[Security Solution] Adds feature flag to enable/disable ESQL in timeline #174029
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kqualters-elastic
approved these changes
Dec 28, 2023
logeekal
added
release_note:fix
Team:Threat Hunting:Investigations
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: cc @logeekal |
|
These are the scenarios that have been checked on the PR: ESS:
SERVERLESS:
All the scenarios behaved as expected :) |
|
After discussing w/ @MadameSheema, since I was the last remaining reviewer and with @logeekal on holiday, going to merge this now so it's available in upcoming releases. Also added |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 2, 2024
…ine (elastic#174029) ## Summary This PR introduces a feature flag `timelineEsqlTabDisabled` which is by default `false`. This gives customer ability to disable the esql tab by enabling this experimental feature flag as below in `kibana.yml` ```yaml xpack.securitySolution.enableExperimental: - timelineEsqlTabDisabled ``` The availability of ESQL Tab in timeline also affects `AI Assistant` as it facilities re-directing user to timeline with an esql query. That `redirect` button should not be available for `esql` query if ESQL Tab is disabled. ## Desk Testing 1. ESQL Tab Presence - timelineEsqlTabDisabled : true - If Tab is disabled, `ESQL` Tab should not show when timeline is open. Timeline should also not fire any `bsearch` requests with `esql` strategy. - ESQL tab is enabled i.e. `timelineEsqlTabDisabled : true` is present in kibana.dev.yml - User should be able to use ESQL queries without any issue. Below should be the default query in both `8.12` and `8.11.4` ```esql from .alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-* | limit 10 | keep @timestamp, message, event.category, event.action, host.name, source.ip, destination.ip, user.name ``` 2. Open ESQL Tab from URL 1. Enable ESQL tab and Activate it when in timeline 2. Now change `kibana.dev.yml` to add experimental flag `timelineEsqlTabDisabled` to disable ESQL Tab. 3. Restart kibana server 4. Refresh the page in step 1 where `ESQL` tab was active 5. User should automatically be redirected to `Query` tab. 3. AI Assistant Today AI Assistant can help user add an ESQL query to the timeline as shown in below video. We need to make sure that `Send to timeline` button is not available only for `esql` queries when above experimental flag is enabled. https://github.com/elastic/kibana/assets/7485038/e452a6c6-cf97-462e-a5dc-bd8c0fd38d58 --------- Co-authored-by: Gloria Hornero <[email protected]> Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit da0370e)
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
|
Thank you @MadameSheema and @spong . Sorry I missed communicating the same. |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
spong
pushed a commit
to spong/kibana
that referenced
this pull request
Jan 2, 2024
…ine (elastic#174029) ## Summary This PR introduces a feature flag `timelineEsqlTabDisabled` which is by default `false`. This gives customer ability to disable the esql tab by enabling this experimental feature flag as below in `kibana.yml` ```yaml xpack.securitySolution.enableExperimental: - timelineEsqlTabDisabled ``` The availability of ESQL Tab in timeline also affects `AI Assistant` as it facilities re-directing user to timeline with an esql query. That `redirect` button should not be available for `esql` query if ESQL Tab is disabled. ## Desk Testing 1. ESQL Tab Presence - timelineEsqlTabDisabled : true - If Tab is disabled, `ESQL` Tab should not show when timeline is open. Timeline should also not fire any `bsearch` requests with `esql` strategy. - ESQL tab is enabled i.e. `timelineEsqlTabDisabled : true` is present in kibana.dev.yml - User should be able to use ESQL queries without any issue. Below should be the default query in both `8.12` and `8.11.4` ```esql from .alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-* | limit 10 | keep @timestamp, message, event.category, event.action, host.name, source.ip, destination.ip, user.name ``` 2. Open ESQL Tab from URL 1. Enable ESQL tab and Activate it when in timeline 2. Now change `kibana.dev.yml` to add experimental flag `timelineEsqlTabDisabled` to disable ESQL Tab. 3. Restart kibana server 4. Refresh the page in step 1 where `ESQL` tab was active 5. User should automatically be redirected to `Query` tab. 3. AI Assistant Today AI Assistant can help user add an ESQL query to the timeline as shown in below video. We need to make sure that `Send to timeline` button is not available only for `esql` queries when above experimental flag is enabled. https://github.com/elastic/kibana/assets/7485038/e452a6c6-cf97-462e-a5dc-bd8c0fd38d58 --------- Co-authored-by: Gloria Hornero <[email protected]> Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit da0370e) # Conflicts: # x-pack/plugins/security_solution/common/experimental_features.ts # x-pack/plugins/security_solution/public/timelines/components/timeline/tabs_content/index.tsx
|
Conflicts in: For And for Note: edit: I had missed the |
|
Thanks @spong , I am checking.. |
kibanamachine
added a commit
that referenced
this pull request
Jan 2, 2024
…n timeline (#174029) (#174110) # Backport This will backport the following commits from `main` to `8.12`: - [[Security Solution] Adds feature flag to enable/disable ESQL in timeline (#174029)](#174029) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jatin Kathuria","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-01-02T16:53:12Z","message":"[Security Solution] Adds feature flag to enable/disable ESQL in timeline (#174029)\n\n## Summary\r\n\r\nThis PR introduces a feature flag `timelineEsqlTabDisabled` which is by\r\ndefault `false`. This gives customer ability to disable the esql tab by\r\nenabling this experimental feature flag as below in `kibana.yml`\r\n\r\n```yaml\r\nxpack.securitySolution.enableExperimental:\r\n - timelineEsqlTabDisabled\r\n\r\n```\r\n\r\nThe availability of ESQL Tab in timeline also affects `AI Assistant` as\r\nit facilities re-directing user to timeline with an esql query. That\r\n`redirect` button should not be available for `esql` query if ESQL Tab\r\nis disabled.\r\n\r\n## Desk Testing\r\n\r\n1. ESQL Tab Presence\r\n - timelineEsqlTabDisabled : true\r\n- If Tab is disabled, `ESQL` Tab should not show when timeline is open.\r\nTimeline should also not fire any `bsearch` requests with `esql`\r\nstrategy.\r\n- ESQL tab is enabled i.e. `timelineEsqlTabDisabled : true` is present\r\nin kibana.dev.yml\r\n- User should be able to use ESQL queries without any issue. Below\r\nshould be the default query in both `8.12` and `8.11.4`\r\n ```esql\r\nfrom\r\n.alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-*\r\n| limit 10 | keep @timestamp, message, event.category, event.action,\r\nhost.name, source.ip, destination.ip, user.name\r\n ```\r\n2. Open ESQL Tab from URL\r\n 1. Enable ESQL tab and Activate it when in timeline\r\n2. Now change `kibana.dev.yml` to add experimental flag\r\n`timelineEsqlTabDisabled` to disable ESQL Tab.\r\n 3. Restart kibana server\r\n 4. Refresh the page in step 1 where `ESQL` tab was active\r\n 5. User should automatically be redirected to `Query` tab.\r\n \r\n3. AI Assistant\r\nToday AI Assistant can help user add an ESQL query to the timeline as\r\nshown in below video.\r\nWe need to make sure that `Send to timeline` button is not available\r\nonly for `esql` queries when above experimental flag is enabled.\r\n \r\n\r\nhttps://github.com/elastic/kibana/assets/7485038/e452a6c6-cf97-462e-a5dc-bd8c0fd38d58\r\n\r\n---------\r\n\r\nCo-authored-by: Gloria Hornero <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"da0370eafb49f15fe655d0e2b8d254e09c9f814a","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Threat Hunting:Investigations","v8.11.0","v8.12.0","v8.13.0"],"title":"[Security Solution] Adds feature flag to enable/disable ESQL in timeline","number":174029,"url":"https://github.com/elastic/kibana/pull/174029","mergeCommit":{"message":"[Security Solution] Adds feature flag to enable/disable ESQL in timeline (#174029)\n\n## Summary\r\n\r\nThis PR introduces a feature flag `timelineEsqlTabDisabled` which is by\r\ndefault `false`. This gives customer ability to disable the esql tab by\r\nenabling this experimental feature flag as below in `kibana.yml`\r\n\r\n```yaml\r\nxpack.securitySolution.enableExperimental:\r\n - timelineEsqlTabDisabled\r\n\r\n```\r\n\r\nThe availability of ESQL Tab in timeline also affects `AI Assistant` as\r\nit facilities re-directing user to timeline with an esql query. That\r\n`redirect` button should not be available for `esql` query if ESQL Tab\r\nis disabled.\r\n\r\n## Desk Testing\r\n\r\n1. ESQL Tab Presence\r\n - timelineEsqlTabDisabled : true\r\n- If Tab is disabled, `ESQL` Tab should not show when timeline is open.\r\nTimeline should also not fire any `bsearch` requests with `esql`\r\nstrategy.\r\n- ESQL tab is enabled i.e. `timelineEsqlTabDisabled : true` is present\r\nin kibana.dev.yml\r\n- User should be able to use ESQL queries without any issue. Below\r\nshould be the default query in both `8.12` and `8.11.4`\r\n ```esql\r\nfrom\r\n.alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-*\r\n| limit 10 | keep @timestamp, message, event.category, event.action,\r\nhost.name, source.ip, destination.ip, user.name\r\n ```\r\n2. Open ESQL Tab from URL\r\n 1. Enable ESQL tab and Activate it when in timeline\r\n2. Now change `kibana.dev.yml` to add experimental flag\r\n`timelineEsqlTabDisabled` to disable ESQL Tab.\r\n 3. Restart kibana server\r\n 4. Refresh the page in step 1 where `ESQL` tab was active\r\n 5. User should automatically be redirected to `Query` tab.\r\n \r\n3. AI Assistant\r\nToday AI Assistant can help user add an ESQL query to the timeline as\r\nshown in below video.\r\nWe need to make sure that `Send to timeline` button is not available\r\nonly for `esql` queries when above experimental flag is enabled.\r\n \r\n\r\nhttps://github.com/elastic/kibana/assets/7485038/e452a6c6-cf97-462e-a5dc-bd8c0fd38d58\r\n\r\n---------\r\n\r\nCo-authored-by: Gloria Hornero <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"da0370eafb49f15fe655d0e2b8d254e09c9f814a"}},"sourceBranch":"main","suggestedTargetBranches":["8.11","8.12"],"targetPullRequestStates":[{"branch":"8.11","label":"v8.11.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.12","label":"v8.12.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174029","number":174029,"mergeCommit":{"message":"[Security Solution] Adds feature flag to enable/disable ESQL in timeline (#174029)\n\n## Summary\r\n\r\nThis PR introduces a feature flag `timelineEsqlTabDisabled` which is by\r\ndefault `false`. This gives customer ability to disable the esql tab by\r\nenabling this experimental feature flag as below in `kibana.yml`\r\n\r\n```yaml\r\nxpack.securitySolution.enableExperimental:\r\n - timelineEsqlTabDisabled\r\n\r\n```\r\n\r\nThe availability of ESQL Tab in timeline also affects `AI Assistant` as\r\nit facilities re-directing user to timeline with an esql query. That\r\n`redirect` button should not be available for `esql` query if ESQL Tab\r\nis disabled.\r\n\r\n## Desk Testing\r\n\r\n1. ESQL Tab Presence\r\n - timelineEsqlTabDisabled : true\r\n- If Tab is disabled, `ESQL` Tab should not show when timeline is open.\r\nTimeline should also not fire any `bsearch` requests with `esql`\r\nstrategy.\r\n- ESQL tab is enabled i.e. `timelineEsqlTabDisabled : true` is present\r\nin kibana.dev.yml\r\n- User should be able to use ESQL queries without any issue. Below\r\nshould be the default query in both `8.12` and `8.11.4`\r\n ```esql\r\nfrom\r\n.alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-*\r\n| limit 10 | keep @timestamp, message, event.category, event.action,\r\nhost.name, source.ip, destination.ip, user.name\r\n ```\r\n2. Open ESQL Tab from URL\r\n 1. Enable ESQL tab and Activate it when in timeline\r\n2. Now change `kibana.dev.yml` to add experimental flag\r\n`timelineEsqlTabDisabled` to disable ESQL Tab.\r\n 3. Restart kibana server\r\n 4. Refresh the page in step 1 where `ESQL` tab was active\r\n 5. User should automatically be redirected to `Query` tab.\r\n \r\n3. AI Assistant\r\nToday AI Assistant can help user add an ESQL query to the timeline as\r\nshown in below video.\r\nWe need to make sure that `Send to timeline` button is not available\r\nonly for `esql` queries when above experimental flag is enabled.\r\n \r\n\r\nhttps://github.com/elastic/kibana/assets/7485038/e452a6c6-cf97-462e-a5dc-bd8c0fd38d58\r\n\r\n---------\r\n\r\nCo-authored-by: Gloria Hornero <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"da0370eafb49f15fe655d0e2b8d254e09c9f814a"}}]}] BACKPORT--> Co-authored-by: Jatin Kathuria <[email protected]>
PhilippeOberti
pushed a commit
that referenced
this pull request
Jan 3, 2024
This was referenced Jan 3, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a feature flag
timelineEsqlTabDisabledwhich is by defaultfalse. This gives customer ability to disable the esql tab by enabling this experimental feature flag as below inkibana.ymlThe availability of ESQL Tab in timeline also affects
AI Assistantas it facilities re-directing user to timeline with an esql query. Thatredirectbutton should not be available foresqlquery if ESQL Tab is disabled.Desk Testing
ESQL Tab Presence
ESQLTab should not show when timeline is open. Timeline should also not fire anybsearchrequests withesqlstrategy.timelineEsqlTabDisabled : trueis present in kibana.dev.yml8.12and8.11.4Open ESQL Tab from URL
kibana.dev.ymlto add experimental flagtimelineEsqlTabDisabledto disable ESQL Tab.ESQLtab was activeQuerytab.AI Assistant
Today AI Assistant can help user add an ESQL query to the timeline as shown in below video.
We need to make sure that
Send to timelinebutton is not available only foresqlqueries when above experimental flag is enabled.Screen.Recording.2023-12-30.at.17.20.19.mov