Skip to content

[Security Solution][Entity Analytics][Threat Hunting][UI]Changes for threat hunting UI #243311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 27 commits into
base: main
Choose a base branch
from
Open

[Security Solution][Entity Analytics][Threat Hunting][UI]Changes for threat hunting UI #243311

wants to merge 27 commits into from
+1,947 −56

Conversation

@abhishekbhatia1710
Copy link
Contributor

@abhishekbhatia1710 abhishekbhatia1710 commented Nov 18, 2025
edited
Loading

Summary

New Page:
Entity Threat Hunting page (entity_threat_hunting_page.tsx)

New Components:

  • CombinedRiskDonutChart - Visual representation of combined risk scores
  • AnomaliesPlaceholderPanel - Placeholder for anomalies display
  • ThreatHuntingEntitiesTable - Main table for displaying threat hunting entities
  • API Hooks: use_combined_risk_score_kpi hook for fetching combined risk score data
  • Navigation: Added threat hunting link to Entity Analytics navigation tree
  • Tests: Comprehensive unit tests and Cypress E2E tests

Screenshot :

image

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

  • Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
  • Documentation was added for features that require explanation or tutorials
  • Unit or functional tests were updated or added to match the most common scenarios
  • If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
  • This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The release_note:breaking label should be applied in these situations.
  • Flaky Test Runner was used on any tests changed
  • The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines
  • Review the backport guidelines and apply applicable backport:* labels.

@abhishekbhatia1710 abhishekbhatia1710 self-assigned this Nov 18, 2025
@abhishekbhatia1710 abhishekbhatia1710 added backport:skip This PR does not require backporting release_note:feature Makes this part of the condensed release notes Team:Entity Analytics Security Entity Analytics Team labels Nov 18, 2025
@abhishekbhatia1710 abhishekbhatia1710 mentioned this pull request Nov 27, 2025
Closed
@abhishekbhatia1710
Copy link
Contributor Author

abhishekbhatia1710 commented Nov 27, 2025

/ci

@abhishekbhatia1710 abhishekbhatia1710 marked this pull request as ready for review November 28, 2025 06:40
@abhishekbhatia1710 abhishekbhatia1710 requested review from a team as code owners November 28, 2025 06:40
@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 28, 2025

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

@abhishekbhatia1710 abhishekbhatia1710 requested a review from a team as a code owner November 28, 2025 14:49
PhilippeOberti
PhilippeOberti approved these changes Dec 2, 2025
View reviewed changes
Copy link
Contributor

@PhilippeOberti PhilippeOberti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for the @elastic/security-threat-hunting-investigations team. I find it a bit off do put that purple placeholder.png file in the security_solution/common/images folder. Do we really have to merge that in main?

@abhishekbhatia1710 abhishekbhatia1710 removed the request for review from nkhristinin December 3, 2025 08:34
@abhishekbhatia1710
Copy link
Contributor Author

abhishekbhatia1710 commented Dec 3, 2025
edited
Loading

LGTM for the @elastic/security-threat-hunting-investigations team. I find it a bit off do put that purple placeholder.png file in the security_solution/common/images folder. Do we really have to merge that in main?

I hear you and completely understand the concern @PhilippeOberti. However, the entire UI is currently behind a feature flag that isn’t enabled yet. Once it’s enabled, the placeholder will be replaced by the actual anomalies dashboard, so this shouldn’t be an issue in the final experience.

abhishekbhatia1710 and others added 5 commits December 3, 2025 15:24
@abhishekbhatia1710
fixing types
9fce8cb
@abhishekbhatia1710
Merge branch 'main' into ea-14550-threat-hunting-ui
df1fede
@abhishekbhatia1710
Changes to fix cypress tests
fa112aa
@abhishekbhatia1710
Merge branch 'ea-14550-threat-hunting-ui' of github.com:abhishekbhati…
bd8ab2e 
…a1710/kibana into ea-14550-threat-hunting-ui
@abhishekbhatia1710
Fixing cypress tests
edec3dd 
- Handle loading states correctly
- Skip appropriately when the feature flag is enabled
- Use proper timeouts to avoid flakiness
@elasticmachine
Copy link
Contributor

elasticmachine commented Dec 3, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] Serverless Entity Analytics - Security Cypress Tests #2 / Entity Analytics Dashboard With anomalies data should enable a job and renders the table with pagination should enable a job and renders the table with pagination
  • [job] [logs] Entity Analytics - Security Solution Cypress Tests #2 / Entity Analytics Dashboard With anomalies data should enable a job and renders the table with pagination should enable a job and renders the table with pagination
  • [job] [logs] Serverless Entity Analytics - Security Cypress Tests #1 / Entity Threat Hunting page renders page as expected renders page as expected
  • [job] [logs] Entity Analytics - Security Solution Cypress Tests #1 / Entity Threat Hunting page renders page as expected renders page as expected
  • [job] [logs] FTR Configs #11 / Maps endpoints apis search ES|QL should return getValues response in expected shape
  • [job] [logs] FTR Configs #11 / Maps endpoints apis search ES|QL should return getValues response in expected shape

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 8448 8455 +7

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 11.1MB 11.1MB +14.9KB
streamsApp 1.1MB 1.1MB +65.0B
total +15.0KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
elasticAssistant 307.3KB 307.4KB +65.0B
securitySolution 166.8KB 166.9KB +114.0B
securitySolutionEss 34.4KB 34.6KB +144.0B
securitySolutionServerless 46.3KB 46.5KB +151.0B
total +474.0B
Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 698 699 +1

miscellaneous assets size

id before after diff
securitySolution 4.8MB 4.8MB +10.1KB

Total ESLint disabled count

id before after diff
securitySolution 806 807 +1

History

cc @abhishekbhatia1710

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maxcold maxcold maxcold left review comments

@PhilippeOberti PhilippeOberti PhilippeOberti approved these changes

@CAWilson94 CAWilson94 Awaiting requested review from CAWilson94 CAWilson94 is a code owner automatically assigned from elastic/security-entity-analytics

At least 1 approving review is required to merge this pull request.

Assignees

@abhishekbhatia1710 abhishekbhatia1710

Labels

backport:skip This PR does not require backporting release_note:feature Makes this part of the condensed release notes Team:Entity Analytics Security Entity Analytics Team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@abhishekbhatia1710 @elasticmachine @maxcold @PhilippeOberti