opensearch-project · amsiglan · Dec 19, 2024 · Dec 18, 2024 · Dec 19, 2024
diff --git a/...CreateDetector/components/DefineDetector/components/DetectorSchedule/DetectorSchedule.tsx b/...CreateDetector/components/DefineDetector/components/DetectorSchedule/DetectorSchedule.tsx
@@ -4,7 +4,7 @@
  */
 
 import React from 'react';
-import { EuiSpacer, EuiTitle } from '@elastic/eui';
+import { EuiSpacer, EuiText } from '@elastic/eui';
 import { PeriodSchedule } from '../../../../../../../models/interfaces';
 import { Interval } from './Interval';
 import { Detector } from '../../../../../../../types';
@@ -23,9 +23,9 @@ export class DetectorSchedule extends React.Component<DetectorScheduleProps> {
   render() {
     return (
       <>
-        <EuiTitle size="m">
+        <EuiText size="m">
           <h3>Detector schedule</h3>
-        </EuiTitle>
+        </EuiText>
         <EuiSpacer />
         <Interval
           schedule={this.props.detector.schedule}

diff --git a/...teDetector/components/DefineDetector/components/ThreatIntelligence/ThreatIntelligence.tsx b/...teDetector/components/DefineDetector/components/ThreatIntelligence/ThreatIntelligence.tsx
@@ -3,36 +3,87 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import React from 'react';
-import { EuiCheckbox, EuiText, EuiTitle, htmlIdGenerator } from '@elastic/eui';
+import React, { useMemo, useState } from 'react';
+import {
+  EuiCallOut,
+  EuiCheckbox,
+  EuiLink,
+  EuiSpacer,
+  EuiText,
+  htmlIdGenerator,
+} from '@elastic/eui';
+import { ROUTES } from '../../../../../../utils/constants';
 
 export interface ThreatIntelligenceProps {
+  isEdit: boolean;
   threatIntelChecked: boolean;
   onThreatIntelChange: (checked: boolean) => void;
 }
 
 export const ThreatIntelligence: React.FC<ThreatIntelligenceProps> = ({
   threatIntelChecked,
   onThreatIntelChange,
+  isEdit,
 }) => {
+  const [shouldShowEditUI] = useState(isEdit && threatIntelChecked);
+  const threatIntelUrl = useMemo(() => {
+    return `#${ROUTES.THREAT_INTEL_OVERVIEW}`;
+  }, []);
+
   return (
     <>
-      <EuiTitle size="m">
-        <h3>Threat intelligence feeds</h3>
-      </EuiTitle>
+      {!shouldShowEditUI && (
+        <>
+          <EuiText size="m">
+            <h3>Threat intelligence feeds</h3>
+          </EuiText>
+          <EuiText size="s">
+            <p>
+              To match your data source against known indicators of compromise configure logs scan
+              with threat intel sources on the{' '}
+              <EuiLink target="_blank" href={threatIntelUrl}>
+                Threat intelligence
+              </EuiLink>{' '}
+              page.
+            </p>
+          </EuiText>
+        </>
+      )}
+      {shouldShowEditUI && (
+        <>
+          <EuiText size="m">
+            <h3>Threat intelligence feeds</h3>
+          </EuiText>
 
-      <EuiText>
-        <p>
-          Match your data source against known malicious IP-addresses. Available for standard log
-          types only.
-        </p>
-      </EuiText>
-      <EuiCheckbox
-        id={htmlIdGenerator()()}
-        label="Enable threat intelligence-based detection"
-        checked={threatIntelChecked}
-        onChange={(e) => onThreatIntelChange(e.target.checked)}
-      />
+          <EuiText size="s">
+            <p>
+              Match your data source against known malicious IP-addresses. Available for standard
+              log types only.
+            </p>
+          </EuiText>
+          <EuiSpacer size="s" />
+          <EuiCallOut
+            size="s"
+            title={
+              <p>
+                To match your data against known indicators of compromise we recommend configuring
+                scan using the new{' '}
+                <EuiLink target="_blank" href={threatIntelUrl}>
+                  Threat Intelligence
+                </EuiLink>{' '}
+                platform and disabling threat intelligence in the detector.
+              </p>
+            }
+          />
+          <EuiSpacer size="s" />
+          <EuiCheckbox
+            id={htmlIdGenerator()()}
+            label="Enable threat intelligence-based detection"
+            checked={threatIntelChecked}
+            onChange={(e) => onThreatIntelChange(e.target.checked)}
+          />
+        </>
+      )}
     </>
   );
 };
diff --git a/public/pages/CreateDetector/components/DefineDetector/containers/DefineDetector.tsx b/public/pages/CreateDetector/components/DefineDetector/containers/DefineDetector.tsx
@@ -146,7 +146,7 @@ export default class DefineDetector extends Component<DefineDetectorProps, Defin
     const newDetector: Detector = {
       ...this.state.detector,
       detector_type: detectorType,
-      threat_intel_enabled: this.standardLogTypes.has(detectorType),
+      threat_intel_enabled: false,
     };
 
     this.updateDetectorCreationState(newDetector);
@@ -251,6 +251,7 @@ export default class DefineDetector extends Component<DefineDetectorProps, Defin
 
         {this.standardLogTypes.has(detector_type) && (
           <ThreatIntelligence
+            isEdit={isEdit}
             threatIntelChecked={threat_intel_enabled}
             onThreatIntelChange={this.onThreatIntelligenceChanged}
           />

diff --git a/public/pages/Detectors/components/DetectorBasicDetailsView/DetectorBasicDetailsView.tsx b/public/pages/Detectors/components/DetectorBasicDetailsView/DetectorBasicDetailsView.tsx
@@ -3,12 +3,12 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { EuiButton, EuiSpacer, EuiLink, EuiIcon, EuiText } from '@elastic/eui';
+import { EuiButton, EuiSpacer, EuiLink, EuiIcon, EuiText, EuiCallOut } from '@elastic/eui';
 import React from 'react';
 import { ContentPanel } from '../../../../components/ContentPanel';
 import { createTextDetailsGroup, parseSchedule } from '../../../../utils/helpers';
 import moment from 'moment';
-import { DEFAULT_EMPTY_DATA, logTypesWithDashboards } from '../../../../utils/constants';
+import { DEFAULT_EMPTY_DATA, logTypesWithDashboards, ROUTES } from '../../../../utils/constants';
 import { Detector } from '../../../../../types';
 import { getLogTypeLabel } from '../../../LogTypes/utils/helpers';
 
@@ -101,6 +101,21 @@ export const DetectorBasicDetailsView: React.FC<DetectorBasicDetailsViewProps> =
       {createTextDetailsGroup([
         { label: 'Threat intelligence', content: threat_intel_enabled ? 'Enabled' : 'Disabled' },
       ])}
+      {threat_intel_enabled && (
+        <EuiCallOut
+          size="s"
+          title={
+            <p>
+              To match your data against known indicators of compromise we recommend configuring
+              scan using the new{' '}
+              <EuiLink target="_blank" href={`#${ROUTES.THREAT_INTEL_OVERVIEW}`}>
+                Threat Intelligence
+              </EuiLink>{' '}
+              platform and disabling threat intelligence in the detector.
+            </p>
+          }
+        />
+      )}
       {rulesCanFold ? children : null}
     </ContentPanel>
   );

diff --git a/public/pages/Detectors/components/UpdateBasicDetails/UpdateBasicDetails.tsx b/public/pages/Detectors/components/UpdateBasicDetails/UpdateBasicDetails.tsx
@@ -292,6 +292,7 @@ export const UpdateDetectorBasicDetails: React.FC<UpdateDetectorBasicDetailsProp
         <EuiSpacer size={'l'} />
 
         <ThreatIntelligence
+          isEdit={true}
           threatIntelChecked={detector.threat_intel_enabled}
           onThreatIntelChange={onThreatIntelFeedToggle}
         />

diff --git a/...tors/components/UpdateBasicDetails/__snapshots__/UpdateDetectorBasicDetails.test.tsx.snap b/...tors/components/UpdateBasicDetails/__snapshots__/UpdateDetectorBasicDetails.test.tsx.snap
@@ -1144,57 +1144,67 @@ exports[`<UpdateDetectorBasicDetails /> spec renders the component 1`] = `
         />
       </EuiSpacer>
       <ThreatIntelligence
+        isEdit={true}
         onThreatIntelChange={[Function]}
       >
-        <EuiTitle
+        <EuiText
           size="m"
         >
-          <h3
-            className="euiTitle euiTitle--medium"
-          >
-            Threat intelligence feeds
-          </h3>
-        </EuiTitle>
-        <EuiText>
           <div
             className="euiText euiText--medium"
           >
-            <p>
-              Match your data source against known malicious IP-addresses. Available for standard log types only.
-            </p>
+            <h3>
+              Threat intelligence feeds
+            </h3>
           </div>
         </EuiText>
-        <EuiCheckbox
-          checked={false}
-          compressed={false}
-          disabled={false}
-          id="some_html_id"
-          indeterminate={false}
-          label="Enable threat intelligence-based detection"
-          onChange={[Function]}
+        <EuiText
+          size="s"
         >
           <div
-            className="euiCheckbox"
+            className="euiText euiText--small"
           >
-            <input
-              checked={false}
-              className="euiCheckbox__input"
-              disabled={false}
-              id="some_html_id"
-              onChange={[Function]}
-              type="checkbox"
-            />
-            <div
-              className="euiCheckbox__square"
-            />
-            <label
-              className="euiCheckbox__label"
-              htmlFor="some_html_id"
-            >
-              Enable threat intelligence-based detection
-            </label>
+            <p>
+              To match your data source against known indicators of compromise configure logs scan with threat intel sources on the
+
+              <EuiLink
+                href="#/threat-intel"
+                target="_blank"
+              >
+                <a
+                  className="euiLink euiLink--primary"
+                  href="#/threat-intel"
+                  rel="noopener noreferrer"
+                  target="_blank"
+                >
+                  Threat intelligence
+                  <EuiIcon
+                    aria-label="External link"
+                    className="euiLink__externalIcon"
+                    size="s"
+                    type="popout"
+                  >
+                    EuiIconMock
+                  </EuiIcon>
+                  <EuiScreenReaderOnly>
+                    <span
+                      className="euiScreenReaderOnly"
+                    >
+                      <EuiI18n
+                        default="(opens in a new tab or window)"
+                        token="euiLink.newTarget.screenReaderOnlyText"
+                      >
+                        (opens in a new tab or window)
+                      </EuiI18n>
+                    </span>
+                  </EuiScreenReaderOnly>
+                </a>
+              </EuiLink>
+
+              page.
+            </p>
           </div>
-        </EuiCheckbox>
+        </EuiText>
       </ThreatIntelligence>
       <EuiSpacer
         size="l"
@@ -1390,15 +1400,17 @@ exports[`<UpdateDetectorBasicDetails /> spec renders the component 1`] = `
         }
         onDetectorScheduleChange={[Function]}
       >
-        <EuiTitle
+        <EuiText
           size="m"
         >
-          <h3
-            className="euiTitle euiTitle--medium"
+          <div
+            className="euiText euiText--medium"
           >
-            Detector schedule
-          </h3>
-        </EuiTitle>
+            <h3>
+              Detector schedule
+            </h3>
+          </div>
+        </EuiText>
         <EuiSpacer>
           <div
             className="euiSpacer euiSpacer--l"