From e8b85985a06322791cca7221cd9309e32097e80d Mon Sep 17 00:00:00 2001 From: machadoum Date: Wed, 25 Oct 2023 09:43:54 +0200 Subject: [PATCH] Revert "[8.11] [Security Solutions] Update risk score tables to filter by timerange (#168826) (#169502)" Let's wait for 8.11.0 release and merge it to 8.11.1 This reverts commit 0fea774ea1c4fcf4424c44c1e4aa8d312ff2252a. --- .../security_solution/risk_score/all/index.ts | 2 - .../security_solution/users/common/index.ts | 1 - .../risk_score_no_data_detected.tsx | 11 ++++- .../containers/risk_score/all/index.tsx | 10 ++++- .../containers/risk_score/kpi/index.tsx | 44 ++++--------------- .../host_risk_score_table/columns.test.tsx | 2 +- .../host_risk_score_table/columns.tsx | 17 +------ .../host_risk_score_table/index.tsx | 2 +- .../host_risk_score_table/translations.ts | 15 ++++--- .../user_risk_score_table/columns.test.tsx | 7 ++- .../user_risk_score_table/columns.tsx | 17 +------ .../user_risk_score_table/index.tsx | 2 +- .../user_risk_score_table/translations.ts | 10 +++-- .../entity_analytics/common/translations.ts | 16 +++++++ .../entity_analytics/risk_score/columns.tsx | 19 +------- .../entity_analytics/risk_score/index.tsx | 6 +++ .../risk_score/translations.ts | 15 +++++-- .../components/host_overview/index.tsx | 10 +++++ .../components/user_overview/index.tsx | 12 +++++ .../kpi/query.kpi_risk_score.dsl.ts | 13 ------ .../translations/translations/fr-FR.json | 6 +++ .../translations/translations/ja-JP.json | 6 +++ .../translations/translations/zh-CN.json | 6 +++ .../explore/dashboards/entity_analytics.cy.ts | 41 +++-------------- .../e2e/explore/hosts/host_risk_tab.cy.ts | 14 +++--- .../cypress/e2e/inspect/inspect_button.cy.ts | 4 +- .../cypress/screens/inspect.ts | 1 + 27 files changed, 140 insertions(+), 169 deletions(-) diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts index 1214a17c85867..28058b29eaada 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts @@ -74,8 +74,6 @@ export interface RiskScoreItem { [RiskScoreFields.hostName]: Maybe; [RiskScoreFields.userName]: Maybe; - [RiskScoreFields.timestamp]: Maybe; - [RiskScoreFields.hostRisk]: Maybe; [RiskScoreFields.userRisk]: Maybe; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/common/index.ts index cfd2347a374d4..9f526309e2c5a 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/common/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/users/common/index.ts @@ -11,7 +11,6 @@ import type { CommonFields, Maybe, RiskScoreFields, RiskSeverity, SortField } fr export interface UserRiskScoreItem { _id?: Maybe; [RiskScoreFields.userName]: Maybe; - [RiskScoreFields.timestamp]: Maybe; [RiskScoreFields.userRisk]: Maybe; [RiskScoreFields.userRiskScore]: Maybe; } diff --git a/x-pack/plugins/security_solution/public/explore/components/risk_score/risk_score_onboarding/risk_score_no_data_detected.tsx b/x-pack/plugins/security_solution/public/explore/components/risk_score/risk_score_onboarding/risk_score_no_data_detected.tsx index 533a7d00729cd..e98d626c95672 100644 --- a/x-pack/plugins/security_solution/public/explore/components/risk_score/risk_score_onboarding/risk_score_no_data_detected.tsx +++ b/x-pack/plugins/security_solution/public/explore/components/risk_score/risk_score_onboarding/risk_score_no_data_detected.tsx @@ -14,6 +14,7 @@ import * as i18n from './translations'; import { RiskScoreHeaderTitle } from './risk_score_header_title'; import { RiskScoreRestartButton } from './risk_score_restart_button'; import type { inputsModel } from '../../../../common/store'; +import * as overviewI18n from '../../../../overview/components/entity_analytics/common/translations'; import { useIsNewRiskScoreModuleInstalled } from '../../../../entity_analytics/api/hooks/use_risk_engine_status'; const RiskScoresNoDataDetectedComponent = ({ @@ -36,7 +37,15 @@ const RiskScoresNoDataDetectedComponent = ({ return ( - } titleSize="s" /> + } + titleSize="s" + tooltip={ + entityType === RiskScoreEntity.user + ? overviewI18n.USER_RISK_TABLE_TOOLTIP + : overviewI18n.HOST_RISK_TABLE_TOOLTIP + } + /> {translations.title}} body={translations.body} diff --git a/x-pack/plugins/security_solution/public/explore/containers/risk_score/all/index.tsx b/x-pack/plugins/security_solution/public/explore/containers/risk_score/all/index.tsx index b2be80f74ab71..f49879ecf4754 100644 --- a/x-pack/plugins/security_solution/public/explore/containers/risk_score/all/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/containers/risk_score/all/index.tsx @@ -125,6 +125,13 @@ export const useRiskScore = { + refetchAll(); + // eslint-disable-next-line react-hooks/exhaustive-deps + }, [timerange?.to, timerange?.from]); + const riskScoreResponse = useMemo( () => ({ data: response.data, @@ -161,7 +168,7 @@ export const useRiskScore = ({ factoryQueryType: RiskQueries.kpiRiskScore, @@ -81,40 +72,21 @@ export const useRiskScoreKpi = ({ const isModuleDisabled = !!error && isIndexNotFoundError(error); - const requestTimerange = useMemo( - () => (timerange ? { to: timerange.to, from: timerange.from, interval: '' } : undefined), - [timerange] - ); - useEffect(() => { if (!skip && defaultIndex && featureEnabled) { search({ filterQuery, defaultIndex: [defaultIndex], entity: riskEntity, - timerange: requestTimerange, }); } - }, [ - defaultIndex, - search, - filterQuery, - skip, - riskEntity, - requestTimerange, - isEnabled, - isDeprecated, - isAuthorized, - isDeprecatedLoading, - featureEnabled, - ]); + }, [defaultIndex, search, filterQuery, skip, riskEntity, featureEnabled]); - const refetchAll = useCallback(() => { - if (defaultIndex) { - refetchFeatureStatus(defaultIndex); - refetch(); - } - }, [defaultIndex, refetch, refetchFeatureStatus]); + // since query does not take timerange arg, we need to manually refetch when time range updates + useEffect(() => { + refetch(); + // eslint-disable-next-line react-hooks/exhaustive-deps + }, [timerange?.to, timerange?.from]); useEffect(() => { if (error) { @@ -138,5 +110,5 @@ export const useRiskScoreKpi = ({ }; }, [result, loading, error]); - return { error, severityCount, loading, isModuleDisabled, refetch: refetchAll, inspect }; + return { error, severityCount, loading, isModuleDisabled, refetch, inspect }; }; diff --git a/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.test.tsx b/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.test.tsx index 98cfa4895fbd4..f1bf397637617 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.test.tsx +++ b/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.test.tsx @@ -17,7 +17,7 @@ describe('getHostRiskScoreColumns', () => { }); const riskScore = 10.11111111; - const riskScoreColumn = columns[2]; + const riskScoreColumn = columns[1]; const renderedColumn = riskScoreColumn.render!(riskScore, null); const { queryByTestId } = render({renderedColumn}); diff --git a/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.tsx b/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.tsx index af6c0d502351e..de66a5bca1110 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.tsx +++ b/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.tsx @@ -17,12 +17,11 @@ import { HostDetailsLink } from '../../../../common/components/links'; import type { HostRiskScoreColumns } from '.'; import * as i18n from './translations'; import { HostsTableType } from '../../store/model'; -import type { Maybe, RiskSeverity } from '../../../../../common/search_strategy'; +import type { RiskSeverity } from '../../../../../common/search_strategy'; import { RiskScoreFields, RiskScoreEntity } from '../../../../../common/search_strategy'; import { RiskScoreLevel } from '../../../components/risk_score/severity/common'; import { ENTITY_RISK_LEVEL } from '../../../components/risk_score/translations'; import { CELL_ACTIONS_TELEMETRY } from '../../../components/risk_score/constants'; -import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date'; export const getHostRiskScoreColumns = ({ dispatchSeverityUpdate, @@ -35,7 +34,6 @@ export const getHostRiskScoreColumns = ({ truncateText: false, mobileOptions: { show: true }, sortable: true, - width: '35%', render: (hostName) => { if (hostName != null && hostName.length > 0) { return ( @@ -59,19 +57,6 @@ export const getHostRiskScoreColumns = ({ return getEmptyTagValue(); }, }, - { - field: RiskScoreFields.timestamp, - name: i18n.LAST_UPDATED, - truncateText: false, - mobileOptions: { show: true }, - sortable: true, - render: (lastSeen: Maybe) => { - if (lastSeen != null) { - return ; - } - return getEmptyTagValue(); - }, - }, { field: RiskScoreFields.hostRiskScore, name: i18n.HOST_RISK_SCORE, diff --git a/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/index.tsx b/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/index.tsx index 9c486c96fdece..497c21e8f9dec 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/index.tsx @@ -60,7 +60,6 @@ interface HostRiskScoreTableProps { export type HostRiskScoreColumns = [ Columns, - Columns, Columns, Columns ]; @@ -192,6 +191,7 @@ const HostRiskScoreTableComponent: React.FC = ({ headerSupplement={risk} headerTitle={i18nHosts.HOST_RISK_TITLE} headerUnit={i18n.UNIT(totalCount)} + headerTooltip={i18nHosts.HOST_RISK_TABLE_TOOLTIP} id={id} isInspect={isInspect} itemsPerRow={rowItems} diff --git a/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/translations.ts b/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/translations.ts index 8ccb7addbcc30..08c685720a2e4 100644 --- a/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/translations.ts +++ b/x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/translations.ts @@ -28,15 +28,16 @@ export const HOST_RISK_TITLE = i18n.translate( } ); +export const HOST_RISK_TABLE_TOOLTIP = i18n.translate( + 'xpack.securitySolution.hostsRiskTable.hostsTableTooltip', + { + defaultMessage: + 'The host risk table is not affected by the KQL time range. This table shows the latest recorded risk score for each host.', + } +); + export const VIEW_HOSTS_BY_SEVERITY = (severity: string) => i18n.translate('xpack.securitySolution.hostsRiskTable.filteredHostsTitle', { values: { severity }, defaultMessage: 'View {severity} risk hosts', }); - -export const LAST_UPDATED = i18n.translate( - 'xpack.securitySolution.hostsRiskTable.lastUpdatedTitle', - { - defaultMessage: 'Last updated', - } -); diff --git a/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.test.tsx b/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.test.tsx index 3f9fe12981509..d28513800f221 100644 --- a/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.test.tsx +++ b/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.test.tsx @@ -20,9 +20,8 @@ describe('getUserRiskScoreColumns', () => { const columns = getUserRiskScoreColumns(defaultProps); expect(columns[0].field).toBe('user.name'); - expect(columns[1].field).toBe(RiskScoreFields.timestamp); - expect(columns[2].field).toBe(RiskScoreFields.userRiskScore); - expect(columns[3].field).toBe(RiskScoreFields.userRisk); + expect(columns[1].field).toBe(RiskScoreFields.userRiskScore); + expect(columns[2].field).toBe(RiskScoreFields.userRisk); columns.forEach((column) => { expect(column).toHaveProperty('name'); @@ -46,7 +45,7 @@ describe('getUserRiskScoreColumns', () => { const columns: UserRiskScoreColumns = getUserRiskScoreColumns(defaultProps); const riskScore = 10.11111111; - const riskScoreColumn = columns[2]; + const riskScoreColumn = columns[1]; const renderedColumn = riskScoreColumn.render!(riskScore, null); const { queryByTestId } = render({renderedColumn}); diff --git a/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.tsx b/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.tsx index a23d62d0e83d5..6de43c4dbe2fc 100644 --- a/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.tsx +++ b/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.tsx @@ -17,13 +17,12 @@ import { getEmptyTagValue } from '../../../../common/components/empty_value'; import type { UserRiskScoreColumns } from '.'; import * as i18n from './translations'; import { RiskScoreLevel } from '../../../components/risk_score/severity/common'; -import type { Maybe, RiskSeverity } from '../../../../../common/search_strategy'; +import type { RiskSeverity } from '../../../../../common/search_strategy'; import { RiskScoreEntity, RiskScoreFields } from '../../../../../common/search_strategy'; import { UserDetailsLink } from '../../../../common/components/links'; import { UsersTableType } from '../../store/model'; import { ENTITY_RISK_LEVEL } from '../../../components/risk_score/translations'; import { CELL_ACTIONS_TELEMETRY } from '../../../components/risk_score/constants'; -import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date'; export const getUserRiskScoreColumns = ({ dispatchSeverityUpdate, @@ -36,7 +35,6 @@ export const getUserRiskScoreColumns = ({ truncateText: false, mobileOptions: { show: true }, sortable: true, - width: '35%', render: (userName) => { if (userName != null && userName.length > 0) { const id = escapeDataProviderId(`user-risk-score-table-userName-${userName}`); @@ -62,19 +60,6 @@ export const getUserRiskScoreColumns = ({ return getEmptyTagValue(); }, }, - { - field: RiskScoreFields.timestamp, - name: i18n.LAST_UPDATED, - truncateText: false, - mobileOptions: { show: true }, - sortable: true, - render: (lastSeen: Maybe) => { - if (lastSeen != null) { - return ; - } - return getEmptyTagValue(); - }, - }, { field: RiskScoreFields.userRiskScore, name: i18n.USER_RISK_SCORE, diff --git a/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/index.tsx b/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/index.tsx index 01a2df82b40c9..5dc1c3c6bd08e 100644 --- a/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/index.tsx @@ -60,7 +60,6 @@ interface UserRiskScoreTableProps { export type UserRiskScoreColumns = [ Columns, - Columns, Columns, Columns ]; @@ -192,6 +191,7 @@ const UserRiskScoreTableComponent: React.FC = ({ } headerSupplement={risk} headerTitle={i18nUsers.NAVIGATION_RISK_TITLE} + headerTooltip={i18n.USER_RISK_TABLE_TOOLTIP} headerUnit={i18n.UNIT(totalCount)} id={id} isInspect={isInspect} diff --git a/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/translations.ts b/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/translations.ts index b9913bd7275cd..d0cf95dea6c23 100644 --- a/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/translations.ts +++ b/x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/translations.ts @@ -39,6 +39,10 @@ export const ROWS_10 = i18n.translate('xpack.securitySolution.usersTable.rows', defaultMessage: '{numRows} {numRows, plural, =0 {rows} =1 {row} other {rows}}', }); -export const LAST_UPDATED = i18n.translate('xpack.securitySolution.usersTable.lastUpdatedTitle', { - defaultMessage: 'Last updated', -}); +export const USER_RISK_TABLE_TOOLTIP = i18n.translate( + 'xpack.securitySolution.hostsRiskTable.usersTableTooltip', + { + defaultMessage: + 'The user risk table is not affected by the KQL time range. This table shows the latest recorded risk score for each user.', + } +); diff --git a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/translations.ts b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/translations.ts index cc538bedae1ea..a1d35310b6bfe 100644 --- a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/translations.ts +++ b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/translations.ts @@ -24,3 +24,19 @@ export const USER_RISK_TITLE = i18n.translate( defaultMessage: 'User Risk Scores', } ); + +export const HOST_RISK_TABLE_TOOLTIP = i18n.translate( + 'xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip', + { + defaultMessage: + 'The host risk table is not affected by the time range. This table shows the latest recorded risk score for each host.', + } +); + +export const USER_RISK_TABLE_TOOLTIP = i18n.translate( + 'xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip', + { + defaultMessage: + 'The user risk table is not affected by the time range. This table shows the latest recorded risk score for each user.', + } +); diff --git a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/columns.tsx b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/columns.tsx index 120a4cf3d4c7f..cdebe0042d777 100644 --- a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/columns.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/columns.tsx @@ -17,7 +17,6 @@ import { RiskScoreLevel } from '../../../../explore/components/risk_score/severi import { CELL_ACTIONS_TELEMETRY } from '../../../../explore/components/risk_score/constants'; import type { HostRiskScore, - Maybe, RiskSeverity, UserRiskScore, } from '../../../../../common/search_strategy'; @@ -30,7 +29,6 @@ import { SecurityCellActionsTrigger, SecurityCellActionType, } from '../../../../common/components/cell_actions'; -import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date'; type HostRiskScoreColumns = Array>; @@ -93,21 +91,6 @@ export const getRiskScoreColumns = ( return getEmptyTagValue(); }, }, - - { - field: RiskScoreFields.timestamp, - name: i18n.LAST_UPDATED, - truncateText: false, - mobileOptions: { show: true }, - sortable: true, - width: '20%', - render: (lastSeen: Maybe) => { - if (lastSeen != null) { - return ; - } - return getEmptyTagValue(); - }, - }, { field: riskEntity === RiskScoreEntity.host @@ -131,7 +114,7 @@ export const getRiskScoreColumns = ( { field: riskEntity === RiskScoreEntity.host ? RiskScoreFields.hostRisk : RiskScoreFields.userRisk, - width: '25%', + width: '30%', name: i18n.ENTITY_RISK_LEVEL(riskEntity), truncateText: false, mobileOptions: { show: true }, diff --git a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/index.tsx b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/index.tsx index 97cf4363f690d..982d68952a5c0 100644 --- a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/index.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/index.tsx @@ -26,6 +26,7 @@ import { RiskScoresNoDataDetected } from '../../../../explore/components/risk_sc import { useRefetchQueries } from '../../../../common/hooks/use_refetch_queries'; import { Loader } from '../../../../common/components/loader'; import { Panel } from '../../../../common/components/panel'; +import * as i18n from './translations'; import { useEntityInfo } from './use_entity'; import { RiskScoreHeaderContent } from './header_content'; import { ChartContent } from './chart_content'; @@ -174,6 +175,11 @@ const EntityAnalyticsRiskScoresComponent = ({ riskEntity }: { riskEntity: RiskSc id={entity.tableQueryId} toggleStatus={toggleStatus} toggleQuery={setToggleStatus} + tooltip={ + riskEntity === RiskScoreEntity.host + ? i18n.HOST_RISK_TABLE_TOOLTIP + : i18n.USER_RISK_TABLE_TOOLTIP + } > }, }); -export const LAST_UPDATED = i18n.translate( - 'xpack.securitySolution.entityAnalytics.riskDashboard.lastUpdatedTitle', +export const HOST_RISK_TABLE_TOOLTIP = i18n.translate( + 'xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip', { - defaultMessage: 'Last updated', + defaultMessage: + 'The Host Risk Score panel displays the list of risky hosts and their latest risk score. You may filter this list using global filters in the KQL search bar. The time-range picker filter will display Alerts within the selected time range only and does not filter the list of risky hosts.', + } +); + +export const USER_RISK_TABLE_TOOLTIP = i18n.translate( + 'xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip', + { + defaultMessage: + 'The User Risk Score panel displays the list of risky users and their latest risk score. You may filter this list using global filters in the KQL search bar. The time-range picker filter will display Alerts within the selected time range only and does not filter the list of risky users.', } ); diff --git a/x-pack/plugins/security_solution/public/overview/components/host_overview/index.tsx b/x-pack/plugins/security_solution/public/overview/components/host_overview/index.tsx index 686828412977a..2a32874a044bc 100644 --- a/x-pack/plugins/security_solution/public/overview/components/host_overview/index.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/host_overview/index.tsx @@ -10,6 +10,7 @@ import { euiDarkVars as darkTheme, euiLightVars as lightTheme } from '@kbn/ui-th import { getOr } from 'lodash/fp'; import React, { useCallback, useMemo } from 'react'; import styled from 'styled-components'; +import { useGlobalTime } from '../../../common/containers/use_global_time'; import type { HostItem } from '../../../../common/search_strategy'; import { buildHostNamesFilter, RiskScoreEntity } from '../../../../common/search_strategy'; import { DEFAULT_DARK_MODE } from '../../../../common/constants'; @@ -89,11 +90,20 @@ export const HostOverview = React.memo( () => (hostName ? buildHostNamesFilter([hostName]) : undefined), [hostName] ); + const { from, to } = useGlobalTime(); + const timerange = useMemo( + () => ({ + from, + to, + }), + [from, to] + ); const { data: hostRisk, isAuthorized } = useRiskScore({ filterQuery, riskEntity: RiskScoreEntity.host, skip: hostName == null, + timerange, }); const getDefaultRenderer = useCallback( diff --git a/x-pack/plugins/security_solution/public/overview/components/user_overview/index.tsx b/x-pack/plugins/security_solution/public/overview/components/user_overview/index.tsx index 446fe215a695a..812c3f9340b0a 100644 --- a/x-pack/plugins/security_solution/public/overview/components/user_overview/index.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/user_overview/index.tsx @@ -10,6 +10,7 @@ import { euiDarkVars as darkTheme, euiLightVars as lightTheme } from '@kbn/ui-th import { getOr } from 'lodash/fp'; import React, { useCallback, useMemo } from 'react'; import styled from 'styled-components'; +import { useGlobalTime } from '../../../common/containers/use_global_time'; import { buildUserNamesFilter, RiskScoreEntity } from '../../../../common/search_strategy'; import { DEFAULT_DARK_MODE } from '../../../../common/constants'; import type { DescriptionList } from '../../../../common/utility_types'; @@ -88,9 +89,20 @@ export const UserOverview = React.memo( [userName] ); + const { from, to } = useGlobalTime(); + + const timerange = useMemo( + () => ({ + from, + to, + }), + [from, to] + ); + const { data: userRisk, isAuthorized } = useRiskScore({ filterQuery, skip: userName == null, + timerange, riskEntity: RiskScoreEntity.user, }); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/query.kpi_risk_score.dsl.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/query.kpi_risk_score.dsl.ts index 4dfb6896ffbc9..4a98089eb239c 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/query.kpi_risk_score.dsl.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/query.kpi_risk_score.dsl.ts @@ -13,22 +13,9 @@ export const buildKpiRiskScoreQuery = ({ defaultIndex, filterQuery, entity, - timerange, }: RiskScoreKpiRequestOptions) => { const filter = [...createQueryFilterClauses(filterQuery)]; - if (timerange) { - filter.push({ - range: { - '@timestamp': { - gte: timerange.from, - lte: timerange.to, - format: 'strict_date_optional_time', - }, - }, - }); - } - const dslQuery = { index: defaultIndex, allow_no_indices: false, diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 4c18f6d170751..f714cc229f93d 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -32402,11 +32402,15 @@ "xpack.securitySolution.entityAnalytics.header.anomalies": "Anomalies", "xpack.securitySolution.entityAnalytics.header.criticalHosts": "Hôtes critiques", "xpack.securitySolution.entityAnalytics.header.criticalUsers": "Utilisateurs critiques", + "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip": "Le tableau des risques de l'hôte n'est pas affecté par la plage temporelle. Ce tableau montre le dernier score de risque enregistré pour chaque hôte.", "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.title": "Scores de risque de l'hôte", + "xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip": "Le panneau de Score de risque de l'hôte affiche la liste des hôtes à risque ainsi que leur dernier score de risque. Vous pouvez filtrer cette liste à l’aide de filtres globaux dans la barre de recherche KQL. Le filtre de sélecteur de plage temporelle affiche les alertes dans l’intervalle de temps sélectionné uniquement et ne filtre pas la liste des hôtes à risque.", + "xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip": "Le panneau de score de risque de l'utilisateur affiche la liste des utilisateurs à risque et leur dernier score de risque. Vous pouvez filtrer cette liste à l’aide de filtres globaux dans la barre de recherche KQL. Le filtre de sélecteur de plage temporelle affiche uniquement les alertes dans l’intervalle de temps sélectionné et ne filtre pas la liste des utilisateurs à risque.", "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "Afficher tout", "xpack.securitySolution.entityAnalytics.technicalPreviewLabel": "Version d'évaluation technique", "xpack.securitySolution.entityAnalytics.totalLabel": "Total", "xpack.securitySolution.entityAnalytics.usersRiskDashboard.title": "Scores de risque de l'utilisateur", + "xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip": "Le tableau des risques de l'utilisateur n'est pas affecté par la plage temporelle. Ce tableau montre le dernier score de risque enregistré pour chaque utilisateur.", "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "Ouvrir dans Endpoint Security", "xpack.securitySolution.event.summary.threat_indicator.modal.allMatches": "Toutes les correspondances d'indicateur", "xpack.securitySolution.event.summary.threat_indicator.modal.close": "Fermer", @@ -32814,8 +32818,10 @@ "xpack.securitySolution.hostsRiskTable.hostNameTitle": "Nom d'hôte", "xpack.securitySolution.hostsRiskTable.hostRiskScoreTitle": "Score de risque de l'hôte", "xpack.securitySolution.hostsRiskTable.hostRiskTitle": "Risque de l'hôte", + "xpack.securitySolution.hostsRiskTable.hostsTableTooltip": "Le tableau des risques de l'hôte n'est pas affecté par la plage temporelle KQL. Ce tableau montre le dernier score de risque enregistré pour chaque hôte.", "xpack.securitySolution.hostsRiskTable.riskTitle": "Classification de risque de l'hôte", "xpack.securitySolution.hostsRiskTable.tableTitle": "Risque de l'hôte", + "xpack.securitySolution.hostsRiskTable.usersTableTooltip": "Le tableau des risques de l'utilisateur n'est pas affecté par la plage temporelle KQL. Ce tableau montre le dernier score de risque enregistré pour chaque utilisateur.", "xpack.securitySolution.hostsTable.firstLastSeenToolTip": "Par rapport à la plage de dates sélectionnée", "xpack.securitySolution.hostsTable.hostsTitle": "Tous les hôtes", "xpack.securitySolution.hostsTable.lastSeenTitle": "Vu en dernier", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 974a1dc968f55..7c7fe53f6485b 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -32401,11 +32401,15 @@ "xpack.securitySolution.entityAnalytics.header.anomalies": "異常", "xpack.securitySolution.entityAnalytics.header.criticalHosts": "重要なホスト", "xpack.securitySolution.entityAnalytics.header.criticalUsers": "重要なユーザー", + "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip": "ホストリスク表は時間範囲の影響を受けません。この表は、各ホストの最後に記録されたリスクスコアを示します。", "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.title": "ホストリスクスコア", + "xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip": "ホストリスクスコアパネルには、リスクのあるホストの一覧と最新のリスクスコアが表示されます。KQL検索バーのグローバルフィルターを使って、この一覧をフィルタリングできます。時間範囲ピッカーフィルターは、選択した時間範囲内のアラートのみを表示し、リスクのあるホストの一覧をフィルタリングしません。", + "xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip": "ユーザーリスクスコアパネルには、リスクのあるユーザーの一覧と最新のリスクスコアが表示されます。KQL検索バーのグローバルフィルターを使って、この一覧をフィルタリングできます。時間範囲ピッカーフィルターは、選択した時間範囲内のアラートのみを表示し、リスクのあるユーザーの一覧をフィルタリングしません。", "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "すべて表示", "xpack.securitySolution.entityAnalytics.technicalPreviewLabel": "テクニカルプレビュー", "xpack.securitySolution.entityAnalytics.totalLabel": "合計", "xpack.securitySolution.entityAnalytics.usersRiskDashboard.title": "ユーザーリスクスコア", + "xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip": "ユーザーリスク表は時間範囲の影響を受けません。この表は、各ユーザーの最後に記録されたリスクスコアを示します。", "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "Endpoint Securityで開く", "xpack.securitySolution.event.summary.threat_indicator.modal.allMatches": "すべてのインジケーター一致", "xpack.securitySolution.event.summary.threat_indicator.modal.close": "閉じる", @@ -32813,8 +32817,10 @@ "xpack.securitySolution.hostsRiskTable.hostNameTitle": "ホスト名", "xpack.securitySolution.hostsRiskTable.hostRiskScoreTitle": "ホストリスクスコア", "xpack.securitySolution.hostsRiskTable.hostRiskTitle": "ホストリスク", + "xpack.securitySolution.hostsRiskTable.hostsTableTooltip": "ホストリスク表はKQL時間範囲の影響を受けません。この表は、各ホストの最後に記録されたリスクスコアを示します。", "xpack.securitySolution.hostsRiskTable.riskTitle": "ホストリスク分類", "xpack.securitySolution.hostsRiskTable.tableTitle": "ホストリスク", + "xpack.securitySolution.hostsRiskTable.usersTableTooltip": "ユーザーリスク表はKQL時間範囲の影響を受けません。この表は、各ユーザーの最後に記録されたリスクスコアを示します。", "xpack.securitySolution.hostsTable.firstLastSeenToolTip": "選択された日付範囲との相関付けです", "xpack.securitySolution.hostsTable.hostsTitle": "すべてのホスト", "xpack.securitySolution.hostsTable.lastSeenTitle": "前回の認識", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index e02d2f9378f17..33e3c4e427a7a 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -32397,11 +32397,15 @@ "xpack.securitySolution.entityAnalytics.header.anomalies": "异常", "xpack.securitySolution.entityAnalytics.header.criticalHosts": "关键主机", "xpack.securitySolution.entityAnalytics.header.criticalUsers": "关键用户", + "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip": "主机风险表不受时间范围影响。本表显示每台主机最新记录的风险分数。", "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.title": "主机风险分数", + "xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip": "“主机风险分数”面板显示有风险主机及其最新风险分数的列表。可以在 KQL 搜索栏中使用全局筛选来筛选此列表。时间范围选取器筛选将仅显示选定时间范围内的告警,并且不筛选有风险主机列表。", + "xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip": "“用户风险分数”面板显示有风险用户及其最新风险分数的列表。可以在 KQL 搜索栏中使用全局筛选来筛选此列表。时间范围选取器筛选将仅显示选定时间范围内的告警,并且不筛选有风险用户列表。", "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "查看全部", "xpack.securitySolution.entityAnalytics.technicalPreviewLabel": "技术预览", "xpack.securitySolution.entityAnalytics.totalLabel": "合计", "xpack.securitySolution.entityAnalytics.usersRiskDashboard.title": "用户风险分数", + "xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip": "用户风险表不受时间范围影响。本表显示每个用户最新记录的风险分数。", "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "在 Endpoint Security 中打开", "xpack.securitySolution.event.summary.threat_indicator.modal.allMatches": "所有指标匹配", "xpack.securitySolution.event.summary.threat_indicator.modal.close": "关闭", @@ -32809,8 +32813,10 @@ "xpack.securitySolution.hostsRiskTable.hostNameTitle": "主机名", "xpack.securitySolution.hostsRiskTable.hostRiskScoreTitle": "主机风险分数", "xpack.securitySolution.hostsRiskTable.hostRiskTitle": "主机风险", + "xpack.securitySolution.hostsRiskTable.hostsTableTooltip": "主机风险表不受 KQL 时间范围影响。本表显示每台主机最新记录的风险分数。", "xpack.securitySolution.hostsRiskTable.riskTitle": "主机风险分类", "xpack.securitySolution.hostsRiskTable.tableTitle": "主机风险", + "xpack.securitySolution.hostsRiskTable.usersTableTooltip": "用户风险表不受 KQL 时间范围影响。本表显示每个用户最新记录的风险分数。", "xpack.securitySolution.hostsTable.firstLastSeenToolTip": "相对于选定日期范围", "xpack.securitySolution.hostsTable.hostsTitle": "所有主机", "xpack.securitySolution.hostsTable.lastSeenTitle": "最后看到时间", diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts index bffb55831df9d..a14aa11bc1cdd 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts @@ -5,7 +5,6 @@ * 2.0. */ -import moment from 'moment'; import { login } from '../../../tasks/login'; import { visitWithTimeRange } from '../../../tasks/navigation'; @@ -47,9 +46,8 @@ import { getNewRule } from '../../../objects/rule'; import { clickOnFirstHostsAlerts, clickOnFirstUsersAlerts } from '../../../tasks/risk_scores'; import { OPTION_LIST_LABELS, OPTION_LIST_VALUES } from '../../../screens/common/filter_group'; import { setRowsPerPageTo } from '../../../tasks/table_pagination'; - import { clearSearchBar, kqlSearch } from '../../../tasks/security_header'; -import { setEndDate, setStartDate, setEndDateNow, updateDates } from '../../../tasks/date_picker'; +import { setEndDate, setEndDateNow, updateDates } from '../../../tasks/date_picker'; import { enableJob, navigateToNextPage, @@ -62,9 +60,7 @@ const TEST_USER_ALERTS = 2; const TEST_USER_NAME = 'test'; const SIEM_KIBANA_HOST_ALERTS = 2; const SIEM_KIBANA_HOST_NAME = 'siem-kibana'; -const DATE_FORMAT = 'MMM D, YYYY @ HH:mm:ss.SSS'; -const DATE_BEFORE_ALERT_CREATION = moment().format(DATE_FORMAT); -const OLDEST_DATE = moment('2019-01-19T16:22:56.217Z').format(DATE_FORMAT); +const END_DATE = 'Jan 19, 2019 @ 20:33:29.186'; describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }, () => { before(() => { @@ -205,8 +201,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] } }); it('filters the alerts count with time range', () => { - setEndDate(DATE_BEFORE_ALERT_CREATION); - + setEndDate(END_DATE); updateDates(); cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0); @@ -294,7 +289,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] } }); it('filters the alerts count with time range', () => { - setEndDate(DATE_BEFORE_ALERT_CREATION); + setEndDate(END_DATE); updateDates(); cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0); @@ -427,7 +422,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] } }); it('filters the alerts count with time range', () => { - setEndDate(DATE_BEFORE_ALERT_CREATION); + setEndDate(END_DATE); updateDates(); cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0); @@ -437,18 +432,6 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] } updateDates(); }); - it('filters risk scores with time range', () => { - const now = moment().format(DATE_FORMAT); - setStartDate(now); - updateDates(); - - cy.get(HOST_RISK_SCORE_NO_DATA_DETECTED).should('be.visible'); - - // CLEAR DATES - setStartDate(OLDEST_DATE); - updateDates(); - }); - it('opens alerts page when alerts count is clicked', () => { clickOnFirstHostsAlerts(); cy.url().should('include', ALERTS_URL); @@ -532,7 +515,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] } }); it('filters the alerts count with time range', () => { - setEndDate(DATE_BEFORE_ALERT_CREATION); + setEndDate(END_DATE); updateDates(); cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0); @@ -542,18 +525,6 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] } updateDates(); }); - it('filters risk scores with time range', () => { - const now = moment().format(DATE_FORMAT); - setStartDate(now); - updateDates(); - - cy.get(USER_RISK_SCORE_NO_DATA_DETECTED).should('be.visible'); - - // CLEAR DATES - setStartDate(OLDEST_DATE); - updateDates(); - }); - it('opens alerts page when alerts count is clicked', () => { clickOnFirstUsersAlerts(); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/explore/hosts/host_risk_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/explore/hosts/host_risk_tab.cy.ts index 9fcc16406793f..6a11e27bcc81a 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/explore/hosts/host_risk_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/explore/hosts/host_risk_tab.cy.ts @@ -49,10 +49,9 @@ describe('risk tab', { tags: ['@ess', '@serverless'] }, () => { it('renders the table', () => { kqlSearch('host.name: "siem-kibana" {enter}'); - cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', 'siem-kibana'); - cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Mar 10, 2021 @ 14:51:05.766'); - cy.get(HOST_BY_RISK_TABLE_CELL).eq(6).should('have.text', '21'); - cy.get(HOST_BY_RISK_TABLE_CELL).eq(7).should('have.text', 'Low'); + cy.get(HOST_BY_RISK_TABLE_CELL).eq(3).should('have.text', 'siem-kibana'); + cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', '21'); + cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Low'); }); it.skip('filters the table', () => { @@ -100,10 +99,9 @@ describe('risk tab', { tags: ['@ess', '@serverless'] }, () => { it('renders the table', () => { kqlSearch('host.name: "siem-kibana" {enter}'); - cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', 'siem-kibana'); - cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Mar 10, 2021 @ 14:51:05.766'); - cy.get(HOST_BY_RISK_TABLE_CELL).eq(6).should('have.text', '90'); - cy.get(HOST_BY_RISK_TABLE_CELL).eq(7).should('have.text', 'Critical'); + cy.get(HOST_BY_RISK_TABLE_CELL).eq(3).should('have.text', 'siem-kibana'); + cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', '90'); + cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Critical'); }); it.skip('filters the table', () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/inspect/inspect_button.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/inspect/inspect_button.cy.ts index 30a3704879f36..78ead35a49327 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/inspect/inspect_button.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/inspect/inspect_button.cy.ts @@ -17,7 +17,7 @@ import { openTableInspectModal, } from '../../tasks/inspect'; import { login } from '../../tasks/login'; -import { visitWithTimeRange } from '../../tasks/navigation'; +import { visit } from '../../tasks/navigation'; import { postDataView, waitForWelcomePanelToBeLoaded } from '../../tasks/common'; import { selectDataView } from '../../tasks/sourcerer'; @@ -46,7 +46,7 @@ describe('Inspect Explore pages', { tags: ['@ess', '@serverless', '@brokenInServ it(`inspect ${pageName} page`, () => { login(); - visitWithTimeRange(url, { + visit(url, { visitOptions: { onLoad: () => { waitForWelcomePanelToBeLoaded(); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/inspect.ts b/x-pack/test/security_solution_cypress/cypress/screens/inspect.ts index ba511883c05b6..0759fb1e4924c 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/inspect.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/inspect.ts @@ -86,6 +86,7 @@ export const INSPECT_BUTTONS_IN_SECURITY: InspectButtonMetadata[] = [ altInspectId: '[data-test-subj="events-viewer-panel"]', id: EVENT_CONTAINER_TABLE_NOT_LOADING, }, + { title: 'Host risk', tab: RISK_DETAILS_NAV,