Skip to content

[Security Solution][Attacks] Add connector id filter #244669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

[Security Solution][Attacks] Add connector id filter #244669

wants to merge 4 commits into from
+51 −3

Conversation

@NicholasPeretti
Copy link
Contributor

@NicholasPeretti NicholasPeretti commented Nov 28, 2025
edited
Loading

Summary

Addresses #243156

This PR introduces the "connector" filter.
The filter doesn't do much yet as we need to connect it to the table to filter data

Screen.Recording.2025-12-02.at.21.46.06.mov

@NicholasPeretti NicholasPeretti linked an issue Dec 2, 2025 that may be closed by this pull request
[Security Solution][Attacks/Alerts][Attack page][Filters] Filter by connector ID #243156
Open
@NicholasPeretti NicholasPeretti force-pushed the 243156-add-connector-id-filter branch from da4875e to 7319b3c Compare December 2, 2025 21:40
@NicholasPeretti NicholasPeretti marked this pull request as ready for review December 2, 2025 21:47
@NicholasPeretti NicholasPeretti requested a review from a team as a code owner December 2, 2025 21:47
@e40pud
Copy link
Contributor

e40pud commented Dec 3, 2025

I think we can just reuse existing "filter by connector" component from the attack discovery page. If needed, we can find a common place and move that component there, we can consider starting prioritizing x-pack/solutions/security/plugins/security_solution/public/detections/components/attacks folder and move reusable components there.

Also, in current implementation you fetch all attacks using useFindAttackDiscoveries hook, which I don't think will work correctly:

  • it will return first 10 attacks - default search limit
  • we need to use other filters (KQL, time range, assignees etc.) while calling this hook to narrow down the attacks that are part of the current search

@NicholasPeretti
Copy link
Contributor Author

NicholasPeretti commented Dec 3, 2025

I think we can just reuse existing "filter by connector" component from the attack discovery page. If needed, we can find a common place and move that component there, we can consider starting prioritizing x-pack/solutions/security/plugins/security_solution/public/detections/components/attacks folder and move reusable components there.

Also, in current implementation you fetch all attacks using useFindAttackDiscoveries hook, which I don't think will work correctly:

  • it will return first 10 attacks - default search limit
  • we need to use other filters (KQL, time range, assignees etc.) while calling this hook to narrow down the attacks that are part of the current search

Hey @e40pud, good point 😄

I am not integrating the other filters here because I don't have them yet (assignee, status, etc..).
Once we merge the other PRs we I can rebase and integrate them 🚀

@elasticmachine
Copy link
Contributor

elasticmachine commented Dec 3, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #30 / Maps endpoints apis search ES|QL should return getValues response in expected shape
  • [job] [logs] FTR Configs #30 / Maps endpoints apis search ES|QL should return getValues response in expected shape

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 11.1MB 11.1MB +523.0B

History

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security Solution][Attacks/Alerts][Attack page][Filters] Filter by connector ID

3 participants

@NicholasPeretti @e40pud @elasticmachine