Cogburn/detections in alerts #694
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a new panel to Alerts. Clicking an alert will lookup the detection by it's publicId and show a panel with the summary and tuning tabs from the detections page. On the backend, the route to get a detection by publicId now adds AI Summary metadata to the detection before returning it. Added the copyright text to the treeview component when adding it to the new DetectionPanel component. Can currently enable/disable the detection, and CRUD tunings.
TODO: Quick link buttons, better behavior around showing the quick actions menu and showing/hiding the panel
Fix some issues that arose during the last rebase. Getting Ack and Escalate prepared. Need to pass details like groupIndex and the alert event itself into the panel so context isn't lost when they're passed back to ack. Removed unused parameters from ack. Added groupIndex to toggleQuickAction. Use highlightedAlertInfo to pass the bundle of parameters to the panel. Reflected these changes in existing tests. I'm passing ackColor separate from highlightedAlertInfo in case the toggle filters are changed while the panel is open. I really don't want the panel to know/care about toggle filters. Fixed a couple issues where updating a detection succeeded but gave you back a model without AI summary info or an updateTime.
Ack and escalate. Scrolling panel and other spacing and sizing changes. Highlight rows when ungrouped (may highlight several rows that share the same detection). Ensure toggleQuickAction shows the menu even if request to lookup detection by publicId takes awhile. Todo: tests
Added tests. Load detection params. Now follows the same logic on the detections page about when to show AI Summaries. Removed a bit of left over logic where ElastAlert detections try to extract their logic. We don't show logic in the panel.
Added a few IDs for cypress tests. Added data-aid attributes.
Close the Detection Panel if the highlighted event gets acked/escalated either by the panel or in the table. DO NOT close the detection panel if in the ungrouped view and dismissing a different event (even if that event is caused by the same detection).
jertel
approved these changes
Dec 12, 2024
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Clicking an alert now opens a panel on the side with information about the detection that caused that alert. Here you can see the name, description, status, and overrides. The status and overrides can be modified.