Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Entity Analytics] Adding alert contribution score in risk summary #174443

Closed
wants to merge 3 commits into from
Closed

[Security Solution][Entity Analytics] Adding alert contribution score in risk summary #174443

wants to merge 3 commits into from

Conversation

tiansivive
Copy link
Contributor

Adding alert cumulative contribution to risk score in #8357

Screenshot 2024-01-08 at 13 29 52

@tiansivive tiansivive added release_note:skip Skip the PR/issue when compiling release notes 8.13 candidate Team:Entity Analytics Security Entity Analytics Team labels Jan 8, 2024
@tiansivive tiansivive requested a review from a team as a code owner January 8, 2024 11:30
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

@tiansivive tiansivive marked this pull request as draft January 8, 2024 12:15
@kibana-ci
Copy link
Collaborator

kibana-ci commented Jan 8, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #33 / cases security and spaces enabled: trial push_case memoryless server user profile uid falls back to authc to get the user information when the profile uid is not available
  • [job] [logs] Jest Tests #7 / RiskSummary renders risk summary table
  • [job] [logs] Jest Tests #7 / RiskSummary renders risk summary table

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 4861 4862 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 11.4MB 11.4MB +224.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

tiansivive
tiansivive commented Jan 8, 2024
View reviewed changes
...k/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts
Comment on lines +34 to +35
category_1_score: number;
category_1_count: number;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the best way to do this? @machadoum

@nkhristinin
Copy link
Contributor

I am confused with the number 375 from your screenshot.

I think the original idea, was to show the number related to how much alerts contributed as part of the final risk score.

So final risk score - is 63

Alert contributing - should be <= 63. My understanding, that it should be always equal final risk score, until we have asset enrichment multiplier

@tiansivive tiansivive mentioned this pull request Jan 10, 2024
Merged
@tiansivive tiansivive closed this Jan 10, 2024
tiansivive added a commit that referenced this pull request Jan 16, 2024
@tiansivive @kibanamachine
[Security Solution][Entity Analytics] Adding Context information in R…
b1e8379 
…isk Summary (#174574)

Adding context in Risk Summary, part of
[#8207](elastic/security-team#8207) Meta
This PR handles both
[#8357](elastic/security-team#8357) and
[#8359](elastic/security-team#8359)


<img width="609" alt="Screenshot 2024-01-10 at 12 06 00"
src="https://github.com/elastic/kibana/assets/2423976/1f516eb9-1723-4c88-80b9-b61905a59f6a">


Closing #174443 since this PR includes those changes as well

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
8.13 candidate release_note:skip Skip the PR/issue when compiling release notes Team:Entity Analytics Security Entity Analytics Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tiansivive @elasticmachine @kibana-ci @nkhristinin