Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement functionality to add observables, procedures and custom fields to alerts for TheHive #207255

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Implement functionality to add observables, procedures and custom fields to alerts for TheHive #207255

wants to merge 3 commits into from
+341 −7

Conversation

brijesh-elastic
Copy link
Contributor

@brijesh-elastic brijesh-elastic commented Jan 20, 2025
edited
Loading

Summary

It includes a template selection drop-down menu with predefined basic templates. These templates provide predefined configurations that include observables and procedures. When you select a template, its corresponding values automatically populate the Body field. Additionally, you can use the Build Your Own option to create a custom template.

This PR also updates the JsonEditorWithMessageVariables component to address an issue where inputTargetValue and xJson are not the same. For example, in our scenario, we expect that changing the template selection dropdown should update the content in the body below. To address this, we've added the condition (xJson && inputTargetValue && inputTargetValue !== xJson), which ensures that the internal state xJson is updated accordingly, and the content is displayed as expected.

Screenshots

image 1
image 2

Checklist

  • Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
  • Documentation was added for features that require explanation or tutorials
  • Unit or functional tests were updated or added to match the most common scenarios
  • If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
  • This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The release_note:breaking label should be applied in these situations.
  • Flaky Test Runner was used on any tests changed
  • The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines

@brijesh-elastic brijesh-elastic requested a review from a team as a code owner January 20, 2025 18:53
@github-actions GitHub Actions
Copy link
Contributor

A documentation preview will be available soon.

Request a new doc build by commenting
  • Rebuild this PR: run docs-build
  • Rebuild this PR and all Elastic docs: run docs-build rebuild

run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.

If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.

@kcreddy kcreddy added the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Jan 21, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@kcreddy kcreddy added Feature:Cases Cases feature Feature:Actions/ConnectorTypes Issues related to specific Connector Types on the Actions Framework labels Jan 21, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops-cases (Feature:Cases)

@elasticmachine
Copy link
Contributor

elasticmachine commented Jan 22, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #62 / Actions and Triggers app Connectors General connector functionality should test a connector and display a successful result
  • [job] [logs] FTR Configs #62 / Actions and Triggers app Connectors General connector functionality should test a connector and display a successful result
  • [job] [logs] Rules, Alerts and Exceptions ResponseOps Cypress Tests on Security Solution #1 / Rule actions during detection rule creation Allows adding alerts filters for the action Allows adding alerts filters for the action
  • [job] [logs] Rules, Alerts and Exceptions ResponseOps Cypress Tests on Security Solution #1 / Rule actions during detection rule creation Allows adding alerts filters for the action Allows adding alerts filters for the action
  • [job] [logs] Rules, Alerts and Exceptions ResponseOps Cypress Tests on Security Solution #1 / Rule actions during detection rule creation Indexes a new document after the index action is triggered Indexes a new document after the index action is triggered
  • [job] [logs] Rules, Alerts and Exceptions ResponseOps Cypress Tests on Security Solution #1 / Rule actions during detection rule creation Indexes a new document after the index action is triggered Indexes a new document after the index action is triggered

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
stackConnectors 740.3KB 746.9KB +6.6KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
triggersActionsUi 130.2KB 130.2KB +15.0B

History

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Feature:Actions/ConnectorTypes Issues related to specific Connector Types on the Actions Framework Feature:Cases Cases feature Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@brijesh-elastic @elasticmachine @kcreddy