b\">\r\n\r\n\r\n\r\n###
How to test\r\n* Create alerts and enable the risk engine\r\n* Check if
the Entity analytics dashboard filters by timerange\r\n* Check if the
Users risk score tab filters by timerange\r\n* Check if the Hosts risk
score tab filters by timerange\r\n* Check if the risk score on top of
the user details page does NOT\r\nfilter by timerange\r\n* Check if the
risk score inside flyouts (Alerts, users and hosts) does\r\nNOT filter
by timerange\r\n* Check if the info tooltips about the timerange filter
were removed\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added
follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"e12cfc157ec255a2d3655168c0ec0a08182ac444"}}]}]
BACKPORT-->
machadoum added a commit to machadoum/kibana that referenced this pull request Oct 25, 2023
@machadoum
Revert "[8.11] [Security Solutions] Update risk score tables to filte…
e8b8598 
…r by timerange (elastic#168826) (elastic#169502)"

Let's wait for 8.11.0 release and merge it to 8.11.1

This reverts commit 0fea774.
@machadoum machadoum removed the v8.11.0 label Oct 30, 2023
@natasha-moore-elastic natasha-moore-elastic mentioned this pull request Oct 31, 2023
Closed
@machadoum machadoum mentioned this pull request Nov 9, 2023
Merged
@machadoum
Copy link
Member Author

💚 All backports created successfully

Status Branch Result
8.11

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

machadoum added a commit to machadoum/kibana that referenced this pull request Nov 9, 2023
@machadoum
[Security Solutions] Update risk score tables to filter by timerange (e…
60eab9b 
…lastic#168826)

issue: elastic#162451

## Summary

* Update Entity analytics dashboard to filter by timerange and to
display timestamp field
* Update Users risk score tab to filter by timerange and to display
timestamp field
* Update Hosts risk score tab to filter by timerange and to display
timestamp field
* Delete tooltip that used to warn users that risk tables din't filter
by timerange

<img width="1501" alt="Screenshot 2023-10-13 at 11 54 19"
src="https://github.com/elastic/kibana/assets/1490444/a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf">
<img width="1506" alt="Screenshot 2023-10-13 at 11 54 38"
src="https://github.com/elastic/kibana/assets/1490444/78f59c54-9210-4d09-8e22-bdab1b2103c5">
<img width="1497" alt="Screenshot 2023-10-13 at 11 54 53"
src="https://github.com/elastic/kibana/assets/1490444/35c19ee4-3cbc-42f5-96c1-1c63dc47300b">

### How to test
* Create alerts and enable the risk engine
* Check if the Entity analytics dashboard filters by timerange
* Check if the Users risk score tab filters by timerange
* Check if the Hosts risk score tab filters by timerange
* Check if the risk score on top of the user details page does NOT
filter by timerange
* Check if the risk score inside flyouts (Alerts, users and hosts) does
NOT filter by timerange
* Check if the info tooltips about the timerange filter were removed

### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

(cherry picked from commit e12cfc1)

# Conflicts:
#	x-pack/plugins/security_solution/public/explore/containers/risk_score/kpi/index.tsx
#	x-pack/plugins/translations/translations/fr-FR.json
#	x-pack/plugins/translations/translations/ja-JP.json
#	x-pack/plugins/translations/translations/zh-CN.json
#	x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts
machadoum added a commit that referenced this pull request Nov 9, 2023
@machadoum @kibanamachine
[8.11] [Security Solutions] Update risk score tables to filter by tim…
a1b0773 
…erange (#168826) (#170928)

# Backport

This will backport the following commits from `main` to `8.11`:
- [[Security Solutions] Update risk score tables to filter by timerange
(#168826)](#168826)

Now that the 8.11.0 release is closed
elastic/dev#2367 we can merge #168826 to
8.11.1



<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Pablo
Machado","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-10-19T10:30:28Z","message":"[Security
Solutions] Update risk score tables to filter by timerange
(#168826)\n\nissue:
https://github.com/elastic/kibana/issues/162451\r\n\r\n##
Summary\r\n\r\n* Update Entity analytics dashboard to filter by
timerange and to\r\ndisplay timestamp field\r\n* Update Users risk score
tab to filter by timerange and to display\r\ntimestamp field\r\n* Update
Hosts risk score tab to filter by timerange and to display\r\ntimestamp
field\r\n* Delete tooltip that used to warn users that risk tables din't
filter\r\nby timerange\r\n\r\n\r\n<img width=\"1501\" alt=\"Screenshot
2023-10-13 at 11 54
19\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\">\r\n<img
width=\"1506\" alt=\"Screenshot 2023-10-13 at 11 54
38\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/78f59c54-9210-4d09-8e22-bdab1b2103c5\">\r\n<img
width=\"1497\" alt=\"Screenshot 2023-10-13 at 11 54
53\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/35c19ee4-3cbc-42f5-96c1-1c63dc47300b\">\r\n\r\n\r\n\r\n###
How to test\r\n* Create alerts and enable the risk engine\r\n* Check if
the Entity analytics dashboard filters by timerange\r\n* Check if the
Users risk score tab filters by timerange\r\n* Check if the Hosts risk
score tab filters by timerange\r\n* Check if the risk score on top of
the user details page does NOT\r\nfilter by timerange\r\n* Check if the
risk score inside flyouts (Alerts, users and hosts) does\r\nNOT filter
by timerange\r\n* Check if the info tooltips about the timerange filter
were removed\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added
follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"e12cfc157ec255a2d3655168c0ec0a08182ac444","branchLabelMapping":{"^v8.12.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","backport:skip","Team:Threat
Hunting","Team: SecuritySolution","Theme:
entity_analytics","Feature:Entity
Analytics","v8.12.0","v8.11.1"],"number":168826,"url":"https://github.com/elastic/kibana/pull/168826","mergeCommit":{"message":"[Security
Solutions] Update risk score tables to filter by timerange
(#168826)\n\nissue:
https://github.com/elastic/kibana/issues/162451\r\n\r\n##
Summary\r\n\r\n* Update Entity analytics dashboard to filter by
timerange and to\r\ndisplay timestamp field\r\n* Update Users risk score
tab to filter by timerange and to display\r\ntimestamp field\r\n* Update
Hosts risk score tab to filter by timerange and to display\r\ntimestamp
field\r\n* Delete tooltip that used to warn users that risk tables din't
filter\r\nby timerange\r\n\r\n\r\n<img width=\"1501\" alt=\"Screenshot
2023-10-13 at 11 54
19\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\">\r\n<img
width=\"1506\" alt=\"Screenshot 2023-10-13 at 11 54
38\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/78f59c54-9210-4d09-8e22-bdab1b2103c5\">\r\n<img
width=\"1497\" alt=\"Screenshot 2023-10-13 at 11 54
53\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/35c19ee4-3cbc-42f5-96c1-1c63dc47300b\">\r\n\r\n\r\n\r\n###
How to test\r\n* Create alerts and enable the risk engine\r\n* Check if
the Entity analytics dashboard filters by timerange\r\n* Check if the
Users risk score tab filters by timerange\r\n* Check if the Hosts risk
score tab filters by timerange\r\n* Check if the risk score on top of
the user details page does NOT\r\nfilter by timerange\r\n* Check if the
risk score inside flyouts (Alerts, users and hosts) does\r\nNOT filter
by timerange\r\n* Check if the info tooltips about the timerange filter
were removed\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added
follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"e12cfc157ec255a2d3655168c0ec0a08182ac444"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.12.0","labelRegex":"^v8.12.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/168826","number":168826,"mergeCommit":{"message":"[Security
Solutions] Update risk score tables to filter by timerange
(#168826)\n\nissue:
https://github.com/elastic/kibana/issues/162451\r\n\r\n##
Summary\r\n\r\n* Update Entity analytics dashboard to filter by
timerange and to\r\ndisplay timestamp field\r\n* Update Users risk score
tab to filter by timerange and to display\r\ntimestamp field\r\n* Update
Hosts risk score tab to filter by timerange and to display\r\ntimestamp
field\r\n* Delete tooltip that used to warn users that risk tables din't
filter\r\nby timerange\r\n\r\n\r\n<img width=\"1501\" alt=\"Screenshot
2023-10-13 at 11 54
19\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\">\r\n<img
width=\"1506\" alt=\"Screenshot 2023-10-13 at 11 54
38\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/78f59c54-9210-4d09-8e22-bdab1b2103c5\">\r\n<img
width=\"1497\" alt=\"Screenshot 2023-10-13 at 11 54
53\"\r\nsrc=\"https://github.com/elastic/kibana/assets/1490444/35c19ee4-3cbc-42f5-96c1-1c63dc47300b\">\r\n\r\n\r\n\r\n###
How to test\r\n* Create alerts and enable the risk engine\r\n* Check if
the Entity analytics dashboard filters by timerange\r\n* Check if the
Users risk score tab filters by timerange\r\n* Check if the Hosts risk
score tab filters by timerange\r\n* Check if the risk score on top of
the user details page does NOT\r\nfilter by timerange\r\n* Check if the
risk score inside flyouts (Alerts, users and hosts) does\r\nNOT filter
by timerange\r\n* Check if the info tooltips about the timerange filter
were removed\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added
follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"e12cfc157ec255a2d3655168c0ec0a08182ac444"}},{"branch":"8.11","label":"v8.11.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/169502","number":169502,"state":"MERGED","mergeCommit":{"sha":"0fea774ea1c4fcf4424c44c1e4aa8d312ff2252a","message":"[8.11]
[Security Solutions] Update risk score tables to filter by timerange
(#168826) (#169502)\n\n# Backport\r\n\r\nThis will backport the
following commits from `main` to `8.11`:\r\n- [[Security Solutions]
Update risk score tables to filter by
timerange\r\n(#168826)](https://github.com/elastic/kibana/pull/168826)\r\n\r\n<!---
Backport version: 8.9.8 -->\r\n\r\n### Questions ?\r\nPlease refer to
the [Backport
tool\r\ndocumentation](https://github.com/sqren/backport)\r\n\r\n<!--BACKPORT
[{\"author\":{\"name\":\"Pablo\r\nMachado\",\"email\":\"[email protected]\"},\"sourceCommit\":{\"committedDate\":\"2023-10-19T10:30:28Z\",\"message\":\"[Security\r\nSolutions]
Update risk score tables to filter by
timerange\r\n(#168826)\\n\\nissue:\r\nhttps://github.com//issues/162451\\r\\n\\r\\n##\r\nSummary\\r\\n\\r\\n*
Update Entity analytics dashboard to filter by\r\ntimerange and
to\\r\\ndisplay timestamp field\\r\\n* Update Users risk score\r\ntab to
filter by timerange and to display\\r\\ntimestamp field\\r\\n*
Update\r\nHosts risk score tab to filter by timerange and to
display\\r\\ntimestamp\r\nfield\\r\\n* Delete tooltip that used to warn
users that risk tables din't\r\nfilter\\r\\nby
timerange\\r\\n\\r\\n\\r\\n<img width=\\\"1501\\\"
alt=\\\"Screenshot\r\n2023-10-13 at 11
54\r\n19\\\"\\r\\nsrc=\\\"https://github.com/elastic/kibana/assets/1490444/a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\\\">\\r\\n<img\r\nwidth=\\\"1506\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n38\\\"\\r\\nsrc=\\\"https://github.com/elastic/kibana/assets/1490444/78f59c54-9210-4d09-8e22-bdab1b2103c5\\\">\\r\\n<img\r\nwidth=\\\"1497\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n53\\\"\\r\\nsrc=\\\"https://github.com/elastic/kibana/assets/1490444/35c19ee4-3cbc-42f5-96c1-1c63dc47300b\\\">\\r\\n\\r\\n\\r\\n\\r\\n###\r\nHow
to test\\r\\n* Create alerts and enable the risk engine\\r\\n* Check
if\r\nthe Entity analytics dashboard filters by timerange\\r\\n* Check
if the\r\nUsers risk score tab filters by timerange\\r\\n* Check if the
Hosts risk\r\nscore tab filters by timerange\\r\\n* Check if the risk
score on top of\r\nthe user details page does NOT\\r\\nfilter by
timerange\\r\\n* Check if the\r\nrisk score inside flyouts (Alerts,
users and hosts) does\\r\\nNOT filter\r\nby timerange\\r\\n* Check if
the info tooltips about the timerange filter\r\nwere
removed\\r\\n\\r\\n\\r\\n\\r\\n### Checklist\\r\\n\\r\\n- [x] Any text
added\r\nfollows
[EUI's\r\nwriting\\r\\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),\r\nuses\\r\\nsentence
case text and
includes\r\n[i18n\\r\\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\\r\\n-\r\n[x]
[Unit
or\r\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\r\nupdated
or added to match the most
common\r\nscenarios\",\"sha\":\"e12cfc157ec255a2d3655168c0ec0a08182ac444\",\"branchLabelMapping\":{\"^v8.12.0$\":\"main\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"release_note:enhancement\",\"backport:skip\",\"Team:Threat\r\nHunting\",\"Team:
SecuritySolution\",\"Theme:\r\nentity_analytics\",\"Feature:Entity\r\nAnalytics\",\"v8.12.0\"],\"number\":168826,\"url\":\"https://github.com/elastic/kibana/pull/168826\",\"mergeCommit\":{\"message\":\"[Security\r\nSolutions]
Update risk score tables to filter by
timerange\r\n(#168826)\\n\\nissue:\r\nhttps://github.com//issues/162451\\r\\n\\r\\n##\r\nSummary\\r\\n\\r\\n*
Update Entity analytics dashboard to filter by\r\ntimerange and
to\\r\\ndisplay timestamp field\\r\\n* Update Users risk score\r\ntab to
filter by timerange and to display\\r\\ntimestamp field\\r\\n*
Update\r\nHosts risk score tab to filter by timerange and to
display\\r\\ntimestamp\r\nfield\\r\\n* Delete tooltip that used to warn
users that risk tables din't\r\nfilter\\r\\nby
timerange\\r\\n\\r\\n\\r\\n<img width=\\\"1501\\\"
alt=\\\"Screenshot\r\n2023-10-13 at 11
54\r\n19\\\"\\r\\nsrc=\\\"https://github.com/elastic/kibana/assets/1490444/a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\\\">\\r\\n<img\r\nwidth=\\\"1506\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n38\\\"\\r\\nsrc=\\\"https://github.com/elastic/kibana/assets/1490444/78f59c54-9210-4d09-8e22-bdab1b2103c5\\\">\\r\\n<img\r\nwidth=\\\"1497\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n53\\\"\\r\\nsrc=\\\"https://github.com/elastic/kibana/assets/1490444/35c19ee4-3cbc-42f5-96c1-1c63dc47300b\\\">\\r\\n\\r\\n\\r\\n\\r\\n###\r\nHow
to test\\r\\n* Create alerts and enable the risk engine\\r\\n* Check
if\r\nthe Entity analytics dashboard filters by timerange\\r\\n* Check
if the\r\nUsers risk score tab filters by timerange\\r\\n* Check if the
Hosts risk\r\nscore tab filters by timerange\\r\\n* Check if the risk
score on top of\r\nthe user details page does NOT\\r\\nfilter by
timerange\\r\\n* Check if the\r\nrisk score inside flyouts (Alerts,
users and hosts) does\\r\\nNOT filter\r\nby timerange\\r\\n* Check if
the info tooltips about the timerange filter\r\nwere
removed\\r\\n\\r\\n\\r\\n\\r\\n### Checklist\\r\\n\\r\\n- [x] Any text
added\r\nfollows
[EUI's\r\nwriting\\r\\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),\r\nuses\\r\\nsentence
case text and
includes\r\n[i18n\\r\\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\\r\\n-\r\n[x]
[Unit
or\r\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\r\nupdated
or added to match the most
common\r\nscenarios\",\"sha\":\"e12cfc157ec255a2d3655168c0ec0a08182ac444\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[],\"targetPullRequestStates\":[{\"branch\":\"main\",\"label\":\"v8.12.0\",\"labelRegex\":\"^v8.12.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/168826\",\"number\":168826,\"mergeCommit\":{\"message\":\"[Security\r\nSolutions]
Update risk score tables to filter by
timerange\r\n(#168826)\\n\\nissue:\r\nhttps://github.com//issues/162451\\r\\n\\r\\n##\r\nSummary\\r\\n\\r\\n*
Update Entity analytics dashboard to filter by\r\ntimerange and
to\\r\\ndisplay timestamp field\\r\\n* Update Users risk score\r\ntab to
filter by timerange and to display\\r\\ntimestamp field\\r\\n*
Update\r\nHosts risk score tab to filter by timerange and to
display\\r\\ntimestamp\r\nfield\\r\\n* Delete tooltip that used to warn
users that risk tables din't\r\nfilter\\r\\nby
timerange\\r\\n\\r\\n\\r\\n<img width=\\\"1501\\\"
alt=\\\"Screenshot\r\n2023-10-13 at 11
54\r\n19\\\"\\r\\nsrc=\\\"https://github.com/elastic/kibana/assets/1490444/a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\\\">\\r\\n<img\r\nwidth=\\\"1506\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n38\\\"\\r\\nsrc=\\\"https://github.com/elastic/kibana/assets/1490444/78f59c54-9210-4d09-8e22-bdab1b2103c5\\\">\\r\\n<img\r\nwidth=\\\"1497\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n53\\\"\\r\\nsrc=\\\"https://github.com/elastic/kibana/assets/1490444/35c19ee4-3cbc-42f5-96c1-1c63dc47300b\\\">\\r\\n\\r\\n\\r\\n\\r\\n###\r\nHow
to test\\r\\n* Create alerts and enable the risk engine\\r\\n* Check
if\r\nthe Entity analytics dashboard filters by timerange\\r\\n* Check
if the\r\nUsers risk score tab filters by timerange\\r\\n* Check if the
Hosts risk\r\nscore tab filters by timerange\\r\\n* Check if the risk
score on top of\r\nthe user details page does NOT\\r\\nfilter by
timerange\\r\\n* Check if the\r\nrisk score inside flyouts (Alerts,
users and hosts) does\\r\\nNOT filter\r\nby timerange\\r\\n* Check if
the info tooltips about the timerange filter\r\nwere
removed\\r\\n\\r\\n\\r\\n\\r\\n### Checklist\\r\\n\\r\\n- [x] Any text
added\r\nfollows
[EUI's\r\nwriting\\r\\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),\r\nuses\\r\\nsentence
case text and
includes\r\n[i18n\\r\\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\\r\\n-\r\n[x]
[Unit
or\r\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\r\nupdated
or added to match the most
common\r\nscenarios\",\"sha\":\"e12cfc157ec255a2d3655168c0ec0a08182ac444\"}}]}]\r\nBACKPORT-->"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@angorayc angorayc angorayc approved these changes

@rylnd rylnd rylnd approved these changes

@nkhristinin nkhristinin Awaiting requested review from nkhristinin

Assignees

@machadoum machadoum

Labels
backport:skip This commit does not require backporting Feature:Entity Analytics Security Solution Entity Analytics features release_note:enhancement Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team Theme: entity_analytics v8.11.1 v8.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@machadoum @elasticmachine @angorayc @kibana-ci @rylnd @kibanamachine