[Security Solution] insights overview flyout v2#268538
Open
DennisKo wants to merge 9 commits intoelastic:mainfrom
Open
[Security Solution] insights overview flyout v2#268538DennisKo wants to merge 9 commits intoelastic:mainfrom
DennisKo wants to merge 9 commits intoelastic:mainfrom
Conversation
Move and refactor `entities_overview`, `host_entity_overview`, and
`user_entity_overview` from `flyout/document_details/right/components/`
to `flyout_v2/document/components/`. Decouple from
`useDocumentDetailsContext`; accept `hit: DataTableRecord`, `scopeId`,
`renderCellActions`, and optional `onShow*` callbacks via props so the
components can be reused by Discover via the
`enhanced-security-document-profile` profile.
Render `EntitiesOverview` inside the flyout v2 `InsightsSection` with
no-op `onShow*` callbacks for now — a follow-up will wire the entity
details / alerts / misconfigurations / vulnerabilities tools flyouts.
Update the legacy expandable flyout's right `InsightsSection` and
`{host,user}_details.tsx` to import from the new location; the legacy
UX is unchanged when the `newFlyoutSystemEnabled` flag is off.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 8, 2026
Flyout v2 has no destination for the entity / alerts / misconfigurations / vulnerabilities navigation, so the v2 InsightsSection passed `noop` callbacks which still produced clickable EuiLinks. Drop those callbacks entirely and render the entity name and finding counts as plain text when no handler is provided. - Make `openDetailsPanel` optional on AlertCountInsight, MisconfigurationsInsight, and VulnerabilitiesInsight; render plain count text when omitted. - In v2 user/host entity overviews, render the name as plain text instead of a PreviewLink fallback when no `onShowDetails` is provided, and stop wiring navigateTo*Details for the chip insights. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DennisKo
changed the title
DennisKo
changed the title
DennisKo
changed the title
DennisKo
added
release_note:skip
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
Drop the prop-drilled onShow{User,Host}Details/Alerts/Misconfigurations/
Vulnerabilities callbacks on EntitiesOverview and the inner host/user
overviews. Sub-overviews now own their own preview navigation via
PreviewLink and useNavigateTo{Host,User}Details, gated by a single
enableEntityLinks boolean. The legacy expandable flyout opts in;
Flyout v2 and Discover leave it off so entities render as plain text.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Move data-test-subj from the wrapping EuiFlexItem onto PreviewLink / inner EuiText so .click() on the test target reaches the EuiLink onClick (was preventing openPreviewPanel from firing). - Add the missing `false` default to useUiSetting(FF_ENABLE_ENTITY_STORE_V2) in user_entity_overview to match the host pattern. - Drop the blanket @kbn/kibana-react-plugin/public useUiSetting=false mock in user_entity_overview.test; since common/lib/kibana switched from automock to requireActual it was hijacking useDateFormat and producing raw ISO timestamps instead of the configured display format. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
EntitiesOverview is now the single entity-store fetcher for both host and user. Add a legacy host.name fallback symmetric to user, and drop the redundant self-fetch from HostEntityOverview so it follows the prop-only pattern UserEntityOverview already uses. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Async chunks
History
|
Contributor
|
ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Organization UI (inherited) Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (28)
💤 Files with no reviewable changes (6)
📝 WalkthroughWalkthroughThis PR migrates the Entities overview rendering from the legacy right-panel flyout to flyout_v2 with enhanced configurability. Translation keys for obsolete host/entities/user preview titles are removed across all locales. Shared insight components (AlertCountInsight, MisconfigurationsInsight, VulnerabilitiesInsight) have 🚥 Pre-merge checks | ✅ 2✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
#251817
First of two PRs. This one adds the entities overview to the Flyout v2 Insights section as a render-only change — every click handler is just text for now. The follow-up PR wires those handlers to the entity-details, alerts, misconfigurations and vulnerabilities tools flyouts.
Code changes
git mvtheEntitiesOverview,HostEntityOverview, andUserEntityOverviewcomponents fromflyout/document_details/right/components/intoflyout_v2/document/components/.useDocumentDetailsContext: inputs are passed through props (hit: DataTableRecord,scopeId,renderCellActions, optionalonShow*callbacks).dataAsNestedObjectis fetched internally viauseEventDetailswhen not supplied so the legacy expandable flyout keeps avoiding the duplicate fetch.EntitiesOverviewinside the Flyout v2InsightsSectionas text (no links).InsightsSectionand theHOST_PREVIEW_BANNER/USER_PREVIEW_BANNERconsumers ({host,user}_details.tsx,link_utils.ts, related test files) to import from the new location.test_idsconstants fromdocument_details/right/components/test_ids.tstoflyout_v2/document/components/test_ids.ts.Screen.Recording.2026-05-08.at.22.12.12.mov
UI changes
main. Clicking the section title still opens the left-panel Entities tab; clicking host/user names still opens the legacy preview panel.How to test
Add to
kibana.dev.yml:What to look for when testing