[Security Solution][Notes] - fix pinning behavior in document notes #194473
Conversation
christineweng
added
release_note:skip
christineweng
changed the title
christineweng
force-pushed
the
notes-pinning
branch
from
6091db5
to
2d8e711
Compare
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
| @@ -88,11 +94,22 @@ export const AddNote = memo( | |||
| }, | |||
| }) | |||
| ); | |||
|
|
|||
| // Automatically pin an associated event if it's attached to a timeline and it's not pinned yet | |||
There was a problem hiding this comment.
would you be ok with passing a callback as props instead than having the code here? Something like onNoteAdded. The reason is when I created those components, I made sure (as much as possible) that they would not be anything timeline-specific code (as these are notes and shouldn't really know about timeline, alerts...)
I understand that there are a couple of places in this file called timelineId but that is just because currently the api is using that word. Ideally we would want to rename all those variables in the frontend by savedObjectId as a note can be associated with pretty much any savedObjectId, not just timeline ones...
Does that makes sense?
There was a problem hiding this comment.
I think it is a great feedback but i have a question on a separate scenario.
Consider below scenario:
- If I add a note on an alert in AlertTable.
- Then I add that event to a timeline.
Now since that event is attached to the timeline, should it already be pinned to that timeline?
There was a problem hiding this comment.
nope because in your scenario, you created a note attached to a document only. Having an event in a timeline doesn't mean that all its note will be associated with that timeline. You can still create note NOT associated with the timeline by unchecking the Attach to timeline checkbox.
The pin icon only reflects note that have been associated with a timelineId.
Does that make sense?
There was a problem hiding this comment.
It does make sense. In that case, do you think we should be more clear with the modal message which says Event cannot be unpinned because there are notes attached. It should rather say something along the lines of Event cannot be unpinned because this event and timeline have notes attached.
Not a big issue but something to keep a note of.
There was a problem hiding this comment.
yes that makes sense, we can get with @nastasha-solomon for the proper wording. Something like This event cannot be unpinned because it has notes associated with this current timeline.
There was a problem hiding this comment.
I don't really have a good answer at this time. I'll think about it some more!
There was a problem hiding this comment.
Ah, ok I gotcha now. From the flyout (at least from now), there's no easy way to tell when a note is associated with a specific Timeline. Adding more text into the tooltip wouldn't necessarily help with that. Users would still need to go to the Notes management page to determine which notes are associated with certain Timelines.
One possibility is to move forward with the original language (This event cannot be unpinned because it has notes associated with a Timeline) and link to the docs. For example:
This event cannot be unpinned because it has notes associated with a Timeline. Learn more
It's not the best UX, but it might be a better experience than forcing users to read a multi-sentence tooltip message. The docs could also provide more guidance for figuring out when notes are associated with Timelines so users don't need to figure that out on their own.
There was a problem hiding this comment.
I think this is the best we can do with the time we have right now yes. Thank you @nastasha-solomon
There was a problem hiding this comment.
Connected with @nastasha-solomon offline, we are going with This event cannot be unpinned because it has notes in Timeline. at this time.
When the docs issue is available, consider adding a link at the end: This event cannot be unpinned because it has notes in Timeline. Learn more (ticket here)
There was a problem hiding this comment.
Love the collaboration here 🎆 🎆 . Thanks all.
|
Hey @christineweng , Consider adding an integration test here. This would ensure that this functionality works with both |
| : timelineNoteIds; | ||
| }, [documentBasedNotes, timelineNoteIds, securitySolutionNotesEnabled]); | ||
| /* note ids specific to the current timeline, it is used to enable/disable pinning */ | ||
| const noteIdsInTimeline = useMemo(() => { |
There was a problem hiding this comment.
I think this change is a little misleading for couple of reasons:
-
These actions can run in both
timelineandnon-timelineenvironment. sonoteIdsInTimelinewill be an empty array outside timeline table ( for example, alert table ) which i think is misleading. Not your fault because there existstimelineNoteIdswhich also does the same. Although I see thatnoteIdsInTimelineis usingtimelineNoteIds, do you think there is value in combining both of them and comment the difference between them? -
@PhilippeOberti , i think we should plan to clear/remove
eventIdToNoteIdssince that is not being used in latest whensecuritySolutionNotesEnabledis true. What do you think?
There was a problem hiding this comment.
- I don't think we should touch anything related to the old note system, it means in this case
timelineNoteIds. The reason there is some confusion here (and in a couple of other places) is because I wanted to have the new system to be completely separate from the old note one, for 2 reasons:
- less risk to break an existing functionality
- easier to remove the old code when the time comes (hopefully soon)
- the plan is to replace the
securitySolutionNotesEnabledfeature flag with a newsecuritySolutionNotesDisabledfeature flag to enable the new notes system by default in8.16. Then probably wait a release or two (or wait for9.0.0to remove the old system entirely and clean all this up (ticket)
Thoughts?
There was a problem hiding this comment.
@logeekal i think the confusion also stems from the fact that pinning and old notes are only available in timeline, but were not obvious in the actions. The complexity increases now that notes can be outside of timeline, so the "if the event has notes it must be pinned" logic no longer applies.
I have merged the 2 variables as you suggested with added comments. I also think once the old notes system is removed, we should refactor/rewrite the pin action to have the timeline logic inside.
There was a problem hiding this comment.
Thanks @christineweng and @PhilippeOberti , I agree with both of you and leave the decision to you. Current change by @christineweng also looks pretty good to me and much more clear. Thanks 🙏 .
| @@ -88,11 +94,22 @@ export const AddNote = memo( | |||
| }, | |||
| }) | |||
| ); | |||
|
|
|||
| // Automatically pin an associated event if it's attached to a timeline and it's not pinned yet | |||
There was a problem hiding this comment.
I think it is a great feedback but i have a question on a separate scenario.
Consider below scenario:
- If I add a note on an alert in AlertTable.
- Then I add that event to a timeline.
Now since that event is attached to the timeline, should it already be pinned to that timeline?
christineweng
force-pushed
the
notes-pinning
branch
2 times, most recently
from
db8edc8
to
1717d96
Compare
christineweng
force-pushed
the
notes-pinning
branch
from
1717d96
to
25796b6
Compare
💚 Build Succeeded
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
|
Starting backport for target branches: 8.x |
…lastic#194473) ## Summary Fixed some pinning behaviors in new notes system, namely: - Pinning is greyed out only when an event has a note attached to the **current** timeline, else pinning should work as usual (related: elastic#193738) - Adding a note and attaching to current timeline automatically pins the event - Pinned tab and pinning capability are updated when a note attached to current timeline is deleted Feature flag: `securitySolutionNotesEnabled` https://github.com/user-attachments/assets/0163d4a4-354c-4928-a337-40a93f6c7b2a ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 883dfa8)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…otes (#194473) (#194890) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution][Notes] - fix pinning behavior in document notes (#194473)](#194473) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"christineweng","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-04T00:42:26Z","message":"[Security Solution][Notes] - fix pinning behavior in document notes (#194473)\n\n## Summary\r\n\r\nFixed some pinning behaviors in new notes system, namely:\r\n\r\n- Pinning is greyed out only when an event has a note attached to the\r\n**current** timeline, else pinning should work as usual (related:\r\nhttps://github.com//issues/193738)\r\n- Adding a note and attaching to current timeline automatically pins the\r\nevent\r\n- Pinned tab and pinning capability are updated when a note attached to\r\ncurrent timeline is deleted\r\n\r\nFeature flag: `securitySolutionNotesEnabled`\r\n\r\n\r\nhttps://github.com/user-attachments/assets/0163d4a4-354c-4928-a337-40a93f6c7b2a\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"883dfa8ae887c1ee57049a45d8ed8ceb7c2a34d6","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat Hunting","Team:Threat Hunting:Investigations","backport:prev-minor","v8.16.0"],"title":"[Security Solution][Notes] - fix pinning behavior in document notes","number":194473,"url":"https://github.com/elastic/kibana/pull/194473","mergeCommit":{"message":"[Security Solution][Notes] - fix pinning behavior in document notes (#194473)\n\n## Summary\r\n\r\nFixed some pinning behaviors in new notes system, namely:\r\n\r\n- Pinning is greyed out only when an event has a note attached to the\r\n**current** timeline, else pinning should work as usual (related:\r\nhttps://github.com//issues/193738)\r\n- Adding a note and attaching to current timeline automatically pins the\r\nevent\r\n- Pinned tab and pinning capability are updated when a note attached to\r\ncurrent timeline is deleted\r\n\r\nFeature flag: `securitySolutionNotesEnabled`\r\n\r\n\r\nhttps://github.com/user-attachments/assets/0163d4a4-354c-4928-a337-40a93f6c7b2a\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"883dfa8ae887c1ee57049a45d8ed8ceb7c2a34d6"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194473","number":194473,"mergeCommit":{"message":"[Security Solution][Notes] - fix pinning behavior in document notes (#194473)\n\n## Summary\r\n\r\nFixed some pinning behaviors in new notes system, namely:\r\n\r\n- Pinning is greyed out only when an event has a note attached to the\r\n**current** timeline, else pinning should work as usual (related:\r\nhttps://github.com//issues/193738)\r\n- Adding a note and attaching to current timeline automatically pins the\r\nevent\r\n- Pinned tab and pinning capability are updated when a note attached to\r\ncurrent timeline is deleted\r\n\r\nFeature flag: `securitySolutionNotesEnabled`\r\n\r\n\r\nhttps://github.com/user-attachments/assets/0163d4a4-354c-4928-a337-40a93f6c7b2a\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"883dfa8ae887c1ee57049a45d8ed8ceb7c2a34d6"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: christineweng <[email protected]>
…lastic#194473) ## Summary Fixed some pinning behaviors in new notes system, namely: - Pinning is greyed out only when an event has a note attached to the **current** timeline, else pinning should work as usual (related: elastic#193738) - Adding a note and attaching to current timeline automatically pins the event - Pinned tab and pinning capability are updated when a note attached to current timeline is deleted Feature flag: `securitySolutionNotesEnabled` https://github.com/user-attachments/assets/0163d4a4-354c-4928-a337-40a93f6c7b2a ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Summary
Fixed some pinning behaviors in new notes system, namely:
Feature flag:
securitySolutionNotesEnabledScreen.Recording.2024-10-01.at.4.26.25.PM.mov
Checklist