Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cloud Security] Bug fix - show origin event's with primary color instead of danger #204425

Merged
merged 5 commits into from
Dec 17, 2024

Conversation

kfirpeled
Copy link
Contributor

@kfirpeled kfirpeled commented Dec 16, 2024

Summary

Bug description:

Actual: The node's color is red when exploring events through Explore or Timeline.
The expected color of events is blue.

Before:

385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075

After:

Screen.Recording.2024-12-16.at.17.01.18.mov
Screen.Recording.2024-12-16.at.17.04.31.mov

How to test this PR:

  • Enable the feature flag

kibana.dev.yml:

uiSettings.overrides.securitySolution:enableVisualizationsInFlyout: true
xpack.securitySolution.enableExperimental: ['graphVisualizationInFlyoutEnabled']
  • Load mocked data:
node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit \ 
  --es-url http://elastic:changeme@localhost:9200 \
  --kibana-url http://elastic:changeme@localhost:5601

node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/security_alerts \
  --es-url http://elastic:changeme@localhost:9200 \
  --kibana-url http://elastic:changeme@localhost:5601
  • Make sure you include data from Oct 13 2024. (in the video I use Last year)

Checklist

@kfirpeled kfirpeled added release_note:skip Skip the PR/issue when compiling release notes Team:Cloud Security Cloud Security team related backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) labels Dec 16, 2024
@kfirpeled kfirpeled marked this pull request as ready for review December 16, 2024 16:07
@kfirpeled kfirpeled requested review from a team as code owners December 16, 2024 16:07
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security)

@kfirpeled kfirpeled requested review from maxcold and opauloh December 16, 2024 16:10
Copy link
Contributor

@PhilippeOberti PhilippeOberti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code LGTM, I left a comment though if you want to take a look. There is another way to retrieve the isAlert information that you could use to be more consistent with the rest of the flyout components. Not mandatory though!

@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#7606

[✅] x-pack/test/cloud_security_posture_api/config.ts: 25/25 tests passed.

see run history

@@ -77,6 +90,7 @@ export const useGraphPreview = ({
actorIds.length > 0 &&
eventIds.length > 0 &&
targetIds.length > 0;
const { isAlert } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@PhilippeOberti I took your suggestion, let me know if that is ok to use it this way

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry for my late reply @kfirpeled, this looks good, thanks for making the change! I thought this logic could actually have been done within the components directly, instead of passing dataFormattedForFieldBrowser to this hook then retrieve the isAlert from here, but this works as well!

@elasticmachine
Copy link
Contributor

💔 Build Failed

Failed CI Steps

History

Copy link
Contributor

@maxcold maxcold left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, tested on the mock data, seems to be working as expected

@kfirpeled kfirpeled merged commit 2c5544c into elastic:main Dec 17, 2024
8 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/12377032434

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Dec 17, 2024
…tead of danger (elastic#204425)

## Summary

Bug description:

**Actual:** The node's color is red when exploring events through
Explore or Timeline.
**The expected** color of events is blue.

Before:

![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)

After:

https://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb

https://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba

**How to test this PR:**

- Enable the feature flag

`kibana.dev.yml`:

```yaml
uiSettings.overrides.securitySolution:enableVisualizationsInFlyout: true
xpack.securitySolution.enableExperimental: ['graphVisualizationInFlyoutEnabled']
```

- Load mocked data:

```bash
node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit \
  --es-url http://elastic:changeme@localhost:9200 \
  --kibana-url http://elastic:changeme@localhost:5601

node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/security_alerts \
  --es-url http://elastic:changeme@localhost:9200 \
  --kibana-url http://elastic:changeme@localhost:5601
```

- Make sure you include data from Oct 13 2024. (in the video I use Last
year)

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

(cherry picked from commit 2c5544c)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kfirpeled added a commit that referenced this pull request Dec 17, 2024
…y color instead of danger (#204425) (#204611)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Cloud Security] Bug fix - show origin event's with primary
color instead of danger
(#204425)](#204425)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kfir
Peled","email":"61654899+kfirpeled@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-12-17T16:17:05Z","message":"[Cloud
Security] Bug fix - show origin event's with primary color instead of
danger (#204425)\n\n## Summary\r\n\r\nBug
description:\r\n\r\n**Actual:** The node's color is red when exploring
events through\r\nExplore or Timeline.\r\n**The expected** color of
events is
blue.\r\n\r\nBefore:\r\n\r\n\r\n![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)\r\n\r\nAfter:\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb\r\n\r\n\r\nhttps://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba\r\n\r\n**How
to test this PR:**\r\n\r\n- Enable the feature flag
\r\n\r\n`kibana.dev.yml`:\r\n\r\n```yaml\r\nuiSettings.overrides.securitySolution:enableVisualizationsInFlyout:
true\r\nxpack.securitySolution.enableExperimental:
['graphVisualizationInFlyoutEnabled']\r\n```\r\n\r\n- Load mocked
data:\r\n\r\n```bash\r\nnode scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit
\\ \r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n\r\nnode
scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/security_alerts
\\\r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n```\r\n\r\n- Make
sure you include data from Oct 13 2024. (in the video I use
Last\r\nyear)\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests
changed","sha":"2c5544cfc87cfa11800e4ab687ab39ec445b2d74","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Cloud
Security","backport:prev-minor"],"title":"[Cloud Security] Bug fix -
show origin event's with primary color instead of
danger","number":204425,"url":"https://github.com/elastic/kibana/pull/204425","mergeCommit":{"message":"[Cloud
Security] Bug fix - show origin event's with primary color instead of
danger (#204425)\n\n## Summary\r\n\r\nBug
description:\r\n\r\n**Actual:** The node's color is red when exploring
events through\r\nExplore or Timeline.\r\n**The expected** color of
events is
blue.\r\n\r\nBefore:\r\n\r\n\r\n![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)\r\n\r\nAfter:\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb\r\n\r\n\r\nhttps://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba\r\n\r\n**How
to test this PR:**\r\n\r\n- Enable the feature flag
\r\n\r\n`kibana.dev.yml`:\r\n\r\n```yaml\r\nuiSettings.overrides.securitySolution:enableVisualizationsInFlyout:
true\r\nxpack.securitySolution.enableExperimental:
['graphVisualizationInFlyoutEnabled']\r\n```\r\n\r\n- Load mocked
data:\r\n\r\n```bash\r\nnode scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit
\\ \r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n\r\nnode
scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/security_alerts
\\\r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n```\r\n\r\n- Make
sure you include data from Oct 13 2024. (in the video I use
Last\r\nyear)\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests
changed","sha":"2c5544cfc87cfa11800e4ab687ab39ec445b2d74"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204425","number":204425,"mergeCommit":{"message":"[Cloud
Security] Bug fix - show origin event's with primary color instead of
danger (#204425)\n\n## Summary\r\n\r\nBug
description:\r\n\r\n**Actual:** The node's color is red when exploring
events through\r\nExplore or Timeline.\r\n**The expected** color of
events is
blue.\r\n\r\nBefore:\r\n\r\n\r\n![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)\r\n\r\nAfter:\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb\r\n\r\n\r\nhttps://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba\r\n\r\n**How
to test this PR:**\r\n\r\n- Enable the feature flag
\r\n\r\n`kibana.dev.yml`:\r\n\r\n```yaml\r\nuiSettings.overrides.securitySolution:enableVisualizationsInFlyout:
true\r\nxpack.securitySolution.enableExperimental:
['graphVisualizationInFlyoutEnabled']\r\n```\r\n\r\n- Load mocked
data:\r\n\r\n```bash\r\nnode scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit
\\ \r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n\r\nnode
scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/security_alerts
\\\r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n```\r\n\r\n- Make
sure you include data from Oct 13 2024. (in the video I use
Last\r\nyear)\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests
changed","sha":"2c5544cfc87cfa11800e4ab687ab39ec445b2d74"}}]}]
BACKPORT-->

Co-authored-by: Kfir Peled <61654899+kfirpeled@users.noreply.github.com>
delanni added a commit that referenced this pull request Dec 17, 2024
…h primary color instead of danger (#204425) (#204611)"

This reverts commit bed0eaa.
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/12377032434

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Dec 17, 2024
…tead of danger (elastic#204425)

## Summary

Bug description:

**Actual:** The node's color is red when exploring events through
Explore or Timeline.
**The expected** color of events is blue.

Before:

![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)

After:

https://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb

https://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba

**How to test this PR:**

- Enable the feature flag

`kibana.dev.yml`:

```yaml
uiSettings.overrides.securitySolution:enableVisualizationsInFlyout: true
xpack.securitySolution.enableExperimental: ['graphVisualizationInFlyoutEnabled']
```

- Load mocked data:

```bash
node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit \
  --es-url http://elastic:changeme@localhost:9200 \
  --kibana-url http://elastic:changeme@localhost:5601

node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/security_alerts \
  --es-url http://elastic:changeme@localhost:9200 \
  --kibana-url http://elastic:changeme@localhost:5601
```

- Make sure you include data from Oct 13 2024. (in the video I use Last
year)

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

(cherry picked from commit 2c5544c)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/12377032434

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Dec 18, 2024
…tead of danger (elastic#204425)

## Summary

Bug description:

**Actual:** The node's color is red when exploring events through
Explore or Timeline.
**The expected** color of events is blue.

Before:

![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)

After:

https://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb

https://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba

**How to test this PR:**

- Enable the feature flag

`kibana.dev.yml`:

```yaml
uiSettings.overrides.securitySolution:enableVisualizationsInFlyout: true
xpack.securitySolution.enableExperimental: ['graphVisualizationInFlyoutEnabled']
```

- Load mocked data:

```bash
node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit \
  --es-url http://elastic:changeme@localhost:9200 \
  --kibana-url http://elastic:changeme@localhost:5601

node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/security_alerts \
  --es-url http://elastic:changeme@localhost:9200 \
  --kibana-url http://elastic:changeme@localhost:5601
```

- Make sure you include data from Oct 13 2024. (in the video I use Last
year)

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

(cherry picked from commit 2c5544c)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Dec 18, 2024
…y color instead of danger (#204425) (#204663)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Cloud Security] Bug fix - show origin event&#x27;s with primary
color instead of danger
(#204425)](#204425)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kfir
Peled","email":"61654899+kfirpeled@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-12-17T16:17:05Z","message":"[Cloud
Security] Bug fix - show origin event's with primary color instead of
danger (#204425)\n\n## Summary\r\n\r\nBug
description:\r\n\r\n**Actual:** The node's color is red when exploring
events through\r\nExplore or Timeline.\r\n**The expected** color of
events is
blue.\r\n\r\nBefore:\r\n\r\n\r\n![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)\r\n\r\nAfter:\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb\r\n\r\n\r\nhttps://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba\r\n\r\n**How
to test this PR:**\r\n\r\n- Enable the feature flag
\r\n\r\n`kibana.dev.yml`:\r\n\r\n```yaml\r\nuiSettings.overrides.securitySolution:enableVisualizationsInFlyout:
true\r\nxpack.securitySolution.enableExperimental:
['graphVisualizationInFlyoutEnabled']\r\n```\r\n\r\n- Load mocked
data:\r\n\r\n```bash\r\nnode scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit
\\ \r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n\r\nnode
scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/security_alerts
\\\r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n```\r\n\r\n- Make
sure you include data from Oct 13 2024. (in the video I use
Last\r\nyear)\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests
changed","sha":"2c5544cfc87cfa11800e4ab687ab39ec445b2d74","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Cloud
Security","backport:prev-minor","v8.18.0"],"title":"[Cloud Security] Bug
fix - show origin event's with primary color instead of
danger","number":204425,"url":"https://github.com/elastic/kibana/pull/204425","mergeCommit":{"message":"[Cloud
Security] Bug fix - show origin event's with primary color instead of
danger (#204425)\n\n## Summary\r\n\r\nBug
description:\r\n\r\n**Actual:** The node's color is red when exploring
events through\r\nExplore or Timeline.\r\n**The expected** color of
events is
blue.\r\n\r\nBefore:\r\n\r\n\r\n![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)\r\n\r\nAfter:\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb\r\n\r\n\r\nhttps://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba\r\n\r\n**How
to test this PR:**\r\n\r\n- Enable the feature flag
\r\n\r\n`kibana.dev.yml`:\r\n\r\n```yaml\r\nuiSettings.overrides.securitySolution:enableVisualizationsInFlyout:
true\r\nxpack.securitySolution.enableExperimental:
['graphVisualizationInFlyoutEnabled']\r\n```\r\n\r\n- Load mocked
data:\r\n\r\n```bash\r\nnode scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit
\\ \r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n\r\nnode
scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/security_alerts
\\\r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n```\r\n\r\n- Make
sure you include data from Oct 13 2024. (in the video I use
Last\r\nyear)\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests
changed","sha":"2c5544cfc87cfa11800e4ab687ab39ec445b2d74"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204425","number":204425,"mergeCommit":{"message":"[Cloud
Security] Bug fix - show origin event's with primary color instead of
danger (#204425)\n\n## Summary\r\n\r\nBug
description:\r\n\r\n**Actual:** The node's color is red when exploring
events through\r\nExplore or Timeline.\r\n**The expected** color of
events is
blue.\r\n\r\nBefore:\r\n\r\n\r\n![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)\r\n\r\nAfter:\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb\r\n\r\n\r\nhttps://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba\r\n\r\n**How
to test this PR:**\r\n\r\n- Enable the feature flag
\r\n\r\n`kibana.dev.yml`:\r\n\r\n```yaml\r\nuiSettings.overrides.securitySolution:enableVisualizationsInFlyout:
true\r\nxpack.securitySolution.enableExperimental:
['graphVisualizationInFlyoutEnabled']\r\n```\r\n\r\n- Load mocked
data:\r\n\r\n```bash\r\nnode scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit
\\ \r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n\r\nnode
scripts/es_archiver load
x-pack/test/cloud_security_posture_functional/es_archives/security_alerts
\\\r\n --es-url http://elastic:changeme@localhost:9200 \\\r\n
--kibana-url http://elastic:changeme@localhost:5601\r\n```\r\n\r\n- Make
sure you include data from Oct 13 2024. (in the video I use
Last\r\nyear)\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests
changed","sha":"2c5544cfc87cfa11800e4ab687ab39ec445b2d74"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/204611","number":204611,"state":"MERGED","mergeCommit":{"sha":"bed0eaa8eaf18e3507e615c14b59de0ffaaa5e28","message":"[8.x]
[Cloud Security] Bug fix - show origin event&#x27;s with primary color
instead of danger (#204425) (#204611)\n\n# Backport\r\n\r\nThis will
backport the following commits from `main` to `8.x`:\r\n- [[Cloud
Security] Bug fix - show origin event&#x27;s with primary\r\ncolor
instead of
danger\r\n(#204425)](https://github.com/elastic/kibana/pull/204425)\r\n\r\n<!---
Backport version: 9.4.3 -->\r\n\r\n### Questions ?\r\nPlease refer to
the [Backport
tool\r\ndocumentation](https://github.com/sqren/backport)\r\n\r\n<!--BACKPORT
[{\"author\":{\"name\":\"Kfir\r\nPeled\",\"email\":\"61654899+kfirpeled@users.noreply.github.com\"},\"sourceCommit\":{\"committedDate\":\"2024-12-17T16:17:05Z\",\"message\":\"[Cloud\r\nSecurity]
Bug fix - show origin event's with primary color instead of\r\ndanger
(#204425)\\n\\n##
Summary\\r\\n\\r\\nBug\r\ndescription:\\r\\n\\r\\n**Actual:** The node's
color is red when exploring\r\nevents through\\r\\nExplore or
Timeline.\\r\\n**The expected** color of\r\nevents
is\r\nblue.\\r\\n\\r\\nBefore:\\r\\n\\r\\n\\r\\n![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)\\r\\n\\r\\nAfter:\\r\\n\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba\\r\\n\\r\\n**How\r\nto
test this PR:**\\r\\n\\r\\n- Enable the feature
flag\r\n\\r\\n\\r\\n`kibana.dev.yml`:\\r\\n\\r\\n```yaml\\r\\nuiSettings.overrides.securitySolution:enableVisualizationsInFlyout:\r\ntrue\\r\\nxpack.securitySolution.enableExperimental:\r\n['graphVisualizationInFlyoutEnabled']\\r\\n```\\r\\n\\r\\n-
Load mocked\r\ndata:\\r\\n\\r\\n```bash\\r\\nnode scripts/es_archiver
load\r\nx-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit\r\n\\\\
\\r\\n --es-url http://elastic:changeme@localhost:9200
\\\\\\r\\n\r\n--kibana-url
http://elastic:changeme@localhost:5601\\r\\n\\r\\nnode\r\nscripts/es_archiver
load\r\nx-pack/test/cloud_security_posture_functional/es_archives/security_alerts\r\n\\\\\\r\\n
--es-url http://elastic:changeme@localhost:9200
\\\\\\r\\n\r\n--kibana-url
http://elastic:changeme@localhost:5601\\r\\n```\\r\\n\\r\\n-
Make\r\nsure you include data from Oct 13 2024. (in the video I
use\r\nLast\\r\\nyear)\\r\\n\\r\\n\\r\\n### Checklist\\r\\n\\r\\n- [x]
[Unit
or\r\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\r\nupdated
or added to match the most common scenarios\\r\\n- [x]
[Flaky\r\nTest\\r\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\r\nwas\\r\\nused
on any
tests\r\nchanged\",\"sha\":\"2c5544cfc87cfa11800e4ab687ab39ec445b2d74\",\"branchLabelMapping\":{\"^v9.0.0$\":\"main\",\"^v8.18.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"release_note:skip\",\"v9.0.0\",\"Team:Cloud\r\nSecurity\",\"backport:prev-minor\"],\"title\":\"[Cloud
Security] Bug fix -\r\nshow origin event's with primary color instead
of\r\ndanger\",\"number\":204425,\"url\":\"https://github.com/elastic/kibana/pull/204425\",\"mergeCommit\":{\"message\":\"[Cloud\r\nSecurity]
Bug fix - show origin event's with primary color instead of\r\ndanger
(#204425)\\n\\n##
Summary\\r\\n\\r\\nBug\r\ndescription:\\r\\n\\r\\n**Actual:** The node's
color is red when exploring\r\nevents through\\r\\nExplore or
Timeline.\\r\\n**The expected** color of\r\nevents
is\r\nblue.\\r\\n\\r\\nBefore:\\r\\n\\r\\n\\r\\n![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)\\r\\n\\r\\nAfter:\\r\\n\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba\\r\\n\\r\\n**How\r\nto
test this PR:**\\r\\n\\r\\n- Enable the feature
flag\r\n\\r\\n\\r\\n`kibana.dev.yml`:\\r\\n\\r\\n```yaml\\r\\nuiSettings.overrides.securitySolution:enableVisualizationsInFlyout:\r\ntrue\\r\\nxpack.securitySolution.enableExperimental:\r\n['graphVisualizationInFlyoutEnabled']\\r\\n```\\r\\n\\r\\n-
Load mocked\r\ndata:\\r\\n\\r\\n```bash\\r\\nnode scripts/es_archiver
load\r\nx-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit\r\n\\\\
\\r\\n --es-url http://elastic:changeme@localhost:9200
\\\\\\r\\n\r\n--kibana-url
http://elastic:changeme@localhost:5601\\r\\n\\r\\nnode\r\nscripts/es_archiver
load\r\nx-pack/test/cloud_security_posture_functional/es_archives/security_alerts\r\n\\\\\\r\\n
--es-url http://elastic:changeme@localhost:9200
\\\\\\r\\n\r\n--kibana-url
http://elastic:changeme@localhost:5601\\r\\n```\\r\\n\\r\\n-
Make\r\nsure you include data from Oct 13 2024. (in the video I
use\r\nLast\\r\\nyear)\\r\\n\\r\\n\\r\\n### Checklist\\r\\n\\r\\n- [x]
[Unit
or\r\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\r\nupdated
or added to match the most common scenarios\\r\\n- [x]
[Flaky\r\nTest\\r\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\r\nwas\\r\\nused
on any
tests\r\nchanged\",\"sha\":\"2c5544cfc87cfa11800e4ab687ab39ec445b2d74\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[],\"targetPullRequestStates\":[{\"branch\":\"main\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v9.0.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/204425\",\"number\":204425,\"mergeCommit\":{\"message\":\"[Cloud\r\nSecurity]
Bug fix - show origin event's with primary color instead of\r\ndanger
(#204425)\\n\\n##
Summary\\r\\n\\r\\nBug\r\ndescription:\\r\\n\\r\\n**Actual:** The node's
color is red when exploring\r\nevents through\\r\\nExplore or
Timeline.\\r\\n**The expected** color of\r\nevents
is\r\nblue.\\r\\n\\r\\nBefore:\\r\\n\\r\\n\\r\\n![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)\\r\\n\\r\\nAfter:\\r\\n\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba\\r\\n\\r\\n**How\r\nto
test this PR:**\\r\\n\\r\\n- Enable the feature
flag\r\n\\r\\n\\r\\n`kibana.dev.yml`:\\r\\n\\r\\n```yaml\\r\\nuiSettings.overrides.securitySolution:enableVisualizationsInFlyout:\r\ntrue\\r\\nxpack.securitySolution.enableExperimental:\r\n['graphVisualizationInFlyoutEnabled']\\r\\n```\\r\\n\\r\\n-
Load mocked\r\ndata:\\r\\n\\r\\n```bash\\r\\nnode scripts/es_archiver
load\r\nx-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit\r\n\\\\
\\r\\n --es-url http://elastic:changeme@localhost:9200
\\\\\\r\\n\r\n--kibana-url
http://elastic:changeme@localhost:5601\\r\\n\\r\\nnode\r\nscripts/es_archiver
load\r\nx-pack/test/cloud_security_posture_functional/es_archives/security_alerts\r\n\\\\\\r\\n
--es-url http://elastic:changeme@localhost:9200
\\\\\\r\\n\r\n--kibana-url
http://elastic:changeme@localhost:5601\\r\\n```\\r\\n\\r\\n-
Make\r\nsure you include data from Oct 13 2024. (in the video I
use\r\nLast\\r\\nyear)\\r\\n\\r\\n\\r\\n### Checklist\\r\\n\\r\\n- [x]
[Unit
or\r\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\r\nupdated
or added to match the most common scenarios\\r\\n- [x]
[Flaky\r\nTest\\r\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\r\nwas\\r\\nused
on any
tests\r\nchanged\",\"sha\":\"2c5544cfc87cfa11800e4ab687ab39ec445b2d74\"}}]}]\r\nBACKPORT-->\r\n\r\nCo-authored-by:
Kfir Peled <61654899+kfirpeled@users.noreply.github.com>"}}]}]
BACKPORT-->

Co-authored-by: Kfir Peled <61654899+kfirpeled@users.noreply.github.com>
JoseLuisGJ pushed a commit to JoseLuisGJ/kibana that referenced this pull request Dec 19, 2024
…tead of danger (elastic#204425)

## Summary

Bug description:

**Actual:** The node's color is red when exploring events through
Explore or Timeline.
**The expected** color of events is blue.

Before:


![385007418-f0a6bd7e-dbc9-43ad-99b8-a07bcad85075](https://github.com/user-attachments/assets/7bf198f3-9a32-4d27-84db-3e97b5bf312b)

After:



https://github.com/user-attachments/assets/f1a10deb-65f5-43be-a351-6fca34f855cb


https://github.com/user-attachments/assets/223534f4-09a2-4b41-85bc-c2195dd153ba

**How to test this PR:**

- Enable the feature flag 

`kibana.dev.yml`:

```yaml
uiSettings.overrides.securitySolution:enableVisualizationsInFlyout: true
xpack.securitySolution.enableExperimental: ['graphVisualizationInFlyoutEnabled']
```

- Load mocked data:

```bash
node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit \ 
  --es-url http://elastic:changeme@localhost:9200 \
  --kibana-url http://elastic:changeme@localhost:5601

node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/security_alerts \
  --es-url http://elastic:changeme@localhost:9200 \
  --kibana-url http://elastic:changeme@localhost:5601
```

- Make sure you include data from Oct 13 2024. (in the video I use Last
year)


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) release_note:skip Skip the PR/issue when compiling release notes Team:Cloud Security Cloud Security team related v8.18.0 v9.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants