Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs for "Alert User Assignment" feature #4226

Closed
e40pud opened this issue Nov 8, 2023 · 3 comments · Fixed by #4476
Closed

Docs for "Alert User Assignment" feature #4226

e40pud opened this issue Nov 8, 2023 · 3 comments · Fixed by #4476
Assignees
@nastasha-solomon
Labels
documentation Improvements or additions to documentation Effort: Medium Issues that take moderate but not substantial time to complete Feature: Alert Schema Feature: Alerts Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Detection Engine v8.12.0

Comments

@e40pud
Copy link
Contributor

e40pud commented Nov 8, 2023
edited
Loading

Security solution ticket with detailed feature description https://github.com/elastic/security-team/issues/2504

Description

We need to add documentation for the new alert assignments feature. It is planned to merge changes this or next week.

The key items of the Alert User Assignment feature:

  • It is possible to assign a user/s to alert/s
  • There is a new "Assignees" column in the alerts table which displays avatars of assigned users
  • There is a bulk action to update assignees for multiple alerts
  • It is possible to see and update assignees inside the alert details flyout component
  • There is an "Assignees" filter button on the Alerts page which allows to filter alerts by assignees

This feature will be available in both ESS and Serverless

280417832-8eeb13f3-2d16-4fba-acdf-755024a59fc2.mov
@e40pud e40pud added documentation Improvements or additions to documentation v8.12.0 labels Nov 8, 2023
@e40pud e40pud mentioned this issue Nov 8, 2023
Merged
17 tasks
@nastasha-solomon
Copy link
Contributor

nastasha-solomon commented Nov 16, 2023
edited
Loading

Serverless doc updates:

  • Alerts | Take actions on alerts:

    • Add bullet to list -- users can assign alerts to users

    • Add new section for assigning alerts, removing assignees, and filtering assigned alerts from the Alerts page. Place the new section between the Apply and filter alert tags and Add an endpoint exception from an alert sections. A couple of additional notes on this new content:

      • When users filter for alerts assigned to specific assignees using the Assignees filter above the Alerts table, this doesn't affect KQL query at the top of the page. Example:
        Screenshot 2023-11-15 at 11 09 24 PM
      • Add a reference to the alert details page, where there's functionality that allows users to add assignees to an alert. Note: Users can also assign alerts to users from the alert details flyout in Timeline.
      • The Remove all assignees option in the bulk overflow menu is used to bulk unassign users.
      • This iteration of the feature doesn't include email or other notification types. In other words, users are not notified that they're assigned to an alert.
      • Up to four assignee avatars show up in the table. Five or more assignees are shown as a number badge.

    • Update the following outdated images that show older versions of the bulk actions menu:

      • -detections-alert-change-status.png
      • -detections-bulk-add-alerts-to-timeline.png

  • View detection alert details

    • Update -detections-open-alert-details-flyout.gif

  • Right panel

    • Update -detections-alert-details-flyout-right-panel.png
    • In list under the screenshot, explain how to add assignees. Note: Will need to refresh the Share alert feature description since the flyout UI design has changed. (issue and PR are TBD)

  • Preview panel

    • Update -detections-alert-details-flyout-preview-panel.gif

  • Left panel

    • Update -detections-expand-details-button.png

  • Alert schema

    • Document the kibana.alert.workflow_assignee_ids field. A few notes about this new field:
      • Description: Is an array of user profile IDs. User profile IDs (string) are a unique identifier for the user profile.
      • Type: string
      • Multiple assignees are represented as an array
      • The field value is the user profile ID. ATM, there's no easy way to find this in Kibana. Might be worth explaining how to find the UID:
        To find UIDs, open an alert's details, go to the Table tab, and search for the kibana.alert.workflow_assignee_ids field.

@nastasha-solomon
Copy link
Contributor

UI copy work being tracked in #4295

@nastasha-solomon nastasha-solomon added Effort: Medium Issues that take moderate but not substantial time to complete Feature: Alerts Feature: Alert Schema Priority: High Issues that are time-sensitive and/or are of high customer importance labels Nov 16, 2023
@nastasha-solomon
Copy link
Contributor

@e40pud and @yctercero - https://github.com/elastic/staging-serverless-security-docs/pull/232 contains a first draft of the alert assignment feature docs. I'm going to update all the outdated screenshots, add some ones, and finalize the content once I'm back from PTO.

cc: @jmikell821

e40pud added a commit to elastic/kibana that referenced this issue Dec 1, 2023
@e40pud @marshallmain
@XavierM @kibanamachine @semd
[Security Solution][Alerts] Alert (+Investigation) User Assignment (#…
1ebdbc3 
…2504) (#170579)

## Summary

With this PR we introduce a new Alert User Assignment feature:
- It is possible to assign a user/s to alert/s
- There is a new "Assignees" column in the alerts table which displays
avatars of assigned users
- There is a bulk action to update assignees for multiple alerts
- It is possible to see and update assignees inside the alert details
flyout component
- There is an "Assignees" filter button on the Alerts page which allows
to filter alerts by assignees

We decided to develop this feature on a separate branch. This gives us
ability to make sure that it is thoroughly tested and we did not break
anything in production. Since there is a data scheme changes involved we
decided that it will be a better approach. cc @yctercero

## Testing notes

In order to test assignments you need to create a few users. Then for
users to appear in user profiles dropdown menu you need to activate them
by login into those account at least once.


https://github.com/elastic/kibana/assets/2700761/8eeb13f3-2d16-4fba-acdf-755024a59fc2

Main ticket elastic/security-team#2504

## Bugfixes
- [x] elastic/security-team#8028
- [x] elastic/security-team#8034
- [x] elastic/security-team#8006
- [x] elastic/security-team#8025

## Enhancements
- [x] elastic/security-team#8033

### Checklist

- [x] Functional changes are hidden behind a feature flag. If not
hidden, the PR explains why these changes are being implemented in a
long-living feature branch.
- [x] Functional changes are covered with a test plan and automated
tests.
  - [x] #171306
  - [x] #171307
- [x] Stability of new and changed tests is verified using the [Flaky
Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner).
- [x]
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4091
- [x] Comprehensive manual testing is done by two engineers: the PR
author and one of the PR reviewers. Changes are tested in both ESS and
Serverless.
- [x] Mapping changes are accompanied by a technical design document. It
can be a GitHub issue or an RFC explaining the changes. The design
document is shared with and approved by the appropriate teams and
individual stakeholders.
   * elastic/security-team#7647
- [x] Functional changes are communicated to the Docs team. A ticket or
PR is opened in https://github.com/elastic/security-docs. The following
information is included: any feature flags used, affected environments
(Serverless, ESS, or both). **NOTE: as discussed we will wait until docs
are ready to merge this PR**.
   * elastic/security-docs#4226
* elastic/staging-serverless-security-docs#232

---------

Co-authored-by: Marshall Main <[email protected]>
Co-authored-by: Xavier Mouligneau <[email protected]>
Co-authored-by: Kibana Machine <[email protected]>
Co-authored-by: Sergi Massaneda <[email protected]>
@e40pud e40pud mentioned this issue Dec 12, 2023
Closed
@nastasha-solomon nastasha-solomon mentioned this issue Dec 14, 2023
Merged
@nastasha-solomon nastasha-solomon linked a pull request Dec 14, 2023 that will close this issue
Docs for "Alert User Assignment" feature #4476
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nastasha-solomon nastasha-solomon

Labels
documentation Improvements or additions to documentation Effort: Medium Issues that take moderate but not substantial time to complete Feature: Alert Schema Feature: Alerts Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Detection Engine v8.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Docs for "Alert User Assignment" feature elastic/security-docs
2 participants
@e40pud @nastasha-solomon