[Security Solution][Notes] - fetch notes by saved object ids #193930
Conversation
PhilippeOberti
force-pushed
the
notes-fetch-by-saved-object-ids
branch
3 times, most recently
from
2872578
to
83e0262
Compare
PhilippeOberti
added
release_note:skip
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
PhilippeOberti
force-pushed
the
notes-fetch-by-saved-object-ids
branch
from
f07a522
to
6a99a34
Compare
There was a problem hiding this comment.
Code looks good to me. Some comments from desk testing:
-
Adding a note in notes tab does not update the count in tab
siem dev:
-
Add a note in notes tab in an unsaved timeline, then investigate a new alert in timeline, the note persists.
Current behavior: after investigate a new alert in timeline, a new timeline is created and the previous note is lost -
Related to (2). Add a note in notes tab in an unsaved timeline, save the timeline, the note disappear from saved timeline. Any note created in an unsaved timeline attaches to the draft only
Screen.Recording.2024-09-27.at.12.53.50.PM.mov
- When creating a new timeline (via Create a timeline or from templates), there is nothing in notes tab but participant is there
- UI: Is the empty message kinda of redundant?
old notes
| eventId?: string; | ||
| /** | ||
| * | ||
| */ |
There was a problem hiding this comment.
added in the last commit
|
@PhilippeOberti notice this when i was working on pinning:
notice the timeline icon is automatically added when it is not supposed to Screen.Recording.2024-09-30.at.1.31.22.PM.mov |
PhilippeOberti
force-pushed
the
notes-fetch-by-saved-object-ids
branch
from
76de4ef
to
39515e8
Compare
Thanks @christineweng this should be resolved in my last commit |
PhilippeOberti
force-pushed
the
notes-fetch-by-saved-object-ids
branch
3 times, most recently
from
4c181ec
to
87b73df
Compare
In the last commit I added the code to fetch notes in the tab title as well.
The new behavior added in the last commit should prevent a user from being able to create a note in an unsaved timeline!
Same here, the last commit prevents a user from creating a note in an unsaved timeline.
If you try again now, you'll see that the title
I guess it could be, but last time I showed it to @ferenrigue I think she was OK with it. I'll bring it up again! |
PhilippeOberti
force-pushed
the
notes-fetch-by-saved-object-ids
branch
from
97289f0
to
f388665
Compare
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
History
To update your PR or re-run it, just comment with: |
There was a problem hiding this comment.
Desk tested and LGTM!🚀 The added save timeline button is much better at gating behaviors related to an unsaved timeline 👏
Non-blocking but i was finally able to recreate the error toast from timeline templates consistently:
- Have a fresh unsaved timeline, create a new timeline from a template, click on notes icon, notice there is an error toast about null
- I also see this happening occasionally with events in explore pages. But only the first time I click on the note icon
Screen.Recording.2024-10-01.at.3.31.39.PM.mov
Thanks for the steps to reproduce. I will get on it as soon as this PR is merged. It is behind a feature flag, and merging it will unblock some other work |
|
Starting backport for target branches: 8.x |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…193930) (#194643) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution][Notes] - fetch notes by saved object ids (#193930)](#193930) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Philippe Oberti","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-01T20:44:41Z","message":"[Security Solution][Notes] - fetch notes by saved object ids (#193930)","sha":"ca46f784e5185bbce503171e6432e960c94f2586","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["backport","release_note:skip","v9.0.0","Team:Threat Hunting:Investigations","v8.16.0"],"title":"[Security Solution][Notes] - fetch notes by saved object ids","number":193930,"url":"https://github.com/elastic/kibana/pull/193930","mergeCommit":{"message":"[Security Solution][Notes] - fetch notes by saved object ids (#193930)","sha":"ca46f784e5185bbce503171e6432e960c94f2586"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193930","number":193930,"mergeCommit":{"message":"[Security Solution][Notes] - fetch notes by saved object ids (#193930)","sha":"ca46f784e5185bbce503171e6432e960c94f2586"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Philippe Oberti <[email protected]>
Summary
This PR changes the behavior of the Timeline Notes tab to use the new note system. Everything is behind the
securitySolutionNotesEnabledfeature flag for now.The goal of this was to not modify the current (old) Notes behavior. We will keep the code for at least one release after we switch the
securitySolutionNotesEnabledon, to allow customers to use the old system needed.Here are the main changes for the server side:
getNoteapi to support filtering bysavedObjectIds. This allows us to now search all the notes for a specific timelineHere are the main changes for the UI side:
NotesTabContentComponentinto an newOldNotescomponent. The goal was to not change that code at all to stay on the safe side, and facilitate removing all the code when the time comes.notestab, and make them reusable for the new Timeline Notes tab:AddNotelogic (markdown, attach to timeline and add note button)OpenTimelinelogic to open the timeline from the expandable flyoutDeleteNotelogic to delete notesOpenFlyoutlogic to open the expandable flyout from the timeline notes pageAttachToTimelinelogic:Save timelinebutton if the timeline is not saved, and replaces that button by aAttach to timelinecheckbox once savedTimeline Notes tab
For unsaved timelines
For saved timelines
Timeline flyout Notes tab
For unsaved timelines
For saved timelines
SecuritySolution flyout Notes tab
Here's an example of a flow for the timeline notes tab
unsaved.timeline.notes.tab.mov
Here's an example of a flow for the SecuritySolution flyout
unsaved.timeline.flyout.mov
Here's an example for the SecuritySolution flyout
normal.flyout.mov
How to test
Keep in mind while testing this changes the following behaviors:
securitySolutionNotesEnabledfeature flag is onsecuritySolutionNotesEnabledis turned onsecuritySolutionNotesEnabledturned on) should work in the old system (after browser refresh) with thesecuritySolutionNotesEnabledturned offChecklist
#193098